diff --git a/api/Pipfile.lock b/api/Pipfile.lock index 11ce5957a8..a3b216ee76 100644 --- a/api/Pipfile.lock +++ b/api/Pipfile.lock @@ -222,10 +222,10 @@ }, "jinja2": { "hashes": [ - "sha256:93187ffbc7808079673ef52771baa950426fd664d3aad1d0fa3e95644360e250", - "sha256:b0eaf100007721b5c16c1fc1eecb87409464edc10469ddc9a22a27a99123be49" + "sha256:89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0", + "sha256:f0a4641d3cf955324a89c04f3d94663aa4d638abe8f733ecd3582848e1c37035" ], - "version": "==2.11.1" + "version": "==2.11.2" }, "mako": { "hashes": [ @@ -454,17 +454,35 @@ }, "sqlalchemy": { "hashes": [ - "sha256:c4cca4aed606297afbe90d4306b49ad3a4cd36feb3f87e4bfd655c57fd9ef445" + "sha256:083e383a1dca8384d0ea6378bd182d83c600ed4ff4ec8247d3b2442cf70db1ad", + "sha256:0a690a6486658d03cc6a73536d46e796b6570ac1f8a7ec133f9e28c448b69828", + "sha256:114b6ace30001f056e944cebd46daef38fdb41ebb98f5e5940241a03ed6cad43", + "sha256:128f6179325f7597a46403dde0bf148478f868df44841348dfc8d158e00db1f9", + "sha256:13d48cd8b925b6893a4e59b2dfb3e59a5204fd8c98289aad353af78bd214db49", + "sha256:211a1ce7e825f7142121144bac76f53ac28b12172716a710f4bf3eab477e730b", + "sha256:2dc57ee80b76813759cccd1a7affedf9c4dbe5b065a91fb6092c9d8151d66078", + "sha256:3e625e283eecc15aee5b1ef77203bfb542563fa4a9aa622c7643c7b55438ff49", + "sha256:43078c7ec0457387c79b8d52fff90a7ad352ca4c7aa841c366238c3e2cf52fdf", + "sha256:5b1bf3c2c2dca738235ce08079783ef04f1a7fc5b21cf24adaae77f2da4e73c3", + "sha256:6056b671aeda3fc451382e52ab8a753c0d5f66ef2a5ccc8fa5ba7abd20988b4d", + "sha256:68d78cf4a9dfade2e6cf57c4be19f7b82ed66e67dacf93b32bb390c9bed12749", + "sha256:7025c639ce7e170db845e94006cf5f404e243e6fc00d6c86fa19e8ad8d411880", + "sha256:7224e126c00b8178dfd227bc337ba5e754b197a3867d33b9f30dc0208f773d70", + "sha256:7d98e0785c4cd7ae30b4a451416db71f5724a1839025544b4edbd92e00b91f0f", + "sha256:8d8c21e9d4efef01351bf28513648ceb988031be4159745a7ad1b3e28c8ff68a", + "sha256:bbb545da054e6297242a1bb1ba88e7a8ffb679f518258d66798ec712b82e4e07", + "sha256:d00b393f05dbd4ecd65c989b7f5a81110eae4baea7a6a4cdd94c20a908d1456e", + "sha256:e18752cecaef61031252ca72031d4d6247b3212ebb84748fc5d1a0d2029c23ea" ], "index": "pypi", - "version": "==1.3.15" + "version": "==1.3.16" }, "urllib3": { "hashes": [ - "sha256:2f3db8b19923a873b3e5256dc9c2dedfa883e33d87c690d9c7913e1f40673cdc", - "sha256:87716c2d2a7121198ebcb7ce7cccf6ce5e9ba539041cfbaeecfb641dc0bf6acc" + "sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527", + "sha256:88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115" ], - "version": "==1.25.8" + "version": "==1.25.9" }, "waitress": { "hashes": [ @@ -506,39 +524,39 @@ }, "coverage": { "hashes": [ - "sha256:03f630aba2b9b0d69871c2e8d23a69b7fe94a1e2f5f10df5049c0df99db639a0", - "sha256:046a1a742e66d065d16fb564a26c2a15867f17695e7f3d358d7b1ad8a61bca30", - "sha256:0a907199566269e1cfa304325cc3b45c72ae341fbb3253ddde19fa820ded7a8b", - "sha256:165a48268bfb5a77e2d9dbb80de7ea917332a79c7adb747bd005b3a07ff8caf0", - "sha256:1b60a95fc995649464e0cd48cecc8288bac5f4198f21d04b8229dc4097d76823", - "sha256:1f66cf263ec77af5b8fe14ef14c5e46e2eb4a795ac495ad7c03adc72ae43fafe", - "sha256:2e08c32cbede4a29e2a701822291ae2bc9b5220a971bba9d1e7615312efd3037", - "sha256:3844c3dab800ca8536f75ae89f3cf566848a3eb2af4d9f7b1103b4f4f7a5dad6", - "sha256:408ce64078398b2ee2ec08199ea3fcf382828d2f8a19c5a5ba2946fe5ddc6c31", - "sha256:443be7602c790960b9514567917af538cac7807a7c0c0727c4d2bbd4014920fd", - "sha256:4482f69e0701139d0f2c44f3c395d1d1d37abd81bfafbf9b6efbe2542679d892", - "sha256:4a8a259bf990044351baf69d3b23e575699dd60b18460c71e81dc565f5819ac1", - "sha256:513e6526e0082c59a984448f4104c9bf346c2da9961779ede1fc458e8e8a1f78", - "sha256:5f587dfd83cb669933186661a351ad6fc7166273bc3e3a1531ec5c783d997aac", - "sha256:62061e87071497951155cbccee487980524d7abea647a1b2a6eb6b9647df9006", - "sha256:641e329e7f2c01531c45c687efcec8aeca2a78a4ff26d49184dce3d53fc35014", - "sha256:65a7e00c00472cd0f59ae09d2fb8a8aaae7f4a0cf54b2b74f3138d9f9ceb9cb2", - "sha256:6ad6ca45e9e92c05295f638e78cd42bfaaf8ee07878c9ed73e93190b26c125f7", - "sha256:73aa6e86034dad9f00f4bbf5a666a889d17d79db73bc5af04abd6c20a014d9c8", - "sha256:7c9762f80a25d8d0e4ab3cb1af5d9dffbddb3ee5d21c43e3474c84bf5ff941f7", - "sha256:85596aa5d9aac1bf39fe39d9fa1051b0f00823982a1de5766e35d495b4a36ca9", - "sha256:86a0ea78fd851b313b2e712266f663e13b6bc78c2fb260b079e8b67d970474b1", - "sha256:8a620767b8209f3446197c0e29ba895d75a1e272a36af0786ec70fe7834e4307", - "sha256:922fb9ef2c67c3ab20e22948dcfd783397e4c043a5c5fa5ff5e9df5529074b0a", - "sha256:9fad78c13e71546a76c2f8789623eec8e499f8d2d799f4b4547162ce0a4df435", - "sha256:a37c6233b28e5bc340054cf6170e7090a4e85069513320275a4dc929144dccf0", - "sha256:c3fc325ce4cbf902d05a80daa47b645d07e796a80682c1c5800d6ac5045193e5", - "sha256:cda33311cb9fb9323958a69499a667bd728a39a7aa4718d7622597a44c4f1441", - "sha256:db1d4e38c9b15be1521722e946ee24f6db95b189d1447fa9ff18dd16ba89f732", - "sha256:eda55e6e9ea258f5e4add23bcf33dc53b2c319e70806e180aecbff8d90ea24de", - "sha256:f372cdbb240e09ee855735b9d85e7f50730dcfb6296b74b95a3e5dea0615c4c1" - ], - "version": "==5.0.4" + "sha256:00f1d23f4336efc3b311ed0d807feb45098fc86dee1ca13b3d6768cdab187c8a", + "sha256:01333e1bd22c59713ba8a79f088b3955946e293114479bbfc2e37d522be03355", + "sha256:0cb4be7e784dcdc050fc58ef05b71aa8e89b7e6636b99967fadbdba694cf2b65", + "sha256:0e61d9803d5851849c24f78227939c701ced6704f337cad0a91e0972c51c1ee7", + "sha256:1601e480b9b99697a570cea7ef749e88123c04b92d84cedaa01e117436b4a0a9", + "sha256:2742c7515b9eb368718cd091bad1a1b44135cc72468c731302b3d641895b83d1", + "sha256:2d27a3f742c98e5c6b461ee6ef7287400a1956c11421eb574d843d9ec1f772f0", + "sha256:402e1744733df483b93abbf209283898e9f0d67470707e3c7516d84f48524f55", + "sha256:5c542d1e62eece33c306d66fe0a5c4f7f7b3c08fecc46ead86d7916684b36d6c", + "sha256:5f2294dbf7875b991c381e3d5af2bcc3494d836affa52b809c91697449d0eda6", + "sha256:6402bd2fdedabbdb63a316308142597534ea8e1895f4e7d8bf7476c5e8751fef", + "sha256:66460ab1599d3cf894bb6baee8c684788819b71a5dc1e8fa2ecc152e5d752019", + "sha256:782caea581a6e9ff75eccda79287daefd1d2631cc09d642b6ee2d6da21fc0a4e", + "sha256:79a3cfd6346ce6c13145731d39db47b7a7b859c0272f02cdb89a3bdcbae233a0", + "sha256:7a5bdad4edec57b5fb8dae7d3ee58622d626fd3a0be0dfceda162a7035885ecf", + "sha256:8fa0cbc7ecad630e5b0f4f35b0f6ad419246b02bc750de7ac66db92667996d24", + "sha256:a027ef0492ede1e03a8054e3c37b8def89a1e3c471482e9f046906ba4f2aafd2", + "sha256:a3f3654d5734a3ece152636aad89f58afc9213c6520062db3978239db122f03c", + "sha256:a82b92b04a23d3c8a581fc049228bafde988abacba397d57ce95fe95e0338ab4", + "sha256:acf3763ed01af8410fc36afea23707d4ea58ba7e86a8ee915dfb9ceff9ef69d0", + "sha256:adeb4c5b608574a3d647011af36f7586811a2c1197c861aedb548dd2453b41cd", + "sha256:b83835506dfc185a319031cf853fa4bb1b3974b1f913f5bb1a0f3d98bdcded04", + "sha256:bb28a7245de68bf29f6fb199545d072d1036a1917dca17a1e75bbb919e14ee8e", + "sha256:bf9cb9a9fd8891e7efd2d44deb24b86d647394b9705b744ff6f8261e6f29a730", + "sha256:c317eaf5ff46a34305b202e73404f55f7389ef834b8dbf4da09b9b9b37f76dd2", + "sha256:dbe8c6ae7534b5b024296464f387d57c13caa942f6d8e6e0346f27e509f0f768", + "sha256:de807ae933cfb7f0c7d9d981a053772452217df2bf38e7e6267c9cbf9545a796", + "sha256:dead2ddede4c7ba6cb3a721870f5141c97dc7d85a079edb4bd8d88c3ad5b20c7", + "sha256:dec5202bfe6f672d4511086e125db035a52b00f1648d6407cc8e526912c0353a", + "sha256:e1ea316102ea1e1770724db01998d1603ed921c54a86a2efcb03428d5417e489", + "sha256:f90bfc4ad18450c80b024036eaf91e4a246ae287701aaa88eaebebf150868052" + ], + "version": "==5.1" }, "isort": { "hashes": [ diff --git a/api/app/__init__.py b/api/app/__init__.py index a6d9ce1db8..a399eae169 100644 --- a/api/app/__init__.py +++ b/api/app/__init__.py @@ -1,14 +1,11 @@ from flask import Flask - from app.logger import logger -from app.create_sa import create_sa +from flask_bcrypt import Bcrypt app = Flask(__name__) +bcrypt = Bcrypt(app) def create_application(): - app.debug = True - create_sa() - return app diff --git a/api/app/app.py b/api/app/app.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/api/application.py b/api/application.py index aa240bb7b2..410f7cec6b 100644 --- a/api/application.py +++ b/api/application.py @@ -1,18 +1,23 @@ from waitress import serve - from app import create_application from app.graphql_endpoint import add_graphql_endpoint - from db import db_session +from app.create_sa import create_sa app = create_application() add_graphql_endpoint(app) +@app.before_first_request +def setup_super_admin(): + print("Creating Super Admin User") + create_sa() + + @app.teardown_request def shutdown_session(exception=None): db_session.remove() -if __name__ == '__main__': - serve(app, host='0.0.0.0', port=5000) +if __name__ == "__main__": + serve(app, host="0.0.0.0", port=5000) diff --git a/api/functions/create_user.py b/api/functions/create_user.py index 8b2ec20e28..04d34bed2f 100644 --- a/api/functions/create_user.py +++ b/api/functions/create_user.py @@ -1,5 +1,4 @@ from graphql import GraphQLError -from flask_bcrypt import Bcrypt from flask import current_app as app from functions.input_validators import * @@ -30,17 +29,14 @@ def create_user(display_name, password, confirm_password, user_name): if password != confirm_password: raise GraphQLError(error_passwords_do_not_match()) - bcrypt = Bcrypt(app) # Create the bcrypt object that handles password hashing and verifying. - - user = User.query.filter(User.user_name == user_name).first() + user = User.find_by_user_name(user_name) if user is None: user = User( user_name=user_name, display_name=display_name, - preferred_lang='English', - user_password=bcrypt.generate_password_hash( - password=password).decode('UTF-8') # Hash the password + preferred_lang="English", + user_password=password, ) db_session.add(user) diff --git a/api/functions/sign_in_user.py b/api/functions/sign_in_user.py index 93fbfd9cd7..c160311827 100644 --- a/api/functions/sign_in_user.py +++ b/api/functions/sign_in_user.py @@ -2,14 +2,12 @@ import datetime import os from graphql import GraphQLError -from flask_bcrypt import Bcrypt +from app import bcrypt from flask import current_app as app from sqlalchemy.orm import load_only - from functions.input_validators import * from functions.error_messages import * from functions.orm_to_dict import orm_to_dict - from models import Users from models import User_affiliations from db import db_session @@ -24,63 +22,61 @@ def sign_in_user(user_name, password): """ user_name = cleanse_input(user_name) password = cleanse_input(password) - user = Users.query.filter(Users.user_name == user_name).first() + user = Users.find_by_user_name(user_name) if user is None: raise GraphQLError(error_user_does_not_exist()) # Checks the amount of failed login attempts and if the time since the last # Attempt was more than 30min (1800s) - if