def test_delete_pack_as_non_admin(): """Testing delete pack API with as non-admin""" with requests.Session() as session: create_next_admin(session) user_id_1 = create_test_user( session, TEST_USERS[4]).json()["data"]["user"]["id"] role_id = create_fake_role(session, user_id_1, TEST_ROLES[4]).json()["data"]["id"] pack_id = create_fake_pack(session, user_id_1, role_id, TEST_PACKS[6]).json()["data"]["pack_id"] user_response = create_test_user(session, TEST_USERS[5]) assert user_response.status_code == 200, "Error creating user: %s \n%s" % ( TEST_USERS[5]["username"], user_response.json(), ) with requests.Session() as session: # auth as a non-admin user_payload = { "id": TEST_USERS[5]["username"], "password": TEST_USERS[5]["password"], } auth_response = session.post( "http://rbac-server:8000/api/authorization/", json=user_payload) assert auth_response.status_code == 200, "Error authing as %s: \n%s" % ( TEST_USERS[5]["username"], auth_response.json(), ) # try to delete the pack as a non-admin response = session.delete( "http://rbac-server:8000/api/packs/{}".format(pack_id)) assert response.status_code == 401, ( "Unexpected response when deleting pack: %s" % response.json())
def test_search_api(): """Tests the search api endpoint functions and returns a valid payload.""" delete_user_by_username("susan20") with requests.Session() as session: create_user_input = { "name": "Susan Susanson", "username": "******", "password": "******", "email": "*****@*****.**", } create_next_admin(session) create_test_user(session, create_user_input) search_query = { "query": { "search_input": "super long search input", "search_object_types": ["role", "pack", "user"], "page_size": "20", "page": "2", } } response = session.post("http://rbac-server:8000/api/search", json=search_query) assert response.json()["data"] == { "roles": [], "packs": [], "users": [] } delete_user_by_username("susan23")
def test_non_admin_user_creation(): """Test user creation by a non-admin user""" with requests.Session() as session: create_next_admin(session) user = { "name": "new user", "username": "******", "password": "******", "email": "*****@*****.**", } create_test_user(session, user) with requests.session() as session2: user_login(session2, "new_user", "123456") user = { "name": "next user", "username": "******", "password": "******", "email": "*****@*****.**", } response = create_test_user(session2, user) assert response.json() == { "code": 401, "message": "Unauthorized: No authentication token provided", }
def test_add_role_owner(): """Test adding an owner to a role. Creates two test users and a role with user1 as owner/admin, then adds the second user as role owner.""" user1_payload = { "name": "Test User 3", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test User 4", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: create_next_admin(session) user_response1 = create_test_user(session, user1_payload) user1_result = assert_api_success(user_response1) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] role_payload = { "name": "TestRole0501201902", "owners": user1_id, "administrators": user1_id, "description": "Test Role 2", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] role_update_payload = { "id": user2_id, "reason": "Integration test of adding role owner.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/owners".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["assigned_approver"][0] == user1_id # Logging in as role owner user_login(session, user1_payload["username"], user1_payload["password"]) # Approve proposal as role owner approve_proposal(session, result["proposal_id"]) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["status"] == "CONFIRMED" delete_role_by_name("TestRole0501201902") delete_user_by_username("testuser3") delete_user_by_username("testuser4")
def test_add_task_owner(): """Test adding an owner to a task. Creates two test users and a task using the first user, then adds the second user as task owner.""" user1_payload = { "name": "Test User 10", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test User 11", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: create_next_admin(session) user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] task1_payload = { "name": "TestTask3", "administrators": user1_id, "owners": user1_id, "metadata": "", } task_response = create_test_task(session, task1_payload) task_result = assert_api_success(task_response) task_id = task_result["data"]["id"] owner_payload = { "id": user2_id, "reason": "Integration test of adding task owner.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/tasks/{}/owners".format(task_id), json=owner_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["assigned_approver"][0] == user1_id delete_task_by_name("TestTask3") delete_user_by_username("testuser10") delete_user_by_username("testuser11")
