Skip to content
Snippets Groups Projects
Select Git revision
  • c19e3352e2b5ec76fca7273115bfe7d7f07af4eb
  • main default protected
  • dev protected
  • f-fix-accent-sensitivity
  • f-filesystem-import
  • f-update-acl
  • f-filesystem-link
  • f-filesystem-directory
  • f-filesystem-core
  • f-filesystem-cleanup
  • f-string-ids
  • f-filesystem-main
  • f-multipart-encoding
  • f-trigger-advanced-user-tools
  • f-real-rename-test-pylibsolo2
  • f-real-rename-test-pylibsolo
  • f-real-rename-test
  • f-linkahead-rename
  • f-reference-record
  • f-xml-serialization
  • f-xfail-server-181
  • linkahead-pylib-v0.18.0
  • linkahead-control-v0.16.0
  • linkahead-pylib-v0.17.0
  • linkahead-mariadbbackend-v8.0.0
  • linkahead-server-v0.13.0
  • caosdb-pylib-v0.15.0
  • caosdb-pylib-v0.14.0
  • caosdb-pylib-v0.13.2
  • caosdb-server-v0.12.1
  • caosdb-pylib-v0.13.1
  • caosdb-pylib-v0.12.0
  • caosdb-server-v0.10.0
  • caosdb-pylib-v0.11.1
  • caosdb-pylib-v0.11.0
  • caosdb-server-v0.9.0
  • caosdb-pylib-v0.10.0
  • caosdb-server-v0.8.1
  • caosdb-pylib-v0.8.0
  • caosdb-server-v0.8.0
  • caosdb-pylib-v0.7.2
41 results

test_administration.py

Blame
  • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    test_administration.py 17.13 KiB
    # encoding: utf-8
    #
    # ** header v3.0
    # This file is a part of the CaosDB Project.
    #
    # Copyright (C) 2018 Research Group Biomedical Physics,
    # Max-Planck-Institute for Dynamics and Self-Organization Göttingen
    #
    # This program is free software: you can redistribute it and/or modify
    # it under the terms of the GNU Affero General Public License as
    # published by the Free Software Foundation, either version 3 of the
    # License, or (at your option) any later version.
    #
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    # GNU Affero General Public License for more details.
    #
    # You should have received a copy of the GNU Affero General Public License
    # along with this program. If not, see <https://www.gnu.org/licenses/>.
    #
    # ** end header
    #
    """Created on 27.02.2017.
    
    @author: tf
    """
    
    from caosdb import administration as admin, Info, get_config
    from caosdb.connection.connection import configure_connection, get_connection
    from caosdb.exceptions import (HTTPClientError, HTTPForbiddenError,
                                   LoginFailedError, HTTPResourceNotFoundError)
    from pytest import raises, mark
    
    test_role = "test_role"
    test_user = "test_user"
    test_pw = "secret1P!"
    test_role_desc = "This is a test role."
    
    
    def setup_module():
        teardown_module()
        admin._insert_user(
            name=test_user,
            password=test_pw,
            status="ACTIVE",
            email=None,
            entity=None)
    
    
    def teardown_module():
        switch_to_admin_user()
        admin.set_server_property("AUTH_OPTIONAL", "FALSE")
        try:
            admin._delete_user(name=test_user)
        except Exception as e:
            print(e)
    
    
    def setup_function(function):
        switch_to_admin_user()
    
    
    def teardown_function(function):
        switch_to_admin_user()
        try:
            admin._delete_user(name=test_user + "2")
        except Exception as e:
            print(e)
        try:
            admin._delete_user(name="first.last")
        except Exception as e:
            print(e)
        try:
            admin._delete_role(name=test_role)
        except Exception as e:
            print(e)
    
    
    def switch_to_normal_user():
        configure_connection(username=test_user, password=test_pw,
                             password_method="plain")
    
    
    def switch_to_admin_user():
        configure_connection()
        assert Info().user_info.name == get_config().get("Connection", "username")
        assert Info().user_info.roles == ["administration"]
    
    
    def test_create_user_with_dot():
        admin._insert_user(
            name="first.last",
            password=test_pw,
            status="ACTIVE",
            email=None,
            entity=None)
        configure_connection(username="first.last", password=test_pw, password_method="plain")
        get_connection()._login()
    
    
    def test_get_server_properties():
        props = admin.get_server_properties()
        assert isinstance(props, dict)
        assert "CaosDB Admin" == props["ADMIN_NAME"]
    
