def test_add_new_user_to_and_delete_from_org(core_org, context):
"""
<b>Description:</b>
Checks if admin user can be added and removed from the platform.
<b>Input data:</b>
1. User email.
<b>Expected results:</b>
Test passes when admin user was successfully added to the platform and removed from it.
<b>Steps:</b>
1. Onboard new user to the platform.
2. Update user role to admin
3. Verify the user is present in the organization.
4. Remove the user from the organization.
5. Verify that the user was removed from the organization.
"""
step("Add new user to organization")
username = generate_test_object_name(email=True, separator="")
test_user = onboarding.onboard(context=context,
org_guid=core_org.guid,
username=username,
check_email=False)
test_user.update_org_role(org_guid=core_org.guid,
new_role=User.ORG_ROLE["admin"])
step("Check that the user is added")
users = User.get_list_in_organization(org_guid=core_org.guid)
assert test_user in users
step("Delete the user from the organization")
test_user.delete_from_organization(org_guid=core_org.guid)
step("Check that the user is not in the organization")
users = User.get_list_in_organization(org_guid=core_org.guid)
assert test_user not in users
def test_user_cannot_update_org_user(self, context, test_org,
test_org_user_client, updated_user):
"""
<b>Description:</b>
Checks if non-admin user cannot update other user's roles.
<b>Input data:</b>
1. No input data.
<b>Expected results:</b>
Test passes when attempt on updating user role by non-admin user fails.
<b>Steps:</b>
1. Check that non-admin cannot update another user's roles.
2. Check that updated user's roles did not change.
"""
step("Check that non-admin cannot update another user's roles")
org_users = User.get_list_in_organization(org_guid=test_org.guid)
assert_raises_http_exception(HttpStatus.CODE_FORBIDDEN,
HttpStatus.MSG_FORBIDDEN,
updated_user.update_org_role,
org_guid=test_org.guid,
new_role=User.ORG_ROLE["admin"],
client=test_org_user_client)
step("Check that updated user's roles did not change")
users = User.get_list_in_organization(org_guid=test_org.guid)
assert sorted(users) == sorted(org_users)
def test_non_admin_cannot_add_new_user_to_org(self, context,
test_org_user_client,
test_org):
"""
<b>Description:</b>
Checks if non-admin cannot add new user to organization.
<b>Input data:</b>
1. Email address.
2. User password.
<b>Expected results:</b>
Test passes when adding new user to organization by non-admin fails.
<b>Steps:</b>
1. Try to add user to an organization using non-admin user.
2. Check that no new user was added to the organization.
"""
step("Try to add user to an organization using non-admin user")
org_users = User.get_list_in_organization(org_guid=test_org.guid)
assert_raises_http_exception(HttpStatus.CODE_FORBIDDEN,
HttpStatus.MSG_FORBIDDEN,
User.create_by_adding_to_organization,
context=context,
org_guid=test_org.guid,
role=User.ORG_ROLE["user"],
inviting_client=test_org_user_client)
step("Check that no new user was added to the organization")
users = User.get_list_in_organization(org_guid=test_org.guid)
assert sorted(users) == sorted(org_users)
def test_cannot_add_new_user_with_incorrect_role(self, context, test_org):
"""
<b>Description:</b>
Checks if user with incorrect role cannot be added.
<b>Input data:</b>
1. Email address.
2. User password.
<b>Expected results:</b>
Test passes when adding user with incorrect role fails and the user is not on users list.
<b>Steps:</b>
1. Check that error is raised when trying to add user using incorrect roles.
2. Check that no new user was added to the organization.
"""
step(
"Check that error is raised when trying to add user using incorrect roles"
)
role = "i-don't-exist"
org_users = User.get_list_in_organization(org_guid=test_org.guid)
assert_raises_http_exception(HttpStatus.CODE_BAD_REQUEST,
HttpStatus.MSG_BAD_REQUEST,
User.create_by_adding_to_organization,
context=context,
org_guid=test_org.guid,
role=role)
step("Check that no new user was added to the organization")
users = User.get_list_in_organization(org_guid=test_org.guid)
assert sorted(users) == sorted(org_users)
def test_cannot_add_user_with_non_email_username(self, context, test_org):
"""
<b>Description:</b>
Checks if user with non email username cannot be added.
<b>Input data:</b>
1. User name.
<b>Expected results:</b>
Test passes when attempt to add user with non email username fails and user is not on users list.
