def prepare_users(self, request): # TODO: User creation is a duplicate of test_nofitications, check # if that can be unified self.u1 = UserModel().create_or_update(username=u'u1', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u1', lastname=u'u1') self.u2 = UserModel().create_or_update(username=u'u2', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u2', lastname=u'u2') self.u3 = UserModel().create_or_update(username=u'u3', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u3', lastname=u'u3') self.anon = User.get_default_user() self.a1 = UserModel().create_or_update(username=u'a1', password=u'qweqwe', email=u'*****@*****.**', firstname=u'a1', lastname=u'a1', admin=True) Session().commit() request.addfinalizer(self.cleanup)
def test_show(self, user, password): self.log_user(user, password) cur_user = self._get_logged_user() u1 = UserModel().create_or_update(username='******', password='******', email='*****@*****.**', firstname='u1', lastname='u1') u2 = UserModel().create_or_update(username='******', password='******', email='*****@*****.**', firstname='u2', lastname='u2') self.destroy_users.add('u1') self.destroy_users.add('u2') subject = u'test' notif_body = u'hi there' notification = NotificationModel().create( created_by=cur_user, notification_subject=subject, notification_body=notif_body, recipients=[cur_user, u1, u2]) response = self.app.get( url('notification', notification_id=notification.notification_id)) response.mustcontain(subject) response.mustcontain(notif_body)
def test_extra_email_map(self): usr = UserModel().create_or_update(username=u'test_user', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u1', lastname=u'u1') Session().commit() m = UserEmailMap() m.email = u'*****@*****.**' m.user = usr Session().add(m) Session().commit() u = User.get_by_email(email='*****@*****.**') self.assertEqual(usr.user_id, u.user_id) self.assertEqual(usr.username, u.username) u = User.get_by_email(email='*****@*****.**') self.assertEqual(usr.user_id, u.user_id) self.assertEqual(usr.username, u.username) u = User.get_by_email(email='*****@*****.**') self.assertEqual(None, u) UserModel().delete(usr.user_id) Session().commit()
def test_update(self, name, expected): self.log_user() uname = 'testme' usr = UserModel().create_or_update(username=uname, password='******', email='*****@*****.**') self.Session().commit() params = usr.get_api_data() params.update({name: expected}) params.update({'password_confirmation': ''}) params.update({'new_password': ''}) if name == 'email': params['emails'] = [expected] if name == 'ldap_dn': #cannot update this via form params['ldap_dn'] = None try: response = self.app.put(url('user', id=usr.user_id), params) self.checkSessionFlash(response, '''User updated successfully''') updated_user = User.get_by_username(uname) updated_params = updated_user.get_api_data() updated_params.update({'password_confirmation': ''}) updated_params.update({'new_password': ''}) self.assertEqual(params, updated_params) finally: UserModel().delete('testme')
def __init__(self, methodName='runTest'): Session.remove() self.u1 = UserModel().create_or_update(username=u'u1', password=u'qweqwe', email=u'*****@*****.**', name=u'u1', lastname=u'u1') Session.commit() self.u1 = self.u1.user_id self.u2 = UserModel().create_or_update(username=u'u2', password=u'qweqwe', email=u'*****@*****.**', name=u'u2', lastname=u'u3') Session.commit() self.u2 = self.u2.user_id self.u3 = UserModel().create_or_update(username=u'u3', password=u'qweqwe', email=u'*****@*****.**', name=u'u3', lastname=u'u3') Session.commit() self.u3 = self.u3.user_id super(TestNotifications, self).__init__(methodName=methodName)
def update_user(self, apiuser, userid, username, password, email, firstname, lastname, active, admin, ldap_dn): """ Updates given user :param apiuser: :param username: :param password: :param email: :param name: :param lastname: :param active: :param admin: :param ldap_dn: """ if not UserModel().get_user(userid): raise JSONRPCError("user %s does not exist" % username) try: usr = UserModel().create_or_update( username, password, email, firstname, lastname, active, admin, ldap_dn ) Session.commit() return dict( id=usr.user_id, msg='updated user %s' % username ) except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to update user %s' % username)