user.failed_login_attempts and (user.failed_login_attempt_time + 1800) \ - < datetime.datetime.now().timestamp(): + if ( + user.failed_login_attempts + and (user.failed_login_attempt_time + 1800) + < datetime.datetime.now().timestamp() + ): raise GraphQLError(error_too_many_failed_login_attempts()) - bcrypt = Bcrypt(app) # Create the bcrypt object that will handle password hashing and verification - email_match = user_name == user.user_name password_match = bcrypt.check_password_hash(user.user_password, password) # If the given user credentials are valid if email_match and password_match: # Fetch user's role from the database and include it as claims on the JWT being generated - user_aff = User_affiliations.query.filter(User_affiliations.user_id == user.id).all() + user_aff = User_affiliations.query.filter( + User_affiliations.user_id == user.id + ).all() user_aff = orm_to_dict(user_aff) if len(user_aff): user_roles = [] for select in user_aff: temp_dict = { - 'user_id': select['user_id'], - 'org_id': select['organization_id'], - 'permission': select['permission'] + "user_id": select["user_id"], + "org_id": select["organization_id"], + "permission": select["permission"], } user_roles.append(temp_dict) else: - user_roles = ['none'] + user_roles = ["none"] try: payload = { - 'exp': datetime.datetime.utcnow() + datetime.timedelta(days=0, seconds=1800), - 'iat': datetime.datetime.utcnow(), - 'user_id': user.id, - "roles": user_roles + "exp": datetime.datetime.utcnow() + + datetime.timedelta(days=0, seconds=1800), + "iat": datetime.datetime.utcnow(), + "user_id": user.id, + "roles": user_roles, } token = jwt.encode( - payload, - str(os.getenv('SUPER_SECRET_SALT')), - algorithm='HS256' - ).decode('utf-8') + payload, str(os.getenv("SUPER_SECRET_SALT")), algorithm="HS256" + ).decode("utf-8") except Exception as e: - raise GraphQLError('Token Generation Error: ' + str(e)) + raise GraphQLError("Token Generation Error: " + str(e)) # A temporary dictionary that will be returned to the graphql resolver - temp_dict = { - 'auth_token': token, - 'user': user - } + temp_dict = {"auth_token": token, "user": user} - Users.query.filter(Users.user_name == user_name).update({ - 'failed_login_attempts': 0, - 'failed_login_attempt_time': 0 - }) + Users.query.filter(Users.user_name == user_name).update( + {"failed_login_attempts": 0, "failed_login_attempt_time": 0} + ) db_session.commit() return temp_dict @@ -89,11 +85,12 @@ def sign_in_user(user_name, password): # Generate a timestamp and also add that to the user update. time_stamp = datetime.datetime.now().timestamp() - Users.query.filter(Users.user_name == user_name)\ - .update({ - 'failed_login_attempts': Users.failed_login_attempts + 1, - 'failed_login_attempt_time': time_stamp - }) + Users.query.filter(Users.user_name == user_name).update( + { + "failed_login_attempts": Users.failed_login_attempts + 1, + "failed_login_attempt_time": time_stamp, + } + ) db_session.commit() raise GraphQLError(error_invalid_credentials()) diff --git a/api/functions/update_user_password.py b/api/functions/update_user_password.py index fbbfec0755..0609386131 100644 --- a/api/functions/update_user_password.py +++ b/api/functions/update_user_password.py @@ -1,11 +1,8 @@ import datetime - from graphql import GraphQLError -from flask_bcrypt import Bcrypt - +from app import bcrypt from functions.input_validators import * from functions.error_messages import * - from models import Users as User from app import app from db import db_session @@ -29,19 +26,18 @@ def update_password(user_name, password, confirm_password): if password != confirm_password: raise GraphQLError(error_passwords_do_not_match()) - user = User.query.filter(User.user_name == user_name).first() + user = User.find_by_user_name(user_name) if user is None: raise GraphQLError(error_user_does_not_exist()) - bcrypt = Bcrypt(app) # Create the bcrypt object that will handle password hashing and verification - - user = User.query.filter(User.user_name == user_name) \ - .update({ - 'user_password': bcrypt.generate_password_hash(password).decode('UTF-8'), - 'failed_login_attempts': 0, - 'failed_login_attempt_time': 0 - }) + user = User.query.filter(User.user_name == user_name).update( + { + "user_password": bcrypt.generate_password_hash(password).decode("UTF-8"), + "failed_login_attempts": 0, + "failed_login_attempt_time": 0, + } + ) db_session.commit() @@ -49,5 +45,5 @@ def update_password(user_name, password, confirm_password): raise GraphQLError(error_password_not_updated()) else: # Re-query the user to ensure the latest object is returned - user = User.query.filter(User.user_name == user_name).first() + user = User.find_by_user_name(user_name) return user diff --git a/api/models.py b/api/models.py deleted file mode 100644 index 647d812396..0000000000 --- a/api/models.py +++ /dev/null @@ -1,139 +0,0 @@ -from graphene import Time -from sqlalchemy.types import Integer, Boolean, DateTime, Float -from sqlalchemy import Column, String, ForeignKey -from sqlalchemy.orm import relationship -from sqlalchemy.dialects.postgresql import JSONB - -from db import Base - - -class Domains(Base): - __tablename__ = 'domains' - - id = Column(Integer, primary_key=True) - domain = Column(String) - last_run = Column(DateTime) - organization_id = Column(Integer, ForeignKey('organizations.id')) - organization = relationship("Organizations", back_populates="domains", cascade="all, delete") - scans = relationship("Scans", back_populates="domain", cascade="all, delete") - dmarc_reports = relationship("Dmarc_Reports", back_populates="domain", cascade="all, delete") - - -class Organizations(Base): - __tablename__ = 'organizations' - - id = Column(Integer, primary_key=True) - acronym = Column(String) - org_tags = Column(JSONB) - domains = relationship("Domains", back_populates="organization", cascade="all, delete") - users = relationship("User_affiliations", back_populates="user_organization", cascade="all, delete") - - -class Users(Base): - __tablename__ = 'users' - - id = Column(Integer, primary_key=True, autoincrement=True) - user_name = Column(String) - display_name = Column(String) - user_password = Column(String) - preferred_lang = Column(String) - failed_login_attempts = Column(Integer, default=0) - failed_login_attempt_time = Column(Float, default=0, nullable=True) - tfa_validated = Column(Boolean, default=False) - user_affiliation = relationship("User_affiliations", back_populates="user", cascade="all, delete") - - -class User_affiliations(Base): - __tablename__ = 'user_affiliations' - - id = Column(Integer, primary_key=True, autoincrement=True) - user_id = Column(Integer, ForeignKey('users.id'), primary_key=True) - organization_id = Column(Integer, ForeignKey('organizations.id')) - permission = Column(String) - user = relationship("Users", back_populates="user_affiliation", cascade="all, delete") - user_organization = relationship("Organizations", back_populates="users", cascade="all, delete") - - -class Dmarc_Reports(Base): - __tablename__ = 'dmarc_reports' - - id = Column(Integer, primary_key=True, autoincrement=True) - domain_id = Column(Integer, ForeignKey('domains.id')) - start_date = Column(DateTime) - end_date = Column(DateTime) - report = Column(JSONB) - domain = relationship("Domains", back_populates="dmarc_reports", cascade="all, delete") - - -class Scans(Base): - __tablename__ = 'scans' - - id = Column(Integer, primary_key=True) - domain_id = Column(Integer, ForeignKey('domains.id')) - scan_date = Column(DateTime) - initiated_by = Column(Integer, ForeignKey('users.id')) - domain = relationship("Domains", back_populates="scans", cascade="all, delete") - - -class Dmarc_scans(Base): - __tablename__ = 'dmarc_scans' - - id = Column(Integer, ForeignKey('scans.id'), primary_key=True) - dmarc_phase = Column(Integer) - dmarc_scan = Column(JSONB) - - -class Dkim_scans(Base): - __tablename__ = 'dkim_scans' - - id = Column(Integer, ForeignKey('scans.id'), primary_key=True) - dkim_scan = Column(JSONB) - -class Mx_scans(Base): - __tablename__ = 'mx_scans' - - id = Column(Integer, ForeignKey('scans.id'), primary_key=True) - mx_scan = Column(JSONB) - -class Spf_scans(Base): - __tablename__ = 'spf_scans' - - id = Column(Integer, ForeignKey('scans.id'), primary_key=True) - spf_scan = Column(JSONB) - - -class Https_scans(Base): - __tablename__ = 'https_scans' - - id = Column(Integer, ForeignKey('scans.id'), primary_key=True) - https_scan = Column(JSONB) - - -class Ssl_scans(Base): - __tablename__ = 'ssl_scans' - - id = Column(Integer, ForeignKey('scans.id'), primary_key=True) - ssl_scan = Column(JSONB) - - -class Ciphers(Base): - __tablename__ = 'ciphers' - - id = Column(Integer, primary_key=True) - cipher_type = Column(String) - - -class Guidance(Base): - __tablename__ = 'guidance' - - id = Column(Integer, primary_key=True) - tag_name = Column(String) - guidance = Column(String) - ref_links = Column(String) - - -class Classification(Base): - __tablename__ = 'Classification' - - id = Column(Integer, primary_key=True) - UNCLASSIFIED = Column(String) diff --git a/api/models/Organizations.py b/api/models/Organizations.py new file mode 100644 index 0000000000..93272c94ef --- /dev/null +++ b/api/models/Organizations.py @@ -0,0 +1,21 @@ +from graphene import Time +from sqlalchemy.types import Integer, Boolean, DateTime, Float +from sqlalchemy import Column, String, ForeignKey +from sqlalchemy.orm import relationship +from sqlalchemy.dialects.postgresql import JSONB +from sqlalchemy.ext.hybrid import hybrid_property, hybrid_method +from db import Base + + +class Organizations(Base): + __tablename__ = "organizations" + + id = Column(Integer, primary_key=True) + acronym = Column(String) + org_tags = Column(JSONB) + domains = relationship( + "Domains", back_populates="organization", cascade="all, delete" + ) + users = relationship( + "User_affiliations", back_populates="user_organization", cascade="all, delete" + ) diff --git a/api/models/User_affiliations.py b/api/models/User_affiliations.py new file mode 100644 index 0000000000..b0d22d73c9 --- /dev/null +++ b/api/models/User_affiliations.py @@ -0,0 +1,19 @@ +from sqlalchemy.types import Integer +from sqlalchemy import Column, String, ForeignKey +from sqlalchemy.orm import relationship +from db import Base + + +class User_affiliations(Base): + __tablename__ = "user_affiliations" + + id = Column(Integer, primary_key=True, autoincrement=True) + user_id = Column(Integer, ForeignKey("users.id"), primary_key=True) + organization_id = Column(Integer, ForeignKey("organizations.id")) + permission = Column(String) + user = relationship( + "Users", back_populates="user_affiliation", cascade="all, delete" + ) + user_organization = relationship( + "Organizations", back_populates="users", cascade="all, delete" + ) diff --git a/api/models/Users.py b/api/models/Users.py new file mode 100644 index 0000000000..0f4745be08 --- /dev/null +++ b/api/models/Users.py @@ -0,0 +1,38 @@ +from sqlalchemy.types import Integer, Boolean, Float +from sqlalchemy import Column, String, ForeignKey +from sqlalchemy import event +from app import bcrypt +from sqlalchemy.orm import relationship, validates +from sqlalchemy.ext.hybrid import hybrid_property, hybrid_method +from db import Base + + +class Users(Base): + __tablename__ = "users" + + id = Column(Integer, primary_key=True, autoincrement=True) + user_name = Column(String) + display_name = Column(String) + user_password = Column(String) + preferred_lang = Column(String) + failed_login_attempts = Column(Integer, default=0) + failed_login_attempt_time = Column(Float, default=0, nullable=True) + tfa_validated = Column(Boolean, default=False) + user_affiliation = relationship( + "User_affiliations", back_populates="user", cascade="all, delete" + ) + + @hybrid_method + def find_by_user_name(self, user_name): + return self.query.filter(self.user_name == user_name).first() + + @hybrid_property + def password(self): + return self.user_password + + @password.setter + def password(self, password): + if len(password) < 12: + raise ValueError("Password must be greater than 12 characters") + else: + self.user_password = bcrypt.generate_password_hash(password).decode("UTF-8") diff --git a/api/models/__init__.py b/api/models/__init__.py new file mode 100644 index 0000000000..3db59e5fc2 --- /dev/null +++ b/api/models/__init__.py @@ -0,0 +1,114 @@ +from graphene import Time +from sqlalchemy.types import Integer, Boolean, DateTime, Float +from sqlalchemy import Column, String, ForeignKey +from sqlalchemy.orm import relationship +from sqlalchemy.dialects.postgresql import JSONB +from db import Base +from models.Users import Users +from models.User_affiliations import User_affiliations +from models.Organizations import Organizations + + +class Domains(Base): + __tablename__ = "domains" + + id = Column(Integer, primary_key=True) + domain = Column(String) + last_run = Column(DateTime) + organization_id = Column(Integer, ForeignKey("organizations.id")) + organization = relationship( + "Organizations", back_populates="domains", cascade="all, delete" + ) + scans = relationship("Scans", back_populates="domain", cascade="all, delete") + dmarc_reports = relationship( + "Dmarc_Reports", back_populates="domain", cascade="all, delete" + ) + + +class Dmarc_Reports(Base): + __tablename__ = "dmarc_reports" + + id = Column(Integer, primary_key=True, autoincrement=True) + domain_id = Column(Integer, ForeignKey("domains.id")) + start_date = Column(DateTime) + end_date = Column(DateTime) + report = Column(JSONB) + domain = relationship( + "Domains", back_populates="dmarc_reports", cascade="all, delete" + ) + + +class Scans(Base): + __tablename__ = "scans" + + id = Column(Integer, primary_key=True) + domain_id = Column(Integer, ForeignKey("domains.id")) + scan_date = Column(DateTime) + initiated_by = Column(Integer, ForeignKey("users.id")) + domain = relationship("Domains", back_populates="scans", cascade="all, delete") + + +class Dmarc_scans(Base): + __tablename__ = "dmarc_scans" + + id = Column(Integer, ForeignKey("scans.id"), primary_key=True) + dmarc_phase = Column(Integer) + dmarc_scan = Column(JSONB) + + +class Dkim_scans(Base): + __tablename__ = "dkim_scans" + + id = Column(Integer, ForeignKey("scans.id"), primary_key=True) + dkim_scan = Column(JSONB) + + +class Mx_scans(Base): + __tablename__ = "mx_scans" + + id = Column(Integer, ForeignKey("scans.id"), primary_key=True) + mx_scan = Column(JSONB) + + +class Spf_scans(Base): + __tablename__ = "spf_scans" + + id = Column(Integer, ForeignKey("scans.id"), primary_key=True) + spf_scan = Column(JSONB) + + +class Https_scans(Base): + __tablename__ = "https_scans" + + id = Column(Integer, ForeignKey("scans.id"), primary_key=True) + https_scan = Column(JSONB) + + +class Ssl_scans(Base): + __tablename__ = "ssl_scans" + + id = Column(Integer, ForeignKey("scans.id"), primary_key=True) + ssl_scan = Column(JSONB) + + +class Ciphers(Base): + __tablename__ = "ciphers" + + id = Column(Integer, primary_key=True) + cipher_type = Column(String) + + +class Guidance(Base): + __tablename__ = "guidance" + + id = Column(Integer, primary_key=True) + tag_name = Column(String) + guidance = Column(String) + ref_links = Column(String) + + +class Classification(Base): + __tablename__ = "Classification" + + id = Column(Integer, primary_key=True) + UNCLASSIFIED = Column(String) diff --git a/api/tests/test_auth_functions.py b/api/tests/test_auth_functions.py index 2c0762dc62..b87e301665 100644 --- a/api/tests/test_auth_functions.py +++ b/api/tests/test_auth_functions.py @@ -1,7 +1,3 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath -from flask_bcrypt import Bcrypt import pytest from app import app from db import db_session @@ -10,77 +6,59 @@ is_super_admin, is_admin, is_user_write, - is_user_read + is_user_read, ) -@pytest.fixture(scope='class') +@pytest.fixture(scope="class") def user_role_test_db_init(): - bcrypt = Bcrypt(app) - with app.app_context(): test_user = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_user = Users( id=2, display_name="testuserwrite", user_name="testuserwrite@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_admin = Users( id=3, display_name="testadmin", user_name="testadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_super_admin = Users( id=4, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) org = Organizations( - id=1, - acronym='ORG1', - org_tags={ - "description": 'Organization 1' - } + id=1, acronym="ORG1", org_tags={"description": "Organization 1"} ) db_session.add(org) test_admin_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=2, - organization_id=1, - permission='user_write' + user_id=2, organization_id=1, permission="user_write" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=3, - organization_id=1, - permission='admin' + user_id=3, organization_id=1, permission="admin" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=4, - organization_id=1, - permission='super_admin' + user_id=4, organization_id=1, permission="super_admin" ) db_session.add(test_admin_role) db_session.commit() @@ -94,99 +72,99 @@ def user_role_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('user_role_test_db_init') +@pytest.mark.usefixtures("user_role_test_db_init") class TestAuthFunctions: def test_user_read_check_perm_user_read(self): - user_role = [{'user_id': 1, 'org_id': 1, 'permission': 'user_read'}] + user_role = [{"user_id": 1, "org_id": 1, "permission": "user_read"}] org_id = 1 assert is_user_read(user_role, org_id) def test_user_read_check_perm_user_write(self): - user_role = [{'user_id': 2, 'org_id': 1, 'permission': 'user_write'}] + user_role = [{"user_id": 2, "org_id": 1, "permission": "user_write"}] org_id = 1 assert is_user_read(user_role, org_id) def test_user_read_check_perm_user_admin(self): - user_role = [{'user_id': 3, 'org_id': 1, 'permission': 'admin'}] + user_role = [{"user_id": 3, "org_id": 1, "permission": "admin"}] org_id = 1 assert is_user_read(user_role, org_id) def test_user_read_check_perm_super_admin(self): - user_role = [{'user_id': 4, 'org_id': 1, 'permission': 'super_admin'}] + user_role = [{"user_id": 4, "org_id": 1, "permission": "super_admin"}] org_id = 1 assert is_user_read(user_role, org_id) def test_user_read_check_invalid(self): - user_role = [{'user_id': 1, 'org_id': 1, 'permission': ''}] + user_role = [{"user_id": 1, "org_id": 1, "permission": ""}] org_id = 1 assert not is_user_read(user_role, org_id) def test_user_write_check_perm_user_read(self): - user_role = [{'user_id': 1, 'org_id': 1, 'permission': 'user_read'}] + user_role = [{"user_id": 1, "org_id": 1, "permission": "user_read"}] org_id = 1 assert not is_user_write(user_role, org_id) def test_user_write_check_perm_user_write(self): - user_role = [{'user_id': 2, 'org_id': 1, 'permission': 'user_write'}] + user_role = [{"user_id": 2, "org_id": 1, "permission": "user_write"}] org_id = 1 assert is_user_write(user_role, org_id) def test_user_write_check_perm_user_admin(self): - user_role = [{'user_id': 3, 'org_id': 1, 'permission': 'admin'}] + user_role = [{"user_id": 3, "org_id": 1, "permission": "admin"}] org_id = 1 assert is_user_write(user_role, org_id) def test_user_write_check_perm_super_admin(self): - user_role = [{'user_id': 4, 'org_id': 1, 'permission': 'super_admin'}] + user_role = [{"user_id": 4, "org_id": 1, "permission": "super_admin"}] org_id = 1 assert is_user_write(user_role, org_id) def test_user_write_check_invalid(self): - user_role = [{'user_id': 1, 'org_id': 1, 'permission': ''}] + user_role = [{"user_id": 1, "org_id": 1, "permission": ""}] org_id = 1 assert not is_user_write(user_role, org_id) def test_admin_check_perm_user_read(self): - user_role = [{'user_id': 1, 'org_id': 1, 'permission': 'user_read'}] + user_role = [{"user_id": 1, "org_id": 1, "permission": "user_read"}] org_id = 1 assert not is_admin(user_role, org_id) def test_admin_check_perm_user_write(self): - user_role = [{'user_id': 2, 'org_id': 1, 'permission': 'user_write'}] + user_role = [{"user_id": 2, "org_id": 1, "permission": "user_write"}] org_id = 1 assert not is_admin(user_role, org_id) def test_admin_check_perm_user_admin(self): - user_role = [{'user_id': 3, 'org_id': 1, 'permission': 'admin'}] + user_role = [{"user_id": 3, "org_id": 1, "permission": "admin"}] org_id = 1 assert is_admin(user_role, org_id) def test_admin_check_perm_super_admin(self): - user_role = [{'user_id': 4, 'org_id': 1, 'permission': 'super_admin'}] + user_role = [{"user_id": 4, "org_id": 1, "permission": "super_admin"}] org_id = 1 assert is_admin(user_role, org_id) def test_admin_check_invalid(self): - user_role = [{'user_id': 1, 'org_id': 1, 'permission': ''}] + user_role = [{"user_id": 1, "org_id": 1, "permission": ""}] org_id = 1 assert not is_admin(user_role, org_id) def test_super_admin_check_perm_user_read(self): - user_role = [{'user_id': 1, 'org_id': 1, 'permission': 'user_read'}] + user_role = [{"user_id": 1, "org_id": 1, "permission": "user_read"}] assert not is_super_admin(user_role) def test_super_admin_check_perm_user_write(self): - user_role = [{'user_id': 2, 'org_id': 1, 'permission': 'user_write'}] + user_role = [{"user_id": 2, "org_id": 1, "permission": "user_write"}] assert not is_super_admin(user_role) def test_super_admin_check_perm_user_admin(self): - user_role = [{'user_id': 3, 'org_id': 1, 'permission': 'admin'}] + user_role = [{"user_id": 3, "org_id": 1, "permission": "admin"}] assert not is_super_admin(user_role) def test_super_admin_check_perm_super_admin(self): - user_role = [{'user_id': 4, 'org_id': 1, 'permission': 'super_admin'}] + user_role = [{"user_id": 4, "org_id": 1, "permission": "super_admin"}] assert is_super_admin(user_role) def test_super_admin_check_invalid(self): - user_role = [{'user_id': 1, 'org_id': 1, 'permission': ''}] + user_role = [{"user_id": 1, "org_id": 1, "permission": ""}] assert not is_super_admin(user_role) diff --git a/api/tests/test_auth_wrapper.py b/api/tests/test_auth_wrapper.py index a77da50b6a..1fd36aabd5 100644 --- a/api/tests/test_auth_wrapper.py +++ b/api/tests/test_auth_wrapper.py @@ -1,8 +1,4 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath from graphene.test import Client -from flask_bcrypt import Bcrypt from flask import Request from werkzeug.test import create_environ import pytest @@ -13,73 +9,56 @@ from models import Users, User_affiliations, Organizations from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') -def user_role_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def user_role_test_db_init(): with app.app_context(): test_user = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_user = Users( id=2, display_name="testuserwrite", user_name="testuserwrite@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_admin = Users( id=3, display_name="testadmin", user_name="testadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_super_admin = Users( id=4, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) org = Organizations( - id=1, - acronym='ORG1', - org_tags={ - "description": 'Organization 1' - } + id=1, acronym="ORG1", org_tags={"description": "Organization 1"} ) db_session.add(org) test_admin_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=2, - organization_id=1, - permission='user_write' + user_id=2, organization_id=1, permission="user_write" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=3, - organization_id=1, - permission='admin' + user_id=3, organization_id=1, permission="admin" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=4, - organization_id=1, - permission='super_admin' + user_id=4, organization_id=1, permission="super_admin" ) db_session.add(test_admin_role) db_session.commit() @@ -93,164 +72,182 @@ def user_role_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('user_role_test_db_init') +@pytest.mark.usefixtures("user_role_test_db_init") class TestUserRole(TestCase): def test_user_read_claim(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { testUserClaims(org: "ORG1", role: USER_READ) } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['testUserClaims'] - assert executed['data']['testUserClaims'] == 'User Passed User Read Claim' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["testUserClaims"] + assert executed["data"]["testUserClaims"] == "User Passed User Read Claim" def test_user_write_claim(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { testUserClaims(org: "ORG1", role: USER_WRITE) } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['testUserClaims'] - assert executed['data']['testUserClaims'] == 'User Passed User Write Claim' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["testUserClaims"] + assert executed["data"]["testUserClaims"] == "User Passed User Write Claim" def test_admin_claim(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { testUserClaims(org: "ORG1", role: ADMIN) } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['testUserClaims'] - assert executed['data']['testUserClaims'] == 'User Passed Admin Claim' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["testUserClaims"] + assert executed["data"]["testUserClaims"] == "User Passed Admin Claim" def test_super_admin_claim(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { testUserClaims(org: "ORG1", role: SUPER_ADMIN) } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['testUserClaims'] - assert executed['data']['testUserClaims'] == 'User Passed Super Admin Claim' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["testUserClaims"] + assert executed["data"]["testUserClaims"] == "User Passed Super Admin Claim" def test_user_not_admin(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { testUserClaims(org: "ORG1", role: ADMIN) } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == 'Error, user is not an admin for that org' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, user is not an admin for that org" + ) diff --git a/api/tests/test_cost_check.py b/api/tests/test_cost_check.py index fa84185d57..2f042a7d36 100644 --- a/api/tests/test_cost_check.py +++ b/api/tests/test_cost_check.py @@ -1,11 +1,7 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from graphene.test import Client from werkzeug.test import create_environ from flask import Request -from flask_bcrypt import Bcrypt from unittest import TestCase from db import db_session from app import app @@ -13,17 +9,15 @@ from models import Users from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') -def user_schema_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def user_schema_test_db_init(): with app.app_context(): test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) db_session.commit() @@ -37,54 +31,49 @@ def user_schema_test_db_init(): ## # This class of tests works within the 'createUser' api endpoint -@pytest.mark.usefixtures('user_schema_test_db_init') +@pytest.mark.usefixtures("user_schema_test_db_init") class TestCostCheck(TestCase): def test_valid_cost_query(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) query = client.execute( - ''' + """ { user { displayName } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "user": [ - { - "displayName": "testsuperadmin" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"user": [{"displayName": "testsuperadmin"}]}} self.assertDictEqual(result_refr, query) def test_invalid_cost_query(self): backend = SecurityAnalysisBackend(10, 5) client = Client(schema) executed = client.execute( - ''' + """ { getSectorById(id: 1) { groups { @@ -124,7 +113,9 @@ def test_invalid_cost_query(self): } } } - ''', backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == 'Query cost is too high' + """, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == "Query cost is too high" diff --git a/api/tests/test_depth_check.py b/api/tests/test_depth_check.py index f0edcd3bb2..e6184763e0 100644 --- a/api/tests/test_depth_check.py +++ b/api/tests/test_depth_check.py @@ -1,11 +1,7 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath from werkzeug.test import create_environ from flask import Request import pytest from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from app import app from db import db_session @@ -13,17 +9,15 @@ from models import Users from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') -def user_schema_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def user_schema_test_db_init(): with app.app_context(): test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) db_session.commit() @@ -37,54 +31,49 @@ def user_schema_test_db_init(): ## # This class of tests works within the 'createUser' api endpoint -@pytest.mark.usefixtures('user_schema_test_db_init') +@pytest.mark.usefixtures("user_schema_test_db_init") class TestDepthCheck(TestCase): def test_valid_depth_query(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) query = client.execute( - ''' + """ { user { displayName } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "user": [ - { - "displayName": "testsuperadmin" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"user": [{"displayName": "testsuperadmin"}]}} self.assertDictEqual(result_refr, query) def test_invalid_depth_query(self): backend = SecurityAnalysisBackend(10) client = Client(schema) executed = client.execute( - ''' + """ { getSectorById(id: 1) { groups{ @@ -128,7 +117,9 @@ def test_invalid_depth_query(self): } } } - ''', backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == 'Query is too complex' + """, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == "Query is too complex" diff --git a/api/tests/test_domains_mutations.py b/api/tests/test_domains_mutations.py index bf722f5cff..3873eb2d7d 100644 --- a/api/tests/test_domains_mutations.py +++ b/api/tests/test_domains_mutations.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -22,266 +18,191 @@ Https_scans, Mx_scans, Spf_scans, - Ssl_scans + Ssl_scans, ) -@pytest.fixture(scope='class') -def domain_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def domain_test_db_init(): with app.app_context(): test_read = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_read) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) test_admin = Users( id=3, display_name="testadmin", user_name="testadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_admin = Users( id=4, display_name="testadmin2", user_name="testadmin2@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_write = Users( id=5, display_name="testuserwrite", user_name="testuserwrite@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_write) test_write2 = Users( id=6, display_name="testuserwrite2", user_name="testuserwrite2@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_write2) - org = Organizations( - id=1, - acronym='ORG1' - ) + org = Organizations(id=1, acronym="ORG1") db_session.add(org) - org = Organizations( - id=2, - acronym='ORG2' - ) + org = Organizations(id=2, acronym="ORG2") db_session.add(org) test_user_read_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_user_read_role) test_super_admin_role = User_affiliations( - user_id=2, - organization_id=2, - permission='super_admin' + user_id=2, organization_id=2, permission="super_admin" ) db_session.add(test_super_admin_role) test_admin_role = User_affiliations( - user_id=3, - organization_id=1, - permission='admin' + user_id=3, organization_id=1, permission="admin" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=4, - organization_id=2, - permission='admin' + user_id=4, organization_id=2, permission="admin" ) db_session.add(test_admin_role) test_user_write_role = User_affiliations( - user_id=5, - organization_id=1, - permission='user_write' + user_id=5, organization_id=1, permission="user_write" ) db_session.add(test_user_write_role) test_user_write_role_2 = User_affiliations( - user_id=6, - organization_id=2, - permission='user_write' + user_id=6, organization_id=2, permission="user_write" ) db_session.add(test_user_write_role_2) - sa_update_domain = Domains( - domain="sa.update.domain.ca", - organization_id=1 - ) + sa_update_domain = Domains(domain="sa.update.domain.ca", organization_id=1) db_session.add(sa_update_domain) - sa_remove_domain = Domains( - domain="sa.remove.domain.ca", - organization_id=1 - ) + sa_remove_domain = Domains(domain="sa.remove.domain.ca", organization_id=1) db_session.add(sa_remove_domain) org_admin_update_domain = Domains( - domain="admin.update.domain.ca", - organization_id=1 + domain="admin.update.domain.ca", organization_id=1 ) db_session.add(org_admin_update_domain) - org_admin_domain = Domains( - domain="admin.remove.domain.ca", - organization_id=1 - ) + org_admin_domain = Domains(domain="admin.remove.domain.ca", organization_id=1) db_session.add(org_admin_domain) org_admin_update_domain2 = Domains( - domain="admin2.update.domain.ca", - organization_id=1 + domain="admin2.update.domain.ca", organization_id=1 ) db_session.add(org_admin_update_domain2) - org_admin_domain2 = Domains( - domain="admin2.remove.domain.ca", - organization_id=1 - ) + org_admin_domain2 = Domains(domain="admin2.remove.domain.ca", organization_id=1) db_session.add(org_admin_domain2) user_write_update_domain = Domains( - domain="user.write.update.domain.ca", - organization_id=1 + domain="user.write.update.domain.ca", organization_id=1 ) db_session.add(user_write_update_domain) user_write_domain = Domains( - domain="user.write.remove.domain.ca", - organization_id=1 + domain="user.write.remove.domain.ca", organization_id=1 ) db_session.add(user_write_domain) user_write_update_domain_2 = Domains( - domain="user2.write.update.domain.ca", - organization_id=1 + domain="user2.write.update.domain.ca", organization_id=1 ) db_session.add(user_write_update_domain_2) user_write_domain_2 = Domains( - domain="user2.write.remove.domain.ca", - organization_id=1 + domain="user2.write.remove.domain.ca", organization_id=1 ) db_session.add(user_write_domain_2) user_read_update_domain = Domains( - domain="user.read.update.domain.ca", - organization_id=1 + domain="user.read.update.domain.ca", organization_id=1 ) db_session.add(user_read_update_domain) user_read_domain = Domains( - domain="user.read.remove.domain.ca", - organization_id=1 + domain="user.read.remove.domain.ca", organization_id=1 ) db_session.add(user_read_domain) db_session.commit() # Super Admin Scans - domain_id = db_session.query(Domains).filter( - Domains.domain == 'sa.remove.domain.ca' - ).first().id - sa_scan = Scans( - id=1, - domain_id=domain_id + domain_id = ( + db_session.query(Domains) + .filter(Domains.domain == "sa.remove.domain.ca") + .first() + .id ) + sa_scan = Scans(id=1, domain_id=domain_id) db_session.add(sa_scan) db_session.commit() - sa_dkim = Dkim_scans( - id=1 - ) + sa_dkim = Dkim_scans(id=1) db_session.add(sa_dkim) - sa_dmarc = Dmarc_scans( - id=1 - ) + sa_dmarc = Dmarc_scans(id=1) db_session.add(sa_dmarc) - sa_https = Https_scans( - id=1 - ) + sa_https = Https_scans(id=1) db_session.add(sa_https) - sa_ssl = Ssl_scans( - id=1 - ) + sa_ssl = Ssl_scans(id=1) db_session.add(sa_ssl) - sa_spf = Spf_scans( - id=1 - ) + sa_spf = Spf_scans(id=1) db_session.add(sa_spf) db_session.commit() # Admin Scans - domain_id = db_session.query(Domains).filter( - Domains.domain == 'admin.remove.domain.ca' - ).first().id - admin_scan = Scans( - id=2, - domain_id=domain_id + domain_id = ( + db_session.query(Domains) + .filter(Domains.domain == "admin.remove.domain.ca") + .first() + .id ) + admin_scan = Scans(id=2, domain_id=domain_id) db_session.add(admin_scan) db_session.commit() - admin_dkim = Dkim_scans( - id=2 - ) + admin_dkim = Dkim_scans(id=2) db_session.add(admin_dkim) - admin_dmarc = Dmarc_scans( - id=2 - ) + admin_dmarc = Dmarc_scans(id=2) db_session.add(admin_dmarc) - admin_https = Https_scans( - id=2 - ) + admin_https = Https_scans(id=2) db_session.add(admin_https) - admin_ssl = Ssl_scans( - id=2 - ) + admin_ssl = Ssl_scans(id=2) db_session.add(admin_ssl) - admin_spf = Spf_scans( - id=2 - ) + admin_spf = Spf_scans(id=2) db_session.add(admin_spf) db_session.commit() # User Write Scans - domain_id = db_session.query(Domains).filter( - Domains.domain == 'user.write.remove.domain.ca' - ).first().id - user_w_scan = Scans( - id=3, - domain_id=domain_id + domain_id = ( + db_session.query(Domains) + .filter(Domains.domain == "user.write.remove.domain.ca") + .first() + .id ) + user_w_scan = Scans(id=3, domain_id=domain_id) db_session.add(user_w_scan) db_session.commit() - user_w_dkim = Dkim_scans( - id=3 - ) + user_w_dkim = Dkim_scans(id=3) db_session.add(user_w_dkim) - user_w_dmarc = Dmarc_scans( - id=3 - ) + user_w_dmarc = Dmarc_scans(id=3) db_session.add(user_w_dmarc) - user_w_https = Https_scans( - id=3 - ) + user_w_https = Https_scans(id=3) db_session.add(user_w_https) - user_w_ssl = Ssl_scans( - id=3 - ) + user_w_ssl = Ssl_scans(id=3) db_session.add(user_w_ssl) - user_w_spf = Spf_scans( - id=3 - ) + user_w_spf = Spf_scans(id=3) db_session.add(user_w_spf) db_session.commit() @@ -302,7 +223,7 @@ def domain_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('domain_test_db_init') +@pytest.mark.usefixtures("domain_test_db_init") class TestDomainMutationAccessControl(TestCase): # Super Admin Tests def test_domain_creation_super_admin(self): @@ -313,52 +234,50 @@ def test_domain_creation_super_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ createDomain(org: "ORG1", url: "sa.create.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['createDomain'] - assert executed['data']['createDomain']['status'] + assert executed["data"] + assert executed["data"]["createDomain"] + assert executed["data"]["createDomain"]["status"] executed = client.execute( - ''' + """ { domain(url: "sa.create.domain.ca") { url } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "domain": [ - { - "url": "sa.create.domain.ca" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"domain": [{"url": "sa.create.domain.ca"}]}} self.assertDictEqual(result_refr, executed) def test_domain_modification_super_admin(self): @@ -369,24 +288,24 @@ def test_domain_modification_super_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateDomain( currentUrl: "sa.update.domain.ca", @@ -395,29 +314,27 @@ def test_domain_modification_super_admin(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['updateDomain'] - assert executed['data']['updateDomain']['status'] + assert executed["data"] + assert executed["data"]["updateDomain"] + assert executed["data"]["updateDomain"]["status"] executed = client.execute( - ''' + """ { domain(url: "updated.sa.update.domain.ca") { url } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "domain": [ - { - "url": "updated.sa.update.domain.ca" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"domain": [{"url": "updated.sa.update.domain.ca"}]}} self.assertDictEqual(result_refr, executed) def test_domain_removal_super_admin(self): @@ -428,75 +345,50 @@ def test_domain_removal_super_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ removeDomain(url: "sa.remove.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) - - assert executed['data'] - assert executed['data']['removeDomain'] - assert executed['data']['removeDomain']['status'] - - assert not db_session.query( - Domains - ).filter( - Domains.domain == 'sa.remove.domain.ca' - ).all() - assert not db_session.query( - Scans - ).filter( - Scans.id == 1 - ).all() - assert not db_session.query( - Dkim_scans - ).filter( - Dkim_scans.id == 1 - ).all() - assert not db_session.query( - Dmarc_scans - ).filter( - Dmarc_scans.id == 1 - ).all() - assert not db_session.query( - Https_scans - ).filter( - Https_scans.id == 1 - ).all() - assert not db_session.query( - Mx_scans - ).filter( - Mx_scans.id == 1 - ).all() - assert not db_session.query( - Ssl_scans - ).filter( - Ssl_scans.id == 1 - ).all() - assert not db_session.query( - Spf_scans - ).filter( - Spf_scans.id == 1 - ).all() + """, + context_value=request_headers, + backend=backend, + ) + + assert executed["data"] + assert executed["data"]["removeDomain"] + assert executed["data"]["removeDomain"]["status"] + + assert ( + not db_session.query(Domains) + .filter(Domains.domain == "sa.remove.domain.ca") + .all() + ) + assert not db_session.query(Scans).filter(Scans.id == 1).all() + assert not db_session.query(Dkim_scans).filter(Dkim_scans.id == 1).all() + assert not db_session.query(Dmarc_scans).filter(Dmarc_scans.id == 1).all() + assert not db_session.query(Https_scans).filter(Https_scans.id == 1).all() + assert not db_session.query(Mx_scans).filter(Mx_scans.id == 1).all() + assert not db_session.query(Ssl_scans).filter(Ssl_scans.id == 1).all() + assert not db_session.query(Spf_scans).filter(Spf_scans.id == 1).all() def test_domain_creation_super_admin_acronym_sa(self): """ @@ -506,34 +398,40 @@ def test_domain_creation_super_admin_acronym_sa(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ createDomain(org: "SA", url: "sa.create.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == 'Error, you cannot add a domain to this organization.' + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you cannot add a domain to this organization." + ) # Org Admin Tests def test_domain_creation_org_admin(self): @@ -544,52 +442,50 @@ def test_domain_creation_org_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ createDomain(org: "ORG1", url: "admin.create.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['createDomain'] - assert executed['data']['createDomain']['status'] + assert executed["data"] + assert executed["data"]["createDomain"] + assert executed["data"]["createDomain"]["status"] executed = client.execute( - ''' + """ { domain(url: "admin.create.domain.ca") { url } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "domain": [ - { - "url": "admin.create.domain.ca" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"domain": [{"url": "admin.create.domain.ca"}]}} self.assertDictEqual(result_refr, executed) def test_domain_modification_org_admin(self): @@ -600,24 +496,24 @@ def test_domain_modification_org_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateDomain( currentUrl: "admin.update.domain.ca", @@ -626,28 +522,28 @@ def test_domain_modification_org_admin(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['updateDomain'] - assert executed['data']['updateDomain']['status'] + assert executed["data"] + assert executed["data"]["updateDomain"] + assert executed["data"]["updateDomain"]["status"] executed = client.execute( - ''' + """ { domain(url: "updated.admin.update.domain.ca") { url } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { - "data": { - "domain": [ - { - "url": "updated.admin.update.domain.ca" - } - ] - } + "data": {"domain": [{"url": "updated.admin.update.domain.ca"}]} } self.assertDictEqual(result_refr, executed) @@ -659,75 +555,50 @@ def test_domain_removal_org_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ removeDomain(url: "admin.remove.