def test_fail_invalidated_tokens_after_update(self, api_client_mgmt, api_client_int, init_users_f):
users = [
init_users_f[0],
init_users_f[1]
]
update = {
"email": "*****@*****.**",
"current_password": "******"
}
_, r = api_client_mgmt.login(users[0].email, "correcthorsebatterystaple")
assert r.status_code == 200
token_one = r.text
auth = {"Authorization": "Bearer " + token_one}
_, r = api_client_mgmt.login(users[1].email, "correcthorsebatterystaple")
assert r.status_code == 200
token_two = r.text
_, r = api_client_int.verify(token_two)
assert r.status_code == 200
# test update
_, r = api_client_mgmt.update_user(users[1].id, update, auth)
assert r.status_code == 204
# verify tokens
_, r = api_client_int.verify(token_one)
assert r.status_code == 200
with pytest.raises(bravado.exception.HTTPError) as excinfo:
_, r = api_client_int.verify(token_two)
assert excinfo.value.response.status_code == 401
def test_set_password(self, api_client_mgmt, cli, clean_db):
password = '******'
new_password = '******'
email = '*****@*****.**'
tenant = 'tenant1id'
users_db = {tenant: [email]}
cli.create_user(email, password, tenant_id=tenant)
with tenantadm.run_fake_user_tenants(users_db):
_, r = api_client_mgmt.login(email, password)
assert r.status_code == 200
cli.set_password(email, new_password, tenant)
status_code = 200
try:
_, r = api_client_mgmt.login(email, password)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 401
status_code = 401
assert status_code == 401
_, r = api_client_mgmt.login(email, new_password)
assert r.status_code == 200
token = r.text
assert token
_, claims, _ = explode_jwt(token)
assert claims['mender.tenant'] == tenant
def test_set_password(self, api_client_mgmt, cli, clean_db):
user = {
"password": "******",
"new_password": "******",
"email": "*****@*****.**",
"tenant": TENANT_ONE,
}
users_db = {user["tenant"]: [user["email"]]}
with tenantadm.run_fake_create_user(user):
cli.create_user(user["email"],
user["password"],
tenant_id=user["tenant"])
with tenantadm.run_fake_user_tenants(users_db):
_, r = api_client_mgmt.login(user["email"], user["password"])
assert r.status_code == 200
cli.set_password(user["email"], user["new_password"],
user["tenant"])
status_code = 200
try:
_, r = api_client_mgmt.login(user["email"], user["password"])
except bravado.exception.HTTPError as e:
assert e.response.status_code == 401
status_code = 401
assert status_code == 401
_, r = api_client_mgmt.login(user["email"], user["new_password"])
assert r.status_code == 200
token = r.text
assert token
_, claims, _ = explode_jwt(token)
assert claims["mender.tenant"] == user["tenant"]
def _do_test_ok_email_or_pass(self,
api_client_mgmt,
init_users,
user,
update,
tenant_id=None):
_, r = api_client_mgmt.login(user.email, 'correcthorsebatterystaple')
assert r.status_code == 200
token = r.text
auth = {"Authorization": "Bearer " + token}
# test update
_, r = api_client_mgmt.update_user(user.id, update, auth)
assert r.status_code == 204
# get/verify users
users = api_client_mgmt.get_users(auth)
assert len(users) == len(init_users)
# find the user via (new?) email
email = user.email
new_email = update.get("email", None)
if new_email != None and new_email != user.email:
email = new_email
found = [u for u in users if u.email == email]
assert len(found) == 1
# try if login still works
_, r = api_client_mgmt.login(email, update["password"])
assert r.status_code == 200
def _test_pat_name_collision_for_multiple_users(self, api_client_mgmt,
init_users):
first_user = init_users[2]
_, r = api_client_mgmt.login(first_user.email,
"correcthorsebatterystaple")
assert r.status_code == 200
first_user_token = r.text
auth = {"Authorization": "Bearer " + first_user_token}
token_request = {
"name": "conflicting_personal_access_token",
"expires_in": 3600,
}
_, r = api_client_mgmt.create_token(token_request, auth)
assert r.status_code == 200
# two names with same name for one user cannot exist
with pytest.raises(bravado.exception.HTTPConflict):
_, r = api_client_mgmt.create_token(token_request, auth)
assert r.status_code == 409
second_user = init_users[3]
_, r = api_client_mgmt.login(second_user.email,
"correcthorsebatterystaple")
assert r.status_code == 200
second_user_token = r.text
auth = {"Authorization": "Bearer " + second_user_token}
# another user can create token with the same name
_, r = api_client_mgmt.create_token(token_request, auth)
assert r.status_code == 200
def _test_pat_limit(self, api_client_mgmt, init_users):
user = init_users[0]
_, r = api_client_mgmt.login(user.email, "correcthorsebatterystaple")
assert r.status_code == 200
user_token = r.text
