async def test_deny_other_users_workflow(self):
other_workflow = add_new_workflow(
'Workflow 2',
owner=create_test_user('other', '*****@*****.**')
)
comm = WebsocketCommunicator(self.application, f'/workflows/{other_workflow.id}/')
connected, _ = await comm.connect()
self.assertFalse(connected)
async def test_deny_other_users_workflow(self, communicate):
other_workflow = Workflow.objects.create(
name='Workflow 2',
owner=create_test_user('other', '*****@*****.**')
)
comm = communicate(self.application,
f'/workflows/{other_workflow.id}/')
connected, _ = await comm.connect()
self.assertFalse(connected)
def setUp(self):
super(ChannelTests, self).setUp()
self.user = create_test_user(username='******',
email='*****@*****.**')
self.workflow = add_new_workflow('Workflow 1')
self.wf_id = self.workflow.id
self.module = add_new_module_version('Module')
self.wf_module = add_new_wf_module(self.workflow, self.module)
self.application = self.mock_auth_middleware(create_url_router())
def test_auth(self):
# Create otheruser and try to access workflow owned by default user
other_user = create_test_user(username='******',
email='*****@*****.**')
wf = add_new_workflow('New Workflow', owner=other_user)
wfm = load_and_add_module('concaturl', workflow=wf)
result = store_external_workflow(
wfm,
f'https://app.workbenchdata.com/workflows/{self.ext_wfm.workflow_id}/'
)
self.assertEqual(
result,
ProcessResult(error='Access denied to the target workflow'))
def setUp(self):
super().setUp()
clear_db()
self.user = create_test_user(username='******',
email='*****@*****.**')
self.workflow = Workflow.objects.create(name='Workflow 1',
owner=self.user)
self.wf_id = self.workflow.id
self.module = add_new_module_version('Module')
self.wf_module = add_new_wf_module(self.workflow, self.module)
self.application = self.mock_auth_middleware(create_url_router())
self.communicators = []
def log_in(self):
self.user = create_test_user()
self.client.force_login(self.user)
def other_user(self):
# User created on first access
if not hasattr(self, '_other_user'):
self._other_user = create_test_user('attacker', '*****@*****.**',
'alksjdghalskdjfh')
return self._other_user
def other_user(self):
# User created on first access
if not hasattr(self, "_other_user"):
self._other_user = create_test_user("attacker", "*****@*****.**",
"alksjdghalskdjfh")
return self._other_user
