def user_groups(username): admin, message = check_user_is_admin(get_remote_user(request)) if not admin: # User is not admin or admin group does exist. Ciao return render_template("message.html", message=message) with htpasswd.Basic(CONF["PWD_FILE"], mode="md5") as userdb: with htpasswd.Group(CONF["GROUP_FILE"]) as groupdb: if request.method == "GET": groups = dict() for group in groupdb.groups: if groupdb.is_user_in(username, group): groups[group] = True else: groups[group] = False return render_template("groups.html", groups=groups) else: # POST Request checked_groups = [ g.split("_", 1)[1] for g in list(request.form.keys()) if g.startswith("group_") ] for group in groupdb.groups: if group in checked_groups: if not groupdb.is_user_in(username, group): groupdb.add_user(username, group) else: if groupdb.is_user_in(username, group): groupdb.delete_user(username, group) return render_template("message.html", message="User groups changed", success=True)
def test_user_not_in_a_group(self): with htpasswd.Group(t_groupdb) as groupdb: result = False try: groupdb.delete_user("alice", "admins") except htpasswd.UserNotInAGroup: result = True self.assertEqual(result, True)
def test_delete_user(self): with htpasswd.Group(t_groupdb) as groupdb: groupdb.delete_user("bob", "admins") self.assertFalse(groupdb.is_user_in("bob", "admins")) self.assertRaises(htpasswd.GroupNotExists, lambda: groupdb.delete_user("bob", "nogroup")) groupdb.add_user("alice", "admins") self.assertRaises(htpasswd.UserNotInAGroup, lambda: groupdb.delete_user("bob", "admins"))
def batch_user_creation(): admin, message = check_user_is_admin(get_remote_user(request)) if not admin: # User is not admin or admin group does exist. Ciao return render_template("message.html", message=message) with htpasswd.Basic(CONF["PWD_FILE"], mode="md5") as userdb: with htpasswd.Group(CONF["GROUP_FILE"]) as groupdb: if request.method == "GET": groups = [] for group in groupdb.groups: groups.append(group) return render_template( "batch_user_creation.html", groups=groups, mail_capabilities=CONF["ENABLE_MAIL_CAPABILITIES"]) else: # POST Request users = request.form["users_login"].split("\r\n") checked_groups = [ g.split("_", 1)[1] for g in list(request.form.keys()) if g.startswith("group_") ] result = [] for username in users: new_password = generate_random_password() new_user = username not in userdb if new_user: userdb.add(username, new_password) action = "create" else: userdb.change_password(username, new_password) action = "update" result.append((username, new_password, action)) for group in groupdb.groups: if group in checked_groups: if not groupdb.is_user_in(username, group): groupdb.add_user(username, group) else: if groupdb.is_user_in(username, group): groupdb.delete_user(username, group) message = "Batch of user created with generated passwords" # If the "send_mail" checkbox is enabled if request.form.get("send_mail") is not None: message = "Batch of user created with generated passwords, a mail has been sent to all of them" send_mail(result, request.form["mail_suffix"], request.form["instance"]) return render_template("message.html", message=message, success=True, result=render_template( "result_template.html", result=result))
def test_add_group(self): r = self.client.get("/user_groups/user1", environ_base={"REMOTE_USER": "******"}) self.assertEqual(r.status_code, 200) for group in ("users", "admin"): self.assertIn( '''name="group_%s" type="checkbox" checked''' % group, r.data) with htpasswd.Group(self.group) as groupdb: self.assertTrue(groupdb.is_user_in("user1", "users")) r = self.client.post("/user_groups/user1", data={"group_admin": "on"}, environ_base={"REMOTE_USER": "******"}) with htpasswd.Group(self.group) as groupdb: self.assertEqual(r.status_code, 200) self.assertFalse(groupdb.is_user_in("user1", "users")) self.assertTrue(groupdb.is_user_in("user1", "admin"))