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) - - assert executed['data'] - assert executed['data']['removeDomain'] - assert executed['data']['removeDomain']['status'] - - assert not db_session.query( - Domains - ).filter( - Domains.domain == 'admin.remove.domain.ca' - ).all() - assert not db_session.query( - Scans - ).filter( - Scans.id == 2 - ).all() - assert not db_session.query( - Dkim_scans - ).filter( - Dkim_scans.id == 2 - ).all() - assert not db_session.query( - Dmarc_scans - ).filter( - Dmarc_scans.id == 2 - ).all() - assert not db_session.query( - Https_scans - ).filter( - Https_scans.id == 2 - ).all() - assert not db_session.query( - Mx_scans - ).filter( - Mx_scans.id == 2 - ).all() - assert not db_session.query( - Ssl_scans - ).filter( - Ssl_scans.id == 2 - ).all() - assert not db_session.query( - Spf_scans - ).filter( - Spf_scans.id == 2 - ).all() + """, + context_value=request_headers, + backend=backend, + ) + + assert executed["data"] + assert executed["data"]["removeDomain"] + assert executed["data"]["removeDomain"]["status"] + + assert ( + not db_session.query(Domains) + .filter(Domains.domain == "admin.remove.domain.ca") + .all() + ) + assert not db_session.query(Scans).filter(Scans.id == 2).all() + assert not db_session.query(Dkim_scans).filter(Dkim_scans.id == 2).all() + assert not db_session.query(Dmarc_scans).filter(Dmarc_scans.id == 2).all() + assert not db_session.query(Https_scans).filter(Https_scans.id == 2).all() + assert not db_session.query(Mx_scans).filter(Mx_scans.id == 2).all() + assert not db_session.query(Ssl_scans).filter(Ssl_scans.id == 2).all() + assert not db_session.query(Spf_scans).filter(Spf_scans.id == 2).all() # Different Org Admin def test_domain_creation_diff_org_admin(self): @@ -738,34 +609,40 @@ def test_domain_creation_diff_org_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin2@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ createDomain(org: "ORG1", url: "admin2.create.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to create a domain for that organization" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to create a domain for that organization" + ) def test_domain_modification_diff_org_admin(self): """ @@ -775,24 +652,24 @@ def test_domain_modification_diff_org_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin2@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateDomain( currentUrl: "admin2.update.domain.ca", @@ -801,11 +678,17 @@ def test_domain_modification_diff_org_admin(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to edit domains belonging to another organization" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to edit domains belonging to another organization" + ) def test_domain_removal_diff_org_admin(self): """ @@ -815,34 +698,40 @@ def test_domain_removal_diff_org_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin2@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ removeDomain(url: "admin2.remove.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to remove domains." + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to remove domains." + ) # User Write Tests def test_domain_creation_user_write(self): @@ -853,52 +742,50 @@ def test_domain_creation_user_write(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ createDomain(org: "ORG1", url: "user.write.create.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['createDomain'] - assert executed['data']['createDomain']['status'] + assert executed["data"] + assert executed["data"]["createDomain"] + assert executed["data"]["createDomain"]["status"] executed = client.execute( - ''' + """ { domain(url: "user.write.create.domain.ca") { url } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "domain": [ - { - "url": "user.write.create.domain.ca" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"domain": [{"url": "user.write.create.domain.ca"}]}} self.assertDictEqual(result_refr, executed) def test_domain_modification_user_write(self): @@ -909,24 +796,24 @@ def test_domain_modification_user_write(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateDomain( currentUrl: "user.write.update.domain.ca", @@ -935,28 +822,28 @@ def test_domain_modification_user_write(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['updateDomain'] - assert executed['data']['updateDomain']['status'] + assert executed["data"] + assert executed["data"]["updateDomain"] + assert executed["data"]["updateDomain"]["status"] executed = client.execute( - ''' + """ { domain(url: "updated.user.write.update.domain.ca") { url } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { - "data": { - "domain": [ - { - "url": "updated.user.write.update.domain.ca" - } - ] - } + "data": {"domain": [{"url": "updated.user.write.update.domain.ca"}]} } self.assertDictEqual(result_refr, executed) @@ -968,88 +855,66 @@ def test_domain_removal_user_write(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ removeDomain(url: "user.write.remove.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['removeDomain'] - assert executed['data']['removeDomain']['status'] + assert executed["data"] + assert executed["data"]["removeDomain"] + assert executed["data"]["removeDomain"]["status"] executed = client.execute( - ''' + """ { domain(url: "user.write.remove.domain.ca") { url } } - ''', context_value=request_headers, backend=backend) - - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, domain does not exist" - - assert not db_session.query( - Domains - ).filter( - Domains.domain == 'user.write.remove.domain.ca' - ).all() - assert not db_session.query( - Scans - ).filter( - Scans.id == 3 - ).all() - assert not db_session.query( - Dkim_scans - ).filter( - Dkim_scans.id == 3 - ).all() - assert not db_session.query( - Dmarc_scans - ).filter( - Dmarc_scans.id == 3 - ).all() - assert not db_session.query( - Https_scans - ).filter( - Https_scans.id == 3 - ).all() - assert not db_session.query( - Mx_scans - ).filter( - Mx_scans.id == 3 - ).all() - assert not db_session.query( - Ssl_scans - ).filter( - Ssl_scans.id == 3 - ).all() - assert not db_session.query( - Spf_scans - ).filter( - Spf_scans.id == 3 - ).all() + """, + context_value=request_headers, + backend=backend, + ) + + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == "Error, domain does not exist" + + assert ( + not db_session.query(Domains) + .filter(Domains.domain == "user.write.remove.domain.ca") + .all() + ) + assert not db_session.query(Scans).filter(Scans.id == 3).all() + assert not db_session.query(Dkim_scans).filter(Dkim_scans.id == 3).all() + assert not db_session.query(Dmarc_scans).filter(Dmarc_scans.id == 3).all() + assert not db_session.query(Https_scans).filter(Https_scans.id == 3).all() + assert not db_session.query(Mx_scans).filter(Mx_scans.id == 3).all() + assert not db_session.query(Ssl_scans).filter(Ssl_scans.id == 3).all() + assert not db_session.query(Spf_scans).filter(Spf_scans.id == 3).all() # Different Org User Write def test_domain_creation_diff_org_user_write(self): @@ -1060,34 +925,40 @@ def test_domain_creation_diff_org_user_write(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite2@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ createDomain(org: "ORG1", url: "admin2.create.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to create a domain for that organization" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to create a domain for that organization" + ) def test_domain_modification_diff_org_user_write(self): """ @@ -1097,24 +968,24 @@ def test_domain_modification_diff_org_user_write(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite2@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateDomain( currentUrl: "user2.write.update.domain.ca", @@ -1123,11 +994,17 @@ def test_domain_modification_diff_org_user_write(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to edit domains belonging to another organization" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to edit domains belonging to another organization" + ) def test_domain_removal_diff_org_user_write(self): """ @@ -1137,34 +1014,40 @@ def test_domain_removal_diff_org_user_write(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite2@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ removeDomain(url: "user2.write.remove.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to remove domains." + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to remove domains." + ) # Different Org User Read def test_domain_creation_org_user_read(self): @@ -1175,34 +1058,40 @@ def test_domain_creation_org_user_read(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ createDomain(org: "ORG1", url: "user.read.create.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to create a domain for that organization" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to create a domain for that organization" + ) def test_domain_modification_org_user_read(self): """ @@ -1212,24 +1101,24 @@ def test_domain_modification_org_user_read(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateDomain( currentUrl: "user.read.update.domain.ca", @@ -1238,11 +1127,17 @@ def test_domain_modification_org_user_read(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to edit domains belonging to another organization" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to edit domains belonging to another organization" + ) def test_domain_removal_org_user_read(self): """ @@ -1252,31 +1147,37 @@ def test_domain_removal_org_user_read(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ removeDomain(url: "user.read.remove.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to remove domains." + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to remove domains." + ) diff --git a/api/tests/test_domains_resolver_access_control.py b/api/tests/test_domains_resolver_access_control.py index 5ad9f143ea..4ffd527dca 100644 --- a/api/tests/test_domains_resolver_access_control.py +++ b/api/tests/test_domains_resolver_access_control.