tests for caosdb-server!33 (update own password)

Tests for caosdb-server!33 (which is a fix for https://gitlab.com/caosdb/caosdb-server/-/issues/128)

tests/test_administration.py

@@ -30,9 +30,7 @@ from caosdb import administration as admin
 from caosdb.connection.connection import configure_connection, get_connection
 from caosdb.exceptions import (HTTPClientError, HTTPForbiddenError,
                                LoginFailedError, HTTPResourceNotFoundError)
-from nose.tools import (assert_equal, assert_is_not_none, assert_raises,
-                        assert_true)
-from pytest import raises
+from pytest import raises, mark
 
 test_role = "test_role"
 test_user = "test_user"
@@ -72,6 +70,10 @@ def teardown():
         admin._delete_role(name=test_role)
     except Exception as e:
         print(e)
+    try:
+        admin._delete_role(name=test_role + "2")
+    except Exception as e:
+        print(e)
 
 
 def switch_to_normal_user():
@@ -111,20 +113,17 @@ def test_insert_role_failure_permission():
 
 def test_insert_role_failure_name_duplicates():
     test_insert_role_success()
-    with assert_raises(HTTPClientError) as cm:
+    with raises(HTTPClientError) as cm:
         admin._insert_role(name=test_role, description=test_role_desc)
-    assert_equal(
-        cm.exception.msg,
-        "Role name is already in use. Choose a different name.")
+    assert cm.value.msg == "Role name is already in use. Choose a different name."
 
 
 def test_update_role_success():
     test_insert_role_success()
-    assert_is_not_none(
-        admin._update_role(
-            name=test_role,
-            description=test_role_desc +
-            "asdf"))
+    assert admin._update_role(
+        name=test_role,
+        description=test_role_desc +
+        "asdf") is not None
 
 
 def test_update_role_failure_permissions():
@@ -143,7 +142,7 @@ def test_update_role_failure_non_existing():
 
 def test_delete_role_success():
     test_insert_role_success()
-    assert_true(admin._delete_role(name=test_role))
+    assert admin._delete_role(name=test_role) == b"ok"
 
 
 def test_delete_role_failure_permissions():
@@ -163,7 +162,7 @@ def test_delete_role_failure_non_existing():
 def test_retrieve_role_success():
     test_insert_role_success()
     r = admin._retrieve_role(test_role)
-    assert_is_not_none(r)
+    assert r is not None
 
 
 def test_retrieve_role_failure_permission():
@@ -182,13 +181,10 @@ def test_retrieve_role_failure_non_existing():
 
 def test_set_permissions_success():
     test_insert_role_success()
-    assert_true(
-        admin._set_permissions(
-            role=test_role,
-            permission_rules=[
-                admin.PermissionRule(
-                    "Grant",
-                    "BLA:BLA:BLA")]))
+    assert admin._set_permissions(
+        role=test_role, permission_rules=[
+            admin.PermissionRule(
+                "Grant", "BLA:BLA:BLA")]) == b"ok"
 
 
 def test_set_permissions_failure_permissions():
@@ -214,8 +210,8 @@ def test_set_permissions_failure_non_existing():
 def test_get_permissions_success():
     test_set_permissions_success()
     r = admin._get_permissions(role=test_role)
-    assert_equal({admin.PermissionRule("Grant", "BLA:BLA:BLA")}, r)
-    assert_is_not_none(r)
+    assert {admin.PermissionRule("Grant", "BLA:BLA:BLA")} == r
+    assert r is not None
 
 
 def test_get_permissions_failure_permissions():
@@ -235,7 +231,7 @@ def test_get_permissions_failure_non_existing():
 def test_get_roles_success():
     test_insert_role_success()
     r = admin._get_roles(username=test_user)
-    assert_is_not_none(r)
+    assert r is not None
 
     return r
 
@@ -258,17 +254,17 @@ def test_set_roles_success():
     roles_old = test_get_roles_success()
     roles = {test_role}
     roles.union(roles_old)
-    assert_is_not_none(admin._set_roles(username=test_user, roles=roles_old))
-    assert_is_not_none(admin._set_roles(username=test_user, roles=roles))
-    assert_is_not_none(admin._set_roles(username=test_user, roles=roles_old))
+    assert admin._set_roles(username=test_user, roles=roles_old) is not None
+    assert admin._set_roles(username=test_user, roles=roles) is not None
+    assert admin._set_roles(username=test_user, roles=roles_old) is not None
 
 
 def test_set_roles_success_with_warning():
     test_insert_role_success()
     roles = {test_role}
     r = admin._set_roles(username=test_user, roles=roles)
-    assert_is_not_none(r)
-    assert_is_not_none(admin._set_roles(username=test_user, roles=[]))
+    assert r is not None
+    assert admin._set_roles(username=test_user, roles=[]) is not None
 
 
 def test_set_roles_failure_permissions():
@@ -283,9 +279,9 @@ def test_set_roles_failure_permissions():
 
 def test_set_roles_failure_non_existing_role():
     roles = {"non-existing-role"}
-    with assert_raises(HTTPClientError) as cm:
+    with raises(HTTPClientError) as cm:
         admin._set_roles(username=test_user, roles=roles)
-    assert_equal(cm.exception.msg, "Role does not exist.")
+    assert cm.value.msg == "Role does not exist."
 
