def test_existing_user_different_org(self, mock_send_mail): with app.test_client() as c: c.set_cookie("localhost", "access_token_cookie", TOKEN_ADMIN) username = get_random_username() email = get_random_email() response = c.post( "/organizations/%s/users" % UUID_ORG, headers={"x-csrf-token": TOKEN_ADMIN_CSRF}, json={ "username": username, "role": "user", "email": email }, ) self.assertEqual(response.status_code, 201) user = users.get_by_email(email) args = mock_send_mail.call_args_list self.assertEqual(args[0][0][0][0], email) self.assertEqual(args[0][0][1], "REGISTRATION_VERIFICATION_EMAIL") self.assertTrue(args[0][0][2]["activation_key"] is not None) self.assertTrue( args[0][0][2]["activation_key_expires"] is not None) self.assertTrue(args[0][0][2]["organization_name"] is not None) self.assertTrue(args[0][0][2]["organization_uuid"] == UUID_ORG) self.assertEqual(args[0][0][2]["email"], email) orgrole = organization_roles.get_organization_role( UUID_ORG, user["uuid"]) self.assertTrue(orgrole["role"], "user") # fake activate users.update_user(uuid=user["uuid"], activated=datetime.now()) c.set_cookie("localhost", "access_token_cookie", TOKEN_USER) response = c.post( "/organizations/%s/users" % UUID_ORG2, headers={"x-csrf-token": TOKEN_USER_CSRF}, json={ "username": username, "role": "user", "email": email }, ) self.assertEqual(response.status_code, 201) args = mock_send_mail.call_args_list self.assertEqual(args[1][0][0][0], email) self.assertEqual(args[1][0][1], "ORGANIZATION_INVITATION") self.assertTrue("activation_key" not in args[1][0][2]) self.assertTrue("activation_key_expires" not in args[1][0][2]) self.assertTrue(args[1][0][2]["organization_name"] is not None) self.assertTrue(args[1][0][2]["organization_uuid"] == UUID_ORG2) self.assertEqual(args[1][0][2]["email"], email) orgrole = organization_roles.get_organization_role( UUID_ORG2, user["uuid"]) self.assertTrue(orgrole["role"], "user")
def update_user(org_uuid, uuid): admin_uuid = get_jwt_identity() if admin_uuid == uuid: return abort(make_response(jsonify(message="Cannot update self"), 409)) user_role = organization_roles.get_organization_role(org_uuid, uuid) user = users.get_by_uuid(uuid) if user is None or user_role is None: return abort(make_response(jsonify(message="Not found"), 404)) data = request.json if not data: return abort(make_response(jsonify(message="Missing payload"), 400)) role = data.get("role", user_role["role"]) if role not in ["admin", "user"]: return abort(make_response(jsonify(message="Bad role"), 400)) organization_roles.set_organization_role(org_uuid, uuid, role) return ( jsonify( { "uuid": user["uuid"], "username": user["username"], "email": user["email"], "role": role, "activated": user["activated"] is not None, } ), 200, )
def gcode_delete(org_uuid, uuid): validate_uuid(uuid) gcode = gcodes.get_gcode(uuid) if gcode is None or gcode["organization_uuid"] != org_uuid: return abort(make_response(jsonify(message="Not found"), 404)) user = get_current_user() org_role = organization_roles.get_organization_role(org_uuid, user["uuid"]) if (user["uuid"] != gcode["user_uuid"] and user["system_role"] != "admin" and org_role["role"] != "admin"): return abort( make_response( jsonify(message="G-Code does not belong to %s" % user["uuid"]), 401)) try: files.remove(gcode["absolute_path"]) except IOError: pass finally: printjobs.update_gcode_data( uuid, { "uuid": gcode["uuid"], "user_uuid": gcode["user_uuid"], "filename": gcode["filename"], "size": gcode["size"], "available": False, }, ) gcodes.delete_gcode(uuid) return "", 204
