def test_GET_nodes_hides_invisible_nodes(self): user2 = factory.make_User() node1 = factory.make_Node() node2 = factory.make_Node(status=NODE_STATUS.ALLOCATED, owner=user2) node3 = factory.make_Node(pool=factory.make_ResourcePool()) tag = factory.make_Tag() node1.tags.add(tag) node2.tags.add(tag) node3.tags.add(tag) response = self.client.get(self.get_tag_uri(tag), {'op': 'nodes'}) self.assertEqual(http.client.OK, response.status_code) parsed_result = json.loads( response.content.decode(settings.DEFAULT_CHARSET)) self.assertEqual([node1.system_id], [r['system_id'] for r in parsed_result]) # The other user can also see his node client2 = MAASSensibleOAuthClient(user2) response = client2.get(self.get_tag_uri(tag), {'op': 'nodes'}) self.assertEqual(http.client.OK, response.status_code) parsed_result = json.loads( response.content.decode(settings.DEFAULT_CHARSET)) self.assertItemsEqual([node1.system_id, node2.system_id], [r['system_id'] for r in parsed_result])
def test_GET_nodes_hides_invisible_nodes(self): user2 = factory.make_User() node1 = factory.make_Node() pool = factory.make_ResourcePool() pool.grant_user(user2) node2 = factory.make_Node(pool=pool) tag = factory.make_Tag() node1.tags.add(tag) node2.tags.add(tag) response = self.client.get(self.get_tag_uri(tag), {'op': 'nodes'}) self.assertEqual(http.client.OK, response.status_code) parsed_result = json.loads( response.content.decode(settings.DEFAULT_CHARSET)) self.assertEqual([node1.system_id], [r['system_id'] for r in parsed_result]) # However, for the other user, they should see the result client2 = MAASSensibleOAuthClient(user2) response = client2.get(self.get_tag_uri(tag), {'op': 'nodes'}) self.assertEqual(http.client.OK, response.status_code) parsed_result = json.loads( response.content.decode(settings.DEFAULT_CHARSET)) self.assertItemsEqual([node1.system_id, node2.system_id], [r['system_id'] for r in parsed_result])
def test_anonymous_user_cannot_access(self): client = MAASSensibleOAuthClient() response = client.get(reverse('nodes_handler')) self.assertEqual(http.client.BAD_REQUEST, response.status_code) self.assertEqual( "Unrecognised signature: method=GET op=None", response.content.decode())
def make_worker_client(rack_controller): """Create a test client logged in as if it were `rack_controller`.""" assert ( get_worker_user() == rack_controller.owner ), "Rack controller owner should be the MAAS worker user." token = create_auth_token(rack_controller.owner) return MAASSensibleOAuthClient(rack_controller.owner, token=token)
def test_invalid_oauth_request(self): # An OAuth-signed request that does not validate is an error. user = factory.make_User() client = MAASSensibleOAuthClient(user) # Delete the user's API keys. get_auth_tokens(user).delete() response = client.post(reverse('nodes_handler'), {'op': 'start'}) observed = response.status_code, response.content expected = ( Equals(http.client.UNAUTHORIZED), Contains(b"Invalid access token:"), ) self.assertThat(observed, MatchesListwise(expected))
def test_node_init_user_cannot_access(self): token = NodeKey.objects.get_token_for_node(factory.make_Node()) client = MAASSensibleOAuthClient(get_node_init_user(), token) response = client.get(reverse('nodes_handler')) self.assertEqual(http.client.FORBIDDEN, response.status_code)