def test_system_user_valid_no_check(self):
client = mock.MagicMock()
self.assertTrue(
validate_user_external_auth(get_worker_user(), client=client))
self.assertTrue(
validate_user_external_auth(get_node_init_user(), client=client))
client.get_groups.assert_not_called()
def test_node_init_user_has_no_profile(self):
user = get_node_init_user()
profile = None
try:
profile = user.userprofile
except UserProfile.DoesNotExist:
# Expected.
pass
self.assertIsNone(profile)
def test_system_user_valid_no_check(self):
self.assertTrue(
validate_user_external_auth(get_worker_user(),
self.auth_info,
rbac_client=self.client))
self.assertTrue(
validate_user_external_auth(get_node_init_user(),
self.auth_info,
rbac_client=self.client))
self.client.allowed_for_user.assert_not_called()
def _create_token(self, node):
"""Create an OAuth token for a given node.
:param node: The system that is to be allowed access to the metadata
service.
:type node: Node
:return: Token for the node to use.
:rtype: piston.models.Token
"""
token = create_auth_token(get_node_init_user())
self.create(node=node, token=token, key=token.key)
return token
def _create_token(self, node):
"""Create an OAuth token for a given node.
:param node: The system that is to be allowed access to the metadata
service.
:type node: Node
:return: Token for the node to use.
:rtype: piston.models.Token
"""
token = create_auth_token(get_node_init_user())
self.create(node=node, token=token, key=token.key)
return token
def test_is_authenticated_external_auth_system_user(self):
mock_validate = self.patch(api_auth, "validate_user_external_auth")
mock_validate.return_value = True
auth = MAASAPIAuthentication()
user = get_node_init_user()
request = self.make_request()
mock_token = mock.Mock(user=user)
auth.is_valid_request = lambda request: True
auth.validate_token = lambda request: (mock.Mock(), mock_token, None)
self.assertTrue(auth.is_authenticated(request))
mock_validate.assert_not_called()
def test_holds_node_init_user(self):
user = get_node_init_user()
self.assertIsInstance(user, User)
self.assertEqual(user_name, user.username)
def test_always_returns_same_user(self):
node_init_user = get_node_init_user()
self.assertEqual(node_init_user.id, get_node_init_user().id)
def test_node_init_user_cannot_access(self):
token = NodeKey.objects.get_token_for_node(factory.make_Node())
client = MAASSensibleOAuthClient(get_node_init_user(), token)
response = client.get(reverse('nodes_handler'))
self.assertEqual(http.client.FORBIDDEN, response.status_code)
def test_node_init_user_cannot_access(self):
backend = MAASAuthorizationBackend()
self.assertFalse(
backend.has_perm(get_node_init_user(), NODE_PERMISSION.VIEW,
make_unallocated_node()))
def test_node_init_user_not_valid(self):
user = get_node_init_user()
form = ManageUserGroupsForm(data={'user': [str(user.id)]})
self.assertFalse(form.is_valid())
def make_node_client(node=None):
"""Create a test client logged in as if it were `node`."""
if node is None:
node = factory.make_node()
token = NodeKey.objects.get_token_for_node(node)
return OAuthAuthenticatedClient(get_node_init_user(), token)
def test_node_init_user_cannot_access(self):
backend = MAASAuthorizationBackend()
self.assertFalse(backend.has_perm(
get_node_init_user(), NODE_PERMISSION.VIEW,
make_unallocated_node()))
def test_node_init_user_cannot_access(self):
token = NodeKey.objects.get_token_for_node(factory.make_node())
client = OAuthAuthenticatedClient(get_node_init_user(), token)
response = client.get(reverse('nodes_handler'), {'op': 'list'})
self.assertEqual(httplib.FORBIDDEN, response.status_code)
def make_node_client(self, node=None):
"""Create a test client logged in as if it were `node`."""
if node is None:
node = factory.make_node()
token = NodeKey.objects.get_token_for_node(node)
return OAuthAuthenticatedClient(get_node_init_user(), token)
def test_node_init_user_not_in_default_group(self):
default_group = UserGroup.objects.get_default_usergroup()
self.assertNotIn(get_node_init_user(), default_group.users.all())
def test_user_can_access_pool_node_init_user(self):
user = get_node_init_user()
pool = factory.make_ResourcePool()
self.assertTrue(ResourcePool.objects.user_can_access_pool(user, pool))
def test_node_init_user_cannot_access(self):
backend = MAASAuthorizationBackend()
self.assertFalse(
backend.has_perm(get_node_init_user(), NodePermission.view,
factory.make_Node()))
def test_node_init_user_has_no_profile(self):
user = get_node_init_user()
self.assertRaises(UserProfile.DoesNotExist, user.get_profile)