def tearDown(self): perm = Permission.query().all() for p in perm: UserModel().revoke_perm(self.u1, p) UserModel().delete(self.u1) Session.commit()
def test_delete(self): self.log_user() cur_user = self._get_logged_user() u1 = UserModel().create_or_update(username='******', password='******', email='*****@*****.**', firstname='u1', lastname='u1') u2 = UserModel().create_or_update(username='******', password='******', email='*****@*****.**', firstname='u2', lastname='u2') # make notifications notification = NotificationModel().create(created_by=cur_user, subject=u'test', body=u'hi there', recipients=[cur_user, u1, u2]) Session().commit() u1 = User.get(u1.user_id) u2 = User.get(u2.user_id) # check DB get_notif = lambda un: [x.notification for x in un] self.assertEqual(get_notif(cur_user.notifications), [notification]) self.assertEqual(get_notif(u1.notifications), [notification]) self.assertEqual(get_notif(u2.notifications), [notification]) cur_usr_id = cur_user.user_id response = self.app.delete(url('notification', notification_id= notification.notification_id)) self.assertEqual(response.body, 'ok') cur_user = User.get(cur_usr_id) self.assertEqual(cur_user.notifications, [])
def test_api_create_user_group_regular_user(self): group_name = 'some_new_group' usr = UserModel().get_by_username(self.TEST_USER_LOGIN) usr.inherit_default_permissions = False Session().add(usr) UserModel().grant_perm(self.TEST_USER_LOGIN, 'hg.usergroup.create.true') Session().commit() id_, params = build_data(self.apikey_regular, 'create_user_group', group_name=group_name) response = api_call(self.app, params) expected = { 'msg': 'created new user group `%s`' % (group_name, ), 'user_group': jsonify(UserGroupModel().get_by_name(group_name).get_api_data()) } try: assert_ok(id_, expected, given=response.body) finally: self.fixture.destroy_user_group(group_name) UserModel().revoke_perm(self.TEST_USER_LOGIN, 'hg.usergroup.create.true') usr = UserModel().get_by_username(self.TEST_USER_LOGIN) usr.inherit_default_permissions = True Session().add(usr) Session().commit()
def create_users(self, request, pylonsapp): Session.remove() self.u1 = UserModel().create_or_update(username=u'u1', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u1', lastname=u'u1') Session().commit() self.u1 = self.u1.user_id self.u2 = UserModel().create_or_update(username=u'u2', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u2', lastname=u'u2') Session().commit() self.u2 = self.u2.user_id self.u3 = UserModel().create_or_update(username=u'u3', password=u'qweqwe', email=u'*****@*****.**', firstname=u'u3', lastname=u'u3') Session().commit() self.u3 = self.u3.user_id self.destroy_users.add('u1') self.destroy_users.add('u2') self.destroy_users.add('u3')
def edit(self, id, format='html'): """GET /users/id/edit: Form to edit an existing item""" # url('edit_user', id=ID) c.user = User.get_or_404(id) if c.user.username == 'default': h.flash(_("You can't edit this user"), category='warning') return redirect(url('users')) c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr) c.user.permissions = {} c.granted_permissions = UserModel().fill_perms(c.user)\ .permissions['global'] c.user_email_map = UserEmailMap.query()\ .filter(UserEmailMap.user == c.user).all() c.user_ip_map = UserIpMap.query()\ .filter(UserIpMap.user == c.user).all() umodel = UserModel() c.ldap_dn = c.user.ldap_dn defaults = c.user.get_dict() defaults.update({ 'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'), 'create_user_group_perm': umodel.has_perm(c.user, 'hg.usergroup.create.true'), 'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'), }) return htmlfill.render(render('admin/users/user_edit.html'), defaults=defaults, encoding="UTF-8", force_defaults=False)
def test_revoke_perm(test_user): perm = Permission.query().all()[0] UserModel().grant_perm(test_user, perm) Session().commit() assert UserModel().has_perm(test_user, perm) # revoke UserModel().revoke_perm(test_user, perm) Session().commit() assert not UserModel().has_perm(test_user, perm)
def cleanup(): if UserModel().get_user(usr.user_id) is None: return perm = Permission.query().all() for p in perm: UserModel().revoke_perm(usr, p) UserModel().delete(usr.user_id) Session().commit()
def test_revoke_perm(self): perm = Permission.query().all()[0] UserModel().grant_perm(self.u1, perm) Session.commit() self.assertEqual(UserModel().has_perm(self.u1, perm), True) #revoke UserModel().revoke_perm(self.u1, perm) Session.commit() self.assertEqual(UserModel().has_perm(self.u1, perm), False)
