test_vcs_operations_by_auth_tokens.py
174 lines
| 6.0 KiB
| text/x-python
|
PythonLexer
| r5607 | # Copyright (C) 2010-2024 RhodeCode GmbH | |||
| r5087 | # | |||
| # This program is free software: you can redistribute it and/or modify | ||||
| # it under the terms of the GNU Affero General Public License, version 3 | ||||
| # (only), as published by the Free Software Foundation. | ||||
| # | ||||
| # This program is distributed in the hope that it will be useful, | ||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
| # GNU General Public License for more details. | ||||
| # | ||||
| # You should have received a copy of the GNU Affero General Public License | ||||
| # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||||
| # | ||||
| # This program is dual-licensed. If you wish to learn more about the | ||||
| # RhodeCode Enterprise Edition, including its added features, Support services, | ||||
| # and proprietary license terms, please see https://rhodecode.com/licenses/ | ||||
| """ | ||||
| Test suite for making push/pull operations, on specially modified INI files | ||||
| """ | ||||
| import pytest | ||||
| from rhodecode.model.auth_token import AuthTokenModel | ||||
| from rhodecode.model.db import Repository | ||||
| from rhodecode.model.meta import Session | ||||
| from rhodecode.tests import (GIT_REPO, HG_REPO) | ||||
| from rhodecode.tests.vcs_operations import (Command, _check_proper_clone) | ||||
| r5607 | @pytest.mark.usefixtures( | |||
| "init_pyramid_app", | ||||
| "repo_group_repos", | ||||
| "disable_anonymous_user", | ||||
| "disable_locking", | ||||
| ) | ||||
| class TestVCSOperationsByAuthTokens: | ||||
| r5087 | def test_clone_by_auth_token( | |||
| r5607 | self, rcstack, tmpdir, user_util, enable_auth_plugins): | |||
| r5087 | ||||
| enable_auth_plugins.enable([ | ||||
| 'egg:rhodecode-enterprise-ce#token', | ||||
| 'egg:rhodecode-enterprise-ce#rhodecode' | ||||
| ]) | ||||
| user = user_util.create_user() | ||||
| token = user.auth_tokens[1] | ||||
| r5607 | clone_url = rcstack.repo_clone_url( | |||
| r5087 | HG_REPO, user=user.username, passwd=token) | |||
| r5607 | stdout, stderr = Command(tmpdir.strpath).execute( | |||
| r5087 | 'hg clone', clone_url, tmpdir.strpath) | |||
| _check_proper_clone(stdout, stderr, 'hg') | ||||
| def test_clone_by_auth_token_expired( | ||||
| r5607 | self, rcstack, tmpdir, user_util, enable_auth_plugins): | |||
| r5087 | enable_auth_plugins.enable([ | |||
| 'egg:rhodecode-enterprise-ce#token', | ||||
| 'egg:rhodecode-enterprise-ce#rhodecode' | ||||
| ]) | ||||
| user = user_util.create_user() | ||||
| auth_token = AuthTokenModel().create( | ||||
| user.user_id, 'test-token', -10, AuthTokenModel.cls.ROLE_VCS) | ||||
| token = auth_token.api_key | ||||
| r5607 | clone_url = rcstack.repo_clone_url( | |||
| r5087 | HG_REPO, user=user.username, passwd=token) | |||
| r5607 | stdout, stderr = Command(tmpdir.strpath).execute( | |||
| r5087 | 'hg clone', clone_url, tmpdir.strpath) | |||
| assert 'abort: authorization failed' in stderr | ||||
| msg = 'reason: bad or inactive token.' | ||||
| r5607 | rcstack.assert_message_in_server_logs(msg) | |||
| r5087 | ||||
| def test_clone_by_auth_token_bad_role( | ||||
| r5607 | self, rcstack, tmpdir, user_util, enable_auth_plugins): | |||
| r5087 | enable_auth_plugins.enable([ | |||