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -13,83 +9,52 @@ from queries import schema from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') -def domain_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def domain_test_db_init(): with app.app_context(): test_user = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) org = Organizations( - id=1, - acronym='ORG1', - org_tags={ - "description": 'Organization 1' - } + id=1, acronym="ORG1", org_tags={"description": "Organization 1"} ) db_session.add(org) org = Organizations( - id=2, - acronym='ORG2', - org_tags={ - "description": 'Organization 2' - } + id=2, acronym="ORG2", org_tags={"description": "Organization 2"} ) db_session.add(org) org = Organizations( - id=3, - acronym='ORG3', - org_tags={ - "description": 'Organization 3' - } + id=3, acronym="ORG3", org_tags={"description": "Organization 3"} ) db_session.add(org) test_admin_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=2, - organization_id=1, - permission='super_admin' + user_id=2, organization_id=1, permission="super_admin" ) db_session.add(test_admin_role) - domain = Domains( - id=1, - domain='somecooldomain.ca', - organization_id=1 - ) + domain = Domains(id=1, domain="somecooldomain.ca", organization_id=1) db_session.add(domain) - domain = Domains( - id=2, - domain='anothercooldomain.ca', - organization_id=1 - ) + domain = Domains(id=2, domain="anothercooldomain.ca", organization_id=1) db_session.add(domain) - domain = Domains( - id=3, - domain='somelamedomain.ca', - organization_id=2 - ) + domain = Domains(id=3, domain="somelamedomain.ca", organization_id=2) db_session.add(domain) db_session.commit() @@ -103,7 +68,7 @@ def domain_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('domain_test_db_init') +@pytest.mark.usefixtures("domain_test_db_init") class TestDomainsResolver(TestCase): # Super Admin Tests def test_get_domain_resolvers_by_url_super_admin_single_node(self): @@ -112,40 +77,35 @@ def test_get_domain_resolvers_by_url_super_admin_single_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "somelamedomain.ca") { url } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "domain": [ - { - "url": "somelamedomain.ca" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"domain": [{"url": "somelamedomain.ca"}]}} self.assertDictEqual(result_refr, executed) def test_get_domain_resolvers_by_org_super_admin_single_node(self): @@ -157,25 +117,25 @@ def test_get_domain_resolvers_by_org_super_admin_single_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domains(organization: "ORG2") { edges { @@ -185,19 +145,12 @@ def test_get_domain_resolvers_by_org_super_admin_single_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { - "data": { - "domains": { - "edges": [ - { - "node": { - "url": "somelamedomain.ca" - } - } - ] - } - } + "data": {"domains": {"edges": [{"node": {"url": "somelamedomain.ca"}}]}} } self.assertDictEqual(result_refr, executed) @@ -209,25 +162,25 @@ def test_get_domain_resolvers_by_org_super_admin_multi_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domains(organization: "ORG1") { edges { @@ -237,21 +190,16 @@ def test_get_domain_resolvers_by_org_super_admin_multi_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "domains": { "edges": [ - { - "node": { - "url": "somecooldomain.ca" - } - }, - { - "node": { - "url": "anothercooldomain.ca" - } - } + {"node": {"url": "somecooldomain.ca"}}, + {"node": {"url": "anothercooldomain.ca"}}, ] } } @@ -266,34 +214,37 @@ def test_get_domain_resolvers_by_url_super_admin_invalid_domain(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "google.ca") { url } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, domain does not exist" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == "Error, domain does not exist" def test_get_domain_resolvers_by_org_super_admin_org_no_domains(self): """ @@ -303,25 +254,25 @@ def test_get_domain_resolvers_by_org_super_admin_org_no_domains(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domains(organization: "ORG3") { edges { @@ -331,10 +282,16 @@ def test_get_domain_resolvers_by_org_super_admin_org_no_domains(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, no domains associated with that organization" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, no domains associated with that organization" + ) # User read tests def test_get_domain_resolvers_by_url_user_read_single_node(self): @@ -346,40 +303,35 @@ def test_get_domain_resolvers_by_url_user_read_single_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "somecooldomain.ca") { url } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "domain": [ - { - "url": "somecooldomain.ca" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"domain": [{"url": "somecooldomain.ca"}]}} self.assertDictEqual(result_refr, executed) def test_get_domain_resolvers_by_org_user_read_multi_node(self): @@ -391,25 +343,25 @@ def test_get_domain_resolvers_by_org_user_read_multi_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domains(organization: "ORG1") { edges { @@ -419,21 +371,16 @@ def test_get_domain_resolvers_by_org_user_read_multi_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "domains": { "edges": [ - { - "node": { - "url": "somecooldomain.ca" - } - }, - { - "node": { - "url": "anothercooldomain.ca" - } - } + {"node": {"url": "somecooldomain.ca"}}, + {"node": {"url": "anothercooldomain.ca"}}, ] } } @@ -449,34 +396,40 @@ def test_get_domain_resolvers_by_url_user_read_no_access(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "somelamedomain.ca") { url } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to view that domain" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to view that domain" + ) def test_get_domain_resolvers_by_org_user_read_no_access(self): """ @@ -487,25 +440,25 @@ def test_get_domain_resolvers_by_org_user_read_no_access(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domains(organization: "ORG2") { edges { @@ -515,10 +468,16 @@ def test_get_domain_resolvers_by_org_user_read_no_access(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to view that organization" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to view that organization" + ) def test_get_domain_resolvers_by_url_user_read_invalid_domain(self): """ @@ -529,34 +488,37 @@ def test_get_domain_resolvers_by_url_user_read_invalid_domain(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "google.ca") { url } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, domain does not exist" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == "Error, domain does not exist" def test_get_domain_resolvers_by_org_user_read_org_no_domains(self): """ @@ -567,25 +529,25 @@ def test_get_domain_resolvers_by_org_user_read_org_no_domains(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domains(organization: "ORG3") { edges { @@ -595,7 +557,13 @@ def test_get_domain_resolvers_by_org_user_read_org_no_domains(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to view that organization" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to view that organization" + ) diff --git a/api/tests/test_domains_resolver_values.py b/api/tests/test_domains_resolver_values.py index ea632356cd..e1bcfa9067 100644 --- a/api/tests/test_domains_resolver_values.py +++ b/api/tests/test_domains_resolver_values.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -23,51 +19,35 @@ Https_scans, Mx_scans, Spf_scans, - Ssl_scans + Ssl_scans, ) -@pytest.fixture(scope='class') +@pytest.fixture(scope="class") def domain_test_db_init(): - bcrypt = Bcrypt(app) with app.app_context(): test_user = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) org = Organizations( - id=1, - acronym='ORG1', - org_tags={ - "description": 'Organization 1' - } + id=1, acronym="ORG1", org_tags={"description": "Organization 1"} ) db_session.add(org) test_user_read_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_user_read_role) - domain = Domains( - id=1, - domain='accurateplastics.com', - organization_id=1 - ) + domain = Domains(id=1, domain="accurateplastics.com", organization_id=1) db_session.add(domain) - domain = Domains( - id=2, - domain='addisonfoods.com', - organization_id=1 - ) + domain = Domains(id=2, domain="addisonfoods.com", organization_id=1) db_session.add(domain) test_dmarc_report = Dmarc_Reports( @@ -86,7 +66,7 @@ def domain_test_db_init(): "end_date": "2018-10-01 13:07:12", "errors": [ "Invalid XML: not well-formed (invalid token): line 5, column 17" - ] + ], }, "policy_published": { "domain": "example.com", @@ -95,7 +75,7 @@ def domain_test_db_init(): "p": "none", "sp": "reject", "pct": "100", - "fo": "0" + "fo": "0", }, "records": [ { @@ -103,46 +83,36 @@ def domain_test_db_init(): "ip_address": "12.20.127.122", "country": "US", "reverse_dns": "null", - "base_domain": "null" + "base_domain": "null", }, "count": 1, - "alignment": { - "spf": False, - "dkim": False, - "dmarc": False - }, + "alignment": {"spf": False, "dkim": False, "dmarc": False}, "policy_evaluated": { "disposition": "none", "dkim": "fail", "spf": "fail", - "policy_override_reasons": [ - "TESTING TEXT" - ] + "policy_override_reasons": ["TESTING TEXT"], }, "identifiers": { "header_from": "example.com", "envelope_from": "null", - "envelope_to": "null" + "envelope_to": "null", }, "auth_results": { "dkim": [ { "domain": "toptierhighticket.club", "selector": "default", - "result": "pass" + "result": "pass", } ], "spf": [ - { - "domain": "null", - "scope": "mfrom", - "result": "none" - } - ] - } + {"domain": "null", "scope": "mfrom", "result": "none"} + ], + }, } - ] - } + ], + }, ) db_session.add(test_dmarc_report) db_session.commit() @@ -165,7 +135,7 @@ def domain_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('domain_test_db_init') +@pytest.mark.usefixtures("domain_test_db_init") class TestDomainsResolver(TestCase): def test_get_domain_resolver_dmarc_report(self): """ @@ -175,25 +145,25 @@ def test_get_domain_resolver_dmarc_report(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "accurateplastics.com") { url @@ -256,8 +226,11 @@ def test_get_domain_resolver_dmarc_report(self): } } } - ''', context_value=request_headers, backend=backend) - result_refr ={ + """, + context_value=request_headers, + backend=backend, + ) + result_refr = { "data": { "domain": [ { @@ -280,7 +253,7 @@ def test_get_domain_resolver_dmarc_report(self): "p": "none", "sp": "reject", "pct": 100, - "fo": 0 + "fo": 0, }, "records": [ { @@ -289,12 +262,12 @@ def test_get_domain_resolver_dmarc_report(self): "ipAddress": "12.20.127.122", "country": "US", "reverseDns": "null", - "baseDomain": "null" + "baseDomain": "null", }, "alignment": { "spf": False, "dkim": False, - "dmarc": False + "dmarc": False, }, "policyEvaluated": { "disposition": "none", @@ -302,35 +275,35 @@ def test_get_domain_resolver_dmarc_report(self): "spf": "fail", "policyOverrideReasons": [ "TESTING TEXT" - ] + ], }, "identifiers": { "headerFrom": "example.com", "envelopeFrom": "null", - "envelopeTo": "null" + "envelopeTo": "null", }, "authResults": { "dkim": [ { "domain": "toptierhighticket.club", "selector": "default", - "result": "pass" + "result": "pass", } ], "spf": [ { "domain": "null", "scope": "mfrom", - "result": "none" + "result": "none", } - ] - } + ], + }, } - ] + ], } } ] - } + }, } ] } @@ -345,25 +318,25 @@ def test_get_domain_resolver_dmarc_report_in_date_range(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "accurateplastics.com") { url @@ -426,8 +399,11 @@ def test_get_domain_resolver_dmarc_report_in_date_range(self): } } } - ''', context_value=request_headers, backend=backend) - result_refr ={ + """, + context_value=request_headers, + backend=backend, + ) + result_refr = { "data": { "domain": [ { @@ -450,7 +426,7 @@ def test_get_domain_resolver_dmarc_report_in_date_range(self): "p": "none", "sp": "reject", "pct": 