2021-08-27 21:01:36 -04:00
|
|
|
import pytest
|
|
|
|
|
|
|
|
|
|
from ceod.model import User
|
|
|
|
|
from mysql.connector import connect
|
2021-08-29 12:38:20 -04:00
|
|
|
from mysql.connector.errors import ProgrammingError
|
2021-08-27 21:01:36 -04:00
|
|
|
|
|
|
|
|
|
2021-08-29 12:31:43 -04:00
|
|
|
def test_api_create_mysql_db(cfg, client, g_admin_ctx, ldap_user, krb_user):
|
2021-08-28 00:01:56 -04:00
|
|
|
uid = ldap_user.uid
|
|
|
|
|
|
2021-08-27 21:01:36 -04:00
|
|
|
with g_admin_ctx():
|
|
|
|
|
user = User(uid='someone_else', cn='Some Name', terms=['s2021'])
|
|
|
|
|
user.add_to_ldap()
|
|
|
|
|
|
|
|
|
|
# user should be able to create db for themselves
|
2021-08-29 12:31:43 -04:00
|
|
|
status, data = client.post(f"/api/db/mysql/{uid}", json={}, principal=uid)
|
2021-08-27 21:01:36 -04:00
|
|
|
assert status == 200
|
|
|
|
|
assert 'password' in data
|
|
|
|
|
passwd = data['password']
|
|
|
|
|
|
|
|
|
|
# conflict if attempting to create db when already has one
|
2021-08-29 12:31:43 -04:00
|
|
|
status, data = client.post(f"/api/db/mysql/{uid}", json={}, principal=uid)
|
2021-08-27 21:01:36 -04:00
|
|
|
assert status == 409
|
|
|
|
|
|
|
|
|
|
# normal user cannot create db for others
|
2021-08-29 12:31:43 -04:00
|
|
|
status, data = client.post("/api/db/mysql/someone_else", json={}, principal=uid)
|
2021-08-27 21:01:36 -04:00
|
|
|
assert status == 403
|
|
|
|
|
|
|
|
|
|
# cannot create db for user not in ldap
|
2021-08-29 12:31:43 -04:00
|
|
|
status, data = client.post("/api/db/mysql/user_not_found", json={})
|
2021-08-27 21:01:36 -04:00
|
|
|
assert status == 404
|
|
|
|
|
|
|
|
|
|
# cannot create db when username contains symbols
|
2021-08-29 12:31:43 -04:00
|
|
|
status, data = client.post("/api/db/mysql/!invalid", json={})
|
2021-08-27 21:01:36 -04:00
|
|
|
assert status == 400
|
|
|
|
|
|
|
|
|
|
with connect(
|
2021-08-29 12:31:43 -04:00
|
|
|
host=cfg.get('mysql_host'),
|
2021-08-27 21:01:36 -04:00
|
|
|
user=uid,
|
|
|
|
|
password=passwd,
|
2021-08-29 12:31:43 -04:00
|
|
|
) as con, con.cursor() as cur:
|
|
|
|
|
cur.execute("SHOW DATABASES")
|
|
|
|
|
response = cur.fetchall()
|
|
|
|
|
assert len(response) == 2
|
2021-08-27 21:01:36 -04:00
|
|
|
|
2021-08-29 12:31:43 -04:00
|
|
|
with pytest.raises(ProgrammingError):
|
|
|
|
|
cur.execute("CREATE DATABASE new_db")
|
2021-08-27 21:01:36 -04:00
|
|
|
|
2021-08-29 12:31:43 -04:00
|
|
|
status, data = client.delete(f"/api/db/mysql/{uid}", json={})
|
2021-08-27 21:01:36 -04:00
|
|
|
assert status == 200
|
|
|
|
|
|
|
|
|
|
# user should be deleted
|
2021-08-29 12:31:43 -04:00
|
|
|
with pytest.raises(ProgrammingError):
|
2021-08-27 21:01:36 -04:00
|
|
|
con = connect(
|
2021-08-29 12:31:43 -04:00
|
|
|
host=cfg.get('mysql_host'),
|