def test_create_user(self, mock_send_mail): with app.test_client() as c: email = get_random_email() c.set_cookie("localhost", "access_token_cookie", TOKEN_ADMIN) response = c.post( "/organizations/%s/users" % UUID_ORG, headers={"x-csrf-token": TOKEN_ADMIN_CSRF}, json={"role": "user", "email": " %s " % email.upper()}, ) self.assertEqual(response.status_code, 201) self.assertTrue("uuid" in response.json) self.assertTrue("username" in response.json) self.assertTrue("role" in response.json) self.assertTrue("email" in response.json) user = users.get_by_email(email) self.assertTrue(user is not None) self.assertEqual(user["username"], email) self.assertEqual(user["email"], email) self.assertEqual(user["system_role"], "user") luser = local_users.get_local_user(user["uuid"]) self.assertTrue(luser is None) args = mock_send_mail.call_args_list self.assertEqual(args[0][0][0][0], email) self.assertEqual(args[0][0][1], "REGISTRATION_VERIFICATION_EMAIL") self.assertTrue(args[0][0][2]["activation_key"] is not None) self.assertTrue(args[0][0][2]["activation_key_expires"] is not None) self.assertTrue(args[0][0][2]["organization_name"] is not None) self.assertTrue(args[0][0][2]["organization_uuid"] is not None) self.assertEqual(args[0][0][2]["email"], email) orgrole = organization_roles.get_organization_role(UUID_ORG, user["uuid"]) self.assertTrue(orgrole["role"], "user")
def test_update_user(self): with app.test_client() as c: c.set_cookie("localhost", "access_token_cookie", TOKEN_ADMIN) response = c.patch( "/organizations/%s/users/%s" % (UUID_ORG, self.uuid), headers={"x-csrf-token": TOKEN_ADMIN_CSRF}, json={"role": "admin"}, ) self.assertEqual(response.status_code, 200) self.assertTrue("role" in response.json) self.assertEqual(response.json["role"], "admin") user = organization_roles.get_organization_role(UUID_ORG, self.uuid) self.assertTrue(user is not None) self.assertEqual(user["role"], "admin")
def add_user_to_org(org_uuid): user_uuid = request.json.get("uuid") org_role = request.json.get("role") user = users.get_by_uuid(user_uuid) if not user: return make_response("User does not exist", 400) if not organizations.get_by_uuid(org_uuid): return make_response("Organization does not exist", 400) if organization_roles.get_organization_role(org_uuid, user_uuid) is not None: return make_response("User is already in organization", 400) organization_roles.set_organization_role(org_uuid, user_uuid, org_role) return make_response("", 200)
def create_api_token(): data = request.json if not data: return abort(make_response(jsonify(message="Missing payload"), 400)) name = data.get("name", None) if not name: return abort(make_response(jsonify(message="Missing name"), 400)) org_uuid = data.get("organization_uuid", None) if not org_uuid: return abort( make_response(jsonify(message="Missing organization_uuid"), 400)) user = get_current_user() if not user: return abort(make_response(jsonify(message="Unauthorized"), 401)) is_member = organization_roles.get_organization_role( org_uuid, user["uuid"]) if not is_member: return abort(make_response(jsonify(message="Unauthorized"), 401)) organization = organizations.get_by_uuid(org_uuid) token = create_access_token( identity=user, expires_delta=False, user_claims={ "username": user.get("username"), "email": user.get("email"), "organization_uuid": organization["uuid"], "organization_name": organization["name"], }, ) jti = decode_token(token)["jti"] api_tokens.add_token(user_uuid=user["uuid"], jti=jti, name=name, organization_uuid=org_uuid) response = { "access_token": token, "name": name, "jti": jti, "organization": { "uuid": organization["uuid"], "name": organization["name"], }, "created": datetime.now().isoformat(), } return jsonify(response), 201
def test_delete(self, mock_send_mail): with app.test_client() as c: c.set_cookie("localhost", "access_token_cookie", TOKEN_ADMIN) email = get_random_email() response = c.post( "/organizations/%s/users" % UUID_ORG, headers={"x-csrf-token": TOKEN_ADMIN_CSRF}, json={ "role": "user", "email": email, }, ) self.assertEqual(response.status_code, 201) uuid = response.json["uuid"] user = users.get_by_email(email) api_tokens.add_token( user_uuid=uuid, jti=guid.uuid4(), organization_uuid=UUID_ORG, name="jti", ) self.assertTrue(user["uuid"], uuid) response = c.delete( "/organizations/%s/users/%s" % (UUID_ORG, uuid), headers={"x-csrf-token": TOKEN_ADMIN_CSRF}, ) self.assertEqual(response.status_code, 204) orgrole = organization_roles.get_organization_role( UUID_ORG, user["uuid"]) tokens = api_tokens.get_tokens_for_user_uuid(user["uuid"], org_uuid=UUID_ORG) self.assertTrue(user is not None) self.assertTrue(orgrole is None) for t in tokens: self.assertTrue(t["revoked"]) self.assertTrue(t["organization_uuid"] == UUID_ORG) args = mock_send_mail.call_args_list self.assertEqual(args[1][0][0][0], email) self.assertEqual(args[1][0][1], "ORGANIZATION_REMOVAL") self.assertTrue(args[1][0][2]["organization_name"] is not None) self.assertTrue(args[1][0][2]["organization_uuid"] is not None) self.assertEqual(args[1][0][2]["email"], email)