<b>Steps:</b>
1. Try to add user with invalid username to an organization.
2. Check that no new user was added to the organization.
"""
step("Try to add user with invalid username to an organization")
username = "******"
org_users = User.get_list_in_organization(org_guid=test_org.guid)
assert_raises_http_exception(HttpStatus.CODE_BAD_REQUEST,
HttpStatus.MSG_EMAIL_ADDRESS_NOT_VALID,
User.create_by_adding_to_organization,
context=context,
org_guid=test_org.guid,
username=username,
role=User.ORG_ROLE["user"])
step("Check that no new user was added to the organization")
users = User.get_list_in_organization(org_guid=test_org.guid)
assert sorted(users) == sorted(org_users)
def test_manager_can_get_org_users(self):
self.step("Check that manager can get list of users in org")
expected_users = User.api_get_list_via_organization(
org_guid=TestData.test_org.guid)
user_list = User.api_get_list_via_organization(
org_guid=TestData.test_org.guid, client=self.manager_client)
self.assertUnorderedListEqual(user_list, expected_users)
def test_update_user_with_not_existing_id_returns_not_found(
self, test_org):
"""
<b>Description:</b>
Checks if user update with invalid guid fails.
<b>Input data:</b>
1. User guid.
<b>Expected results:</b>
Test passes when attempt on updating user fails and users list doesn't change.
<b>Steps:</b>
1. Check that updating user with invalid user guid returns an error.
2. Check that user org list did not change.
"""
step("Get initial users list")
org_users = User.get_list_in_organization(org_guid=test_org.guid)
step("Check that updating not existing user returns 404 Not Found")
not_existing_user_id = "this-user-does-not-exist"
assert_raises_http_exception(
HttpStatus.CODE_NOT_FOUND,
HttpStatus.MSG_USER_NOT_FOUND.format(not_existing_user_id),
user_management.api_update_org_user_role,
org_guid=test_org.guid,
user_guid=not_existing_user_id,
new_role=User.ORG_ROLE["user"])
step("Check that user org list did not change")
users = User.get_list_in_organization(org_guid=test_org.guid)
assert sorted(users) == sorted(org_users)
def test_cannot_update_user_which_is_not_in_org(self):
self.step("Check that user not in org cannot be updated")
org_users = User.api_get_list_via_organization(org_guid=self.test_org.guid)
expected_message = HttpStatus.MSG_USER_NOT_EXIST_IN_ORGANIZATION.format(self.user_not_in_test_org.guid,
self.test_org.guid)
self.assertRaisesUnexpectedResponse(HttpStatus.CODE_NOT_FOUND, expected_message,
self.user_not_in_test_org.api_update_org_roles, org_guid=self.test_org.guid,
new_roles=User.ORG_ROLES["auditor"])
self.assertListEqual(User.api_get_list_via_organization(org_guid=self.test_org.guid), org_users)
def another_org_user(self, context, another_org):
step("Add users to the organization")
User.create_by_adding_to_organization(context=context,
org_guid=another_org.guid,
role=User.ORG_ROLE["admin"])
return User.create_by_adding_to_organization(
context=context,
org_guid=another_org.guid,
role=User.ORG_ROLE["user"])
def test_cannot_update_user_with_invalid_guid(self):
# TODO implement non-existing guid
self.step("Check that updating user which is not in an organization returns an error")
invalid_guid = "invalid-user-guid"
org_users = User.api_get_list_via_organization(org_guid=self.test_org.guid)
self.assertRaisesUnexpectedResponse(HttpStatus.CODE_BAD_REQUEST, HttpStatus.MSG_WRONG_UUID_FORMAT_EXCEPTION,
user_management.api_update_org_user_roles, org_guid=self.test_org.guid,
user_guid=invalid_guid, new_roles=User.ORG_ROLES["billing_manager"])
self.assertListEqual(User.api_get_list_via_organization(org_guid=self.test_org.guid), org_users)
def test_get_user_list_from_space(self):
self.step("Check that space is empty")
self.assertEqual([], User.api_get_list_via_space(self.test_space.guid),
"List is not empty")
self.step("Add users to space")
for user in self.test_users:
user.api_add_to_space(self.test_space.guid, TestData.test_org.guid)
space_user_list = User.api_get_list_via_space(self.test_space.guid)
self.assertListEqual(self.test_users, space_user_list)
def test_delete_organization_with_user(self, context):
step("Create an organization")
test_org = Organization.api_create(context)
step("Add new platform user to the organization")
User.api_create_by_adding_to_organization(context, test_org.guid)
step("Delete the organization")
test_org.api_delete()
step("Check that the organization is not on org list")
assertions.assert_not_in_with_retry(test_org,
Organization.api_get_list)
def test_non_manager_cannot_update_org_user(self):