def test_no_permissions_to_fork(self): usr = self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)['user_id'] user_model = UserModel() user_model.revoke_perm(usr, 'hg.fork.repository') user_model.grant_perm(usr, 'hg.fork.none') u = UserModel().get(usr) u.inherit_default_permissions = False Session().commit() # try create a fork repo_name = HG_REPO self.app.post(url(controller='forks', action='fork_create', repo_name=repo_name), {}, status=403)
def testuser_api(request, pylonsapp): cls = request.cls cls.usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN) cls.apikey = cls.usr.api_key cls.test_user = UserModel().create_or_update( username='******', password='******', email='*****@*****.**', firstname='first', lastname='last') Session().commit() cls.TEST_USER_LOGIN = cls.test_user.username cls.apikey_regular = cls.test_user.api_key
def create_user(self, apiuser, username, email, password=Optional(None), firstname=Optional(None), lastname=Optional(None), active=Optional(True), admin=Optional(False), ldap_dn=Optional(None)): """ Create new user :param apiuser: :param username: :param email: :param password: :param firstname: :param lastname: :param active: :param admin: :param ldap_dn: """ if UserModel().get_by_username(username): raise JSONRPCError("user `%s` already exist" % username) if UserModel().get_by_email(email, case_insensitive=True): raise JSONRPCError("email `%s` already exist" % email) if Optional.extract(ldap_dn): # generate temporary password if ldap_dn password = PasswordGenerator().gen_password(length=8) try: user = UserModel().create_or_update( username=Optional.extract(username), password=Optional.extract(password), email=Optional.extract(email), firstname=Optional.extract(firstname), lastname=Optional.extract(lastname), active=Optional.extract(active), admin=Optional.extract(admin), ldap_dn=Optional.extract(ldap_dn)) Session().commit() return dict(msg='created new user `%s`' % username, user=user.get_api_data()) except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to create user `%s`' % username)
def tearDown(self): if hasattr(self, 'test_repo'): RepoModel().delete(repo=self.test_repo) UserModel().delete(self.u1) UserModel().delete(self.u2) UserModel().delete(self.a1) if hasattr(self, 'g1'): ReposGroupModel().delete(self.g1.group_id) if hasattr(self, 'g2'): ReposGroupModel().delete(self.g2.group_id) if hasattr(self, 'ug1'): UsersGroupModel().delete(self.ug1, force=True) Session.commit()
def test_api_get_repo( self, apikey_attr, expect_secrets, cache_param, backend, user_util): repo = backend.create_repo() usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN) group = user_util.create_user_group(members=[usr]) user_util.grant_user_group_permission_to_repo( repo=repo, user_group=group, permission_name='repository.read') Session().commit() kwargs = { 'repoid': repo.repo_name, } if cache_param is not None: kwargs['cache'] = cache_param apikey = getattr(self, apikey_attr) id_, params = build_data(apikey, 'get_repo', **kwargs) response = api_call(self.app, params) ret = repo.get_api_data() permissions = expected_permissions(repo) followers = [] for user in repo.followers: followers.append(user.user.get_api_data( include_secrets=expect_secrets)) ret['members'] = permissions ret['permissions'] = permissions ret['followers'] = followers expected = ret assert_ok(id_, expected, given=response.body)
def register(self): c.auto_active = False for perm in User.get_by_username('default').user_perms: if perm.permission.permission_name == 'hg.register.auto_activate': c.auto_active = True break if request.POST: register_form = RegisterForm()() try: form_result = register_form.to_python(dict(request.POST)) form_result['active'] = c.auto_active UserModel().create_registration(form_result) h.flash(_('You have successfully registered into rhodecode'), category='success') Session.commit() return redirect(url('login_home')) except formencode.Invalid, errors: return htmlfill.render(render('/register.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8")
