pyceo/tests/utils.py

import ceod.utils as ceod_utils
import contextlib
import os
import shutil
import subprocess
from subprocess import DEVNULL
import tempfile
from unittest.mock import patch

import gssapi
import pytest


# map principals to GSSAPI credentials
_cache = {}


@contextlib.contextmanager
def gssapi_token_ctx(principal: str):
    """
    Temporarily set KRB5CCNAME to a ccache storing credentials
    for the specified user, and yield the GSSAPI credentials.
    """
    old_krb5ccname = os.environ['KRB5CCNAME']
    try:
        if principal not in _cache:
            f = tempfile.NamedTemporaryFile()
            os.environ['KRB5CCNAME'] = 'FILE:' + f.name
            args = ['kinit', principal]
            if principal == 'ceod/admin':
                args = ['kinit', '-k', principal]
            subprocess.run(
                args, stdout=DEVNULL, text=True, input='krb5', check=True)
            creds = gssapi.Credentials(name=gssapi.Name(principal), usage='initiate')
            # Keep the credential cache files around as long as the creds are
            # used, otherwise we get a "Invalid credential was supplied" error
            _cache[principal] = creds, f
        else:
            creds, f = _cache[principal]
            os.environ['KRB5CCNAME'] = 'FILE:' + f.name
        yield creds.export()
    finally:
        os.environ['KRB5CCNAME'] = old_krb5ccname


@pytest.fixture(scope='session', autouse=True)
def ccache_cleanup():
    """Make sure the ccache files get deleted at the end of the tests."""
    yield
    _cache.clear()


@contextlib.contextmanager
def gen_password_mock_ctx():
    with patch.object(ceod_utils, 'gen_password') as mock:
        mock.return_value = 'krb5'
        yield


@contextlib.contextmanager
def mocks_for_create_user_ctx():
    with gen_password_mock_ctx():
        yield


def set_datetime_in_app_process(app_process, value):
    pipe = app_process
    pipe.send(value)
    pipe.recv()  # wait for ACK


def restore_datetime_in_app_process(app_process):
    set_datetime_in_app_process(app_process, None)


def reset_disable_club_conf(webhosting_srv):
    shutil.copy('tests/resources/apache2/disable-club.conf', webhosting_srv.conf_available_dir)


def create_php_file_for_club(clubs_home, club_name):
    www = f'{clubs_home}/{club_name}/www'
    os.makedirs(www, exist_ok=True)
    open(www + '/index.php', 'w').close()


def create_website_config_for_club(sites_available_dir, cn, filename=None):
    if filename is None:
        filename = f'club-{cn}.conf'
    filepath = os.path.join(sites_available_dir, filename)
    with open(filepath, 'w') as fo:
        fo.write(f"""
        <VirtualHost *:80>
            ServerName {cn}.uwaterloo.internal
            ServerAdmin {cn}@{cn}.uwaterloo.internal
            DocumentRoot /users/{cn}/www/
        </VirtualHost>
        """)
Expire member cli and api (#33) Closes #23 Co-authored-by: Rio Liu <rio.liu@r26.me> Co-authored-by: Max Erenberg <> Reviewed-on: https://git.csclub.uwaterloo.ca/public/pyceo/pulls/33 Co-authored-by: Rio <r345liu@localhost> Co-committed-by: Rio <r345liu@localhost> 1 year ago			`import ceod.utils as ceod_utils`
add unit tests for members CLI 2 years ago			`import contextlib`
			`import os`
Disable inactive club sites (#68) Closes #51. An API argument called `remove_inactive_club_reps` was added so that we can dynamically control whether we want to remove inactive club reps or not. The default action is only to disable club websites without changing group membership. Reviewed-on: https://git.csclub.uwaterloo.ca/public/pyceo/pulls/68 Co-authored-by: Max Erenberg <merenber@csclub.uwaterloo.ca> Co-committed-by: Max Erenberg <merenber@csclub.uwaterloo.ca> 8 months ago			`import shutil`
add unit tests for members CLI 2 years ago			`import subprocess`
			`from subprocess import DEVNULL`
			`import tempfile`
Expire member cli and api (#33) Closes #23 Co-authored-by: Rio Liu <rio.liu@r26.me> Co-authored-by: Max Erenberg <> Reviewed-on: https://git.csclub.uwaterloo.ca/public/pyceo/pulls/33 Co-authored-by: Rio <r345liu@localhost> Co-committed-by: Rio <r345liu@localhost> 1 year ago			`from unittest.mock import patch`
add unit tests for members CLI 2 years ago
use GSSAPI delegation 2 years ago			`import gssapi`
			`import pytest`
add unit tests for members CLI 2 years ago
use GSSAPI delegation 2 years ago
			`# map principals to GSSAPI credentials`
			`_cache = {}`
add unit tests for members CLI 2 years ago