self.step("Check that non-manager cannot update another user's roles")
non_manager = User.api_create_by_adding_to_organization(self.context, org_guid=self.test_org.guid,
roles=self.NON_MANAGER_ROLES)
non_manager_client = non_manager.login()
org_users = User.api_get_list_via_organization(org_guid=self.test_org.guid)
self.assertRaisesUnexpectedResponse(HttpStatus.CODE_FORBIDDEN, HttpStatus.MSG_FORBIDDEN,
self.updated_user.api_update_org_roles, self.test_org.guid,
new_roles=User.ORG_ROLES["auditor"], client=non_manager_client)
self.assertListEqual(User.api_get_list_via_organization(org_guid=self.test_org.guid), org_users)
def users(cls, request, admin_client, test_org_manager, test_org_manager_client, class_context):
cls.context = class_context # TODO no longer needed when this class removes unittest dependency
cls.step("Create test organization")
cls.test_org = Organization.api_create(class_context)
cls.step("Create users for tests")
cls.manager = User.api_create_by_adding_to_organization(class_context, org_guid=cls.test_org.guid,
roles=User.ORG_ROLES["manager"])
cls.manager_client = cls.manager.login()
cls.updated_user = User.api_create_by_adding_to_organization(class_context, org_guid=cls.test_org.guid, roles=[])
cls.user_not_in_test_org = test_org_manager
cls.client_not_in_test_org = test_org_manager_client
def test_cannot_update_non_existing_space_user(self):
invalid_guid = "invalid-user-guid"
roles = User.SPACE_ROLES["auditor"]
self.step(
"Check that updating user which is not in space returns error")
space_users = User.api_get_list_via_space(self.test_space.guid)
self.assertRaisesUnexpectedResponse(
HttpStatus.CODE_BAD_REQUEST,
HttpStatus.MSG_WRONG_UUID_FORMAT_EXCEPTION,
user_management.api_update_space_user_roles, self.test_space.guid,
invalid_guid, roles)
self.assertListEqual(User.api_get_list_via_space(self.test_space.guid),
space_users)
def test_get_user_list(self, client, is_authorized):
test_user = User.api_create_by_adding_to_space(
self.context, TestData.test_org.guid, TestData.test_space.guid)
step("Try to get user list from space by using every client type.")
if is_authorized:
user_list = User.api_get_list_via_space(
TestData.test_space.guid, client=self.user_clients[client])
assert test_user in user_list, "User {} was not found in list".format(
test_user)
else:
assert_raises_http_exception(HttpStatus.CODE_FORBIDDEN,
HttpStatus.MSG_FORBIDDEN,
User.api_get_list_via_space,
TestData.test_space.guid,
client=self.user_clients[client])
def test_add_new_user_to_and_delete_from_space(core_org, core_space, context):
"""Add New User to and Delete from Space"""
step("Add new user to space")
test_user, test_org = onboarding.onboard(context, check_email=False)
test_user.api_add_to_space(core_space.guid,
core_org.guid,
roles=User.SPACE_ROLES["manager"])
step("Check that the user is added")
users = User.api_get_list_via_space(space_guid=core_space.guid)
assert test_user in users
step("Remove the user from space")
test_user.api_delete_from_space(space_guid=core_space.guid)
step("Check that the user was deleted")
users = User.api_get_list_via_space(space_guid=core_space.guid)
assert test_user not in users
def test_user_cannot_register_with_no_organization_name(self, context):
step("Invite a new user")
invitation = Invitation.api_send(context)
step(
"Check that an error is returned when user registers without passing an org name"
)
assert_raises_http_exception(
HttpStatus.CODE_BAD_REQUEST,
HttpStatus.MSG_ORGANIZATION_CANNOT_CONTAIN_ONLY_WHITESPACES,
user_management.api_register_new_user,
code=invitation.code,
password=User.generate_password())
step("Check that the user was not created")
username_list = [user.username for user in User.get_all_users()]
assert invitation.username not in username_list, "User was created"
def users(cls, request, test_org, class_context):
cls.step("Create test users")
manager = User.api_create_by_adding_to_organization(
class_context, org_guid=test_org.guid)
cls.manager_client = manager.login()
auditor = User.api_create_by_adding_to_organization(
class_context,
org_guid=test_org.guid,
roles=User.ORG_ROLES["auditor"])
cls.auditor_client = auditor.login()
billing_manager = User.api_create_by_adding_to_organization(
class_context,
org_guid=test_org.guid,
roles=User.ORG_ROLES["billing_manager"])
cls.billing_manager_client = billing_manager.login()
def test_non_admin_user_cannot_invite_another_user(self, context,
test_org):
"""
<b>Description:</b>
Checks if non-admin user cannot invite other user.