def create(self): """POST /users: Create a new item""" # url('users') c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name user_model = UserModel() user_form = UserForm()() try: form_result = user_form.to_python(dict(request.POST)) user = user_model.create(form_result) Session().flush() username = form_result['username'] action_logger(c.rhodecode_user, 'admin_created_user:%s' % username, None, self.ip_addr, self.sa) user_link = h.link_to(h.escape(username), url('edit_user', user_id=user.user_id)) h.flash(h.literal( _('Created user %(user_link)s') % {'user_link': user_link}), category='success') Session().commit() except formencode.Invalid as errors: return htmlfill.render(render('admin/users/user_add.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8", force_defaults=False) except UserCreationError as e: h.flash(e, 'error') except Exception: log.exception("Exception creation of user") h.flash(_('Error occurred during creation of user %s') % request.POST.get('username'), category='error') return redirect(url('users'))
def test_api_delete_repo_group_regular_user(self, user_util): repo_group = user_util.create_repo_group(auto_cleanup=False) repo_group_name = repo_group.group_name repo_group_id = repo_group.group_id user = UserModel().get_by_username(self.TEST_USER_LOGIN) user_util.grant_user_permission_to_repo_group(repo_group, user, 'group.admin') id_, params = build_data( self.apikey, 'delete_repo_group', repogroupid=repo_group_name, ) response = api_call(self.app, params) ret = { 'msg': 'deleted repo group ID:%s %s' % (repo_group_id, repo_group_name), 'repo_group': None } expected = ret assert_ok(id_, expected, given=response.body) gr = RepoGroupModel()._get_repo_group(repo_group_name) assert gr is None
def test_non_inherited_permissions_from_default_on_user_disabled(self): user_model = UserModel() # disable fork and create on default user usr = '******' user_model.revoke_perm(usr, 'hg.create.repository') user_model.grant_perm(usr, 'hg.create.none') user_model.revoke_perm(usr, 'hg.fork.repository') user_model.grant_perm(usr, 'hg.fork.none') #enable global perms on specific user user_model.revoke_perm(self.u1, 'hg.create.none') user_model.grant_perm(self.u1, 'hg.create.repository') user_model.revoke_perm(self.u1, 'hg.fork.none') user_model.grant_perm(self.u1, 'hg.fork.repository') # make sure inherit flag is turned off self.u1.inherit_default_permissions = False Session().commit() u1_auth = AuthUser(user_id=self.u1.user_id) # this user will have non inherited permissions from he's # explicitly set permissions self.assertEqual( u1_auth.permissions['global'], set([ 'hg.create.repository', 'hg.fork.repository', 'hg.register.manual_activate', 'repository.read', 'group.read' ]))
def create_default_user(self): log.info('creating default user') # create default user for handling default permissions. UserModel().create_or_update(username='******', password=str(uuid.uuid1())[:8], email='*****@*****.**', firstname='Anonymous', lastname='User')
def test_api_revoke_user_group_permission_from_user_group( self, name, user_util): user = UserModel().get_by_username(self.TEST_USER_LOGIN) group = user_util.create_user_group() source_group = user_util.create_user_group() user_util.grant_user_permission_to_user_group(group, user, 'usergroup.read') user_util.grant_user_group_permission_to_user_group( source_group, group, 'usergroup.read') id_, params = build_data( self.apikey, 'revoke_user_group_permission_from_user_group', usergroupid=group.users_group_name, sourceusergroupid=source_group.users_group_name) response = api_call(self.app, params) expected = { 'msg': 'Revoked perm for user group: `%s` in user group: `%s`' % (source_group.users_group_name, group.users_group_name), 'success': True } assert_ok(id_, expected, given=response.body)
def test_merge_failed(self, pull_request, merge_extras): user = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN) self.merge_mock.return_value = MergeResponse( False, False, '6126b7bfcc82ad2d3deaee22af926b082ce54cc6', MergeFailureReason.MERGE_FAILED) PullRequestModel().merge(pull_request, pull_request.author, extras=merge_extras) message = ( u'Merge pull request #{pr_id} from {source_repo} {source_ref_name}' u'\n\n {pr_title}'.format( pr_id=pull_request.pull_request_id, source_repo=safe_unicode( pull_request.source_repo.scm_instance().name), source_ref_name=pull_request.source_ref_parts.name, pr_title=safe_unicode(pull_request.title))) self.merge_mock.assert_called_once_with( pull_request.target_ref_parts, pull_request.source_repo.scm_instance(), pull_request.source_ref_parts, self.workspace_id, user_name=user.username, user_email=user.email, message=message) pull_request = PullRequest.get(pull_request.pull_request_id) assert self.invalidation_mock.called is False assert pull_request.merge_rev is None