auth = {"Authorization": "Bearer " + user_token}
# first, create maximum number of tokens per user (10 is default)
for _ in range(10):
token_request = {
"name":
f"personal_access_token_{''.join(sample(string.ascii_lowercase, 5))}",
"expires_in": 3600,
}
_, r = api_client_mgmt.create_token(token_request, auth)
assert r.status_code == 200
# send one token request more
token_request = {
"name":
f"personal_access_token_{''.join(sample(string.ascii_lowercase, 5))}",
"expires_in": 3600,
}
with pytest.raises(bravado.exception.HTTPUnprocessableEntity):
_, r = api_client_mgmt.create_token(token_request, auth)
assert r.status_code == 422
def _do_test_ok_email_or_pass(self,
api_client_mgmt,
init_users,
user,
update,
tenant_id=None):
auth = None
if tenant_id is not None:
auth = make_auth("foo", tenant_id)
# test update
_, r = api_client_mgmt.update_user(user.id, update, auth)
assert r.status_code == 204
# get/verify users
users = api_client_mgmt.get_users(auth)
assert len(users) == len(init_users)
# find the user via (new?) email
email = user.email
new_email = update.get("email", None)
if new_email != None and new_email != user.email:
email = new_email
found = [u for u in users if u.email == email]
assert len(found) == 1
# try if login still works
_, r = api_client_mgmt.login(email, update["password"])
assert r.status_code == 200
def test_set_password(self, api_client_mgmt, cli, clean_db):
password = '******'
new_password = '******'
email = '*****@*****.**'
cli.create_user(email, password)
_, r = api_client_mgmt.login(email, password)
assert r.status_code == 200
cli.set_password(email, new_password)
status_code = 200
try:
_, r = api_client_mgmt.login(email, password)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 401
status_code = 401
assert status_code == 401
_, r = api_client_mgmt.login(email, new_password)
assert r.status_code == 200
def test_create_user_login(self, api_client_mgmt, cli, clean_db):
email = '*****@*****.**'
password = '******'
cli.create_user(email, password)
_, r = api_client_mgmt.login(email, password)
assert r.status_code == 200
token = r.text
assert token
def test_fail_update_email_without_current_password(self, api_client_mgmt, init_users_f):
update = {"email": "*****@*****.**"}
_, r = api_client_mgmt.login(init_users_f[0].email, "correcthorsebatterystaple")
assert r.status_code == 200
token = r.text
auth = {"Authorization": "Bearer " + token}
with pytest.raises(bravado.exception.HTTPError) as excinfo:
_, r = api_client_mgmt.update_user(init_users_f[0].id, update, auth)
assert excinfo.value.response.status_code == 422
def test_ok(self, api_client_mgmt, init_users):
email = "*****@*****.**"
password = "******"
_, r = api_client_mgmt.login(email, password)
assert r.status_code == 200
token = r.text
assert len(token)
_, claims, _ = explode_jwt(token)
assert 'mender.user' in claims and claims['mender.user'] == True
def _do_test_fail_unprocessable_entity(
self, api_client_mgmt, init_users, user, update, tenant_id=None
):
_, r = api_client_mgmt.login(user.email, "correcthorsebatterystaple")
assert r.status_code == 200
token = r.text
auth = {"Authorization": "Bearer " + token}
try:
_, r = api_client_mgmt.update_user(user.id, update, auth)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 422
def _do_test_fail_not_found(
self, api_client_mgmt, init_users, update, tenant_id=None
):
_, r = api_client_mgmt.login(init_users[0].email, "correcthorsebatterystaple")
assert r.status_code == 200
token = r.text
auth = {"Authorization": "Bearer " + token}
try:
_, r = api_client_mgmt.update_user("madeupid", update, auth)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 404
def test_ok(self, api_client_mgmt, init_users_mt):
password = "******"
users_db = { tenant: [user.email for user in users] \
for tenant, users in init_users_mt.items() }
with tenantadm.run_fake_user_tenants(users_db):
for tenant, users in users_db.items():
for email in users:
_, r = api_client_mgmt.login(email, password)
assert r.status_code == 200
assert r.headers['Content-Type'] == "application/jwt"
_, claims, _ = explode_jwt(r.text)
assert claims['mender.tenant'] == tenant
def test_suspended_tenant(self, api_client_mgmt, init_users_mt):
password = "******"
users_db = { tenant: [user.email for user in users] \
for tenant, users in init_users_mt.items() }
with tenantadm.run_fake_user_tenants(users_db, status='suspended'):
for tenant, users in users_db.items():
try:
for email in users:
_, r = api_client_mgmt.login(email, password)
assert r.status_code == 401
except bravado.exception.HTTPError as herr:
assert herr.response.status_code == 401
