async def test_user_change_password(client, sys_db, cluster):
if cluster:
pytest.skip('Not tested in a cluster setup')
username = generate_username()
password1 = generate_string()
password2 = generate_string()
await sys_db.create_user(username, password1)
await sys_db.update_permission(username, 'rw', sys_db.name)
db1 = await client.db(sys_db.name, username, password1)
db2 = await client.db(sys_db.name, username, password2)
# Check authentication
assert isinstance(await db1.properties(), dict)
with assert_raises(DatabasePropertiesError) as err:
await db2.properties()
assert err.value.http_code == 401
# Update the user password and check again
await sys_db.update_user(username, password2)
assert isinstance(await db2.properties(), dict)
with assert_raises(DatabasePropertiesError) as err:
await db1.properties()
assert err.value.http_code == 401
# Replace the user password back and check again
await sys_db.update_user(username, password1)
assert isinstance(await db1.properties(), dict)
with assert_raises(DatabasePropertiesError) as err:
await db2.properties()
assert err.value.http_code == 401
async def sys_db(client):
sys_db = await client.db(name='_system',
username='******',
password=global_data.get('passwd'),
superuser_token=generate_jwt(
global_data.get('secret')))
username = generate_username()
password = generate_string()
global_data['username'] = username
global_data['password'] = password
await sys_db.create_database(name=global_data.get('tst_db_name'),
users=[{
'active': True,
'username': username,
'password': password,
}])
yield sys_db
await sys_db.clear_async_jobs()
# Remove all test tasks.
for task in await sys_db.tasks():
task_name = task['name']
if task_name.startswith('test_task'):
await sys_db.delete_task(task_name, ignore_missing=True)
# Remove all test users.
for user in await sys_db.users():
username = user['username']
if username.startswith('test_user'):
await sys_db.delete_user(username, ignore_missing=True)
# Remove all test databases.
for db_name in await sys_db.databases():
if db_name.startswith('test_database'):
await sys_db.delete_database(db_name, ignore_missing=True)
# Remove all test collections.
for collection in await sys_db.collections():
col_name = collection['name']
if col_name.startswith('test_collection'):
await sys_db.delete_collection(col_name, ignore_missing=True)
async def test_client_bad_connection(db, username, password, cluster):
client = ArangoClient(hosts=f'http://127.0.0.1:{arango_image.get_port()}')
bad_db_name = generate_db_name()
bad_username = generate_username()
bad_password = generate_string()
if not cluster:
# Test connection with bad username password
with pytest.raises(ServerConnectionError):
await client.db(db.name, bad_username, bad_password, verify=True)
# Test connection with missing database
with pytest.raises(ServerConnectionError):
await client.db(bad_db_name, bad_username, bad_password, verify=True)
await client.close()
# Test connection with invalid host URL
client = ArangoClient(hosts='http://127.0.0.1:8500')
with pytest.raises(ServerConnectionError) as err:
await client.db(db.name, username, password, verify=True)
assert 'bad connection' in str(err.value)
await client.close()
async def test_user_management(sys_db, bad_db):
# Test create user
username = generate_username()
password = generate_string()
assert not await sys_db.has_user(username)
new_user = await sys_db.create_user(
username=username,
password=password,
active=True,
extra={'foo': 'bar'},
)
assert new_user['username'] == username
assert new_user['active'] is True
assert new_user['extra'] == {'foo': 'bar'}
assert await sys_db.has_user(username)
# Test create duplicate user
with assert_raises(UserCreateError) as err:
await sys_db.create_user(username=username, password=password)
assert err.value.error_code == 1702
# Test list users
for user in await sys_db.users():
assert isinstance(user['username'], string_types)
assert isinstance(user['active'], bool)
assert isinstance(user['extra'], dict)
assert await sys_db.user(username) == new_user
# Test list users with bad database
with assert_raises(UserListError) as err:
await bad_db.users()
assert err.value.error_code in {11, 1228}
# Test get user
users = await sys_db.users()
for user in users:
assert 'active' in user
assert 'extra' in user
assert 'username' in user
assert username in await extract('username', await sys_db.users())
# Test get missing user
with assert_raises(UserGetError) as err:
await sys_db.user(generate_username())
assert err.value.error_code == 1703
# Update existing user
new_user = await sys_db.update_user(
username=username,
password=password,
active=False,
extra={'bar': 'baz'},
)
assert new_user['username'] == username
assert new_user['active'] is False
assert new_user['extra'] == {'bar': 'baz'}
assert await sys_db.user(username) == new_user
# Update missing user
with assert_raises(UserUpdateError) as err:
await sys_db.update_user(username=generate_username(),
password=generate_string())
assert err.value.error_code == 1703
# Replace existing user
new_user = await sys_db.replace_user(
username=username,
password=password,
active=False,
extra={'baz': 'qux'},
)
assert new_user['username'] == username
assert new_user['active'] is False
assert new_user['extra'] == {'baz': 'qux'}
assert await sys_db.user(username) == new_user
# Replace missing user
with assert_raises(UserReplaceError) as err:
await sys_db.replace_user(username=generate_username(),
password=generate_string())
assert err.value.error_code == 1703
# Delete an existing user
assert await sys_db.delete_user(username) is True
# Delete a missing user
with assert_raises(UserDeleteError) as err:
await sys_db.delete_user(username, ignore_missing=False)
assert err.value.error_code == 1703
assert await sys_db.delete_user(username, ignore_missing=True) is False
async def test_user_create_with_new_database(client, sys_db, cluster):
if cluster:
pytest.skip('Not tested in a cluster setup')