def test_duplicate_role_with_spaces(): """Create a new fake role resource with varying spaces in between the name""" insert_role( { "name": " Manager0501201901 ", "owners": "12345", "administrators": "12345", } ) with requests.Session() as session: user_payload = { "name": "Susan Susanson", "username": "******", "password": "******", "email": "*****@*****.**", } create_next_admin(session) user_response = create_test_user(session, user_payload) user_id = user_response.json()["data"]["user"]["id"] role_resource = { "name": "Manager0501201901", "owners": user_id, "administrators": user_id, } insert_role(role_resource) response = session.post("http://rbac-server:8000/api/roles", json=role_resource) assert ( response.json()["message"] == "Error: Could not create this role because the role name already exists." ) assert response.json()["code"] == 409 delete_user_by_username("susan22") delete_role_by_name("Manager0501201901")
def test_create_new_user_api(): """Test whether assigned manager id is present in the data of user""" with requests.Session() as session: create_next_admin(session) create_manager_payload = { "name": "manager_name", "username": "******", "password": "******", "email": "manager@email_id", } manager_creation_response = create_test_user(session, create_manager_payload) manager_id = manager_creation_response.json()["data"]["user"]["id"] user_create_payload = { "name": "user_name", "username": "******", "password": "******", "email": "user@email_id", "manager": manager_id, } user_creation_response = session.post( "http://rbac-server:8000/api/users", json=user_create_payload) user_id = user_creation_response.json()["data"]["user"]["id"] wait_for_resource_in_db("users", "name", "user_name") user_details_response = session.get( "http://rbac-server:8000/api/users/" + user_id) assert user_details_response.json()["data"]["manager"] == manager_id
def setup_module(): """actions to be performed to configure the database before tests are run. """ wait_for_rethink() with requests.Session() as session: # create a management chain of users create_next_admin(session) user_id = None for i, user in enumerate(TEST_USERS): # Sixth User should be outside of the management chain # Fifth User is the highest manager and should have no managers if i > 1: user["manager"] = user_id response = create_test_user(session, user) assert response.status_code == 200, response.json() user_id = response.json()["data"]["user"]["id"] # save the returned next_id in the TEST_USER object user["next_id"] = user_id # create test role(s) for i, role in enumerate(TEST_ROLES): # set the Zeroth User as the role owner role["owners"] = [user_id] role["administrators"] = [user_id] response = create_test_role(session, role) assert response.status_code == 200, response.json() role_id = response.json()["data"]["id"] role["role_id"] = role_id add_member_payload = {"id": user_id} add_role_member(session, role_id, add_member_payload)
def test_delete_invalid_role(): """Test the delete roll api Create a test user for auth Create a test role Deletes the test role Only checks that the role was deleted """ with requests.Session() as session: # Create test user user_payload = { "name": "Rapp Scallion", "username": "******", "password": "******", "email": "*****@*****.**", } create_next_admin(session) user_response = create_test_user(session, user_payload) assert user_response.status_code == 200, ( "Error creating user: %s" % user_response.json() ) # Delete test role delete_role_response = session.delete( "http://rbac-server:8000/api/roles/invalid_role_id" ) assert delete_role_response.status_code == 404, ( "Unexpected response: %s" % delete_role_response.json() ) # clean up delete_user_by_username("guybrush3pw00d")
