def test_get_domain_by_record_acl_email_fail(self):
account = Account()
account.email = "*****@*****.**"
account.in_global_acl_emails = MagicMock(return_value=False)
self.assertFalse(
account.get_domain_by_record_acl(1, "example.com", "TXT"))
def test_get_domain_by_record_acl_domain_success(self):
account = Account()
account.email = "*****@*****.**"
account.in_global_acl_emails = MagicMock(return_value=True)
dm = MagicMock()
dm.domain = "example.com"
domain = MagicMock()
domain.get = MagicMock(return_value=dm)
account.get_domain_object = MagicMock(return_value=domain)
account.get_global_acl_labels = MagicMock(return_value=["DOMAIN"])
self.assertEquals(
dm, account.get_domain_by_record_acl(1, "example.com", "TXT"))
def test_get_domain_by_record_acl_multiple_label_failure_two(self):
account = Account()
account.email = "*****@*****.**"
account.in_global_acl_emails = MagicMock(return_value=True)
dm = MagicMock()
dm.domain = "example.com"
domain = MagicMock()
domain.get = MagicMock(return_value=dm)
account.get_domain_object = MagicMock(return_value=domain)
account.get_global_acl_labels = MagicMock(
return_value=["_acme-challenge", "DOMAIN"])
self.assertFalse(
account.get_domain_by_record_acl(1, "foo.bar.example.com", "TXT"))
def mock_auth(email, password, active=True):
h = "$2b$12$lqzxUnknwA/BYMJo2hFq5OBkkxsXP/7bupeNhizTFVa9WHaMOY6de"
ph = "bcrypt||" + h
account = Account()
account.first_name = "Example"
account.last_name = "User"
account.email = '*****@*****.**'
account.account_type = "senior_admin"
account.password = ph
if active is True:
account.status = 'active'
else:
account.status = 'inactive'
vegadns.api.common.Auth.get_account_by_email = MagicMock(
return_value=account
)
def post(self):
if self.auth.account.account_type != 'senior_admin':
abort(403, message="Insufficient privileges to create accounts")
first_name = request.form.get("first_name", None)
last_name = request.form.get("last_name", None)
if first_name is None or last_name is None:
abort(400, message="first_name and last_name are required")
email = request.form.get("email", None)
if not Validate().email(email):
abort(400, message="invalid email")
try:
existing_account = ModelAccount.get(ModelAccount.email == email)
abort(400, message="Email address already in use")
except peewee.DoesNotExist:
# Expected
pass
account_type = request.form.get("account_type", None)
if account_type not in ["senior_admin", "user"]:
abort(400,
message="account_type must be either senior_admin or user")
phone = request.form.get("phone", "")
# Configurable password regex?
password = request.form.get("password", None)
account = ModelAccount()
account.first_name = first_name
account.last_name = last_name
account.email = email
account.account_type = account_type
account.phone = phone
account.status = 'active'
account.set_password(password)
account.save()
self.dns_log(0, ("created account " + account.first_name + " " +
account.last_name + ", " + account.email))
return {'status': 'ok', 'account': account.to_clean_dict()}, 201
def test_get_domain_by_record_acl_multiple_label_success_no_match(self):
account = Account()
account.email = "*****@*****.**"
account.in_global_acl_emails = MagicMock(return_value=True)
dm = MagicMock()
dm.domain = "example.com"
dm.domain_id = 1
dget = Mock()
dget.side_effect = [dm, peewee.DoesNotExist, peewee.DoesNotExist]
domain = MagicMock()
domain.get = dget
account.get_domain_object = MagicMock(return_value=domain)
account.get_global_acl_labels = MagicMock(
return_value=["_acme-challenge", "DOMAIN"])
self.assertEquals(
dm,
account.get_domain_by_record_acl(
1, "_acme-challenge.foo.bar.example.com", "TXT"))
def get_or_create_account_oidc(self, email, userinfo):
try:
return Account.get(
Account.email == email,
Account.status == 'active'
)
except peewee.DoesNotExist:
pass
oidc_conf = config['oidc']
account = Account()
account.email = email
account.account_type = 'user'
account.status = 'active'
account.first_name = userinfo.get(oidc_conf.get('firstname_key'),'')
account.last_name = userinfo.get(oidc_conf.get('lastname_key'),'')
account.phone = userinfo.get(oidc_conf.get('phone_key'),'')
# Save the new user to the DB
account.save()
return account
def test_status_validation(self):
account = Account()
account.first_name = "Test"
account.last_name = "User"
account.email = "*****@*****.**"
account.account_type = "senior_admin"
# good
account.status = "active"
self.assertIsNone(account.validate())
# good
account.status = "inactive"
self.assertIsNone(account.validate())
# bad
account.status = "foobar"
with self.assertRaises(Exception) as cm:
account.validate()
self.assertEquals('Invalid status: foobar', cm.exception.message)
def test_status_validation(self):
account = Account()
account.first_name = "Test"
account.last_name = "User"
account.email = "*****@*****.**"
account.account_type = "senior_admin"
# good
account.status = "active"
self.assertIsNone(account.validate())
# good
account.status = "inactive"
self.assertIsNone(account.validate())
# bad
account.status = "foobar"
with self.assertRaises(Exception) as cm:
account.validate()
self.assertEquals('Invalid status: foobar', cm.exception.message)
def post(self):
if self.auth.account.account_type != "senior_admin":
abort(403, message="Insufficient privileges to create accounts")
first_name = request.form.get("first_name", None)
last_name = request.form.get("last_name", None)
if first_name is None or last_name is None:
abort(400, message="first_name and last_name are required")
email = request.form.get("email", None)
if not Validate().email(email):
abort(400, message="invalid email")
try:
existing_account = ModelAccount.get(ModelAccount.email == email)
abort(400, message="Email address already in use")
except peewee.DoesNotExist:
# Expected
pass
account_type = request.form.get("account_type", None)
if account_type not in ["senior_admin", "user"]:
abort(400, message="account_type must be either senior_admin or user")
phone = request.form.get("phone", "")
# Configurable password regex?
password = request.form.get("password", None)
account = ModelAccount()
account.first_name = first_name
account.last_name = last_name
account.email = email
account.account_type = account_type
account.phone = phone
account.status = "active"
account.set_password(password)
account.save()
return {"status": "ok", "account": account.to_clean_dict()}, 201
def test_get_domain_by_record_acl_multiple_label_failure_collision(self):
account = Account()
account.email = "*****@*****.**"
account.in_global_acl_emails = MagicMock(return_value=True)
dm = MagicMock()
dm.domain = "example.com"
dm.domain_id = 1
dm2 = MagicMock()
dm2.domain = "bar.example.com"
dm2.domain_id = 2
dget = Mock()
dget.side_effect = [dm, peewee.DoesNotExist, dm2]
domain = Mock()
domain.get = dget
account.get_domain_object = MagicMock(return_value=domain)
account.get_global_acl_labels = MagicMock(
return_value=["_acme-challenge", "DOMAIN"])
self.assertFalse(
account.get_domain_by_record_acl(
1, "_acme-challenge.foo.bar.example.com", "TXT"))