From ec456c4e8b23732721c285f08c2b9c06c74d1c79 Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Fri, 22 May 2015 15:31:13 -0400 Subject: [PATCH 1/3] user password required on creation --- awx/api/serializers.py | 7 +++++++ awx/main/tests/users.py | 11 ++++++++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index b092d6cf7e..f1e269a634 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -594,6 +594,10 @@ class UserSerializer(BaseSerializer): def restore_object(self, attrs, instance=None): new_password = attrs.pop('password', None) + # first time creating, password required + if instance is None and new_password in (None, ''): + self._errors = {'password': ['Password required for new User']} + return instance = super(UserSerializer, self).restore_object(attrs, instance) instance._new_password = new_password return instance @@ -655,6 +659,9 @@ class UserSerializer(BaseSerializer): def validate_is_superuser(self, attrs, source): return self._validate_ldap_managed_field(attrs, source) + def validate_password(self, attrs, source): + return attrs + class OrganizationSerializer(BaseSerializer): diff --git a/awx/main/tests/users.py b/awx/main/tests/users.py index d4cd3618e6..e2bfe4f308 100644 --- a/awx/main/tests/users.py +++ b/awx/main/tests/users.py @@ -119,11 +119,16 @@ class UsersTest(BaseTest): self.organizations[0].users.add(self.other_django_user) self.organizations[0].users.add(self.normal_django_user) self.organizations[1].users.add(self.other_django_user) + + def test_user_creation_fails_without_password(self): + url = reverse('api:user_list') + new_user = dict(username='blippy') + response = self.post(url, expect=400, data=new_user, auth=self.get_super_credentials()) def test_only_super_user_or_org_admin_can_add_users(self): url = reverse('api:user_list') - new_user = dict(username='blippy') - new_user2 = dict(username='blippy2') + new_user = dict(username='blippy', password='hippy') + new_user2 = dict(username='blippy2', password='hippy2') self.post(url, expect=401, data=new_user, auth=None) self.post(url, expect=401, data=new_user, auth=self.get_invalid_credentials()) self.post(url, expect=403, data=new_user, auth=self.get_other_credentials()) @@ -138,7 +143,7 @@ class UsersTest(BaseTest): def test_only_super_user_can_use_superuser_flag(self): url = reverse('api:user_list') - new_super_user = dict(username='nommy', is_superuser=True) + new_super_user = dict(username='nommy', password='cookie', is_superuser=True) self.post(url, expect=401, data=new_super_user, auth=self.get_invalid_credentials()) self.post(url, expect=403, data=new_super_user, auth=self.get_other_credentials()) self.post(url, expect=403, data=new_super_user, auth=self.get_normal_credentials()) From 338a504314ef729b703661eb3e95c588862ee534 Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Fri, 22 May 2015 18:08:33 -0400 Subject: [PATCH 2/3] flake8 --- awx/api/serializers.py | 3 --- awx/main/tests/users.py | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index f1e269a634..65a70e23c9 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -659,9 +659,6 @@ class UserSerializer(BaseSerializer): def validate_is_superuser(self, attrs, source): return self._validate_ldap_managed_field(attrs, source) - def validate_password(self, attrs, source): - return attrs - class OrganizationSerializer(BaseSerializer): diff --git a/awx/main/tests/users.py b/awx/main/tests/users.py index e2bfe4f308..3de0658beb 100644 --- a/awx/main/tests/users.py +++ b/awx/main/tests/users.py @@ -123,7 +123,7 @@ class UsersTest(BaseTest): def test_user_creation_fails_without_password(self): url = reverse('api:user_list') new_user = dict(username='blippy') - response = self.post(url, expect=400, data=new_user, auth=self.get_super_credentials()) + self.post(url, expect=400, data=new_user, auth=self.get_super_credentials()) def test_only_super_user_or_org_admin_can_add_users(self): url = reverse('api:user_list') From 81d14bdde3d439afdffdc735cdb0dac14a12b2e0 Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Sat, 23 May 2015 07:56:55 -0400 Subject: [PATCH 3/3] include password when creating new user --- awx/main/tests/organizations.py | 2 +- awx/main/tests/projects.py | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/awx/main/tests/organizations.py b/awx/main/tests/organizations.py index 0ee735a2ca..931f784496 100644 --- a/awx/main/tests/organizations.py +++ b/awx/main/tests/organizations.py @@ -286,7 +286,7 @@ class OrganizationsTest(BaseTest): self.assertEqual(users['count'], 2) # post a completely new user to verify we can add users to the subcollection directly - new_user = dict(username='NewUser9000') + new_user = dict(username='NewUser9000', password='NewPassword9000') which_org = self.normal_django_user.admin_of_organizations.all()[0] url = reverse('api:organization_users_list', args=(which_org.pk,)) self.post(url, new_user, expect=201, auth=self.get_normal_credentials()) diff --git a/awx/main/tests/projects.py b/awx/main/tests/projects.py index 3792db497b..0f3fecd771 100644 --- a/awx/main/tests/projects.py +++ b/awx/main/tests/projects.py @@ -419,11 +419,11 @@ class ProjectsTest(BaseTransactionTest): self.post(team_users, data=dict(x, is_superuser=False), expect=204, auth=self.get_normal_credentials()) # The normal admin user can't create a super user vicariously through the team/project - self.post(team_users, data=dict(username='attempted_superuser_create', is_superuser=True), - expect=403, auth=self.get_normal_credentials()) + self.post(team_users, data=dict(username='attempted_superuser_create', password='thepassword', + is_superuser=True), expect=403, auth=self.get_normal_credentials()) # ... but a superuser can - self.post(team_users, data=dict(username='attempted_superuser_create', is_superuser=True), - expect=201, auth=self.get_super_credentials()) + self.post(team_users, data=dict(username='attempted_superuser_create', password='thepassword', + is_superuser=True), expect=201, auth=self.get_super_credentials()) self.assertEqual(Team.objects.get(pk=team.pk).users.count(), 5)