def test_delete_role_with_admins(): """Test the delete roll api Create a test user for auth Create a test role Deletes the test role Check that the role admin object was deleted """ with requests.Session() as session: # Create test user user_payload = { "name": "Elaine Marley", "username": "******", "password": "******", "email": "*****@*****.**", } create_next_admin(session) user_response = create_test_user(session, user_payload) assert user_response.status_code == 200, ( "Error creating user: %s" % user_response.json() ) # Create test role user_id = user_response.json()["data"]["user"]["id"] role_resource = { "name": "Tri-Island Area", "owners": user_id, "administrators": user_id, } role_response = session.post( "http://rbac-server:8000/api/roles", json=role_resource ) assert role_response.status_code == 200, ( "Error creating role: %s" % role_response.json() ) # Wait for role in db role_id = role_response.json()["data"]["id"] is_role_in_db = wait_for_role_in_db(role_id) assert ( is_role_in_db is True ), "Couldn't find role in rethinkdb, maximum attempts exceeded." # Delete test role delete_role_response = session.delete( "http://rbac-server:8000/api/roles/%s" % role_id ) assert delete_role_response.status_code == 200, ( "Error deleting role: %s" % delete_role_response.json() ) # Check for role admins are_admins_removed = wait_for_resource_removal_in_db( "role_admins", "role_id", role_id ) assert are_admins_removed is True # clean up delete_user_by_username("elaine1")
def test_add_role_task(): """Test adding a new task to a role. Creates a test user and a role, then creates a task, to add to the role.""" user1_payload = { "name": "Test Owner 2", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: create_next_admin(session) user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] with requests.Session() as session: user_login(session, "testowner2", "123456") task1_payload = { "name": "TestTask1", "administrators": user1_id, "owners": user1_id, "metadata": "", } task_response = create_test_task(session, task1_payload) task_result = assert_api_success(task_response) task_id = task_result["data"]["id"] role_payload = { "name": "TestRole0501201904", "owners": user1_id, "administrators": user1_id, "description": "Test Role 4", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] role_update_payload = { "id": task_id, "reason": "Integration test of adding a task.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/tasks".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) proposal = assert_api_success(proposal_response) assert proposal["data"]["assigned_approver"][0] == user1_id delete_role_by_name("TestRole0501201904") delete_user_by_username("testowner2") delete_task_by_name("TestTask1")
def test_delete_role(): """Test the delete roll api Create a test user for auth Create a test role Deletes the test role Only checks that the role was deleted """ with requests.Session() as session: # Create test user user_payload = { "name": "Guybrush Threepwood", "username": "******", "password": "******", "email": "*****@*****.**", } create_next_admin(session) user_response = create_test_user(session, user_payload) assert user_response.status_code == 200, ( "Error creating user: %s" % user_response.json() ) # Create test role user_id = user_response.json()["data"]["user"]["id"] role_resource = { "name": "Men of Low Moral Fiber", "owners": user_id, "administrators": user_id, } role_response = session.post( "http://rbac-server:8000/api/roles", json=role_resource ) assert role_response.status_code == 200, ( "Error creating role: %s" % role_response.json() ) # Wait for role in db role_id = role_response.json()["data"]["id"] is_role_in_db = wait_for_role_in_db(role_id) assert ( is_role_in_db is True ), "Couldn't find role in rethinkdb, maximum attempts exceeded." # Delete test role delete_role_response = session.delete( "http://rbac-server:8000/api/roles/%s" % role_id ) assert delete_role_response.status_code == 200, ( "Error deleting role: %s" % delete_role_response.json() ) # clean up delete_user_by_username("guybrush3pw00d")
def test_user_creation(): """Test user creation by admin user""" with requests.Session() as session: response = create_next_admin(session) user = { "name": "new user", "username": "******", "password": "******", "email": "*****@*****.**", } response2 = create_test_user(session, user) assert response2.status_code == 200 assert response.json()["data"]["message"] == "Authorization successful"