<b>Input data:</b>
1. Email address.
2. User password.
<b>Expected results:</b>
Test passes when non-admin user receives access denied reply on adding other user attempt and the user doesn't
obtain an invitation.
<b>Steps:</b>
1. Create a test user.
2. Check an error is returned when non-admin tries to onboard another user.
"""
step("Create a test user")
user = User.create_by_adding_to_organization(
context=context,
org_guid=test_org.guid,
role=User.ORG_ROLE["user"])
non_admin_user_client = user.login()
step(
"Check an error is returned when non-admin tries to onboard another user"
)
username = generate_test_object_name(email=True)
assert_raises_http_exception(HttpStatus.CODE_FORBIDDEN,
HttpStatus.MSG_ACCESS_IS_DENIED,
Invitation.api_send,
context,
username=username,
inviting_client=non_admin_user_client)
self._assert_user_received_messages(username, 0)
def test_user_cannot_register_without_password(self, context, test_org):
"""
<b>Description:</b>
Checks if the user registration without password fails.
<b>Input data:</b>
1. Email address.
<b>Expected results:</b>
Test passes when 400 Bad request HTTP status is returned on attempt of user registration without password and
the user is not created.
<b>Steps:</b>
1. Invite a user.
2. Check that an error is returned when the user tries to register without a password.
3. Check that the user was not created.
"""
step("Invite a new user")
invitation = Invitation.api_send(context)
step(
"Check that an error is returned when the user tries to register without a password"
)
assert_raises_http_exception(HttpStatus.CODE_BAD_REQUEST,
HttpStatus.MSG_PASSWORD_CANNOT_BE_EMPTY,
user_management.api_register_new_user,
code=invitation.code,
org_name=generate_test_object_name())
step("Check that the user was not created")
username_list = [
user.username for user in User.get_all_users(test_org.guid)
]
assert invitation.username not in username_list, "User was created"
def test_add_new_user_to_and_delete_from_org(core_org, context):
"""Add New User to and Delete from Organization"""
step("Add new user to organization")
test_user, test_org = onboarding.onboard(context, check_email=False)
test_user.api_add_to_organization(
core_org.guid,
roles=User.ORG_ROLES["manager"],
)
step("Check that the user is added")
users = User.api_get_list_via_organization(org_guid=core_org.guid)
assert test_user in users
step("Delete the user from the organization")
test_user.api_delete_from_organization(org_guid=core_org.guid)
step("Check that the user is in the organization")
users = User.api_get_list_via_organization(org_guid=core_org.guid)
assert test_user not in users
def test_remove_user(self, context, test_org):
""" Validate if user is properly removed from organization and from HDFS
Create user, check that user is synchronized. Then remove user from organization and check that user is
deleted from there. After remove check that user is not removed in auth-gateway.
Input data:
organization: organization wherein will be new user
user name: name for new user
Expected results:
It is possible to create new user by adding to organization and remove by deleting from organization.
User removed from organization is not in auth-gateway.
Steps:
1. Create new user
2. Admin removes user from organization
3. Check that the user is removed from organization
4. Check that the user is removed in auth-gateway
"""
step("Create new user")
user_to_delete = User.create_by_adding_to_organization(
context=context,
org_guid=test_org.guid,
role=User.ORG_ROLE["user"])
removed_user_guid = user_to_delete.guid
step("Admin removes the user from the test org")
user_to_delete.delete_from_organization(org_guid=test_org.guid)
step("Check that the user is not in the organization.")
assert_user_not_in_org(user_to_delete, test_org.guid)
user = next((u for u in AuthGatewayOrganization.get_org_state(
org_guid=test_org.guid).users if u.guid == removed_user_guid),
None)
assert user is None, "User was not removed in auth-gateway"
def test_add_new_user_with_no_roles(self, context, test_org, test_case,
add_user_test_cases):
"""
<b>Description:</b>
Checks if user with admin, non-admin and no role can be added.
<b>Input data:</b>
1. Email address.
2. User password.
<b>Expected results:</b>
Test passes when user with admin, non-admin and no role was added.
