mirror of
https://github.com/ansible/awx.git
synced 2026-01-11 01:57:35 -03:30
110 lines
3.8 KiB
Python
110 lines
3.8 KiB
Python
"""
|
|
Test code for ansible commander.
|
|
|
|
(C) 2013 AnsibleWorks <michael@ansibleworks.com>
|
|
"""
|
|
|
|
|
|
import datetime
|
|
import json
|
|
|
|
from django.contrib.auth.models import User as DjangoUser
|
|
import django.test
|
|
from django.test.client import Client
|
|
from lib.main.models import *
|
|
from lib.main.tests.base import BaseTest
|
|
|
|
class UsersTest(BaseTest):
|
|
|
|
def collection(self):
|
|
return '/api/v1/users/'
|
|
|
|
def setUp(self):
|
|
self.setup_users()
|
|
|
|
def test_only_super_user_can_add_users(self):
|
|
url = '/api/v1/users/'
|
|
new_user = dict(username='blippy')
|
|
self.post(url, expect=401, data=new_user, auth=None)
|
|
self.post(url, expect=401, data=new_user, auth=self.get_invalid_credentials())
|
|
self.post(url, expect=403, data=new_user, auth=self.get_normal_credentials())
|
|
self.post(url, expect=403, data=new_user, auth=self.get_other_credentials())
|
|
self.post(url, expect=201, data=new_user, auth=self.get_super_credentials())
|
|
self.post(url, expect=400, data=new_user, auth=self.get_super_credentials())
|
|
|
|
def test_ordinary_user_can_modify_some_fields_about_himself_but_not_all_and_passwords_work(self):
|
|
|
|
detail_url = '/api/v1/users/%s/' % self.other_django_user.pk
|
|
data = self.get(detail_url, expect=200, auth=self.get_other_credentials())
|
|
|
|
# can't change first_name, last_name, etc
|
|
data['last_name'] = "NewLastName"
|
|
self.put(detail_url, data, expect=403, auth=self.get_other_credentials())
|
|
|
|
# can't change username
|
|
data['username'] = 'newUsername'
|
|
self.put(detail_url, data, expect=403, auth=self.get_other_credentials())
|
|
|
|
# if superuser, CAN change lastname and username and such
|
|
self.put(detail_url, data, expect=200, auth=self.get_super_credentials())
|
|
|
|
# and user can still login
|
|
creds = self.get_other_credentials()
|
|
creds = ('newUsername', creds[1])
|
|
data = self.get(detail_url, expect=200, auth=creds)
|
|
|
|
# user can change their password (submit as text) and can still login
|
|
# and password is not stored as plaintext
|
|
|
|
data['password'] = 'newPassWord1234Changed'
|
|
changed = self.put(detail_url, data, expect=200, auth=creds)
|
|
creds = (creds[0], data['password'])
|
|
self.get(detail_url, expect=200, auth=creds)
|
|
|
|
# make another nobody user, and make sure they can't send any edits
|
|
obj = User.objects.create(username='new_user')
|
|
obj.set_password('new_user')
|
|
obj.save()
|
|
hacked = dict(password='asdf')
|
|
changed = self.put(detail_url, hacked, expect=403, auth=('new_user', 'new_user'))
|
|
hacked = dict(username='asdf')
|
|
changed = self.put(detail_url, hacked, expect=403, auth=('new_user', 'new_user'))
|
|
|
|
# password is not stored in plaintext
|
|
self.assertTrue(User.objects.get(pk=self.normal_django_user.pk).password != data['password'])
|
|
|
|
def test_user_created_with_password_can_login(self):
|
|
pass
|
|
|
|
def test_normal_user_cannot_modify_another_user(self):
|
|
#self.assertTrue(False)
|
|
pass
|
|
|
|
def test_superuser_can_modify_anything_about_anyone(self):
|
|
#self.assertTrue(False)
|
|
pass
|
|
|
|
def test_password_not_shown_in_get_operations(self):
|
|
#self.assertTrue(False)
|
|
pass
|
|
|
|
def test_user_list_filtered(self):
|
|
# I can see a user if I'm on a team with them, am their org admin, am a superuser, or am them
|
|
#self.assertTrue(False)
|
|
pass
|
|
|
|
def test_super_user_can_delete_a_user_but_only_marked_inactive(self):
|
|
#self.assertTrue(False)
|
|
pass
|
|
|
|
def test_non_super_user_cannot_delete_any_user_including_himself(self):
|
|
#self.assertTrue(False)
|
|
pass
|
|
|
|
def test_there_exists_an_obvious_url_where_a_user_may_find_his_user_record(self):
|
|
#self.assertTrue(False)
|
|
pass
|
|
|
|
|
|
|