| 'egg:rhodecode-enterprise-ce#token', | ||||
| 'egg:rhodecode-enterprise-ce#rhodecode' | ||||
| ]) | ||||
| user = user_util.create_user() | ||||
| auth_token = AuthTokenModel().create( | ||||
| user.user_id, 'test-token', -1, AuthTokenModel.cls.ROLE_API) | ||||
| token = auth_token.api_key | ||||
| r5607 | clone_url = rcstack.repo_clone_url( | |||
| r5087 | HG_REPO, user=user.username, passwd=token) | |||
| r5607 | stdout, stderr = Command(tmpdir.strpath).execute( | |||
| r5087 | 'hg clone', clone_url, tmpdir.strpath) | |||
| assert 'abort: authorization failed' in stderr | ||||
| def test_clone_by_auth_token_user_disabled( | ||||
| r5607 | self, rcstack, tmpdir, user_util, enable_auth_plugins): | |||
| r5087 | enable_auth_plugins.enable([ | |||
| 'egg:rhodecode-enterprise-ce#token', | ||||
| 'egg:rhodecode-enterprise-ce#rhodecode' | ||||
| ]) | ||||
| user = user_util.create_user() | ||||
| user.active = False | ||||
| Session().add(user) | ||||
| Session().commit() | ||||
| token = user.auth_tokens[1] | ||||
| r5607 | clone_url = rcstack.repo_clone_url( | |||
| r5087 | HG_REPO, user=user.username, passwd=token) | |||
| r5607 | stdout, stderr = Command(tmpdir.strpath).execute( | |||
| r5087 | 'hg clone', clone_url, tmpdir.strpath) | |||
| assert 'abort: authorization failed' in stderr | ||||
| msg = 'reason: account not active.' | ||||
| r5607 | rcstack.assert_message_in_server_logs(msg) | |||
| r5087 | ||||
| def test_clone_by_auth_token_with_scope( | ||||
| r5607 | self, rcstack, tmpdir, user_util, enable_auth_plugins): | |||
| r5087 | enable_auth_plugins.enable([ | |||
| 'egg:rhodecode-enterprise-ce#token', | ||||
| 'egg:rhodecode-enterprise-ce#rhodecode' | ||||
| ]) | ||||
| user = user_util.create_user() | ||||
| auth_token = AuthTokenModel().create( | ||||
| user.user_id, 'test-token', -1, AuthTokenModel.cls.ROLE_VCS) | ||||
| token = auth_token.api_key | ||||
| # manually set scope | ||||
| auth_token.repo = Repository.get_by_repo_name(HG_REPO) | ||||
| Session().add(auth_token) | ||||
| Session().commit() | ||||
| r5607 | clone_url = rcstack.repo_clone_url( | |||
| r5087 | HG_REPO, user=user.username, passwd=token) | |||
| r5607 | stdout, stderr = Command(tmpdir.strpath).execute( | |||
| r5087 | 'hg clone', clone_url, tmpdir.strpath) | |||
| _check_proper_clone(stdout, stderr, 'hg') | ||||
| def test_clone_by_auth_token_with_wrong_scope( | ||||
| r5607 | self, rcstack, tmpdir, user_util, enable_auth_plugins): | |||
| r5087 | enable_auth_plugins.enable([ | |||
| 'egg:rhodecode-enterprise-ce#token', | ||||
| 'egg:rhodecode-enterprise-ce#rhodecode' | ||||
| ]) | ||||
| user = user_util.create_user() | ||||
| auth_token = AuthTokenModel().create( | ||||
| user.user_id, 'test-token', -1, AuthTokenModel.cls.ROLE_VCS) | ||||
| token = auth_token.api_key | ||||
| # manually set scope | ||||
| auth_token.repo = Repository.get_by_repo_name(GIT_REPO) | ||||
| Session().add(auth_token) | ||||
| Session().commit() | ||||
| r5607 | clone_url = rcstack.repo_clone_url( | |||
| r5087 | HG_REPO, user=user.username, passwd=token) | |||
| r5607 | stdout, stderr = Command(tmpdir.strpath).execute( | |||
| r5087 | 'hg clone', clone_url, tmpdir.strpath) | |||
| assert 'abort: authorization failed' in stderr | ||||
| msg = 'reason: bad or inactive token.' | ||||
| r5607 | rcstack.assert_message_in_server_logs(msg) | |||
