def test_create_user(self, api_client_mgmt, cli):
cli.create_user('*****@*****.**', '1234youseeme',
tenant_id='tenant1id')
users = api_client_mgmt.get_users(make_auth('foo', tenant='tenant1id'))
assert [user for user in users if user.email == '*****@*****.**']
other_tenant_users = api_client_mgmt.get_users(make_auth('foo',
tenant='tenant2id'))
assert not other_tenant_users
def test_create_user(self, api_client_mgmt, cli):
cli.create_user("*****@*****.**",
"1234youseeme",
tenant_id="tenant1id")
users = api_client_mgmt.get_users(make_auth("foo", tenant="tenant1id"))
assert [
user for user in users if user.email == "*****@*****.**"
]
other_tenant_users = api_client_mgmt.get_users(
make_auth("foo", tenant="tenant2id"))
assert not other_tenant_users
def _do_test_ok_email_or_pass(self,
api_client_mgmt,
init_users,
user,
update,
tenant_id=None):
auth = None
if tenant_id is not None:
auth = make_auth("foo", tenant_id)
# test update
_, r = api_client_mgmt.update_user(user.id, update, auth)
assert r.status_code == 204
# get/verify users
users = api_client_mgmt.get_users(auth)
assert len(users) == len(init_users)
# find the user via (new?) email
email = user.email
new_email = update.get("email", None)
if new_email != None and new_email != user.email:
email = new_email
found = [u for u in users if u.email == email]
assert len(found) == 1
# try if login still works
_, r = api_client_mgmt.login(email, update["password"])
assert r.status_code == 200
def _do_test_not_found(self, api_client_mgmt, tenant_id=None):
auth = None
if tenant_id is not None:
auth = make_auth("foo", tenant_id)
rsp = api_client_mgmt.delete_user('nonexistent_id', auth)
assert rsp.status_code == 204
def _do_test_no_users(self, api_client_mgmt, tenant_id=None):
auth = None
if tenant_id is not None:
auth = make_auth("foo", tenant_id)
users = api_client_mgmt.get_users(auth)
assert len(users) == 0
def _do_test_no_settings(self, api_client_mgmt, tenant_id=None):
auth = None
if tenant_id is not None:
auth = make_auth("foo", tenant_id)
found = api_client_mgmt.get_settings(auth)
assert found.json() == {}
def _do_test_fail_bad_request(self, api_client_mgmt, tenant_id=None):
auth = None
if tenant_id is not None:
auth = make_auth("foo", tenant_id)
try:
r = api_client_mgmt.post_settings("asdf", auth)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 400
def test_ok(self, api_client_int,api_client_mgmt, clean_db, ):
user = {"email":"*****@*****.**", "password":"******"}
with tenantadm.run_fake_create_user(user):
api_client_int.create_user_for_tenant('foobar', user)
auth = make_auth("foo", 'foobar')
users = api_client_mgmt.get_users(auth)
assert len(users) == 1
def _do_test_fail_not_found(self, api_client_mgmt, init_users, tenant_id=None):
auth = None
if tenant_id is not None:
auth = make_auth("foo", tenant_id)
try:
not_found = api_client_mgmt.get_user("madeupid", auth)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 404
def test_create_user(self, api_client_mgmt, cli):
user = {
"email": f"foo-{TENANT_ONE}@bar.com",
"password": "******"
}
with tenantadm.run_fake_create_user(user):
cli.create_user(user["email"],
user["password"],
tenant_id=TENANT_ONE)
users = api_client_mgmt.get_users(make_auth("foo", tenant=TENANT_ONE))
assert [
user for user in users if user.email == f"foo-{TENANT_ONE}@bar.com"
]
other_tenant_users = api_client_mgmt.get_users(
make_auth("foo", tenant=TENANT_TWO))
assert not other_tenant_users
def _do_test_ok(self, api_client_mgmt, init_users, tenant_id=None):
auth = None
if tenant_id is not None:
auth = make_auth("foo", tenant_id)
for u in init_users:
found = api_client_mgmt.get_user(u.id, auth)
assert found.id == u.id
assert found.email == u.email
assert found.created_ts == u.created_ts
assert found.updated_ts == u.updated_ts