def test_role_owner_and_mem(): """Create a new fake role and try to add yourself to role you created""" with requests.Session() as session: # create test user user_payload = { "name": "Susan S", "username": "******", "password": "******", "email": "*****@*****.**", } create_next_admin(session) user_response = create_test_user(session, user_payload) assert user_response.status_code == 200, ( "Error creating user: %s" % user_response.json() ) with requests.Session() as session: user_login(session, "susans2224", "12345678") # create test role user_id = user_response.json()["data"]["user"]["id"] role_resource = { "name": "Office_Assistant", "owners": user_id, "administrators": user_id, } role_response = session.post( "http://rbac-server:8000/api/roles", json=role_resource ) assert role_response.status_code == 200, ( "Error creating role: %s" % role_response.json() ) # Wait for role in rethinkdb role_id = role_response.json()["data"]["id"] is_role_in_db = wait_for_role_in_db(role_id) assert ( is_role_in_db is True ), "Couldn't find role in rethinkdb, maximum attempts exceeded." # create a membership proposal to test autoapproval response = add_role_member(session, role_id, {"id": user_id}) assert ( response.json()["message"] == "Owner is the requester. Proposal is autoapproved." ) # clean up delete_user_by_username("susans2224") delete_role_by_name("Office_Assistant")
def test_delete_pack(): """Testing delete pack API""" with requests.Session() as session: create_next_admin(session) user_id = create_test_user(session, TEST_USERS[1]).json()["data"]["user"]["id"] role_id = create_fake_role(session, user_id, TEST_ROLES[1]).json()["data"]["id"] pack_id = create_fake_pack(session, user_id, role_id, TEST_PACKS[2]).json()["data"]["pack_id"] response = session.delete( "http://rbac-server:8000/api/packs/{}".format(pack_id)) assert response.json() == { "deleted": 1, "message": "Pack {} successfully deleted".format(pack_id), "id": pack_id, } assert get_pack_by_pack_id(pack_id) == []
def setup_module(): """Create a new fake role resource which is unique""" with requests.Session() as session: create_next_admin(session) user_payload = { "name": "Susan SusansonRandom", "username": "******", "password": "******", "email": "*****@*****.**", } user_response = create_test_user(session, user_payload) user_id = user_response.json()["data"]["user"]["id"] role_resource = { "name": "ManagerRandom0501201902", "owners": user_id, "administrators": user_id, } session.post("http://rbac-server:8000/api/roles", json=role_resource)
def test_role_outq_insertion(): """ Test the insertion of a new fake role resource which is unique into the outbound_queue table. This test will only run if ENABLE_NEXT_BASE_USE is set to 1. """ user1_payload = { "name": "Test Unique User", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: create_next_admin(session) user_response1 = create_test_user(session, user1_payload) user1_result = assert_api_success(user_response1) user1_id = user1_result["data"]["user"]["id"] role_payload = { "name": "TestUniqueRole0501201903", "owners": user1_id, "administrators": user1_id, "description": "Test Unique Role 1", } role_response = create_test_role(session, role_payload) assert_api_success(role_response) outbound_queue_data = {"members": [], "remote_id": ""} expected_payload = { "data": outbound_queue_data, "data_type": "group", "provider_id": "NEXT-created", "status": "UNCONFIRMED", "action": "", } outbound_entry = get_outbound_queue_entry(outbound_queue_data) outbound_entry[0].pop("timestamp") outbound_entry[0].pop("id") assert outbound_entry[0] == expected_payload delete_role_by_name("TestUniqueRole0501201903") delete_user_by_username("testuniqueuser0501201901")
def test_update_user(): """Test that an admin user can update an existing user's information""" user = { "name": "nadia six", "username": "******", "password": "******", "email": "*****@*****.**", } env = Env() with requests.session() as session: user_login(session, env("NEXT_ADMIN_USER"), env("NEXT_ADMIN_PASS")) created_user = create_test_user(session, user) update_payload = { "next_id": created_user.json()["data"]["user"]["id"], "name": "nadia changed", "username": "******", "email": "*****@*****.**", } update_response = session.put( "http://*****:*****@test.com", } password_response = session2.put( "http://rbac-server:8000/api/users/update", json=update_payload) assert password_response.status_code == 403 assert (password_response.json()["message"] == "You are not a NEXT Administrator.")