def delete_user(request, apiuser, userid): """ Deletes the specified user from the |RCE| user database. This command can only be run using an |authtoken| with admin rights to the specified repository. .. important:: Ensure all open pull requests and open code review requests to this user are close. Also ensure all repositories, or repository groups owned by this user are reassigned before deletion. This command takes the following options: :param apiuser: This is filled automatically from the |authtoken|. :type apiuser: AuthUser :param userid: Set the user to delete. :type userid: str or int Example output: .. code-block:: bash id : <id_given_in_input> result: { "msg" : "deleted user ID:<userid> <username>", "user": null } error: null Example error output: .. code-block:: bash id : <id_given_in_input> result : null error : { "failed to delete user ID:<userid> <username>" } """ if not has_superadmin_permission(apiuser): raise JSONRPCForbidden() user = get_user_or_error(userid) try: UserModel().delete(userid) Session().commit() return { 'msg': 'deleted user ID:%s %s' % (user.user_id, user.username), 'user': None } except Exception: log.exception("Error occurred during deleting of user") raise JSONRPCError('failed to delete user ID:%s %s' % (user.user_id, user.username))
def test_api_grant_user_permission_to_repo_group_by_regular_user( self, name, perm, apply_to_children, grant_admin, access_ok, user_util): user = user_util.create_user() repo_group = user_util.create_repo_group() if grant_admin: test_user = UserModel().get_by_username(self.TEST_USER_LOGIN) user_util.grant_user_permission_to_repo_group( repo_group, test_user, 'group.admin') id_, params = build_data( self.apikey_regular, 'grant_user_permission_to_repo_group', repogroupid=repo_group.name, userid=user.username, perm=perm, apply_to_children=apply_to_children) response = api_call(self.app, params) if access_ok: ret = { 'msg': ( 'Granted perm: `%s` (recursive:%s) for user: `%s`' ' in repo group: `%s`' % ( perm, apply_to_children, user.username, repo_group.name ) ), 'success': True } expected = ret assert_ok(id_, expected, given=response.body) else: expected = 'repository group `%s` does not exist' % ( repo_group.name, ) assert_error(id_, expected, given=response.body)
def test_api_grant_user_permission_to_user_group_by_regular_user( self, name, perm, grant_admin, access_ok, user_util): api_user = UserModel().get_by_username(self.TEST_USER_LOGIN) user = user_util.create_user() group = user_util.create_user_group() # grant the user ability to at least read the group permission = 'usergroup.admin' if grant_admin else 'usergroup.read' user_util.grant_user_permission_to_user_group(group, api_user, permission) id_, params = build_data(self.apikey_regular, 'grant_user_permission_to_user_group', usergroupid=group.users_group_name, userid=user.username, perm=perm) response = api_call(self.app, params) if access_ok: ret = { 'msg': ('Granted perm: `%s` for user: `%s` in user group: `%s`' % (perm, user.username, group.users_group_name)), 'success': True } expected = ret assert_ok(id_, expected, given=response.body) else: expected = 'user group `%s` does not exist' % ( group.users_group_name) assert_error(id_, expected, given=response.body)
def register(self): c.auto_active = 'hg.register.auto_activate' in User.get_default_user()\ .AuthUser.permissions['global'] if request.POST: register_form = RegisterForm()() try: form_result = register_form.to_python(dict(request.POST)) form_result['active'] = c.auto_active UserModel().create_registration(form_result) h.flash(_('You have successfully registered into RhodeCode'), category='success') Session().commit() return redirect(url('login_home')) except formencode.Invalid, errors: return htmlfill.render( render('/register.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8") except UserCreationError, e: # container auth or other auth functions that create users on # the fly can throw this exception signaling that there's issue # with user creation, explanation should be provided in # Exception itself h.flash(e, 'error')