Select Git revision
test_administration.py
-
Timm Fitschen authoredTimm Fitschen authored
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
test_administration.py 16.88 KiB
# encoding: utf-8
#
# ** header v3.0
# This file is a part of the CaosDB Project.
#
# Copyright (C) 2018 Research Group Biomedical Physics,
# Max-Planck-Institute for Dynamics and Self-Organization Göttingen
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# ** end header
#
"""Created on 27.02.2017.
@author: tf
"""
from caosdb import (administration as admin, get_config)
from nose.tools import assert_true, assert_equal, assert_is_not_none, assert_raises
from caosdb.exceptions import (ClientErrorException, TransactionError,
AuthorizationException, LoginFailedException)
from caosdb.connection.connection import get_connection, configure_connection
test_role = "test_role"
test_user = "test_user"
test_pw = "secret1P!"
test_role_desc = "This is a test role."
def setup_module():
teardown_module()
admin._insert_user(
name=test_user,
password=test_pw,
status="ACTIVE",
email=None,
entity=None)
def teardown_module():
switch_to_admin_user()
try:
admin._delete_user(name=test_user)
except Exception as e:
print(e)
def setup():
switch_to_admin_user()
def teardown():
switch_to_admin_user()
try:
admin._delete_user(name=test_user + "2")
except Exception as e:
print(e)
try:
admin._delete_role(name=test_role)
except Exception as e:
print(e)
def switch_to_normal_user():
configure_connection(username=test_user, password=test_pw,
password_method="plain")
def switch_to_admin_user():
configure_connection()
def test_get_server_properties():
props = admin.get_server_properties()
assert isinstance(props, dict)
assert "CaosDB Admin" == props["ADMIN_NAME"]
def test_set_server_property():
admin.set_server_property("AUTH_OPTIONAL", "FALSE")
assert admin.get_server_property("AUTH_OPTIONAL") == "FALSE"
admin.set_server_property("AUTH_OPTIONAL", "TRUE")
assert admin.get_server_property("AUTH_OPTIONAL") == "TRUE"
admin.set_server_property("AUTH_OPTIONAL", "FALSE")
assert admin.get_server_property("AUTH_OPTIONAL") == "FALSE"
def test_insert_role_success():
assert admin._insert_role(name=test_role, description=test_role_desc)
def test_insert_role_failure_permission():
switch_to_normal_user()
with assert_raises(AuthorizationException) as cm:
admin._insert_role(name=test_role, description=test_role_desc)
assert_equal(
cm.exception.msg,
"You are not permitted to insert a new role.")
def test_insert_role_failure_name_duplicates():
test_insert_role_success()
with assert_raises(ClientErrorException) as cm:
admin._insert_role(name=test_role, description=test_role_desc)
assert_equal(
cm.exception.msg,
"Role name is already in use. Choose a different name.")
def test_update_role_success():
test_insert_role_success()
assert_is_not_none(
admin._update_role(
name=test_role,
description=test_role_desc +
"asdf"))
def test_update_role_failure_permissions():
test_insert_role_success()
switch_to_normal_user()
with assert_raises(AuthorizationException) as cm:
admin._update_role(name=test_role, description=test_role_desc + "asdf")
assert_equal(
cm.exception.msg,
"You are not permitted to update this role.")
def test_update_role_failure_non_existing():
with assert_raises(TransactionError) as cm:
admin._update_role(name=test_role, description=test_role_desc + "asdf")
assert_equal(cm.exception.msg, "Role does not exist.")
def test_delete_role_success():
test_insert_role_success()
assert_true(admin._delete_role(name=test_role))
def test_delete_role_failure_permissions():
test_insert_role_success()
switch_to_normal_user()
with assert_raises(AuthorizationException) as cm:
admin._delete_role(name=test_role)
assert_equal(
cm.exception.msg,
"You are not permitted to delete this role.")
def test_delete_role_failure_non_existing():
with assert_raises(TransactionError) as cm:
admin._delete_role(name=test_role)
assert_equal(cm.exception.msg, "Role does not exist.")
def test_retrieve_role_success():
test_insert_role_success()
r = admin._retrieve_role(test_role)
assert_is_not_none(r)
def test_retrieve_role_failure_permission():
test_insert_role_success()
switch_to_normal_user()
with assert_raises(AuthorizationException) as cm:
admin._retrieve_role(name=test_role)
assert_equal(
cm.exception.msg,
"You are not permitted to retrieve this role.")
def test_retrieve_role_failure_non_existing():
with assert_raises(TransactionError) as cm:
admin._retrieve_role(name=test_role)
assert_equal(cm.exception.msg, "Role does not exist.")
