def prepare_users(self, request):
# TODO: User creation is a duplicate of test_nofitications, check
# if that can be unified
self.u1 = UserModel().create_or_update(username=u'u1',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u1',
lastname=u'u1')
self.u2 = UserModel().create_or_update(username=u'u2',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u2',
lastname=u'u2')
self.u3 = UserModel().create_or_update(username=u'u3',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u3',
lastname=u'u3')
self.anon = User.get_default_user()
self.a1 = UserModel().create_or_update(username=u'a1',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'a1',
lastname=u'a1',
admin=True)
Session().commit()
request.addfinalizer(self.cleanup)
def test_show(self, user, password):
self.log_user(user, password)
cur_user = self._get_logged_user()
u1 = UserModel().create_or_update(username='******',
password='******',
email='*****@*****.**',
firstname='u1',
lastname='u1')
u2 = UserModel().create_or_update(username='******',
password='******',
email='*****@*****.**',
firstname='u2',
lastname='u2')
self.destroy_users.add('u1')
self.destroy_users.add('u2')
subject = u'test'
notif_body = u'hi there'
notification = NotificationModel().create(
created_by=cur_user,
notification_subject=subject,
notification_body=notif_body,
recipients=[cur_user, u1, u2])
response = self.app.get(
url('notification', notification_id=notification.notification_id))
response.mustcontain(subject)
response.mustcontain(notif_body)
def test_extra_email_map(self):
usr = UserModel().create_or_update(username=u'test_user',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u1', lastname=u'u1')
Session().commit()
m = UserEmailMap()
m.email = u'*****@*****.**'
m.user = usr
Session().add(m)
Session().commit()
u = User.get_by_email(email='*****@*****.**')
self.assertEqual(usr.user_id, u.user_id)
self.assertEqual(usr.username, u.username)
u = User.get_by_email(email='*****@*****.**')
self.assertEqual(usr.user_id, u.user_id)
self.assertEqual(usr.username, u.username)
u = User.get_by_email(email='*****@*****.**')
self.assertEqual(None, u)
UserModel().delete(usr.user_id)
Session().commit()
def test_update(self, name, expected):
self.log_user()
uname = 'testme'
usr = UserModel().create_or_update(username=uname,
password='******',
email='*****@*****.**')
self.Session().commit()
params = usr.get_api_data()
params.update({name: expected})
params.update({'password_confirmation': ''})
params.update({'new_password': ''})
if name == 'email':
params['emails'] = [expected]
if name == 'ldap_dn':
#cannot update this via form
params['ldap_dn'] = None
try:
response = self.app.put(url('user', id=usr.user_id), params)
self.checkSessionFlash(response, '''User updated successfully''')
updated_user = User.get_by_username(uname)
updated_params = updated_user.get_api_data()
updated_params.update({'password_confirmation': ''})
updated_params.update({'new_password': ''})
self.assertEqual(params, updated_params)
finally:
UserModel().delete('testme')
def __init__(self, methodName='runTest'):
Session.remove()
self.u1 = UserModel().create_or_update(username=u'u1',
password=u'qweqwe',
email=u'*****@*****.**',
name=u'u1',
lastname=u'u1')
Session.commit()
self.u1 = self.u1.user_id
self.u2 = UserModel().create_or_update(username=u'u2',
password=u'qweqwe',
email=u'*****@*****.**',
name=u'u2',
lastname=u'u3')
Session.commit()
self.u2 = self.u2.user_id
self.u3 = UserModel().create_or_update(username=u'u3',
password=u'qweqwe',
email=u'*****@*****.**',
name=u'u3',
lastname=u'u3')
Session.commit()
self.u3 = self.u3.user_id
super(TestNotifications, self).__init__(methodName=methodName)
def update_user(self, apiuser, userid, username, password, email,
firstname, lastname, active, admin, ldap_dn):
"""
Updates given user
:param apiuser:
:param username:
:param password:
:param email:
:param name:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
"""
if not UserModel().get_user(userid):
raise JSONRPCError("user %s does not exist" % username)
try:
usr = UserModel().create_or_update(
username, password, email, firstname,
lastname, active, admin, ldap_dn
)
Session.commit()
return dict(
id=usr.user_id,
msg='updated user %s' % username
)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to update user %s' % username)
def tearDown(self):
perm = Permission.query().all()
for p in perm:
UserModel().revoke_perm(self.u1, p)
UserModel().delete(self.u1)
Session.commit()