 
 def test_set_roles_failure_non_existing_user():
@@ -319,14 +315,14 @@ def test_insert_user_failure_permissions():
 
 def test_insert_user_failure_name_in_use():
     test_insert_user_success()
-    with assert_raises(HTTPClientError) as cm:
+    with raises(HTTPClientError) as cm:
         test_insert_user_success()
-    assert_equal(cm.exception.msg, "User name is already in use.")
+    assert cm.value.msg == "User name is already in use."
 
 
 def test_delete_user_success():
     test_insert_user_success()
-    assert_is_not_none(admin._delete_user(name=test_user + "2"))
+    assert admin._delete_user(name=test_user + "2") is not None
 
 
 def test_delete_user_failure_permissions():
@@ -344,13 +340,12 @@ def test_delete_user_failure_non_existing():
 
 
 def test_update_user_success_status():
-    assert_is_not_none(
-        admin._insert_user(
-            name=test_user + "2",
-            password="secret1P!",
-            status="INACTIVE",
-            email="email@example.com",
-            entity=None))
+    assert admin._insert_user(
+        name=test_user + "2",
+        password="secret1P!",
+        status="INACTIVE",
+        email="email@example.com",
+        entity=None) is not None
     admin._update_user(
         realm=None,
         name=test_user + "2",
@@ -361,13 +356,12 @@ def test_update_user_success_status():
 
 
 def test_update_user_success_email():
-    assert_is_not_none(
-        admin._insert_user(
-            name=test_user + "2",
-            password="secret1P!",
-            status="ACTIVE",
-            email="email@example.com",
-            entity=None))
+    assert admin._insert_user(
+        name=test_user + "2",
+        password="secret1P!",
+        status="ACTIVE",
+        email="email@example.com",
+        entity=None) is not None
     admin._update_user(
         realm=None,
         name=test_user + "2",
@@ -378,25 +372,23 @@ def test_update_user_success_email():
 
 
 def test_update_user_success_entity():
-    assert_is_not_none(
-        admin._insert_user(
-            name=test_user + "2",
-            password="secret1P!",
-            status="ACTIVE",
-            email="email@example.com",
-            entity=None))
+    assert admin._insert_user(
+        name=test_user + "2",
+        password="secret1P!",
+        status="ACTIVE",
+        email="email@example.com",
+        entity=None) is not None
     admin._update_user(realm=None, name=test_user + "2", password=None,
                        status=None, email=None, entity="21")
 
 
 def test_update_user_success_password():
-    assert_is_not_none(
-        admin._insert_user(
-            name=test_user + "2",
-            password="secret1P!",
-            status="ACTIVE",
-            email="email@example.com",
-            entity=None))
+    assert admin._insert_user(
+        name=test_user + "2",
+        password="secret1P!",
+        status="ACTIVE",
+        email="email@example.com",
+        entity=None) is not None
     admin._update_user(
         realm=None,
         name=test_user + "2",
@@ -500,7 +492,7 @@ def test_update_user_failure_non_existing_entity():
 
 def test_retrieve_user_success():
     test_insert_user_success()
-    assert_is_not_none(admin._retrieve_user(realm=None, name=test_user + "2"))
+    assert admin._retrieve_user(realm=None, name=test_user + "2") is not None
 
 
 def test_retrieve_user_failure_permissions():
@@ -518,14 +510,67 @@ def test_retrieve_user_failure_non_existing():
 
 
 def test_login_with_inactive_user_failure():
-    assert_is_not_none(
-        admin._insert_user(
-            name=test_user + "2",
-            password="secret1P!",
-            status="INACTIVE",
-            email="email@example.com",
-            entity=None))
+    assert admin._insert_user(
+        name=test_user + "2",
+        password="secret1P!",
+        status="INACTIVE",
+        email="email@example.com",
+        entity=None) is not None
     configure_connection(username=test_user + "2", password="secret1P!",
                          password_method="plain")
-    with assert_raises(LoginFailedError):
+    with raises(LoginFailedError):
         get_connection()._login()
+
+
+def grant_role_permission(role_name, role_permissions,
+                          permissions_priority=False):
+    perms = admin._get_permissions(role_name)
+
+    for p in role_permissions:
+        g = admin.PermissionRule(
+            action="Grant", permission=p, priority=permissions_priority)
+        d = admin.PermissionRule(
+            action="Deny", permission=p, priority=permissions_priority)
+
+        if g in perms:
+            perms.remove(g)
+
+        if d in perms:
+            perms.remove(d)
+        perms.add(g)
+    admin._set_permissions(role=role_name, permission_rules=perms)
+
+
+def add_roles(user_name, user_roles):
+    roles = admin._get_roles(username=user_name, realm=None)
+
+    for r in user_roles:
+        roles.add(r)
+    admin._set_roles(username=user_name, roles=roles)
+
+
+@mark.xfail(reason=("fix needed for "
+            "https://gitlab.com/caosdb/caosdb-server/-/issues/128"))
+def test_update_own_password():
+    admin._insert_user(
+        name=test_user + "2",
+        password="secret1P!",
+        status="ACTIVE",
+        email="email@example.com",
+        entity=None)
+
+    # workaround
+    # admin._insert_role(name=test_role + "2", description="some role_description")
+    # add_roles(test_user + "2", [test_role + "2"])
+    # grant_role_permission(test_role + "2",
+    # ["ACM:USER:UPDATE_PASSWORD:?REALM?:?USERNAME?"])
+
+    configure_connection(username=test_user + "2", password="secret1P!",
+                         password_method="plain")
+    assert b"ok" == admin._update_user(
+        realm=None,
+        name=test_user + "2",
+        password="newsecret1P!",
+        status=None,
+        email=None,
+        entity=None)