def test_set_permissions_success():
test_insert_role_success()
assert_true(
admin._set_permissions(
role=test_role,
permission_rules=[
admin.PermissionRule(
"Grant",
"BLA:BLA:BLA")]))
def test_set_permissions_failure_permissions():
test_insert_role_success()
switch_to_normal_user()
with assert_raises(AuthorizationException) as cm:
admin._set_permissions(
role=test_role, permission_rules=[
admin.PermissionRule(
"Grant", "BLA:BLA:BLA")])
assert_equal(
cm.exception.msg,
"You are not permitted to set this role's permissions.")
def test_set_permissions_failure_non_existing():
with assert_raises(TransactionError) as cm:
admin._set_permissions(
role=test_role, permission_rules=[
admin.PermissionRule(
"Grant", "BLA:BLA:BLA")])
assert_equal(cm.exception.msg, "Role does not exist.")
def test_get_permissions_success():
test_set_permissions_success()
r = admin._get_permissions(role=test_role)
assert_equal({admin.PermissionRule("Grant", "BLA:BLA:BLA")}, r)
assert_is_not_none(r)
def test_get_permissions_failure_permissions():
test_set_permissions_success()
switch_to_normal_user()
with assert_raises(AuthorizationException) as cm:
admin._get_permissions(role=test_role)
assert_equal(
cm.exception.msg,
"You are not permitted to retrieve this role's permissions.")
def test_get_permissions_failure_non_existing():
with assert_raises(TransactionError) as cm:
admin._get_permissions(role="non-existing-role")
assert_equal(cm.exception.msg, "Role does not exist.")
def test_get_roles_success():
test_insert_role_success()
r = admin._get_roles(username=test_user)
assert_is_not_none(r)
return r
def test_get_roles_failure_permissions():
test_insert_role_success()
switch_to_normal_user()
with assert_raises(AuthorizationException) as cm:
admin._get_roles(username=test_user)
assert_equal(
cm.exception.msg,
"You are not permitted to retrieve this user's roles.")
def test_get_roles_failure_non_existing():
with assert_raises(TransactionError) as cm:
admin._get_roles(username="non-existing-user")
assert_equal(cm.exception.msg, "User does not exist.")
def test_set_roles_success():
roles_old = test_get_roles_success()
roles = {test_role}
roles.union(roles_old)
assert_is_not_none(admin._set_roles(username=test_user, roles=roles_old))
assert_is_not_none(admin._set_roles(username=test_user, roles=roles))
assert_is_not_none(admin._set_roles(username=test_user, roles=roles_old))
def test_set_roles_success_with_warning():
test_insert_role_success()
roles = {test_role}
r = admin._set_roles(username=test_user, roles=roles)
assert_is_not_none(r)
assert_is_not_none(admin._set_roles(username=test_user, roles=[]))
def test_set_roles_failure_permissions():
roles_old = test_get_roles_success()
roles = {test_role}
roles.union(roles_old)
switch_to_normal_user()
with assert_raises(AuthorizationException) as cm:
admin._set_roles(username=test_user, roles=roles_old)
assert_equal(
cm.exception.msg,
"You are not permitted to set this user's roles.")
def test_set_roles_failure_non_existing_role():
roles = {"non-existing-role"}
with assert_raises(ClientErrorException) as cm:
admin._set_roles(username=test_user, roles=roles)
assert_equal(cm.exception.msg, "Role does not exist.")
def test_set_roles_failure_non_existing_user():
test_insert_role_success()
roles = {test_role}
with assert_raises(TransactionError) as cm:
admin._set_roles(username="non-existing-user", roles=roles)
assert_equal(cm.exception.msg, "User does not exist.")
def test_insert_user_success():
admin._insert_user(
name=test_user + "2",
password="secret1P!",
status="ACTIVE",
email="email@example.com",
entity=None)
def test_insert_user_failure_permissions():
switch_to_normal_user()
with assert_raises(AuthorizationException) as cm:
admin._insert_user(
name=test_user,
password="secret1P!",
status="ACTIVE",
email="email@example.com",
entity=None)
assert_equal(
cm.exception.msg,
"You are not permitted to insert a new user.")
def test_insert_user_failure_name_in_use():
test_insert_user_success()
with assert_raises(ClientErrorException) as cm:
test_insert_user_success()
assert_equal(cm.exception.msg, "User name is already in use.")
def test_delete_user_success():
test_insert_user_success()
assert_is_not_none(admin._delete_user(name=test_user + "2"))
def test_delete_user_failure_permissions():
test_insert_user_success()
switch_to_normal_user()
with assert_raises(AuthorizationException) as cm:
admin._delete_user(name="non_existing_user")
assert_equal(
cm.exception.msg,
"You are not permitted to delete this user.")
def test_delete_user_failure_non_existing():
with assert_raises(TransactionError) as cm:
admin._delete_user(name="non_existing_user")
assert_equal(cm.exception.msg, "User does not exist.")