def test_duplicate_pack_with_spaces(): """Test creating two pack resources with varying spaces in between the name""" with requests.Session() as session: create_next_admin(session) user_id = create_test_user(session, TEST_USERS[3]).json()["data"]["user"]["id"] role_id = create_fake_role(session, user_id, TEST_ROLES[3]).json()["data"]["id"] create_fake_pack(session, user_id, role_id, TEST_PACKS[4]) pack_resource = TEST_PACKS[5] pack_resource["owners"] = user_id pack_resource["roles"] = role_id response = session.post("http://rbac-server:8000/api/packs", json=pack_resource) assert ( response.json()["message"] == "Error: Could not create this pack because the pack name already exists." ) assert response.json()["code"] == 400
def test_update_manager(): """ Creates a user and then updates their manager as nextAdmin""" user1_payload = { "name": "Test User 9", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: next_admin = create_next_admin(session) admin_id = next_admin.json()["data"]["next_id"] user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] with requests.Session() as session: user_login(session, "testuser9", "123456") manager_payload = { "id": user1_id, "reason": "Integration test of updating manager.", "metadata": "", } next_admin_role = get_role_by_name("NextAdmins") failed_response = update_manager(session, admin_id, manager_payload) assert failed_response.json() == { "code": 400, "message": "Proposal opener is not a Next Admin.", } add_role_member(session, next_admin_role[0]["role_id"], {"id": user1_id}) with requests.session() as session: create_next_admin(session) response = update_manager(session, admin_id, manager_payload) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) assert_api_success(proposal_response) delete_user_by_username("testuser6") delete_user_by_username("testuser7")
def test_user_relationship_api(): """ Test to check that user relationship API is not throwing an index out of range error if user dont have any manager. Creates a test user without manager and calls the user relationship api for testing whether it is causing any index out of range error or not.""" user1_payload = { "name": "kiran kumar", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: create_next_admin(session) user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] response = session.get("http://rbac-server:8000/api/users/" + user1_id + "/relationships") assert response.json()["data"]["managers"] == [] delete_user_by_username("kkumar36")
def test_user_delete_api(): """Test that user has been removed from database when users delete api is hit""" user = { "name": "nadia one", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: create_next_admin(session) response = create_test_user(session, user) next_id = response.json()["data"]["user"]["id"] wait_for_resource_in_db("users", "next_id", next_id) with requests.Session() as session: user_login(session, "nadia1", "test11") role_payload = { "name": "test_role", "owners": [next_id], "administrators": [next_id], "description": "This is a test Role", } role_resp = create_test_role(session, role_payload) role_id = role_resp.json()["data"]["id"] pack = { "name": "michael pack one", "owners": [next_id], "roles": [], "description": "Michael's test pack", } pack_response = create_test_pack(session, pack) add_role_member_payload = { "id": next_id, "reason": "Integration test of adding a member.", "metadata": "", } add_role_member(session, role_id, add_role_member_payload) wait_for_resource_in_db("role_members", "role_id", role_id) conn = connect_to_db() user_exists = (r.table("users").filter({ "next_id": next_id }).coerce_to("array").run(conn)) role_owner_exists = (r.table("role_owners").filter({ "identifiers": [next_id], "role_id": role_id }).coerce_to("array").run(conn)) role_member_exists = (r.table("role_members").filter({ "identifiers": [next_id], "role_id": role_id }).coerce_to("array").run(conn)) assert user_exists assert role_owner_exists assert role_member_exists assert get_user_mapping_entry(next_id) assert get_auth_entry(next_id) assert get_user_metadata_entry(next_id) assert check_user_is_pack_owner( pack_id=pack_response.json()["data"]["pack_id"], next_id=next_id) role_admin_is_user = (r.db("rbac").table("role_admins").filter({ "related_id": next_id }).coerce_to("array").run(conn)) role_admin = role_admin_is_user[0]["identifiers"][0] assert role_admin == next_id deletion = session.delete("http://rbac-server:8000/api/users/" + next_id) time.sleep(5) assert deletion.json() == { "message": "User {} successfully deleted".format(next_id), "deleted": 1, } role_admin_user = (r.db("rbac").table("role_admins").filter({ "related_id": next_id }).coerce_to("array").run(conn)) role_owners = ( r.db("rbac").table("role_owners").filter(lambda doc: doc[ "identifiers"].contains(next_id)).coerce_to("array").run(conn)) role_members = ( r.db("rbac").table("role_members").filter(lambda doc: doc[ "identifiers"].contains(next_id)).coerce_to("array").run(conn)) delete_role_by_name("test_role") conn.close() assert role_admin_user == [] assert role_members == [] assert role_owners == [] assert get_deleted_user_entries(next_id) == [] assert get_pack_owners_by_user(next_id) == [] delete_pack_by_name("michael pack one")