def setUp(self): self.passwd = join(dirname(__name__), "test_password") self.group = join(dirname(__name__), "test_group") open(self.passwd, "w").close() open(self.group, "w").close() with htpasswd.Basic(self.passwd, mode="md5") as userdb: userdb.add("user1", "user1") userdb.add("user2", "user2") with htpasswd.Group(self.group) as groupdb: groupdb.add_user("user1", "admin") groupdb.add_user("user1", "users") groupdb.add_user("user2", "users") app.config["TESTING"] = True CONF["PWD_FILE"] = self.passwd CONF["GROUP_FILE"] = self.group self.client = app.test_client()
def check_user_is_admin(user): """Ensure username is in admin group and that admin group exists @:return: tuple (result, message), result is True if user is admin, else False. message indicate reason if False""" with htpasswd.Group(CONF["GROUP_FILE"]) as groupsdb: if CONF["ADMIN_GROUP"] not in groupsdb: return ( False, "Sorry admin group '%s' is not defined. You cannot change someone else password or create new user" % CONF["ADMIN_GROUP"]) if not groupsdb.is_user_in(user, CONF["ADMIN_GROUP"]): return ( False, "Sorry, you must belongs to group '%s' to change someone else password or create new users" % CONF["ADMIN_GROUP"]) # Everything is fine return (True, "")
def test_batch_user_creation(self): r = self.client.get(CONF["URL_PREFIX"] + "/batch_user_creation", environ_base={"REMOTE_USER": "******"}) self.assertEqual(r.status_code, 200) r = self.client.post(CONF["URL_PREFIX"] + "/batch_user_creation", data={ "users_login": "******", "group_users": "on" }, environ_base={"REMOTE_USER": "******"}) data = r.data.decode() self.assertEqual(r.status_code, 200) self.assertIn("Batch of user created with generated passwords", data) with htpasswd.Basic(self.passwd, mode="md5") as userdb: self.assertIn("user13", userdb) self.assertIn("user14", userdb) with htpasswd.Group(self.group) as groupdb: self.assertTrue(groupdb.is_user_in("user13", "users")) self.assertFalse(groupdb.is_user_in("user13", "admin")) self.assertTrue(groupdb.is_user_in("user14", "users")) self.assertFalse(groupdb.is_user_in("user14", "admin"))
def user_groups(username): admin, message = check_user_is_admin(request.environ.get('REMOTE_USER')) if not admin: # User is not admin or admin group does exist. Ciao return render_template("message.html", message=message) with htpasswd.Basic(CONF["PWD_FILE"], mode="md5") as userdb: with htpasswd.Group(CONF["GROUP_FILE"]) as groupdb: if request.method == "GET": groups = dict() for group in groupdb.groups: if groupdb.is_user_in(username, group): groups[group] = True else: groups[group] = False return render_template("groups.html", groups=groups) else: # POST Request print request.form.items() checked_groups = [ g.split("_", 1)[1] for g in request.form.keys() if g.startswith("group_") ] print checked_groups for group in groupdb.groups: if group in checked_groups: if not groupdb.is_user_in(username, group): print "add user to group %s" % group groupdb.add_user(username, group) else: if groupdb.is_user_in(username, group): print "remove user from group %s" % group groupdb.delete_user(username, group) return render_template("message.html", message="User groups changed", success=True)
def test_add_user(self): with htpasswd.Group(t_groupdb) as groupdb: groupdb.add_user("alice", "admins") self.assertTrue(groupdb.is_user_in("alice", "admins")) self.assertRaises(htpasswd.UserAlreadyInAGroup, lambda: groupdb.add_user("alice", "admins"))
def test_is_user_in(self): with htpasswd.Group(t_groupdb) as groupdb: self.assertTrue(groupdb.is_user_in("bob", "admins")) self.assertFalse(groupdb.is_user_in("bob", "managers"))
def test___contains__(self): with htpasswd.Group(t_groupdb) as groupdb: self.assertTrue(groupdb.__contains__("admins")) self.assertFalse(groupdb.__contains__("admins1"))
def test_groups(self): with htpasswd.Group(t_groupdb) as groupdb: self.assertEqual(groupdb.groups, ["admins", "managers"])
def test_delete_user(self): with htpasswd.Group(t_groupdb) as groupdb: groupdb.delete_user("bob", "admins") self.assertFalse(groupdb.is_user_in("bob", "admins"))
def test_add_user(self): with htpasswd.Group(t_groupdb) as groupdb: groupdb.add_user("alice", "admins") self.assertTrue(groupdb.is_user_in("alice", "admins"))