db_name = generate_db_name()
username1 = generate_username()
username2 = generate_username()
username3 = generate_username()
password1 = generate_string()
password2 = generate_string()
password3 = generate_string()
result = await sys_db.create_database(name=db_name,
users=[
{
'username': username1,
'password': password1,
'active': True
},
{
'username': username2,
'password': password2,
'active': True
},
{
'username': username3,
'password': password3,
'active': False
},
])
assert result is True
await sys_db.update_permission(username1,
permission='rw',
database=db_name)
await sys_db.update_permission(username2,
permission='rw',
database=db_name)
await sys_db.update_permission(username3,
permission='rw',
database=db_name)
# Test if the users were created properly
usernames = await extract('username', await sys_db.users())
assert all(u in usernames for u in [username1, username2, username3])
# Test if the first user has access to the database
db = await client.db(db_name, username1, password1)
await db.properties()
# Test if the second user also has access to the database
db = await client.db(db_name, username2, password2)
await db.properties()
# Test if the third user has access to the database (should not)
db = await client.db(db_name, username3, password3)
with assert_raises(DatabasePropertiesError) as err:
await db.properties()
assert err.value.http_code == 401
async def test_permission_management(client, sys_db, bad_db, cluster):
if cluster:
pytest.skip('Not tested in a cluster setup')
username = generate_username()
password = generate_string()
db_name = generate_db_name()
col_name_1 = generate_col_name()
col_name_2 = generate_col_name()
await sys_db.create_database(name=db_name,
users=[{
'username': username,
'password': password,
'active': True
}])
db = await client.db(db_name, username, password)
assert isinstance(await sys_db.permissions(username), dict)
# Test list permissions with bad database
with assert_raises(PermissionListError) as err:
await bad_db.permissions(username)
assert err.value.error_code in {11, 1228}
# Test get permission with bad database
with assert_raises(PermissionGetError) as err:
await bad_db.permission(username, db_name)
assert err.value.error_code in {11, 1228}
# The user should not have read and write permissions
assert await sys_db.permission(username, db_name) == 'rw'
assert await sys_db.permission(username, db_name, col_name_1) == 'rw'
# Test update permission (database level) with bad database
with assert_raises(PermissionUpdateError):
await bad_db.update_permission(username, 'ro', db_name)
assert await sys_db.permission(username, db_name) == 'rw'
# Test update permission (database level) to read only and verify access
assert await sys_db.update_permission(username, 'ro', db_name) is True
assert await sys_db.permission(username, db_name) == 'ro'
with assert_raises(CollectionCreateError) as err:
await db.create_collection(col_name_2)
assert err.value.http_code == 403
assert col_name_1 not in await extract('name', await db.collections())
assert col_name_2 not in await extract('name', await db.collections())
# Test reset permission (database level) with bad database
with assert_raises(PermissionResetError) as err:
await bad_db.reset_permission(username, db_name)
assert err.value.error_code in {11, 1228}
assert await sys_db.permission(username, db_name) == 'ro'
# Test reset permission (database level) and verify access
assert await sys_db.reset_permission(username, db_name) is True
assert await sys_db.permission(username, db_name) == 'none'
with assert_raises(CollectionCreateError) as err:
await db.create_collection(col_name_1)
assert err.value.http_code == 401
with assert_raises(CollectionListError) as err:
await db.collections()
assert err.value.http_code == 401
# Test update permission (database level) and verify access
assert await sys_db.update_permission(username, 'rw', db_name) is True
assert await sys_db.permission(username, db_name, col_name_2) == 'rw'
assert await db.create_collection(col_name_1) is not None
assert await db.create_collection(col_name_2) is not None
assert col_name_1 in await extract('name', await db.collections())
assert col_name_2 in await extract('name', await db.collections())
col_1 = await db.collection(col_name_1)
col_2 = await db.collection(col_name_2)
# Verify that user has read and write access to both collections
assert isinstance(await col_1.properties(), dict)
assert isinstance(await col_1.insert({}), dict)
assert isinstance(await col_2.properties(), dict)
assert isinstance(await col_2.insert({}), dict)
# Test update permission (collection level) to read only and verify access
assert await sys_db.update_permission(username, 'ro', db_name, col_name_1)
assert await sys_db.permission(username, db_name, col_name_1) == 'ro'
assert isinstance(await col_1.properties(), dict)
with assert_raises(DocumentInsertError) as err:
await col_1.insert({})
assert err.value.http_code == 403
assert isinstance(await col_2.properties(), dict)
assert isinstance(await col_2.insert({}), dict)
# Test update permission (collection level) to none and verify access
assert await sys_db.update_permission(username, 'none', db_name,
col_name_1)
assert await sys_db.permission(username, db_name, col_name_1) == 'none'
with assert_raises(CollectionPropertiesError) as err:
await col_1.properties()
assert err.value.http_code == 403
with assert_raises(DocumentInsertError) as err:
await col_1.insert({})
assert err.value.http_code == 403
assert isinstance(await col_2.properties(), dict)
assert isinstance(await col_2.insert({}), dict)
# Test reset permission (collection level)
assert await sys_db.reset_permission(username, db_name, col_name_1) is True
assert await sys_db.permission(username, db_name, col_name_1) == 'rw'
assert isinstance(await col_1.properties(), dict)
assert isinstance(await col_1.insert({}), dict)
assert isinstance(await col_2.properties(), dict)
assert isinstance(await col_2.insert({}), dict)