def Create2HuntsForDifferentUsers(self):
# Create 2 hunts. Hunt1 by "otheruser" and hunt2 by us.
# Both hunts will be approved by user "approver".
hunt1_id = self.CreateSampleHunt(token=access_control.ACLToken(
username="******"))
hunt2_id = self.CreateSampleHunt(token=access_control.ACLToken(
username=self.token.username))
self.CreateAdminUser("approver")
token = access_control.ACLToken(username="******")
security.HuntApprovalRequestor(subject_urn=hunt1_id,
reason=self.reason,
approver="approver",
token=token).Request()
token = access_control.ACLToken(username=self.token.username)
security.HuntApprovalRequestor(subject_urn=hunt2_id,
reason=self.reason,
approver="approver",
token=token).Request()
token = access_control.ACLToken(username="******")
security.HuntApprovalGrantor(subject_urn=hunt1_id,
reason=self.reason,
delegate="otheruser",
token=token).Grant()
token = access_control.ACLToken(username="******")
security.HuntApprovalGrantor(subject_urn=hunt2_id,
reason=self.reason,
delegate=self.token.username,
token=token).Grant()
def Run(self):
with test_lib.FakeTime(42):
self.CreateAdminUser("approver")
with self.CreateHunt(description="hunt1") as hunt_obj:
hunt1_urn = hunt_obj.urn
hunt1_id = hunt1_urn.Basename()
with self.CreateHunt(description="hunt2") as hunt_obj:
hunt2_urn = hunt_obj.urn
hunt2_id = hunt2_urn.Basename()
with test_lib.FakeTime(44):
approval_urn = security.HuntApprovalRequestor(
reason="foo",
subject_urn=hunt1_urn,
approver="approver",
token=self.token).Request()
approval1_id = approval_urn.Basename()
with test_lib.FakeTime(45):
approval_urn = security.HuntApprovalRequestor(
reason="bar",
subject_urn=hunt2_urn,
approver="approver",
token=self.token).Request()
approval2_id = approval_urn.Basename()
with test_lib.FakeTime(84):
approver_token = access_control.ACLToken(username="******")
security.HuntApprovalGrantor(reason="bar",
delegate=self.token.username,
subject_urn=hunt2_urn,
token=approver_token).Grant()
with test_lib.FakeTime(126):
self.Check("GetHuntApproval",
args=user_plugin.ApiGetHuntApprovalArgs(
username=self.token.username,
hunt_id=hunt1_id,
approval_id=approval1_id),
replace={
hunt1_id: "H:123456",
approval1_id: "approval:111111"
})
self.Check("GetHuntApproval",
args=user_plugin.ApiGetHuntApprovalArgs(
username=self.token.username,
hunt_id=hunt2_id,
approval_id=approval2_id),
replace={
hunt2_id: "H:567890",
approval2_id: "approval:222222"
})
def Run(self):
with test_lib.FakeTime(42):
self.CreateAdminUser("requestor")
with self.CreateHunt(description="a hunt") as hunt_obj:
hunt_urn = hunt_obj.urn
hunt_id = hunt_urn.Basename()
with test_lib.FakeTime(44):
requestor_token = access_control.ACLToken(username="******")
approval_urn = security.HuntApprovalRequestor(
reason="foo",
subject_urn=hunt_urn,
approver=self.token.username,
token=requestor_token).Request()
approval_id = approval_urn.Basename()
with test_lib.FakeTime(126):
self.Check("GrantHuntApproval",
args=user_plugin.ApiGrantHuntApprovalArgs(
hunt_id=hunt_id,
approval_id=approval_id,
username="******"),
replace={
hunt_id: "H:123456",
approval_id: "approval:111111"
})
def testEmailHuntApprovalRequestLinkLeadsToACorrectPage(self):
hunt_id = self.CreateSampleHunt()
messages_sent = []
def SendEmailStub(unused_from_user, unused_to_user, unused_subject, message,
**unused_kwargs):
messages_sent.append(message)
# Request client approval, it will trigger an email message.
with utils.Stubber(email_alerts.EMAIL_ALERTER, "SendEmail", SendEmailStub):
security.HuntApprovalRequestor(
reason="Please please let me",
subject_urn=hunt_id,
approver=self.token.username,
token=access_control.ACLToken(
username="******", reason="test")).Request()
self.assertEqual(len(messages_sent), 1)
# Extract link from the message text and open it.
m = re.search(r"href='(.+?)'", messages_sent[0], re.MULTILINE)
link = urlparse.urlparse(m.group(1))
self.Open(link.path + "?" + link.query + "#" + link.fragment)
# Check that requestor's username and reason are correctly displayed.
self.WaitUntil(self.IsTextPresent, "iwantapproval")
self.WaitUntil(self.IsTextPresent, "Please please let me")
# Check that host information is displayed.
self.WaitUntil(self.IsTextPresent, str(hunt_id))
self.WaitUntil(self.IsTextPresent, "SampleHunt")
def testRendersRequestedHuntAppoval(self):
with implementation.GRRHunt.StartHunt(
hunt_name=standard.SampleHunt.__name__,
token=self.token) as hunt:
pass
aff4_security.HuntApprovalRequestor(reason=self.token.reason,
subject_urn=hunt.urn,
approver="approver",
token=self.token).Request()
args = user_plugin.ApiListHuntApprovalsArgs()
result = self.handler.Handle(args, token=self.token)
self.assertEqual(len(result.items), 1)
def GrantHuntApproval(self, hunt_urn, token=None):
"""Grants an approval for a given hunt."""
token = token or self.token
# Create the approval and approve it.
security.HuntApprovalRequestor(subject_urn=hunt_urn,
reason=token.reason,
approver="approver",
token=token).Request()
self.CreateAdminUser("approver")
approver_token = access_control.ACLToken(username="******")
security.HuntApprovalGrantor(subject_urn=hunt_urn,
reason=token.reason,
delegate=token.username,
token=approver_token).Grant()
def Run(self):
with test_lib.FakeTime(42):
self.CreateAdminUser("approver")
hunt = implementation.GRRHunt.StartHunt(
hunt_name=standard.GenericHunt.__name__, token=self.token)
with test_lib.FakeTime(43):
approval_urn = security.HuntApprovalRequestor(
reason=self.token.reason,
subject_urn=hunt.urn,
approver="approver",
token=self.token).Request()
approval_id = approval_urn.Basename()
with test_lib.FakeTime(126):
self.Check("ListHuntApprovals",
replace={
hunt.urn.Basename(): "H:123456",
approval_id: "approval:112233"
})
def testCreatingApprovalCreatesSymlink(self):
hunt_urn = rdfvalue.RDFURN("aff4:/hunts/H:ABCD1234")
security.HuntApprovalRequestor(reason=self.token.reason,
subject_urn=hunt_urn,
approver="approver",
token=self.token).Request()
approval_id = list(
aff4.FACTORY.ListChildren(
"aff4:/users/test/approvals/hunt/H:ABCD1234",
token=self.token))[0].Basename()
self.assertTrue(approval_id.startswith("approval:"))
fd = aff4.FACTORY.Open(
"aff4:/users/test/approvals/hunt/H:ABCD1234/%s" % approval_id,
follow_symlinks=False,
mode="r",
token=self.token)
self.assertEqual(fd.Get(fd.Schema.TYPE), "AFF4Symlink")
self.assertEqual(fd.Get(fd.Schema.SYMLINK_TARGET),
"aff4:/ACL/hunts/H:ABCD1234/test/%s" % approval_id)