<b>Steps:</b>
1. Create new user by adding to an organization with a role.
2. Check that the user was added with the role.
"""
# TODO change test case to use test_org_admin_client instead of default client - when DPNG-10987 is done
role_sent = add_user_test_cases[test_case]["sent"]
role_expected = add_user_test_cases[test_case]["expected"]
step(
"Create new user by adding to an organization with role {}".format(
role_sent))
user = User.create_by_adding_to_organization(context=context,
org_guid=test_org.guid,
role=role_sent)
step(
"Check that the user was added with role {}".format(role_expected))
assert_user_in_org_and_role(user, test_org.guid, role_expected)
def test_org_admin_adds_new_user(self, context, test_org,
test_org_admin_client):
"""
<b>Description:</b>
Checks if organization admin can add new user.
<b>Input data:</b>
1. Email address.
2. User password.
<b>Expected results:</b>
Test passes when organization admin successfully adds new user.
<b>Steps:</b>
1. Org admin adds a new user to an organization.
2. Check that the user was added correctly.
"""
step("Org admin adds a new user to an organization")
expected_role = User.ORG_ROLE["user"]
user = User.create_by_adding_to_organization(
context=context,
org_guid=test_org.guid,
role=expected_role,
inviting_client=test_org_admin_client)
step("Check that the user was added correctly")
assert_user_in_org_and_role(user, test_org.guid, expected_role)
def test_platform_admin_adds_new_user_in_org_where_they_are_not_added(
self, context, admin_user, test_org, test_case,
add_user_test_cases, remove_admin_from_test_org):
"""
<b>Description:</b>
Checks if platform admin can add a user to the organization.
<b>Input data:</b>
1. Email address.
2. User password.
<b>Expected results:</b>
Test passes when non-admin cannot get user's list.
<b>Steps:</b>
1. Create new user by adding them to an organization with user role.
2. Check that the user was added with user role.
"""
# TODO change test case to use test_org_admin_client instead of default client - when DPNG-10987 is done
role_sent = add_user_test_cases[test_case]["sent"]
role_expected = add_user_test_cases[test_case]["expected"]
step(
"Create new user by adding them to an organization with user role")
new_user = User.create_by_adding_to_organization(
context=context, org_guid=test_org.guid, role=role_sent)
step("Check that the user was added with user role")
assert_user_in_org_and_role(new_user, test_org.guid, role_expected)
def test_onboarding(context, test_org):
"""
<b>Description:</b>
Checks if user can be added to the platform with onboarding functionality.
<b>Input data:</b>
1. User email.
<b>Expected results:</b>
Test passes when user was successfully added to the platform with onboading functionality.
<b>Steps:</b>
1. Onboard new user to the platform.
2. Get list of all users on the platform.
3. Verify that the user is present on the platform.
"""
step("Onboard new user")
username = generate_test_object_name(email=True, separator="")
test_user = onboarding.onboard(context=context,
org_guid=test_org.guid,
username=username,
check_email=False)
step("Check that user is created")
users = User.get_all_users(test_org.guid)
assert test_user in users
def test_cannot_add_new_user_incorrect_role(self):
self.step(
"Check that error is raised when trying to add user using incorrect roles"
)
roles = ["i-don't-exist"]
org_users = User.api_get_list_via_organization(self.test_org.guid)
self.assertRaisesUnexpectedResponse(
HttpStatus.CODE_BAD_REQUEST,
HttpStatus.MSG_EMPTY,
User.api_create_by_adding_to_organization,
self.context,
org_guid=self.test_org.guid,
roles=roles)
# assert user list did not change
self.assertListEqual(
User.api_get_list_via_organization(self.test_org.guid), org_users)
def test_add_new_user_with_no_roles(self):
self.step("Create new user by adding to an organization with no roles")
expected_roles = []
self.user = User.api_create_by_adding_to_organization(
self.context, org_guid=self.test_org.guid, roles=expected_roles)
self.assert_user_in_org_and_roles(self.user, self.test_org.guid,
expected_roles)
def non_space_developer_users(cls, request, test_org, test_space,
class_context):
cls.step("Create space auditor")
space_auditor = User.api_create_by_adding_to_space(
class_context,
test_org.guid,
test_space.guid,
roles=User.SPACE_ROLES["auditor"])
cls.space_auditor_client = space_auditor.login()
cls.step("Create space manager client")
space_manager = User.api_create_by_adding_to_space(
class_context,
test_org.guid,
test_space.guid,
roles=User.SPACE_ROLES["manager"])
cls.space_manager_client = space_manager.login()