def test_delete(self):
self.log_user()
cur_user = self._get_logged_user()
u1 = UserModel().create_or_update(username='******', password='******',
email='*****@*****.**',
firstname='u1', lastname='u1')
u2 = UserModel().create_or_update(username='******', password='******',
email='*****@*****.**',
firstname='u2', lastname='u2')
# make notifications
notification = NotificationModel().create(created_by=cur_user,
subject=u'test',
body=u'hi there',
recipients=[cur_user, u1, u2])
Session().commit()
u1 = User.get(u1.user_id)
u2 = User.get(u2.user_id)
# check DB
get_notif = lambda un: [x.notification for x in un]
self.assertEqual(get_notif(cur_user.notifications), [notification])
self.assertEqual(get_notif(u1.notifications), [notification])
self.assertEqual(get_notif(u2.notifications), [notification])
cur_usr_id = cur_user.user_id
response = self.app.delete(url('notification',
notification_id=
notification.notification_id))
self.assertEqual(response.body, 'ok')
cur_user = User.get(cur_usr_id)
self.assertEqual(cur_user.notifications, [])
def test_api_create_user_group_regular_user(self):
group_name = 'some_new_group'
usr = UserModel().get_by_username(self.TEST_USER_LOGIN)
usr.inherit_default_permissions = False
Session().add(usr)
UserModel().grant_perm(self.TEST_USER_LOGIN,
'hg.usergroup.create.true')
Session().commit()
id_, params = build_data(self.apikey_regular,
'create_user_group',
group_name=group_name)
response = api_call(self.app, params)
expected = {
'msg':
'created new user group `%s`' % (group_name, ),
'user_group':
jsonify(UserGroupModel().get_by_name(group_name).get_api_data())
}
try:
assert_ok(id_, expected, given=response.body)
finally:
self.fixture.destroy_user_group(group_name)
UserModel().revoke_perm(self.TEST_USER_LOGIN,
'hg.usergroup.create.true')
usr = UserModel().get_by_username(self.TEST_USER_LOGIN)
usr.inherit_default_permissions = True
Session().add(usr)
Session().commit()
def create_users(self, request, pylonsapp):
Session.remove()
self.u1 = UserModel().create_or_update(username=u'u1',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u1',
lastname=u'u1')
Session().commit()
self.u1 = self.u1.user_id
self.u2 = UserModel().create_or_update(username=u'u2',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u2',
lastname=u'u2')
Session().commit()
self.u2 = self.u2.user_id
self.u3 = UserModel().create_or_update(username=u'u3',
password=u'qweqwe',
email=u'*****@*****.**',
firstname=u'u3',
lastname=u'u3')
Session().commit()
self.u3 = self.u3.user_id
self.destroy_users.add('u1')
self.destroy_users.add('u2')
self.destroy_users.add('u3')
def edit(self, id, format='html'):
"""GET /users/id/edit: Form to edit an existing item"""
# url('edit_user', id=ID)
c.user = User.get_or_404(id)
if c.user.username == 'default':
h.flash(_("You can't edit this user"), category='warning')
return redirect(url('users'))
c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)
c.user.permissions = {}
c.granted_permissions = UserModel().fill_perms(c.user)\
.permissions['global']
c.user_email_map = UserEmailMap.query()\
.filter(UserEmailMap.user == c.user).all()
c.user_ip_map = UserIpMap.query()\
.filter(UserIpMap.user == c.user).all()
umodel = UserModel()
c.ldap_dn = c.user.ldap_dn
defaults = c.user.get_dict()
defaults.update({
'create_repo_perm':
umodel.has_perm(c.user, 'hg.create.repository'),
'create_user_group_perm':
umodel.has_perm(c.user, 'hg.usergroup.create.true'),
'fork_repo_perm':
umodel.has_perm(c.user, 'hg.fork.repository'),
})
return htmlfill.render(render('admin/users/user_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False)
def test_revoke_perm(test_user):
perm = Permission.query().all()[0]
UserModel().grant_perm(test_user, perm)
Session().commit()
assert UserModel().has_perm(test_user, perm)
# revoke
UserModel().revoke_perm(test_user, perm)
Session().commit()
assert not UserModel().has_perm(test_user, perm)
def cleanup():
if UserModel().get_user(usr.user_id) is None:
return
perm = Permission.query().all()
for p in perm:
UserModel().revoke_perm(usr, p)
UserModel().delete(usr.user_id)
Session().commit()
def test_revoke_perm(self):
perm = Permission.query().all()[0]
UserModel().grant_perm(self.u1, perm)
Session.commit()
self.assertEqual(UserModel().has_perm(self.u1, perm), True)
#revoke
UserModel().revoke_perm(self.u1, perm)
Session.commit()
self.assertEqual(UserModel().has_perm(self.u1, perm), False)
def test_no_permissions_to_fork(self):