			`@contextlib.contextmanager`
store GSSAPI token in flask.g 2 years ago			`def gssapi_token_ctx(principal: str):`
add unit tests for members CLI 2 years ago			`"""`
			`Temporarily set KRB5CCNAME to a ccache storing credentials`
use GSSAPI delegation 2 years ago			`for the specified user, and yield the GSSAPI credentials.`
add unit tests for members CLI 2 years ago			`"""`
			`old_krb5ccname = os.environ['KRB5CCNAME']`
			`try:`
use GSSAPI delegation 2 years ago			`if principal not in _cache:`
add unit tests for members CLI 2 years ago			`f = tempfile.NamedTemporaryFile()`
			`os.environ['KRB5CCNAME'] = 'FILE:' + f.name`
			`args = ['kinit', principal]`
			`if principal == 'ceod/admin':`
			`args = ['kinit', '-k', principal]`
			`subprocess.run(`
use GSSAPI delegation 2 years ago			`args, stdout=DEVNULL, text=True, input='krb5', check=True)`
			`creds = gssapi.Credentials(name=gssapi.Name(principal), usage='initiate')`
			`# Keep the credential cache files around as long as the creds are`
			`# used, otherwise we get a "Invalid credential was supplied" error`
			`_cache[principal] = creds, f`
add unit tests for members CLI 2 years ago			`else:`
use GSSAPI delegation 2 years ago			`creds, f = _cache[principal]`
			`os.environ['KRB5CCNAME'] = 'FILE:' + f.name`
store GSSAPI token in flask.g 2 years ago			`yield creds.export()`
add unit tests for members CLI 2 years ago			`finally:`
			`os.environ['KRB5CCNAME'] = old_krb5ccname`
use GSSAPI delegation 2 years ago

			`@pytest.fixture(scope='session', autouse=True)`
			`def ccache_cleanup():`
			`"""Make sure the ccache files get deleted at the end of the tests."""`
			`yield`
			`_cache.clear()`
Expire member cli and api (#33) Closes #23 Co-authored-by: Rio Liu <rio.liu@r26.me> Co-authored-by: Max Erenberg <> Reviewed-on: https://git.csclub.uwaterloo.ca/public/pyceo/pulls/33 Co-authored-by: Rio <r345liu@localhost> Co-committed-by: Rio <r345liu@localhost> 1 year ago

			`@contextlib.contextmanager`
			`def gen_password_mock_ctx():`
			`with patch.object(ceod_utils, 'gen_password') as mock:`
			`mock.return_value = 'krb5'`
			`yield`


			`@contextlib.contextmanager`
			`def mocks_for_create_user_ctx():`
use admin GSSAPI creds for some API endpoints (#45) Office staff currently can't sign up new members because ceod uses their GSSAPI credentials to authenticate to LDAP, and those credentials are insufficient. This PR uses the ceod/admin credentials instead for signing up new members and for renewing existing memberships. Reviewed-on: https://git.csclub.uwaterloo.ca/public/pyceo/pulls/45 1 year ago			`with gen_password_mock_ctx():`
Expire member cli and api (#33) Closes #23 Co-authored-by: Rio Liu <rio.liu@r26.me> Co-authored-by: Max Erenberg <> Reviewed-on: https://git.csclub.uwaterloo.ca/public/pyceo/pulls/33 Co-authored-by: Rio <r345liu@localhost> Co-committed-by: Rio <r345liu@localhost> 1 year ago			`yield`
implement renewal reminders (#61) Closes #55. Once this is merged and deployed, a cron job will be used to automatically run `ceo members remindexpire` at the beginning of every term. Reviewed-on: https://git.csclub.uwaterloo.ca/public/pyceo/pulls/61 9 months ago

			`def set_datetime_in_app_process(app_process, value):`
			`pipe = app_process`
			`pipe.send(value)`
			`pipe.recv() # wait for ACK`


			`def restore_datetime_in_app_process(app_process):`
			`set_datetime_in_app_process(app_process, None)`
Disable inactive club sites (#68) Closes #51. An API argument called `remove_inactive_club_reps` was added so that we can dynamically control whether we want to remove inactive club reps or not. The default action is only to disable club websites without changing group membership. Reviewed-on: https://git.csclub.uwaterloo.ca/public/pyceo/pulls/68 Co-authored-by: Max Erenberg <merenber@csclub.uwaterloo.ca> Co-committed-by: Max Erenberg <merenber@csclub.uwaterloo.ca> 8 months ago

			`def reset_disable_club_conf(webhosting_srv):`
			`shutil.copy('tests/resources/apache2/disable-club.conf', webhosting_srv.conf_available_dir)`


			`def create_php_file_for_club(clubs_home, club_name):`
			`www = f'{clubs_home}/{club_name}/www'`
			`os.makedirs(www, exist_ok=True)`
			`open(www + '/index.php', 'w').close()`
fix tests 7 months ago

			`def create_website_config_for_club(sites_available_dir, cn, filename=None):`
			`if filename is None:`
			`filename = f'club-{cn}.conf'`
			`filepath = os.path.join(sites_available_dir, filename)`
			`with open(filepath, 'w') as fo:`
			`fo.write(f"""`
			`<VirtualHost *:80>`
			`ServerName {cn}.uwaterloo.internal`
			`ServerAdmin {cn}@{cn}.uwaterloo.internal`
			`DocumentRoot /users/{cn}/www/`
			`</VirtualHost>`
			`""")`