assert herr.swagger_result.error == 'tenant account suspended'
def user_tokens_mt_f(init_users_mt_f, api_client_mgmt):
tokens = []
password = "******"
users_db = { tenant: [user.email for user in users] \
for tenant, users in init_users_mt_f.items() }
with tenantadm.run_fake_user_tenants(users_db):
for tenant, users in users_db.items():
for email in users:
_, r = api_client_mgmt.login(email, password)
assert r.status_code == 200
assert r.headers['Content-Type'] == "application/jwt"
tokens.append(r.text)
yield tokens
def test_create_user_login(self, api_client_mgmt, cli, clean_db):
email = '*****@*****.**'
password = '******'
tenant = 'tenant1id'
users_db = {tenant: [email]}
cli.create_user(email, password, tenant_id=tenant)
with tenantadm.run_fake_user_tenants(users_db):
_, r = api_client_mgmt.login(email, password)
assert r.status_code == 200
token = r.text
assert token
_, claims, _ = explode_jwt(token)
assert claims['mender.tenant'] == tenant
def test_create_user_login(self, api_client_mgmt, cli, clean_db):
user = {"email": "*****@*****.**", "password": "******"}
users_db = {TENANT_ONE: [user["email"]]}
with tenantadm.run_fake_create_user(user):
cli.create_user(user["email"],
user["password"],
tenant_id=TENANT_ONE)
with tenantadm.run_fake_user_tenants(users_db):
_, r = api_client_mgmt.login(user["email"], user["password"])
assert r.status_code == 200
token = r.text
assert token
_, claims, _ = explode_jwt(token)
assert claims["mender.tenant"] == TENANT_ONE
def _do_test_ok_email(
self, api_client_mgmt, init_users, user, update, tenant_id=None
):
_, r = api_client_mgmt.login(user.email, "correcthorsebatterystaple")
assert r.status_code == 200
token = r.text
auth = {"Authorization": "Bearer " + token}
# test update
_, r = api_client_mgmt.update_user(user.id, update, auth)
assert r.status_code == 204
# get/verify users
users = api_client_mgmt.get_users(auth)
assert len(users) == len(init_users)
found = [u for u in users if u.email == update["email"]]
assert len(found) == 1
def _test_pat_name_collision_for_one_user(self, api_client_mgmt,
init_users):
user = init_users[1]
_, r = api_client_mgmt.login(user.email, "correcthorsebatterystaple")
assert r.status_code == 200
user_token = r.text
auth = {"Authorization": "Bearer " + user_token}
token_request = {
"name": "conflicting_personal_access_token",
"expires_in": 3600,
}
_, r = api_client_mgmt.create_token(token_request, auth)
assert r.status_code == 200
with pytest.raises(bravado.exception.HTTPConflict):
_, r = api_client_mgmt.create_token(token_request, auth)
assert r.status_code == 409
def test_ok(self, api_client_int, api_client_mgmt, init_users):
email = "*****@*****.**"
password = "******"
# log in
_, r = api_client_mgmt.login(email, password)
assert r.status_code == 200
token = r.text
# token is valid
_, r = api_client_int.verify(token)
assert r.status_code == 200
# log out
_, r = api_client_mgmt.logout(auth={"Authorization": "Bearer {}".format(token)})
assert r.status_code == 202
# token is not valid anymore
try:
_, r = api_client_int.verify(token)
except bravado.exception.HTTPError as herr:
assert herr.response.status_code == 401
def _do_test_ok(
self,
api_client_int,
api_client_mgmt,
init_users,
token_request,
tenant_id=None,
):
user = init_users[0]
_, r = api_client_mgmt.login(user.email, "correcthorsebatterystaple")
assert r.status_code == 200
user_token = r.text
auth = {"Authorization": "Bearer " + user_token}
_, r = api_client_mgmt.create_token(token_request, auth)
assert r.status_code == 200
personal_access_token = r.text
# check if the token is valid
_, r = api_client_int.verify(personal_access_token)
assert r.status_code == 200
# get tokens
tokens, r = api_client_mgmt.list_tokens(auth)
assert r.status_code == 200
assert len(tokens) == 1
# revoke token
r = api_client_mgmt.delete_token(tokens[0].id, auth)
assert r.status_code == 204
# verify token has been removed
tokens, r = api_client_mgmt.list_tokens(auth)
assert r.status_code == 200
assert len(tokens) == 0
with pytest.raises(bravado.exception.HTTPError) as e:
_, r = api_client_int.verify(personal_access_token)
assert e.response.status_code == 401
def test_bad_user(self, api_client_mgmt, init_users, email, password):
try:
_, r = api_client_mgmt.login(email, password)
except bravado.exception.HTTPError as herr:
assert herr.response.status_code == 401
def test_bad_user(self, api_client_mgmt, email, password):
with tenantadm.run_fake_user_tenants({}):
try:
_, r = api_client_mgmt.login(email, password)
except bravado.exception.HTTPError as herr:
assert herr.response.status_code == 401