mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-04-22 10:01:45 +00:00
e04ae48637
- Handle groups needed by an app.
- Handle reserved usernames for an app.
- Updated documentation
- Updated unit tests
Tests performed:
- Reserved usernames: ez-ipupd, ejabberd, Debian-minetest, mldonkey,
monkeysphere, mumble-server, privoxy, quasselcore, radicale, debian-tor,
debian-transmission
- Reserved usernames checks should work in the following forms:
- Create user
- Update user
- First boot user creation
- Full list of available groups should appear in following cases:
- Create user form
- Update user form
- Full list of groups should get created in Django DB during:
- Update user form display
- First boot form save
- When updating the last admin user, the 'admin' group choice is checked
and disabled.
- Following groups show up (sorted by group name):
- bit-torrent: Download files using BitTorrent applications
- git-access: Read-write access to Git repositories
- i2p: Manage I2P application
- wiki: View and edit wiki applications
- minidlna: Media streaming server
- ed2k: Download files using eDonkey applications
- freedombox-share: Access to the private shares
- web-search: Search the web
- syncthing: Administer Syncthing application
- feed-reader: Read and subscribe to news feeds
- admin: Access to all services and system settings
- Directory validation form checks for write permissions for following apps:
- deluge with debian-deluged user
- transmission with debian-transmission user
- Sharing app should show all the groups in add/edit share forms
- The following apps should get added to share group during setup:
debian-transmission
debian-deluged
- Unit tests pass
- Functional tests for users and groups pass
- Test that an app (example syncthing) provides the necessary
permissions to users in that group (but not in admin group).
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Fix i18n of group descriptions]
[sunil: Update developer documentation]
[sunil: Separate out cosmetic changes]
[sunil: Fix component ID for mumble]
[sunil: sharing: Remove unneeded dependency on users app]
[sunil: Implement better API for getting groups in component]
[sunil: Fix incorrect regression change ttrss app]
[sunil: Make iterating over gourps more readable]
[sunil: Improve tests, drop single use fixtures]
[sunil: Simplify test_view.py fixture]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
256 lines
8.5 KiB
Python
256 lines
8.5 KiB
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
"""
|
|
Tests for users views.
|
|
"""
|
|
|
|
from unittest.mock import Mock, patch
|
|
|
|
import pytest
|
|
from django import urls
|
|
from django.contrib.auth.models import User
|
|
from django.contrib.messages.storage.fallback import FallbackStorage
|
|
from django.core.exceptions import PermissionDenied
|
|
from plinth import module_loader
|
|
from plinth.modules.users import views
|
|
|
|
from ..components import UsersAndGroups
|
|
|
|
# For all tests, plinth.urls instead of urls configured for testing, and
|
|
# django database
|
|
pytestmark = [pytest.mark.urls('plinth.urls'), pytest.mark.django_db]
|
|
|
|
|
|
@pytest.fixture(autouse=True, scope='module')
|
|
def fixture_users_urls():
|
|
"""Make sure users app's URLs are part of plinth.urls."""
|
|
with patch('plinth.module_loader._modules_to_load', new=[]) as modules, \
|
|
patch('plinth.urls.urlpatterns', new=[]):
|
|
modules.append('plinth.modules.users')
|
|
module_loader.include_urls()
|
|
yield
|
|
|
|
|
|
def action_run(action, options, **kwargs):
|
|
"""Action return values."""
|
|
if action == 'users' and options == ['get-group-users', 'admin']:
|
|
return 'admin'
|
|
if action == 'ssh' and options[:2] == ['get-keys', '--username']:
|
|
return ''
|
|
if action == 'users' and options == ['get-user-groups', 'tester']:
|
|
return ''
|
|
|
|
return None
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def module_patch():
|
|
"""Patch users module."""