usr = self.log_user(TEST_USER_REGULAR_LOGIN,
TEST_USER_REGULAR_PASS)['user_id']
user_model = UserModel()
user_model.revoke_perm(usr, 'hg.fork.repository')
user_model.grant_perm(usr, 'hg.fork.none')
u = UserModel().get(usr)
u.inherit_default_permissions = False
Session().commit()
# try create a fork
repo_name = HG_REPO
self.app.post(url(controller='forks', action='fork_create',
repo_name=repo_name), {}, status=403)
def testuser_api(request, pylonsapp):
cls = request.cls
cls.usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN)
cls.apikey = cls.usr.api_key
cls.test_user = UserModel().create_or_update(
username='******',
password='******',
email='*****@*****.**',
firstname='first',
lastname='last')
Session().commit()
cls.TEST_USER_LOGIN = cls.test_user.username
cls.apikey_regular = cls.test_user.api_key
def create_user(self,
apiuser,
username,
email,
password=Optional(None),
firstname=Optional(None),
lastname=Optional(None),
active=Optional(True),
admin=Optional(False),
ldap_dn=Optional(None)):
"""
Create new user
:param apiuser:
:param username:
:param email:
:param password:
:param firstname:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
"""
if UserModel().get_by_username(username):
raise JSONRPCError("user `%s` already exist" % username)
if UserModel().get_by_email(email, case_insensitive=True):
raise JSONRPCError("email `%s` already exist" % email)
if Optional.extract(ldap_dn):
# generate temporary password if ldap_dn
password = PasswordGenerator().gen_password(length=8)
try:
user = UserModel().create_or_update(
username=Optional.extract(username),
password=Optional.extract(password),
email=Optional.extract(email),
firstname=Optional.extract(firstname),
lastname=Optional.extract(lastname),
active=Optional.extract(active),
admin=Optional.extract(admin),
ldap_dn=Optional.extract(ldap_dn))
Session().commit()
return dict(msg='created new user `%s`' % username,
user=user.get_api_data())
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to create user `%s`' % username)
def tearDown(self):
if hasattr(self, 'test_repo'):
RepoModel().delete(repo=self.test_repo)
UserModel().delete(self.u1)
UserModel().delete(self.u2)
UserModel().delete(self.a1)
if hasattr(self, 'g1'):
ReposGroupModel().delete(self.g1.group_id)
if hasattr(self, 'g2'):
ReposGroupModel().delete(self.g2.group_id)
if hasattr(self, 'ug1'):
UsersGroupModel().delete(self.ug1, force=True)
Session.commit()
def test_api_get_repo(
self, apikey_attr, expect_secrets, cache_param, backend,
user_util):
repo = backend.create_repo()
usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN)
group = user_util.create_user_group(members=[usr])
user_util.grant_user_group_permission_to_repo(
repo=repo, user_group=group, permission_name='repository.read')
Session().commit()
kwargs = {
'repoid': repo.repo_name,
}
if cache_param is not None:
kwargs['cache'] = cache_param
apikey = getattr(self, apikey_attr)
id_, params = build_data(apikey, 'get_repo', **kwargs)
response = api_call(self.app, params)
ret = repo.get_api_data()
permissions = expected_permissions(repo)
followers = []
for user in repo.followers:
followers.append(user.user.get_api_data(
include_secrets=expect_secrets))
ret['members'] = permissions
ret['permissions'] = permissions
ret['followers'] = followers
expected = ret
assert_ok(id_, expected, given=response.body)
def register(self):
c.auto_active = False
for perm in User.get_by_username('default').user_perms:
if perm.permission.permission_name == 'hg.register.auto_activate':
c.auto_active = True
break
if request.POST:
register_form = RegisterForm()()
try:
form_result = register_form.to_python(dict(request.POST))
form_result['active'] = c.auto_active
UserModel().create_registration(form_result)
h.flash(_('You have successfully registered into rhodecode'),
category='success')
Session.commit()
return redirect(url('login_home'))
except formencode.Invalid, errors:
return htmlfill.render(render('/register.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8")
def create(self):
"""POST /users: Create a new item"""
# url('users')
c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
user_model = UserModel()
user_form = UserForm()()
try:
form_result = user_form.to_python(dict(request.POST))
user = user_model.create(form_result)
Session().flush()
username = form_result['username']
action_logger(c.rhodecode_user, 'admin_created_user:%s' % username,
None, self.ip_addr, self.sa)
user_link = h.link_to(h.escape(username),
