def create_user(request):
"""Expecting json in the body:
{ "username": username,
"password": password,
"email": email,
"administrator": is_admin }
"""
try:
body = request.body
request_body = json.loads(body)
except:
return Response("Invalid JSON body", status=HTTP_400_BAD_REQUEST)
try:
username = request_body['username']
except KeyError:
return Response("Missing username", status=HTTP_400_BAD_REQUEST)
user = User.find(username)
if user:
return Response("User already exists", status=HTTP_409_CONFLICT)
try:
email = request_body['email']
except KeyError:
return Response("Missing email", status=HTTP_400_BAD_REQUEST)
try:
password = request_body['password']
except KeyError:
return Response("Missing password", status=HTTP_400_BAD_REQUEST)
administrator = request_body.get('administrator', False)
user = User.create(name=username,
password=password,
email=email,
administrator=administrator)
return Response(user.to_dict(), status=HTTP_201_CREATED)
def test_create_fail(self):
User.create(username="******",
password="******",
email="*****@*****.**",
quick=True)
User.create(username="******",
password="******",
email="*****@*****.**",
quick=True)
def test_perms_for_collection_success_collection_no_group(self):
User.create(username="******",
password="******",
email="*****@*****.**",
groups=[],
quick=True)
user = User.find("test_coll3")
root = Collection.find("test_root")
coll = Collection.create(name="perm_check3",
parent=str(root.id),
read_access=[])
# User can read collection coll if user is in a group also in coll's read_access
assert coll.user_can(user, "read") == True
def modify_user(request, username=""):
"""Expecting json in the body:
{ "username": username,
"password": password,
"email": email,
"administrator": is_admin,
"active": is_active}
"""
try:
body = request.body
request_body = json.loads(body)
except:
return Response("Invalid JSON body", status=HTTP_400_BAD_REQUEST)
if username is None:
try:
username = request_body['username']
except KeyError:
return Response("Missing username", status=HTTP_400_BAD_REQUEST)
user = User.find(username)
if not user:
return Response(u"User {} doesn't exist".format(username),
status=HTTP_404_NOT_FOUND)
if 'email' in request_body:
user.update(email=request_body['email'])
if 'password' in request_body:
user.update(password=request_body['password'])
if 'administrator' in request_body:
user.update(administrator=request_body['administrator'])
if 'active' in request_body:
user.update(active=request_body['active'])
return Response(user.to_dict(), status=HTTP_200_OK)
def ls_user(request, username):
# TODO check if username is valid to test ?
user = User.find(username)
if user:
return Response(user.to_dict(), status=HTTP_200_OK)
else:
return Response(u"User {} not found".format(username),
status=HTTP_404_NOT_FOUND)
def delete_user(request, username):
"""Delete a user"""
user = User.find(username)
if not user:
return Response(u"User {} doesn't exist".format(username),
status=HTTP_404_NOT_FOUND)
user.delete()
return Response(u"User {} has been deleted".format(username),
status=HTTP_200_OK)
def test_group_membership(self):
user = User.create(username="******",
password="******",
email="*****@*****.**",
groups=[],
quick=True)
assert user
group = Group.create(name="test_group_1")
user.update(groups=[group.id])
# Refetch the user
user = User.find("test_group")
assert group.id in user.groups
groups = Group.find_by_ids(user.groups)
assert [g.id for g in groups] == user.groups
users = group.get_users()
assert users[0].id == user.id
def test_create(self):
user = User.create(username="******",
password="******",
email="*****@*****.**",
quick=True)
assert user.name == "test"
assert user.email == '*****@*****.**'
assert user.administrator == False
assert user.active == True
def test_permission_public_ok(self):
coll = Collection.get_root_collection()
user = User.create(username="******",
password="******",
email="*****@*****.**",
groups=[],
quick=True)
resource = Resource.create(name='new_test_resource_public',
container=coll.id)
assert resource.user_can(user, "read")
def test_index(self):
coll = Collection.create(name="test_root", parent=None, path="/")
res_count = SearchIndex.index(coll, ['name'])
assert res_count == 2, res_count
User.create(username="******",
password="******",
email="*****@*****.**",
quick=True)
user = User.find("test_index_user")
results = SearchIndex.find(["test", "root"], user)
assert len(results) == 1
assert results[0]["id"] == coll.id
assert results[0]["hit_count"] == 2
SearchIndex.reset(coll.id)
results = SearchIndex.find(["test", "root"], user)
assert len(results) == 0
def test_permissions(self):
coll = Collection.find("test_root")
User.create(username="******",
password="******",
email="*****@*****.**",
quick=True)
User.create(username="******",
password="******",
email="*****@*****.**",
quick=True)
owning_user = User.find("protected_test_owner")
reading_user = User.find("protected_reader")
assert owning_user
assert reading_user
group = Group.create(name="protected_group")
Collection.create(name="protected",
parent=coll.id,
read_access=[group.id])
c = Collection.find("protected")
res_count = SearchIndex.index(c, ['name', 'metadata'])
assert res_count == 1
results = SearchIndex.find(["protected"], reading_user)
assert len(results) == 0, results
def authenticate_credentials(self, username, password):
"""
Authenticate the userid and password against username and password.
"""
user = User.find(username)
if user is None or not user.is_active():
raise exceptions.AuthenticationFailed(
_('User inactive or deleted.'))
if not user.authenticate(password) and not ldapAuthenticate(
user.uuid, password):
raise exceptions.AuthenticationFailed(
_('Invalid username/password.'))
return (user, None)
def test_permission_ok(self):
coll = Collection.get_root_collection()
user = User.create(username="******",
password="******",
email="*****@*****.**",
groups=[],
quick=True)
group = Group.create(name="test_group_resourdce")
user.update(groups=[group.id])
resource = Resource.create(name='new_test_resource',
container=coll.id,
read_access=[group.id])
assert resource.user_can(user, "read")
def test_authenticate_fail(self):
user = User.create(username="******",
password="******",
email="*****@*****.**",
quick=True)
assert not user.authenticate("not the password")