def test_delete_role_with_members(): """ Test the delete roll api Create a test user for auth Create a test role Add the first user as a member of the role Deletes the test role Check that the role member object was deleted """ with requests.Session() as session: # Create test user user_payload = { "name": "Walt the Dog", "username": "******", "password": "******", "email": "*****@*****.**", } create_next_admin(session) user_response = create_test_user(session, user_payload) assert user_response.status_code == 200, ( "Error creating user: %s" % user_response.json() ) user_id = user_response.json()["data"]["user"]["id"] with requests.Session() as session: user_login(session, "walt1", "12345678") # Create test role role_resource = { "name": "Phatt Island Jail", "owners": user_id, "administrators": user_id, } role_response = session.post( "http://rbac-server:8000/api/roles", json=role_resource ) assert role_response.status_code == 200, ( "Error creating role: %s" % role_response.json() ) # Wait for role in db role_id = role_response.json()["data"]["id"] is_role_in_db = wait_for_role_in_db(role_id) assert ( is_role_in_db is True ), "Couldn't find role in rethinkdb, maximum attempts exceeded." # Add role member role_update_payload = { "id": user_id, "reason": "Integration test of member removal on role deletion.", "metadata": "", } member_response = session.post( "http://rbac-server:8000/api/roles/{}/members".format(role_id), json=role_update_payload, ) assert member_response.status_code == 200, ( "Error adding role member: %s" % member_response.json() ) # Wait for member in rethinkdb is_member_in_db = wait_for_resource_in_db("role_members", "related_id", user_id) assert ( is_member_in_db is True, ), "Couldn't find member in rethinkdb, maximum attempts exceeded." # Delete test role delete_role_response = session.delete( "http://rbac-server:8000/api/roles/%s" % role_id ) assert delete_role_response.status_code == 200, ( "Error deleting role: %s" % delete_role_response.json() ) # Check for role members are_members_removed = wait_for_resource_removal_in_db( "role_members", "role_id", role_id ) assert are_members_removed is True # clean up delete_user_by_username("walt1")
def test_delete_role_with_proposals(): """ Test the delete roll api Create a test user for auth Create a test user for role membership Create a test role Propose adding the second user as a member Deletes the test role Check that the membership proposal was autorejected """ with requests.Session() as session: # Create test user role_owner = { "name": "Fin Pirate", "username": "******", "password": "******", "email": "*****@*****.**", } create_next_admin(session) user_response = create_test_user(session, role_owner) assert user_response.status_code == 200, ( "Error creating user: %s" % user_response.json() ) role_owner["next_id"] = user_response.json()["data"]["user"]["id"] # Create test user new_member = { "name": "Frank Pirate", "username": "******", "password": "******", "email": "*****@*****.**", } user_response = create_test_user(session, new_member) assert user_response.status_code == 200, ( "Error creating user: %s" % user_response.json() ) new_member["next_id"] = user_response.json()["data"]["user"]["id"] # Auth as role_owner auth_response = user_login( session, role_owner["username"], role_owner["password"] ) assert auth_response.status_code == 200, "Failed to authenticate as %s. %s" % ( role_owner["username"], auth_response.json(), ) # Create test role role_resource = { "name": "Men of Low Moral Fiber", "owners": role_owner["next_id"], "administrators": role_owner["next_id"], } role_response = session.post( "http://rbac-server:8000/api/roles", json=role_resource ) assert role_response.status_code == 200, ( "Error creating role: %s" % role_response.json() ) # Wait for role in db role_id = role_response.json()["data"]["id"] is_role_in_db = wait_for_role_in_db(role_id) assert ( is_role_in_db is True ), "Couldn't find role in rethinkdb, maximum attempts exceeded." # Auth as new_member auth_response = user_login( session, new_member["username"], new_member["password"] ) assert auth_response.status_code == 200, "Failed to authenticate as %s. %s" % ( new_member["username"], auth_response.json(), ) # Add role member role_update_payload = { "id": new_member["next_id"], "reason": "Integration test of membership proposal removal on role deletion.", "metadata": "", } member_response = session.post( "http://rbac-server:8000/api/roles/{}/members".format(role_id), json=role_update_payload, ) assert member_response.status_code == 200, ( "Error adding role member: %s" % member_response.json() ) # Auth as role_owner auth_response = user_login( session, role_owner["username"], role_owner["password"] ) assert auth_response.status_code == 200, "Failed to authenticate as %s. %s" % ( role_owner["username"], auth_response.json(), ) # Delete test role delete_role_response = session.delete( "http://rbac-server:8000/api/roles/%s" % role_id ) assert delete_role_response.status_code == 200, ( "Error deleting role: %s" % delete_role_response.json() ) # Check for open role member proposals are_proposals_rejected = wait_for_prpsl_rjctn_in_db(role_id) assert are_proposals_rejected is True # clean up delete_user_by_username("fin1") delete_user_by_username("frank1")
def test_add_role_member_outqueue(): """ Test adding a new member to a role in NEXT-only mode. Creates two test users and a role using the first user, then adds the second user as member to role. This test will only run if ENABLE_NEXT_BASE_USE is set to 1. """ user1_payload = { "name": "Test Owner 0521201905", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Test Member 0521201906", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: start_depth = get_outbound_queue_depth() create_next_admin(session) user_response1 = create_test_user(session, user1_payload) user1_result = assert_api_success(user_response1) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] role_payload = { "name": "TestRole0521201902", "owners": user1_id, "administrators": user1_id, "description": "Test Role 3", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] role_update_payload = { "id": user2_id, "reason": "Integration test of adding a member.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/members".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) assert_api_success(proposal_response) # Logging in as role owner user_login(session, user1_payload["username"], user1_payload["password"]) # Approve proposal as role owner approve_proposal(session, result["proposal_id"]) end_depth = get_outbound_queue_depth() assert end_depth > start_depth # NOTE: members field contains an empty string because in NEXT # mode all user's remote_ids are set to an empty string outbound_queue_data = {"members": [""], "remote_id": ""} expected_payload = { "data": outbound_queue_data, "data_type": "group", "provider_id": "NEXT-created", "status": "UNCONFIRMED", "action": "", } # Check outbound_queue entry is formatted correctly outbound_entry = get_outbound_queue_entry(outbound_queue_data) outbound_entry[0].pop("timestamp") outbound_entry[0].pop("id") assert outbound_entry[0] == expected_payload delete_role_by_name("TestRole0521201902") delete_user_by_username("test0521201905") delete_user_by_username("test0521201906")
def test_delete_role_not_owner(): """ Test the delete role api Create a test user for auth Create a test user for role membership Create a test role Attempt to delete the test role as a non role owner/admin Check that the deletion attempt was autorejected """ with requests.Session() as session: # Create test user role_owner = { "name": "Fred Pirate", "username": "******", "password": "******", "email": "*****@*****.**", } create_next_admin(session) user_response = create_test_user(session, role_owner) assert user_response.status_code == 200, "Error creating user: %s;\n %s" % ( role_owner["name"], user_response.json(), ) role_owner["next_id"] = user_response.json()["data"]["user"]["id"] # Create test user test_user = { "name": "Meunster Monster", "username": "******", "password": "******", "email": "*****@*****.**", } user_response = create_test_user(session, test_user) assert user_response.status_code == 200, "Error creating user: %s;\n %s" % ( test_user["name"], user_response.json(), ) test_user["next_id"] = user_response.json()["data"]["user"]["id"] # Auth as new_member payload = {"id": role_owner["username"], "password": role_owner["password"]} auth_response = session.post( "http://rbac-server:8000/api/authorization/", json=payload ) assert auth_response.status_code == 200, "Failed to authenticate as %s. %s" % ( test_user["name"], auth_response.json(), ) # Create test role role_resource = { "name": "Men of Low Moral Fiber", "owners": role_owner["next_id"], "administrators": role_owner["next_id"], } role_response = session.post( "http://rbac-server:8000/api/roles", json=role_resource ) assert role_response.status_code == 200, ( "Error creating role: %s" % role_response.json() ) # Wait for role in db role_id = role_response.json()["data"]["id"] is_role_in_db = wait_for_role_in_db(role_id) assert ( is_role_in_db is True ), "Couldn't find role in rethinkdb, maximum attempts exceeded." # Auth as test_user payload = {"id": test_user["username"], "password": test_user["password"]} auth_response = session.post( "http://rbac-server:8000/api/authorization/", json=payload ) assert auth_response.status_code == 200, "Failed to authenticate as %s. %s" % ( role_owner["name"], auth_response.json(), ) # Delete test role delete_role_response = session.delete( "http://rbac-server:8000/api/roles/%s" % role_id ) assert delete_role_response.status_code == 403, ( "Unexpected response: %s" % delete_role_response.json() ) # clean up delete_user_by_username("fred1") delete_user_by_username("meunster1") delete_role_by_name("Men of Low Moral Fiber")