url('edit_user', user_id=user.user_id))
h.flash(h.literal(
_('Created user %(user_link)s') % {'user_link': user_link}),
category='success')
Session().commit()
except formencode.Invalid as errors:
return htmlfill.render(render('admin/users/user_add.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8",
force_defaults=False)
except UserCreationError as e:
h.flash(e, 'error')
except Exception:
log.exception("Exception creation of user")
h.flash(_('Error occurred during creation of user %s') %
request.POST.get('username'),
category='error')
return redirect(url('users'))
def test_api_delete_repo_group_regular_user(self, user_util):
repo_group = user_util.create_repo_group(auto_cleanup=False)
repo_group_name = repo_group.group_name
repo_group_id = repo_group.group_id
user = UserModel().get_by_username(self.TEST_USER_LOGIN)
user_util.grant_user_permission_to_repo_group(repo_group, user,
'group.admin')
id_, params = build_data(
self.apikey,
'delete_repo_group',
repogroupid=repo_group_name,
)
response = api_call(self.app, params)
ret = {
'msg':
'deleted repo group ID:%s %s' % (repo_group_id, repo_group_name),
'repo_group': None
}
expected = ret
assert_ok(id_, expected, given=response.body)
gr = RepoGroupModel()._get_repo_group(repo_group_name)
assert gr is None
def test_non_inherited_permissions_from_default_on_user_disabled(self):
user_model = UserModel()
# disable fork and create on default user
usr = '******'
user_model.revoke_perm(usr, 'hg.create.repository')
user_model.grant_perm(usr, 'hg.create.none')
user_model.revoke_perm(usr, 'hg.fork.repository')
user_model.grant_perm(usr, 'hg.fork.none')
#enable global perms on specific user
user_model.revoke_perm(self.u1, 'hg.create.none')
user_model.grant_perm(self.u1, 'hg.create.repository')
user_model.revoke_perm(self.u1, 'hg.fork.none')
user_model.grant_perm(self.u1, 'hg.fork.repository')
# make sure inherit flag is turned off
self.u1.inherit_default_permissions = False
Session().commit()
u1_auth = AuthUser(user_id=self.u1.user_id)
# this user will have non inherited permissions from he's
# explicitly set permissions
self.assertEqual(
u1_auth.permissions['global'],
set([
'hg.create.repository', 'hg.fork.repository',
'hg.register.manual_activate', 'repository.read', 'group.read'
]))
def create_default_user(self):
log.info('creating default user')
# create default user for handling default permissions.
UserModel().create_or_update(username='******',
password=str(uuid.uuid1())[:8],
email='*****@*****.**',
firstname='Anonymous', lastname='User')
def test_api_revoke_user_group_permission_from_user_group(
self, name, user_util):
user = UserModel().get_by_username(self.TEST_USER_LOGIN)
group = user_util.create_user_group()
source_group = user_util.create_user_group()
user_util.grant_user_permission_to_user_group(group, user,
'usergroup.read')
user_util.grant_user_group_permission_to_user_group(
source_group, group, 'usergroup.read')
id_, params = build_data(
self.apikey,
'revoke_user_group_permission_from_user_group',
usergroupid=group.users_group_name,
sourceusergroupid=source_group.users_group_name)
response = api_call(self.app, params)
expected = {
'msg':
'Revoked perm for user group: `%s` in user group: `%s`' %
(source_group.users_group_name, group.users_group_name),
'success':
True
}
assert_ok(id_, expected, given=response.body)
def test_merge_failed(self, pull_request, merge_extras):
user = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN)
self.merge_mock.return_value = MergeResponse(
False, False, '6126b7bfcc82ad2d3deaee22af926b082ce54cc6',
MergeFailureReason.MERGE_FAILED)
PullRequestModel().merge(pull_request,
pull_request.author,
extras=merge_extras)
message = (
u'Merge pull request #{pr_id} from {source_repo} {source_ref_name}'
u'\n\n {pr_title}'.format(
pr_id=pull_request.pull_request_id,
source_repo=safe_unicode(
pull_request.source_repo.scm_instance().name),
source_ref_name=pull_request.source_ref_parts.name,
pr_title=safe_unicode(pull_request.title)))
self.merge_mock.assert_called_once_with(
pull_request.target_ref_parts,
pull_request.source_repo.scm_instance(),
pull_request.source_ref_parts,
self.workspace_id,
user_name=user.username,
user_email=user.email,
message=message)
pull_request = PullRequest.get(pull_request.pull_request_id)
assert self.invalidation_mock.called is False
assert pull_request.merge_rev is None
def delete_user(request, apiuser, userid):
"""
Deletes the specified user from the |RCE| user database.