2021-08-27 21:01:36 -04:00
|
|
|
user=uid,
|
|
|
|
|
password=passwd,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# db should be deleted
|
|
|
|
|
with connect(
|
2021-08-29 12:31:43 -04:00
|
|
|
host=cfg.get('mysql_host'),
|
2021-08-27 21:01:36 -04:00
|
|
|
user=cfg.get('mysql_username'),
|
|
|
|
|
password=cfg.get('mysql_password'),
|
2021-08-29 12:31:43 -04:00
|
|
|
) as con, con.cursor() as cur:
|
|
|
|
|
cur.execute(f"SHOW DATABASES LIKE '{uid}'")
|
|
|
|
|
response = cur.fetchall()
|
|
|
|
|
assert len(response) == 0
|
2021-08-27 21:01:36 -04:00
|
|
|
|
|
|
|
|
with g_admin_ctx():
|
|
|
|
|
user.remove_from_ldap()
|
|
|
|
|
|
|
|
|
|
|
2021-08-29 12:31:43 -04:00
|
|
|
def test_api_passwd_reset_mysql(cfg, client, g_admin_ctx, ldap_user, krb_user):
|
2021-08-28 00:01:56 -04:00
|
|
|
uid = ldap_user.uid
|
|
|
|
|
|
2021-08-27 21:01:36 -04:00
|
|
|
with g_admin_ctx():
|
|
|
|
|
user = User(uid='someone_else', cn='Some Name', terms=['s2021'])
|
|
|
|
|
user.add_to_ldap()
|
|
|
|
|
|
2021-08-29 12:31:43 -04:00
|
|
|
status, data = client.post(f"/api/db/mysql/{uid}", json={})
|
2021-08-27 21:01:36 -04:00
|
|
|
assert status == 200
|
|
|
|
|
assert 'password' in data
|
|
|
|
|
old_passwd = data['password']
|
|
|
|
|
|
|
|
|
|
con = connect(
|
2021-08-29 12:31:43 -04:00
|
|
|
host=cfg.get('mysql_host'),
|
2021-08-27 23:01:35 -04:00
|
|
|
user=uid,
|
|
|
|
|
password=old_passwd,
|
2021-08-27 21:01:36 -04:00
|
|
|
)
|
|
|
|
|
con.close()
|
|
|
|
|
|
|
|
|
|
# normal user can get a password reset for themselves
|
2021-08-29 12:31:43 -04:00
|
|
|
status, data = client.post(f"/api/db/mysql/{uid}/pwreset", json={}, principal=uid)
|
2021-08-27 21:01:36 -04:00
|
|
|
assert status == 200
|
|
|
|
|
assert 'password' in data
|
|
|
|
|
new_passwd = data['password']
|
|
|
|
|
|
|
|
|
|
assert old_passwd != new_passwd
|
|
|
|
|
|
|
|
|
|
# normal user cannot reset password for others
|
2021-08-29 12:38:20 -04:00
|
|
|
status, data = client.post("/api/db/mysql/someone_else/pwreset", json={}, principal=uid)
|
2021-08-27 21:01:36 -04:00
|
|
|
assert status == 403
|
|
|
|
|
|
|
|
|
|
# cannot password reset a user that does not have a database
|
2021-08-29 12:31:43 -04:00
|
|
|
status, data = client.post("/api/db/mysql/someone_else/pwreset", json={})
|
2021-08-27 21:01:36 -04:00
|
|
|
assert status == 404
|
|
|
|
|
|
|
|
|
|
con = connect(
|
2021-08-29 12:31:43 -04:00
|
|
|
host=cfg.get('mysql_host'),
|
2021-08-27 21:01:36 -04:00
|
|
|
user=uid,
|
|
|
|
|
password=new_passwd,
|
|
|
|
|
)
|
|
|
|
|
con.close()
|
|
|
|
|
|
2021-08-29 12:31:43 -04:00
|
|
|
status, data = client.delete(f"/api/db/mysql/{uid}", json={})
|
2021-08-27 21:01:36 -04:00
|
|
|
assert status == 200
|
|
|
|
|
|
|
|
|
|
with g_admin_ctx():
|
|
|
|
|
user.remove_from_ldap()
|