def test_update_user_success_status():
assert_is_not_none(
admin._insert_user(
name=test_user + "2",
password="secret1P!",
status="INACTIVE",
email="email@example.com",
entity=None))
admin._update_user(
realm=None,
name=test_user + "2",
password=None,
status="ACTIVE",
email=None,
entity=None)
def test_update_user_success_email():
assert_is_not_none(
admin._insert_user(
name=test_user + "2",
password="secret1P!",
status="ACTIVE",
email="email@example.com",
entity=None))
admin._update_user(
realm=None,
name=test_user + "2",
password=None,
status=None,
email="newemail@example.com",
entity=None)
def test_update_user_success_entity():
assert_is_not_none(
admin._insert_user(
name=test_user + "2",
password="secret1P!",
status="ACTIVE",
email="email@example.com",
entity=None))
admin._update_user(realm=None, name=test_user + "2", password=None,
status=None, email=None, entity="21")
def test_update_user_success_password():
assert_is_not_none(
admin._insert_user(
name=test_user + "2",
password="secret1P!",
status="ACTIVE",
email="email@example.com",
entity=None))
admin._update_user(
realm=None,
name=test_user + "2",
password="newsecret1P!",
status=None,
email=None,
entity=None)
def test_update_user_failure_permissions_status():
assert_is_not_none(
admin._insert_user(
name=test_user + "2",
password="secret1P!",
status="INACTIVE",
email="email@example.com",
entity=None))
switch_to_normal_user()
with assert_raises(AuthorizationException) as cm:
admin._update_user(
realm=None,
name=test_user + "2",
password=None,
status="ACTIVE",
email=None,
entity=None)
assert_equal(
cm.exception.msg,
"You are not permitted to update this user.")
def test_update_user_failure_permissions_email():
assert_is_not_none(
admin._insert_user(
name=test_user + "2",
password="secret1P!",
status="ACTIVE",
email="email@example.com",
entity=None))
switch_to_normal_user()
with assert_raises(AuthorizationException) as cm:
admin._update_user(
realm=None,
name=test_user + "2",
password=None,
status=None,
email="newemail@example.com",
entity=None)
assert_equal(
cm.exception.msg,
"You are not permitted to update this user.")
def test_update_user_failure_permissions_entity():
assert_is_not_none(
admin._insert_user(
name=test_user + "2",
password="secret1P!",
status="ACTIVE",
email="email@example.com",
entity=None))
switch_to_normal_user()
with assert_raises(AuthorizationException) as cm:
admin._update_user(
realm=None,
name=test_user + "2",
password=None,
status=None,
email=None,
entity=21)
assert_equal(
cm.exception.msg,
"You are not permitted to update this user.")
def test_update_user_failure_permissions_password():
assert_is_not_none(
admin._insert_user(
name=test_user + "2",
password="secret1P!",
status="ACTIVE",
email="email@example.com",
entity=None))
switch_to_normal_user()
with assert_raises(AuthorizationException) as cm:
admin._update_user(
realm=None,
name=test_user + "2",
password="newsecret1P!",
status=None,
email=None,
entity=None)
assert_equal(
cm.exception.msg,
"You are not permitted to update this user.")
def test_update_user_failure_non_existing_user():
with assert_raises(TransactionError) as cm:
admin._update_user(
realm=None,
name="non-existing-user",
password="newsecret1P!",
status="ACTIVE",
email="email@example.com",
entity=None)
assert_equal(cm.exception.msg, "User does not exist.")
def test_update_user_failure_non_existing_entity():
assert_is_not_none(
admin._insert_user(
name=test_user + "2",
password="secret1P!",
status="ACTIVE",
email="email@example.com",
entity=None))
with assert_raises(ClientErrorException) as cm:
admin._update_user(
realm=None,
name=test_user + "2",
password=None,
status=None,
email=None,
entity=100000)
assert_equal(cm.exception.msg, "Entity does not exist.")
def test_retrieve_user_success():
test_insert_user_success()
assert_is_not_none(admin._retrieve_user(realm=None, name=test_user + "2"))
def test_retrieve_user_failure_permissions():
test_insert_user_success()
switch_to_normal_user()
with assert_raises(AuthorizationException) as cm:
admin._retrieve_user(realm=None, name=test_user + "2")
assert_equal(
cm.exception.msg,
"You are not permitted to retrieve this user.")
def test_retrieve_user_failure_non_existing():
with assert_raises(TransactionError) as cm:
admin._retrieve_user(realm=None, name="non_existing")
assert_equal(cm.exception.msg, "User does not exist.")
def test_login_with_inactive_user_failure():
assert_is_not_none(
admin._insert_user(
name=test_user + "2",
password="secret1P!",
status="INACTIVE",
email="email@example.com",
entity=None))
configure_connection(username=test_user + "2", password="secret1P!")
with assert_raises(LoginFailedException):
get_connection()._login()