This command can only be run using an |authtoken| with admin rights to
the specified repository.
.. important::
Ensure all open pull requests and open code review
requests to this user are close.
Also ensure all repositories, or repository groups owned by this
user are reassigned before deletion.
This command takes the following options:
:param apiuser: This is filled automatically from the |authtoken|.
:type apiuser: AuthUser
:param userid: Set the user to delete.
:type userid: str or int
Example output:
.. code-block:: bash
id : <id_given_in_input>
result: {
"msg" : "deleted user ID:<userid> <username>",
"user": null
}
error: null
Example error output:
.. code-block:: bash
id : <id_given_in_input>
result : null
error : {
"failed to delete user ID:<userid> <username>"
}
"""
if not has_superadmin_permission(apiuser):
raise JSONRPCForbidden()
user = get_user_or_error(userid)
try:
UserModel().delete(userid)
Session().commit()
return {
'msg': 'deleted user ID:%s %s' % (user.user_id, user.username),
'user': None
}
except Exception:
log.exception("Error occurred during deleting of user")
raise JSONRPCError('failed to delete user ID:%s %s' %
(user.user_id, user.username))
def test_api_grant_user_permission_to_repo_group_by_regular_user(
self, name, perm, apply_to_children, grant_admin, access_ok,
user_util):
user = user_util.create_user()
repo_group = user_util.create_repo_group()
if grant_admin:
test_user = UserModel().get_by_username(self.TEST_USER_LOGIN)
user_util.grant_user_permission_to_repo_group(
repo_group, test_user, 'group.admin')
id_, params = build_data(
self.apikey_regular, 'grant_user_permission_to_repo_group',
repogroupid=repo_group.name, userid=user.username,
perm=perm, apply_to_children=apply_to_children)
response = api_call(self.app, params)
if access_ok:
ret = {
'msg': (
'Granted perm: `%s` (recursive:%s) for user: `%s`'
' in repo group: `%s`' % (
perm, apply_to_children, user.username, repo_group.name
)
),
'success': True
}
expected = ret
assert_ok(id_, expected, given=response.body)
else:
expected = 'repository group `%s` does not exist' % (
repo_group.name, )
assert_error(id_, expected, given=response.body)
def test_api_grant_user_permission_to_user_group_by_regular_user(
self, name, perm, grant_admin, access_ok, user_util):
api_user = UserModel().get_by_username(self.TEST_USER_LOGIN)
user = user_util.create_user()
group = user_util.create_user_group()
# grant the user ability to at least read the group
permission = 'usergroup.admin' if grant_admin else 'usergroup.read'
user_util.grant_user_permission_to_user_group(group, api_user,
permission)
id_, params = build_data(self.apikey_regular,
'grant_user_permission_to_user_group',
usergroupid=group.users_group_name,
userid=user.username,
perm=perm)
response = api_call(self.app, params)
if access_ok:
ret = {
'msg':
('Granted perm: `%s` for user: `%s` in user group: `%s`' %
(perm, user.username, group.users_group_name)),
'success':
True
}
expected = ret
assert_ok(id_, expected, given=response.body)
else:
expected = 'user group `%s` does not exist' % (
group.users_group_name)
assert_error(id_, expected, given=response.body)
def register(self):
c.auto_active = 'hg.register.auto_activate' in User.get_default_user()\
.AuthUser.permissions['global']
if request.POST:
register_form = RegisterForm()()
try:
form_result = register_form.to_python(dict(request.POST))
form_result['active'] = c.auto_active
UserModel().create_registration(form_result)
h.flash(_('You have successfully registered into RhodeCode'),
category='success')
Session().commit()
return redirect(url('login_home'))
except formencode.Invalid, errors:
return htmlfill.render(
render('/register.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8")
except UserCreationError, e:
# container auth or other auth functions that create users on
# the fly can throw this exception signaling that there's issue
# with user creation, explanation should be provided in
# Exception itself
h.flash(e, 'error')