def test_add_role_member_ldap(): """ Test adding a new member to a role in LDAP-only mode. Creates two test users and a role using the first user, then adds the second user as member to role. This test will only run if ENABLE_LDAP_SYNC is set to 1. """ user1_payload = { "name": "Michael Scott", "username": "******", "password": "******", "email": "*****@*****.**", } user2_payload = { "name": "Jim Halpert", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: start_depth = get_outbound_queue_depth() create_next_admin(session) user1_response = create_test_user(session, user1_payload) user1_result = assert_api_success(user1_response) user1_id = user1_result["data"]["user"]["id"] user2_response = create_test_user(session, user2_payload) user2_result = assert_api_success(user2_response) user2_id = user2_result["data"]["user"]["id"] role_payload = { "name": "Michael_Scott_Paper_Company", "owners": user1_id, "administrators": user1_id, "description": "Infinite ideas await....", } role_response = create_test_role(session, role_payload) role_result = assert_api_success(role_response) role_id = role_result["data"]["id"] role_update_payload = { "id": user2_id, "reason": "Integration test of adding a member.", "metadata": "", } response = session.post( "http://rbac-server:8000/api/roles/{}/members".format(role_id), json=role_update_payload, ) result = assert_api_success(response) proposal_response = get_proposal_with_retry(session, result["proposal_id"]) assert_api_success(proposal_response) # Logging in as role owner user_login(session, user1_payload["username"], user1_payload["password"]) # Approve proposal as role owner approve_proposal(session, result["proposal_id"]) end_depth = get_outbound_queue_depth() assert end_depth > start_depth # NOTE: members field contains an empty string because in NEXT # mode all user's remote_ids are set to an empty string outbound_queue_data = { "description": "Infinite ideas await....", "name": "Michael_Scott_Paper_Company", "group_types": -2147483646, "members": [""], "owners": "", "remote_id": "CN=Michael_Scott_Paper_Company," + ENV("GROUP_BASE_DN"), } expected_payload = { "data": outbound_queue_data, "data_type": "group", "provider_id": ENV("LDAP_DC"), "status": "UNCONFIRMED", "action": "", } # Check outbound_queue entry is formatted correctly outbound_entry = get_outbound_queue_entry(outbound_queue_data) outbound_entry[0].pop("timestamp") outbound_entry[0].pop("id") assert outbound_entry[0] == expected_payload delete_role_by_name("Michael_Scott_Paper_Company") delete_user_by_username("jimh062619") delete_user_by_username("michaels062619")
def test_reject_users_proposals(): """Test that a user's proposals are rejected when they are deleted.""" user_to_delete = { "name": "nadia two", "username": "******", "password": "******", "email": "*****@*****.**", } user = { "name": "nadia three", "username": "******", "password": "******", "email": "*****@*****.**", } with requests.Session() as session: create_next_admin(session) response1 = create_test_user(session, user_to_delete) response2 = create_test_user(session, user) role_payload_1 = { "name": "NadiaRole1", "owners": response1.json()["data"]["user"]["id"], "administrators": response1.json()["data"]["user"]["id"], "description": "Nadia Role 1", } role_response1 = create_test_role(session, role_payload_1) print(role_response1) proposal_1 = add_role_member( session, role_response1.json()["data"]["id"], {"id": response2.json()["data"]["user"]["id"]}, ) print(proposal_1) next_id = response1.json()["data"]["user"]["id"] conn = connect_to_db() user_exists = (r.table("users").filter({ "next_id": next_id }).coerce_to("array").run(conn)) assert user_exists with requests.Session() as session: user_login(session, "nadia3", "test11") deletion = session.delete("http://rbac-server:8000/api/users/" + next_id) time.sleep(5) assert deletion.json() == { "message": "User {} successfully deleted".format(next_id), "deleted": 1, } conn = connect_to_db() user_exists = (r.table("users").filter({ "next_id": next_id }).coerce_to("array").run(conn)) assert not user_exists proposal_1_result = (r.db("rbac").table("proposals").filter({ "proposal_id": proposal_1.json()["proposal_id"] }).coerce_to("array").run(conn)) conn.close() assert proposal_1_result[0]["status"] == "REJECTED"