|
|
pwd_users = [Mock(pw_name='root'), Mock(pw_name='plinth')]
|
|
|
|
UsersAndGroups._all_components = set()
|
|
UsersAndGroups('test-users-and-groups',
|
|
groups={'admin': 'The admin group'})
|
|
UsersAndGroups('users-and-groups-minetest',
|
|
reserved_usernames=['debian-minetest'])
|
|
|
|
with patch('pwd.getpwall', return_value=pwd_users),\
|
|
patch('plinth.actions.superuser_run', side_effect=action_run):
|
|
yield
|
|
|
|
|
|
def make_request(request, view, as_admin=True, **kwargs):
|
|
"""Make request with a message storage and users created."""
|
|
setattr(request, 'session', 'session')
|
|
messages = FallbackStorage(request)
|
|
setattr(request, '_messages', messages)
|
|
|
|
user = User.objects.create(username='tester')
|
|
admin_user = User.objects.create(username='admin')
|
|
|
|
request.user = admin_user if as_admin else user
|
|
|
|
with patch('plinth.modules.users.forms.is_user_admin',
|
|
return_value=as_admin),\
|
|
patch('plinth.modules.users.views.is_user_admin',
|
|
return_value=as_admin),\
|
|
patch('plinth.modules.users.views.update_session_auth_hash'):
|
|
|
|
response = view(request, **kwargs)
|
|
|
|
return response, messages
|
|
|
|
|
|
def test_users_list_view(rf):
|
|
"""Test that users list view has correct view data."""
|
|
with patch('plinth.views.AppView.get_context_data',
|
|
return_value={'is_enabled': True}):
|
|
view = views.UserList.as_view()
|
|
response, messages = make_request(rf.get('/'), view)
|
|
|
|
assert response.context_data['last_admin_user'] == 'admin'
|
|
assert response.status_code == 200
|
|
|
|
|
|
@pytest.mark.parametrize('username', ['test-new', 'test-neW@2_'])
|
|
def test_create_user_view(rf, username):
|
|
"""Test that user creation with valid usernames succeeds."""
|
|
password = 'testingtesting'
|
|
form_data = {
|
|
'username': username,
|
|
'password1': password,
|
|
'password2': password
|
|
}
|
|
|
|
request = rf.post(urls.reverse('users:create'), data=form_data)
|
|
view = views.UserCreate.as_view()
|
|
response, messages = make_request(request, view)
|
|
|
|
assert list(messages)[0].message == 'User {} created.'.format(username)
|
|
assert response.status_code == 302
|
|
assert response.url == urls.reverse('users:index')
|
|
|
|
|
|
def test_create_user_form_view(rf):
|
|
"""Test that a username field on create form has correct attributes."""
|
|
request = rf.get(urls.reverse('users:create'))
|
|
view = views.UserCreate.as_view()
|
|
response, messages = make_request(request, view)
|
|
|
|
assert response.context_data['form'].fields['username'].widget.attrs == {
|
|
'maxlength': '150',
|
|
'autofocus': 'autofocus',
|
|
'autocapitalize': 'none',
|
|
'autocomplete': 'username'
|
|
}
|
|
assert response.status_code == 200
|
|
|
|
|
|
@pytest.mark.parametrize('username',
|
|
['-tester', 'testér', 'test+test', 't', 'test test'])
|
|
def test_create_user_invalid_username_view(rf, username):
|
|
"""Test that user creation with invalid username fails."""
|
|
form_data = {
|
|
'username': username,
|
|
'password1': 'testingtesting',
|
|
'password2': 'testingtesting'
|
|
}
|
|
|
|
request = rf.post(urls.reverse('users:create'), data=form_data)
|
|
view = views.UserCreate.as_view()
|
|
response, messages = make_request(request, view)
|
|
|
|
assert response.context_data['form'].errors['username'][
|
|
0] == 'Enter a valid username.'
|
|
assert response.status_code == 200
|
|
|
|
|
|
@pytest.mark.parametrize(
|
|
'username,error',
|
|
[('testuser', 'A user with that username already exists.'),
|
|
('root', 'Username is taken or is reserved.'),
|
|
('rooT', 'Username is taken or is reserved.'),
|
|
('debian-minetest', 'Username is taken or is reserved.')])
|
|
def test_create_user_taken_or_reserved_username_view(rf, username, error):
|
|
"""Test that user creation with taken or reserved username fails."""