    
    def test_set_server_property():
        admin.set_server_property("AUTH_OPTIONAL", "FALSE")
        assert admin.get_server_property("AUTH_OPTIONAL") == "FALSE"
        admin.set_server_property("AUTH_OPTIONAL", "TRUE")
        assert admin.get_server_property("AUTH_OPTIONAL") == "TRUE"
        admin.set_server_property("AUTH_OPTIONAL", "FALSE")
        assert admin.get_server_property("AUTH_OPTIONAL") == "FALSE"
    
    
    def test_insert_role_success():
        assert Info().user_info.name == get_config().get("Connection", "username")
        assert Info().user_info.roles == ["administration"]
        assert admin._insert_role(name=test_role, description=test_role_desc)
    
    
    def test_insert_role_failure_permission():
        switch_to_normal_user()
        with raises(HTTPForbiddenError) as cm:
            admin._insert_role(name=test_role, description=test_role_desc)
        assert cm.value.msg == "You are not permitted to insert a new role."
    
    
    def test_insert_role_failure_name_duplicates():
        assert Info().user_info.name == get_config().get("Connection", "username")
        assert Info().user_info.roles == ["administration"]
        test_insert_role_success()
        with raises(HTTPClientError) as cm:
            admin._insert_role(name=test_role, description=test_role_desc)
        assert cm.value.msg == "Role name is already in use. Choose a different name."
    
    
    def test_update_role_success():
        test_insert_role_success()
        assert admin._update_role(
            name=test_role,
            description=test_role_desc +
            "asdf") is not None
    
    
    def test_update_role_failure_permissions():
        test_insert_role_success()
        switch_to_normal_user()
        with raises(HTTPForbiddenError) as cm:
            admin._update_role(name=test_role, description=test_role_desc + "asdf")
        assert cm.value.msg == "You are not permitted to update this role."
    
    
    def test_update_role_failure_non_existing():
        with raises(HTTPResourceNotFoundError) as cm:
            admin._update_role(name=test_role, description=test_role_desc + "asdf")
        assert cm.value.msg == "Role does not exist."
    
    
    def test_delete_role_success():
        test_insert_role_success()
        assert admin._delete_role(name=test_role)
    
    
    def test_delete_role_failure_permissions():
        test_insert_role_success()
        switch_to_normal_user()
        with raises(HTTPForbiddenError) as cm:
            admin._delete_role(name=test_role)
        assert cm.value.msg == "You are not permitted to delete this role."
    
    
    def test_delete_role_failure_non_existing():
        with raises(HTTPResourceNotFoundError) as cm:
            admin._delete_role(name=test_role)
        assert cm.value.msg == "Role does not exist."
    
    
    def test_retrieve_role_success():
        test_insert_role_success()
        r = admin._retrieve_role(test_role)
        assert r is not None
    
    
    def test_retrieve_role_failure_permission():
        test_insert_role_success()
        switch_to_normal_user()
        with raises(HTTPForbiddenError) as cm:
            admin._retrieve_role(name=test_role)
        assert cm.value.msg == "You are not permitted to retrieve this role."
    
    
    def test_retrieve_role_failure_non_existing():
        with raises(HTTPResourceNotFoundError) as cm:
            admin._retrieve_role(name=test_role)
        assert cm.value.msg == "Role does not exist."
    
    
    def test_set_permissions_success():
        test_insert_role_success()
        assert admin._set_permissions(
            role=test_role,
            permission_rules=[
                admin.PermissionRule(
                    "Grant",
                    "BLA:BLA:BLA")])
    
    
    def test_set_permissions_failure_permissions():
        test_insert_role_success()
        switch_to_normal_user()
        with raises(HTTPForbiddenError) as cm:
            admin._set_permissions(
                role=test_role, permission_rules=[
                    admin.PermissionRule(
                        "Grant", "BLA:BLA:BLA")])
        assert cm.value.msg == "You are not permitted to set this role's permissions."
    
    
    def test_set_permissions_failure_non_existing():
        with raises(HTTPResourceNotFoundError) as cm:
            admin._set_permissions(
                role=test_role, permission_rules=[
                    admin.PermissionRule(
                        "Grant", "BLA:BLA:BLA")])
        assert cm.value.msg == "Role does not exist."
    
    
    def test_get_permissions_success():
        test_set_permissions_success()
        r = admin._get_permissions(role=test_role)
        assert {admin.PermissionRule("Grant", "BLA:BLA:BLA")} == r
        assert r is not None
    
    
    def test_get_permissions_failure_permissions():
        test_set_permissions_success()
        switch_to_normal_user()
        with raises(HTTPForbiddenError) as cm:
            admin._get_permissions(role=test_role)
        assert cm.value.msg == "You are not permitted to retrieve this role's permissions."
    