def _do_test_fail_unprocessable_entity(
self, api_client_mgmt, init_users, new_user, tenant_id=None
):
auth = None
if tenant_id is not None:
auth = make_auth("foo", tenant_id)
try:
api_client_mgmt.create_user(new_user, auth)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 422
def _do_test_ok(self, api_client_mgmt, tenant_id=None):
auth = None
if tenant_id is not None:
auth = make_auth("foo", tenant_id)
# nonempty
self._set_and_verify(
{"foo": "foo-val", "bar": "bar-val"}, api_client_mgmt, auth,
)
# empty
self._set_and_verify({}, api_client_mgmt, auth)
def _do_test_ok(self, api_client_mgmt, init_users, tenant_id=None):
auth = None
if tenant_id is not None:
auth = make_auth("foo", tenant_id)
rsp = api_client_mgmt.delete_user(init_users[0]['id'], auth)
assert rsp.status_code == 204
users = api_client_mgmt.get_users(auth)
assert len(users) == len(init_users) - 1
found = [u for u in users if u.id == init_users[0]['id']]
assert len(found) == 0
def test_ok_pwd_hash(self, api_client_int, api_client_mgmt, clean_db_f):
user = {
"email": "*****@*****.**",
"password_hash": "secret12345",
"propagate": False,
}
with tenantadm.run_fake_create_user(user):
api_client_int.create_user_for_tenant("foobar", user)
auth = make_auth("foo", "foobar")
users = api_client_mgmt.get_users(auth)
assert len(users) == 1
def _do_test_ok(self, api_client_mgmt, init_users, new_user, tenant_id=None):
auth = None
if tenant_id is not None:
auth = make_auth("foo", tenant_id)
_, r = api_client_mgmt.create_user(new_user, auth)
assert r.status_code == 201
users = api_client_mgmt.get_users(auth)
assert len(users) == len(init_users) + 1
found_user = [u for u in users if u.email == new_user["email"]]
assert len(found_user) == 1
found_user = found_user[0]
def _do_test_fail_duplicate_email(self,
api_client_mgmt,
init_users,
user,
update,
tenant_id=None):
auth = None
if tenant_id is not None:
auth = make_auth("foo", tenant_id)
try:
_, r = api_client_mgmt.update_user(user.id, update, auth)
except bravado.exception.HTTPError as e:
assert e.response.status_code == 422
class TestAuthVerify:
@pytest.mark.parametrize(
"token",
[
"garbage",
"",
make_auth("*****@*****.**")["Authorization"],
],
)
def test_fail(self, api_client_int, init_users, token):
try:
_, r = api_client_int.verify(token)
except bravado.exception.HTTPError as herr:
assert herr.response.status_code == 401
def test_ok(self, api_client_int, init_users, user_tokens):
for user, token in zip(init_users, user_tokens):
_, r = api_client_int.verify(token)
assert r.status_code == 200
def test_tamper_claims(self, api_client_int, init_users, user_tokens):
for user, token in zip(init_users, user_tokens):
hdr, claims, sign = explode_jwt(token)
claims["mender.tenant"] = "foobar"
tampered = ".".join(
[
urlsafe_b64encode(json.dumps(hdr).encode()).decode(),
urlsafe_b64encode(json.dumps(claims).encode()).decode(),
urlsafe_b64encode(sign).decode(),
]
)
try:
_, r = api_client_int.verify(tampered)
except bravado.exception.HTTPError as herr:
assert herr.response.status_code == 401
def test_bad_x_original(self, api_client_int, init_users, user_tokens):
user, token = init_users[0], user_tokens[0]
try:
_, r = api_client_int.verify(token, uri="/foobar")
except bravado.exception.HTTPError as herr:
assert herr.response.status_code == 500
def _do_test_ok_email(self,
api_client_mgmt,
init_users,
user,
update,
tenant_id=None):
auth = None
if tenant_id is not None:
auth = make_auth("foo", tenant_id)
# test update
_, r = api_client_mgmt.update_user(user.id, update, auth)
assert r.status_code == 204
# get/verify users
users = api_client_mgmt.get_users(auth)
assert len(users) == len(init_users)
found = [u for u in users if u.email == update["email"]]
assert len(found) == 1