|
|
User.objects.create(username='testuser')
|
|
form_data = {
|
|
'username': username,
|
|
'password1': 'testingtesting',
|
|
'password2': 'testingtesting'
|
|
}
|
|
|
|
request = rf.post(urls.reverse('users:create'), data=form_data)
|
|
view = views.UserCreate.as_view()
|
|
response, messages = make_request(request, view)
|
|
|
|
assert response.context_data['form'].errors['username'][0] == error
|
|
assert response.status_code == 200
|
|
|
|
|
|
def test_update_user_view(rf):
|
|
"""Test that updating username succeeds."""
|
|
user = 'tester'
|
|
new_username = 'tester-renamed'
|
|
form_data = {
|
|
'username': new_username,
|
|
'password1': 'testingtesting',
|
|
'password2': 'testingtesting'
|
|
}
|
|
|
|
url = urls.reverse('users:edit', kwargs={'slug': user})
|
|
request = rf.post(url, data=form_data)
|
|
view = views.UserUpdate.as_view()
|
|
response, messages = make_request(request, view, as_admin=True, slug=user)
|
|
|
|
assert list(messages)[0].message == 'User {} updated.'.format(new_username)
|
|
assert response.status_code == 302
|
|
assert response.url == urls.reverse('users:edit',
|
|
kwargs={'slug': new_username})
|
|
|
|
|
|
def test_update_user_without_permissions_view(rf):
|
|
"""Test that updating other user as non-admin user raises exception."""
|
|
form_data = {
|
|
'username': 'admin-renamed',
|
|
'password1': 'testingtesting',
|
|
'password2': 'testingtesting'
|
|
}
|
|
|
|
url = urls.reverse('users:edit', kwargs={'slug': 'admin'})
|
|
request = rf.post(url, data=form_data)
|
|
view = views.UserUpdate.as_view()
|
|
|
|
with pytest.raises(PermissionDenied):
|
|
make_request(request, view, as_admin=False, slug='admin')
|
|
|
|
|
|
def test_delete_user_view(rf):
|
|
"""Test that user deletion succeeds."""
|
|
user = 'tester'
|
|
|
|
url = urls.reverse('users:delete', kwargs={'slug': user})
|
|
request = rf.post(url)
|
|
view = views.UserDelete.as_view()
|
|
response, messages = make_request(request, view, as_admin=True, slug=user)
|
|
|
|
assert list(messages)[0].message == 'User {} deleted.'.format(user)
|
|
assert response.status_code == 302
|
|
assert response.url == urls.reverse('users:index')
|
|
|
|
|
|
def test_user_change_password_view(rf):
|
|
"""Test that changing password succeeds."""
|
|
user = 'admin'
|
|
form_data = {
|
|
'new_password1': 'testingtesting2',
|
|
'new_password2': 'testingtesting2'
|
|
}
|
|
|
|
url = urls.reverse('users:change_password', kwargs={'slug': user})
|
|
request = rf.post(url, data=form_data)
|
|
view = views.UserChangePassword.as_view()
|
|
response, messages = make_request(request, view, as_admin=True, slug=user)
|
|
|
|
assert list(messages)[0].message == 'Password changed successfully.'
|
|
assert response.status_code == 302
|
|
assert response.url == urls.reverse('users:edit', kwargs={'slug': user})
|
|
|
|
|
|
def test_user_change_password_without_permissions_view(rf):
|
|
"""
|
|
Test that changing other user password as a non-admin user raises
|
|
exception.
|
|
"""
|
|
user = 'admin'
|
|
form_data = {
|
|
'new_password1': 'adminadmin2',
|
|
'new_password2': 'adminadmin2'
|
|
}
|
|
|
|
url = urls.reverse('users:change_password', kwargs={'slug': user})
|
|
request = rf.post(url, data=form_data)
|
|
view = views.UserChangePassword.as_view()
|
|
|
|
with pytest.raises(PermissionDenied):
|
|
make_request(request, view, as_admin=False, slug=user)
|