    
    def test_get_permissions_failure_non_existing():
        with raises(HTTPResourceNotFoundError) as cm:
            admin._get_permissions(role="non-existing-role")
        assert cm.value.msg == "Role does not exist."
    
    
    def test_get_roles_success():
        test_insert_role_success()
        r = admin._get_roles(username=test_user)
        assert r is not None
    
        return r
    
    
    def test_get_roles_failure_permissions():
        test_insert_role_success()
        switch_to_normal_user()
        with raises(HTTPForbiddenError) as cm:
            admin._get_roles(username=test_user)
        assert cm.value.msg == "You are not permitted to retrieve this user's roles."
    
    
    def test_get_roles_failure_non_existing():
        with raises(HTTPResourceNotFoundError) as cm:
            admin._get_roles(username="non-existing-user")
        assert cm.value.msg == "User does not exist."
    
    
    def test_set_roles_success():
        roles_old = test_get_roles_success()
        roles = {test_role}
        roles.union(roles_old)
        assert admin._set_roles(username=test_user, roles=roles_old) is not None
        assert admin._set_roles(username=test_user, roles=roles) is not None
        assert admin._set_roles(username=test_user, roles=roles_old) is not None
    
    
    def test_set_roles_success_with_warning():
        test_insert_role_success()
        roles = {test_role}
        r = admin._set_roles(username=test_user, roles=roles)
        assert r is not None
        assert admin._set_roles(username=test_user, roles=[]) is not None
    
    
    def test_set_roles_failure_permissions():
        roles_old = test_get_roles_success()
        roles = {test_role}
        roles.union(roles_old)
        switch_to_normal_user()
        with raises(HTTPForbiddenError) as cm:
            admin._set_roles(username=test_user, roles=roles_old)
        assert cm.value.msg == "You are not permitted to set this user's roles."
    
    
    def test_set_roles_failure_non_existing_role():
        roles = {"non-existing-role"}
        with raises(HTTPClientError) as cm:
            admin._set_roles(username=test_user, roles=roles)
        assert cm.value.msg == "Role does not exist."
    
    
    def test_set_roles_failure_non_existing_user():
        test_insert_role_success()
        roles = {test_role}
        with raises(HTTPResourceNotFoundError) as cm:
            admin._set_roles(username="non-existing-user", roles=roles)
        assert cm.value.msg == "User does not exist."
    
    
    def test_insert_user_success():
        admin._insert_user(
            name=test_user + "2",
            password="secret1P!",
            status="ACTIVE",
            email="email@example.com",
            entity=None)
    
    
    def test_insert_user_failure_password_invalid():
        with raises(HTTPClientError) as cm:
            admin._insert_user(
                name=test_user + "2",
                password="1234")
        assert cm.value.status == 400
        assert cm.value.msg[:70] == "The password does not comply with the current policies for passwords: "
    
    
    def test_insert_user_failure_permissions():
        switch_to_normal_user()
        with raises(HTTPForbiddenError) as cm:
            admin._insert_user(
                name=test_user,
                password="secret1P!",
                status="ACTIVE",
                email="email@example.com",
                entity=None)
        assert cm.value.msg == "You are not permitted to insert a new user."
    
    
    def test_insert_user_failure_name_in_use():
        test_insert_user_success()
        with raises(HTTPClientError) as cm:
            test_insert_user_success()
        assert cm.value.msg == "This user name is already in use. Please choose another one."
    
    
    def test_delete_user_success():
        test_insert_user_success()
        assert admin._delete_user(name=test_user + "2") is not None
    
    
    def test_delete_user_failure_permissions():
        test_insert_user_success()
        switch_to_normal_user()
        with raises(HTTPForbiddenError) as cm:
            admin._delete_user(name="non_existing_user")
        assert cm.value.msg == "You are not permitted to delete this user."
    
    
    def test_delete_user_failure_non_existing():
        with raises(HTTPResourceNotFoundError) as cm:
            admin._delete_user(name="non_existing_user")
        assert cm.value.msg == "User does not exist."
    
