def test_ipa_client_batch_unknown_method(client, logged_in_dummy_user): """Check the IPAClient batch method returns unknown command errors""" with client.session_transaction() as sess: ipa = maybe_ipa_session(current_app, sess) with pytest.raises(BadRequest) as e: ipa.batch(methods=[{"method": "user_findy", "params": [[], {}]}]) assert "unknown command 'user_findy'" in e
def test_ipa_session_unauthorized(client, logged_in_dummy_user): """The user should be unauthorized when the session isn't valid for FreeIPA.""" with client.session_transaction() as sess: sess["securitas_session"] = Fernet( current_app.config['FERNET_SECRET']).encrypt(b'something-invalid') ipa = maybe_ipa_session(current_app, sess) assert ipa is None
def test_ipa_client_batch_no_raise_errors(client, logged_in_dummy_user, dummy_group): """Check the IPAClient batch method""" with client.session_transaction() as sess: ipa = maybe_ipa_session(current_app, sess) result = ipa.batch( methods=[ { "method": "user_find", "params": [[], { "uid": "dummy", 'all': True }] }, { "method": "this_method_wont_work", "params": [["dummy-group"], {}] }, ], raise_errors=False, ) assert result['count'] == 2 assert result['results'][0]['result'][0]['displayname'][ 0] == 'Dummy User' assert isinstance(result['results'][1], BadRequest)
def root(): ipa = maybe_ipa_session(app, session) username = session.get('securitas_username') if ipa and username: return redirect(url_for('user', username=username)) # Kick any non-authed user back to the login form. return render_template('index.html')
def fn(*args, **kwargs): ipa = maybe_ipa_session(app, session) if ipa: g.ipa = ipa g.current_user = User( g.ipa.user_find(whoami=True)['result'][0]) return f(*args, **kwargs, ipa=ipa) flash('Please log in to continue.', 'orange') return redirect(url_for('root'))
def logout(): """Log the user out.""" # Don't use the with_ipa() decorator, otherwise anonymous users visiting this endpoint will be # asked to login to then be logged out. ipa = maybe_ipa_session(app, session) if ipa: ipa.logout() session.clear() return redirect(url_for('root'))
def test_ipa_client_batch_unknown_option(client, logged_in_dummy_user): """Check the IPAClient batch method returns invalid params errors""" with client.session_transaction() as sess: ipa = maybe_ipa_session(current_app, sess) with pytest.raises(BadRequest) as e: ipa.batch(methods=[{ "method": "user_find", "params": [[], { "pants": "pants" }] }]) assert "invalid 'params': Unknown option: pants" in e
def password_reset(): # If already logged in, redirect to the logged in reset form ipa = maybe_ipa_session(app, session) username = session.get('securitas_username') if ipa and username: return redirect(url_for('auth_password_reset', username=username)) username = request.args.get('username') if not username: abort(404) form = PasswordResetForm() if form.validate_on_submit(): res = _validate_change_pw_form(form, username) if res and res.ok: return redirect(url_for('root')) return render_template('password-reset.html', password_reset_form=form, username=username)
def test_ipa_client_batch(client, logged_in_dummy_user, dummy_group): """Check the IPAClient batch method""" with client.session_transaction() as sess: ipa = maybe_ipa_session(current_app, sess) result = ipa.batch(methods=[ { "method": "user_find", "params": [[], { "uid": "dummy", 'all': True }] }, { "method": "group_find", "params": [["dummy-group"], {}] }, ]) assert result['count'] == 2 assert result['results'][0]['result'][0]['displayname'][ 0] == 'Dummy User' assert result['results'][1]['result'][0]['description'][ 0] == 'A dummy group'
def test_ipa_session_invalid(client, logged_in_dummy_user): """We should raise an exception when the session can't be decrypted.""" with client.session_transaction() as sess: sess["securitas_session"] = "invalid" with pytest.raises(TypeError): maybe_ipa_session(current_app, sess)
def test_ipa_session_anonymous(client): """Check maybe_ipa_session() when no user is logged in""" with client.session_transaction() as sess: assert maybe_ipa_session(current_app, sess) is None
def test_ipa_session_authed(client, logged_in_dummy_user): """Check maybe_ipa_session() when a user is logged in""" with client.session_transaction() as sess: assert maybe_ipa_session(current_app, sess) is not None