def delete_user(org_uuid, uuid): admin_uuid = get_jwt_identity() if admin_uuid == uuid: return abort(make_response(jsonify(message="Cannot update self"), 409)) user_role = organization_roles.get_organization_role(org_uuid, uuid) user = users.get_by_uuid(uuid) if user is None or user_role is None: return abort(make_response(jsonify(message="Not found"), 404)) organization = organizations.get_by_uuid(org_uuid) api_tokens.revoke_all_tokens(uuid, org_uuid) organization_roles.drop_organization_role(org_uuid, uuid) send_mail.delay( [user["email"]], "ORGANIZATION_REMOVAL", { "email": user["email"], "inviter_username": get_current_user()["username"], "organization_name": organization["name"], "organization_uuid": organization["uuid"], }, ) return "", 204
def wrap(org_uuid, *args, **kwargs): validate_uuid(org_uuid) user = get_current_user() if not user: return abort( make_response(jsonify(message="Unauthorized"), 401)) role = organization_roles.get_organization_role( org_uuid, user["uuid"]) if role is None: return abort( make_response( jsonify(message="Cannot access this organization"), 403)) if required_role is not None and role["role"] != required_role: return abort( make_response( jsonify( message= "User does not have the required system role of %s" % required_role), 403, )) return func(org_uuid, *args, **kwargs)
def add_user_to_org(org_uuid): data = request.json if not data: return abort(make_response(jsonify(message="Missing payload"), 400)) email = data.get("email", None) org_role = data.get("role", None) if not email or not org_role: return abort(make_response(jsonify(message="Missing email"), 400)) if org_role not in ["admin", "user"]: return abort(make_response(jsonify(message="Bad role"), 400)) email = email.lstrip().rstrip().lower() if not is_email(email): return abort(make_response(jsonify(message="Invalid email"), 400)) existing = users.get_by_email(email) # completely new user if existing is None: user_uuid = guid.uuid4() activation_key = guid.uuid4() activation_key_expires = datetime.now().astimezone() + timedelta(hours=24) users.add_user( uuid=user_uuid, email=email, username=email, system_role="user", providers=[], activation_key_hash=hashlib.sha256( str(activation_key).encode("utf-8") ).hexdigest(), activation_key_expires=activation_key_expires, ) else: user_uuid = existing.get("uuid", None) # an activated account that already has a role in this organization if ( organization_roles.get_organization_role(org_uuid, user_uuid) and existing["activated"] ): return abort(make_response(jsonify(message="User already exists"), 409)) # an account that is not activated but has already been sent an invite activation_key = guid.uuid4() activation_key_expires = datetime.now().astimezone() + timedelta(hours=24) users.update_user( uuid=user_uuid, activation_key_hash=hashlib.sha256( str(activation_key).encode("utf-8") ).hexdigest(), activation_key_expires=activation_key_expires, ) organization = organizations.get_by_uuid(org_uuid) organization_roles.set_organization_role(org_uuid, user_uuid, org_role) if existing is None or existing["activated"] is None: send_mail.delay( [email], "REGISTRATION_VERIFICATION_EMAIL", { "activation_key": activation_key, "activation_key_expires": int(activation_key_expires.timestamp()), "email": email, "inviter_username": get_current_user()["username"], "organization_name": organization["name"], "organization_uuid": organization["uuid"], }, ) else: send_mail.delay( [email], "ORGANIZATION_INVITATION", { "email": email, "inviter_username": get_current_user()["username"], "organization_name": organization["name"], "organization_uuid": organization["uuid"], }, ) return ( jsonify( { "uuid": str(user_uuid), "username": existing["username"] if existing else email, "email": email, "role": org_role, "activated": existing["activated"] is not None if existing else False, } ), 201, )