    
    def test_update_user_success_status():
        assert admin._insert_user(
            name=test_user + "2",
            password="secret1P!",
            status="INACTIVE",
            email="email@example.com",
            entity=None) is not None
        admin._update_user(
            realm=None,
            name=test_user + "2",
            password=None,
            status="ACTIVE",
            email=None,
            entity=None)
    
    
    def test_update_user_success_email():
        assert admin._insert_user(
            name=test_user + "2",
            password="secret1P!",
            status="ACTIVE",
            email="email@example.com",
            entity=None) is not None
        admin._update_user(
            realm=None,
            name=test_user + "2",
            password=None,
            status=None,
            email="newemail@example.com",
            entity=None)
    
    
    def test_update_user_success_entity():
        assert admin._insert_user(
            name=test_user + "2",
            password="secret1P!",
            status="ACTIVE",
            email="email@example.com",
            entity=None) is not None
        admin._update_user(realm=None, name=test_user + "2", password=None,
                           status=None, email=None, entity="21")
    
    
    def test_update_user_success_password():
        assert admin._insert_user(
            name=test_user + "2",
            password="secret1P!",
            status="ACTIVE",
            email="email@example.com",
            entity=None) is not None
        admin._update_user(
            realm=None,
            name=test_user + "2",
            password="newsecret1P!",
            status=None,
            email=None,
            entity=None)
    
    
    def test_update_user_failure_permissions_status():
        assert admin._insert_user(name=test_user + "2",
                                  password="secret1P!",
                                  status="INACTIVE",
                                  email="email@example.com", entity=None) is not None
        switch_to_normal_user()
        with raises(HTTPForbiddenError) as cm:
            admin._update_user(
                realm=None,
                name=test_user + "2",
                password=None,
                status="ACTIVE",
                email=None,
                entity=None)
        assert cm.value.msg == "You are not permitted to update this user."
    
    
    def test_update_user_failure_permissions_email():
        assert admin._insert_user(name=test_user + "2",
                                  password="secret1P!", status="ACTIVE",
                                  email="email@example.com", entity=None) is not None
        switch_to_normal_user()
        with raises(HTTPForbiddenError) as cm:
            admin._update_user(
                realm=None,
                name=test_user + "2",
                password=None,
                status=None,
                email="newemail@example.com",
                entity=None)
        assert cm.value.msg == "You are not permitted to update this user."
    
    
    def test_update_user_failure_permissions_entity():
        assert admin._insert_user(name=test_user + "2",
                                  password="secret1P!", status="ACTIVE",
                                  email="email@example.com", entity=None) is not None
        switch_to_normal_user()
        with raises(HTTPForbiddenError) as cm:
            admin._update_user(
                realm=None,
                name=test_user + "2",
                password=None,
                status=None,
                email=None,
                entity=21)
        assert cm.value.msg == "You are not permitted to update this user."
    
    
    def test_update_user_failure_permissions_password():
        assert admin._insert_user(name=test_user + "2",
                                  password="secret1P!", status="ACTIVE",
                                  email="email@example.com", entity=None) is not None
        switch_to_normal_user()
        with raises(HTTPForbiddenError) as cm:
            admin._update_user(
                realm=None,
                name=test_user + "2",
                password="newsecret1P!",
                status=None,
                email=None,
                entity=None)
        assert cm.value.msg == "You are not permitted to update this user."
    
    
    def test_update_user_failure_non_existing_user():
        with raises(HTTPResourceNotFoundError) as cm:
            admin._update_user(
                realm=None,
                name="non-existing-user",
                password="newsecret1P!",
                status="ACTIVE",
                email="email@example.com",
                entity=None)
        assert cm.value.msg == "User does not exist."
    
    
    def test_update_user_failure_non_existing_entity():
        assert admin._insert_user(name=test_user + "2",
                                  password="secret1P!", status="ACTIVE",
                                  email="email@example.com", entity=None) is not None
        with raises(HTTPClientError) as cm:
            admin._update_user(
                realm=None,
                name=test_user + "2",
                password=None,
                status=None,
                email=None,
                entity=100000)
        assert cm.value.msg == "Entity does not exist."
    
    
    def test_retrieve_user_success():
        test_insert_user_success()
        assert admin._retrieve_user(realm=None, name=test_user + "2") is not None
    
    
    def test_retrieve_user_failure_permissions():
        test_insert_user_success()
        switch_to_normal_user()
        with raises(HTTPForbiddenError) as cm:
            admin._retrieve_user(realm=None, name=test_user + "2")
        assert cm.value.msg == "You are not permitted to retrieve this user."
    
    
    def test_retrieve_user_failure_non_existing():
        with raises(HTTPResourceNotFoundError) as cm:
            admin._retrieve_user(realm=None, name="non_existing")
        assert cm.value.msg == "User does not exist."
    
    
    def test_login_with_inactive_user_failure():
        assert admin._insert_user(
            name=test_user + "2",
            password="secret1P!",
            status="INACTIVE",
            email="email@example.com",
            entity=None) is not None
        configure_connection(username=test_user + "2", password="secret1P!",
                             password_method="plain")
        with raises(LoginFailedError):
            get_connection()._login()