100, - "fo": 0 + "fo": 0, }, "records": [ { @@ -459,12 +435,12 @@ def test_get_domain_resolver_dmarc_report_in_date_range(self): "ipAddress": "12.20.127.122", "country": "US", "reverseDns": "null", - "baseDomain": "null" + "baseDomain": "null", }, "alignment": { "spf": False, "dkim": False, - "dmarc": False + "dmarc": False, }, "policyEvaluated": { "disposition": "none", @@ -472,35 +448,35 @@ def test_get_domain_resolver_dmarc_report_in_date_range(self): "spf": "fail", "policyOverrideReasons": [ "TESTING TEXT" - ] + ], }, "identifiers": { "headerFrom": "example.com", "envelopeFrom": "null", - "envelopeTo": "null" + "envelopeTo": "null", }, "authResults": { "dkim": [ { "domain": "toptierhighticket.club", "selector": "default", - "result": "pass" + "result": "pass", } ], "spf": [ { "domain": "null", "scope": "mfrom", - "result": "none" + "result": "none", } - ] - } + ], + }, } - ] + ], } } ] - } + }, } ] } @@ -515,25 +491,25 @@ def test_get_domain_resolver_dmarc_report_out_of_date_range(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "accurateplastics.com") { url @@ -596,10 +572,16 @@ def test_get_domain_resolver_dmarc_report_out_of_date_range(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, no reports for that domain in that date range." + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, no reports for that domain in that date range." + ) def test_get_domain_resolver_dmarc_report_domain_missing_report(self): """ @@ -609,25 +591,25 @@ def test_get_domain_resolver_dmarc_report_domain_missing_report(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "addisonfoods.com") { url @@ -690,10 +672,15 @@ def test_get_domain_resolver_dmarc_report_domain_missing_report(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == 'Error, no reports for that domain.' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] == "Error, no reports for that domain." + ) def test_get_domain_resolver_dmarc_report_no_start_date(self): """ @@ -703,25 +690,25 @@ def test_get_domain_resolver_dmarc_report_no_start_date(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "addisonfoods.com") { url @@ -784,10 +771,16 @@ def test_get_domain_resolver_dmarc_report_no_start_date(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == 'Error, both start and end dates are required.' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, both start and end dates are required." + ) def test_get_domain_resolver_dmarc_report_no_end_date(self): """ @@ -797,25 +790,25 @@ def test_get_domain_resolver_dmarc_report_no_end_date(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "addisonfoods.com") { url @@ -878,7 +871,13 @@ def test_get_domain_resolver_dmarc_report_no_end_date(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == 'Error, both start and end dates are required.' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, both start and end dates are required." + ) diff --git a/api/tests/test_organization_mutations.py b/api/tests/test_organization_mutations.py index bc4fe7c607..52596f772f 100644 --- a/api/tests/test_organization_mutations.py +++ b/api/tests/test_organization_mutations.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -22,161 +18,126 @@ Https_scans, Mx_scans, Spf_scans, - Ssl_scans + Ssl_scans, ) -@pytest.fixture(scope='class') -def organization_mutation_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def organization_mutation_db_init(): with app.app_context(): test_super_admin = Users( id=1, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) test_admin = Users( id=2, display_name="testadmin", user_name="testadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_write = Users( id=3, display_name="testuserwrite", user_name="testuserwrite@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_write) test_read = Users( id=4, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_read) # Super Admin Test Values - sa_org = Organizations( - acronym='SA' - ) + sa_org = Organizations(acronym="SA") db_session.add(sa_org) db_session.commit() - org_orm = db_session.query(Organizations).filter( - Organizations.acronym == 'SA' - ).first() + org_orm = ( + db_session.query(Organizations) + .filter(Organizations.acronym == "SA") + .first() + ) sa_user_aff = User_affiliations( - organization_id=org_orm.id, - user_id=1, - permission='super_admin' + organization_id=org_orm.id, user_id=1, permission="super_admin" ) db_session.add(sa_user_aff) db_session.commit() - sa_check_org = Organizations( - acronym="SA_CHECK" - ) + sa_check_org = Organizations(acronym="SA_CHECK") db_session.add(sa_check_org) - sa_update_org = Organizations( - acronym="SA_UPDATE" - ) + sa_update_org = Organizations(acronym="SA_UPDATE") db_session.add(sa_update_org) - sa_delete_org = Organizations( - acronym="SA_DELETE" - ) + sa_delete_org = Organizations(acronym="SA_DELETE") db_session.add(sa_delete_org) db_session.commit() - org_orm = db_session.query(Organizations).filter( - Organizations.acronym == 'SA_DELETE' - ).first() - sa_domain = Domains( - id=1, - organization_id=org_orm.id + org_orm = ( + db_session.query(Organizations) + .filter(Organizations.acronym == "SA_DELETE") + .first() ) + sa_domain = Domains(id=1, organization_id=org_orm.id) db_session.add(sa_domain) - sa_scan = Scans( - id=1, - domain_id=1 - ) + sa_scan = Scans(id=1, domain_id=1) db_session.add(sa_scan) db_session.commit() - sa_dkim = Dkim_scans( - id=1 - ) + sa_dkim = Dkim_scans(id=1) db_session.add(sa_dkim) - sa_dmarc = Dmarc_scans( - id=1 - ) + sa_dmarc = Dmarc_scans(id=1) db_session.add(sa_dmarc) - sa_https = Https_scans( - id=1 - ) + sa_https = Https_scans(id=1) db_session.add(sa_https) - sa_mx = Mx_scans( - id=1 - ) + sa_mx = Mx_scans(id=1) db_session.add(sa_mx) - sa_spf = Spf_scans( - id=1 - ) + sa_spf = Spf_scans(id=1) db_session.add(sa_spf) - sa_ssl = Ssl_scans( - id=1 - ) + sa_ssl = Ssl_scans(id=1) db_session.add(sa_ssl) db_session.commit() # Admin Db Inserts - admin_org = Organizations( - acronym="ADMIN_ORG" - ) + admin_org = Organizations(acronym="ADMIN_ORG") db_session.add(admin_org) db_session.commit() - org_orm = db_session.query(Organizations).filter( - Organizations.acronym == 'ADMIN_ORG' - ).first() + org_orm = ( + db_session.query(Organizations) + .filter(Organizations.acronym == "ADMIN_ORG") + .first() + ) admin_aff = User_affiliations( - organization_id=org_orm.id, - user_id=2, - permission='admin' + organization_id=org_orm.id, user_id=2, permission="admin" ) db_session.add(admin_aff) # User Write Db Inserts - user_write_org = Organizations( - acronym="USER_W_ORG" - ) + user_write_org = Organizations(acronym="USER_W_ORG") db_session.add(user_write_org) db_session.commit() - org_orm = db_session.query(Organizations).filter( - Organizations.acronym == 'USER_W_ORG' - ).first() + org_orm = ( + db_session.query(Organizations) + .filter(Organizations.acronym == "USER_W_ORG") + .first() + ) user_write_aff = User_affiliations( - organization_id=org_orm.id, - user_id=3, - permission='user_write' + organization_id=org_orm.id, user_id=3, permission="user_write" ) db_session.add(user_write_aff) # User Read Db Inserts - user_read_org = Organizations( - acronym="USER_R_ORG" - ) + user_read_org = Organizations(acronym="USER_R_ORG") db_session.add(user_read_org) db_session.commit() - org_orm = db_session.query(Organizations).filter( - Organizations.acronym == 'USER_R_ORG' - ).first() + org_orm = ( + db_session.query(Organizations) + .filter(Organizations.acronym == "USER_R_ORG") + .first() + ) user_read_aff = User_affiliations( - organization_id=org_orm.id, - user_id=4, - permission='user_read' + organization_id=org_orm.id, user_id=4, permission="user_read" ) db_session.add(user_read_aff) db_session.commit() @@ -198,7 +159,7 @@ def organization_mutation_db_init(): db_session.commit() -@pytest.mark.usefixtures('organization_mutation_db_init') +@pytest.mark.usefixtures("organization_mutation_db_init") class TestOrganizationMutations(TestCase): # Super Admin Tests def test_sa_org_mutation_create_org(self): @@ -209,25 +170,25 @@ def test_sa_org_mutation_create_org(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { createOrganization( acronym: "TEST_ORG" @@ -240,14 +201,17 @@ def test_sa_org_mutation_create_org(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['createOrganization'] - assert executed['data']['createOrganization']['status'] + assert executed["data"] + assert executed["data"]["createOrganization"] + assert executed["data"]["createOrganization"]["status"] executed = client.execute( - ''' + """ { organization(org: "TEST_ORG") { edges { @@ -262,7 +226,10 @@ def test_sa_org_mutation_create_org(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "organization": { @@ -274,7 +241,7 @@ def test_sa_org_mutation_create_org(self): "zone": "Test Zone", "sector": "Test Sector", "province": "Nova Scotia", - "city": "Halifax" + "city": "Halifax", } } ] @@ -291,25 +258,25 @@ def test_sa_org_mutation_create_org_already_exists(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { createOrganization( acronym: "SA_CHECK" @@ -322,11 +289,16 @@ def test_sa_org_mutation_create_org_already_exists(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, Organization alredy exists" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] == "Error, Organization alredy exists" + ) def test_sa_org_mutation_update_org(self): """ @@ -336,25 +308,25 @@ def test_sa_org_mutation_update_org(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { updateOrganization( acronym: "TEST_ORG" @@ -368,14 +340,17 @@ def test_sa_org_mutation_update_org(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['updateOrganization'] - assert executed['data']['updateOrganization']['status'] + assert executed["data"] + assert executed["data"]["updateOrganization"] + assert executed["data"]["updateOrganization"]["status"] executed = client.execute( - ''' + """ { organization(org: "NEW_ORG") { edges { @@ -390,7 +365,10 @@ def test_sa_org_mutation_update_org(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "organization": { @@ -402,7 +380,7 @@ def test_sa_org_mutation_update_org(self): "zone": "Test Zone", "sector": "Test Sector", "province": "Nova Scotia", - "city": "Halifax" + "city": "Halifax", } } ] @@ -419,25 +397,25 @@ def test_sa_org_mutation_update_org_acronym_already_in_use(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { updateOrganization( acronym: "SA_UPDATE" @@ -451,11 +429,14 @@ def test_sa_org_mutation_update_org_acronym_already_in_use(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, acronym already in use." + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == "Error, acronym already in use." def test_sa_org_mutation_update_org_does_not_exist(self): """ @@ -465,25 +446,25 @@ def test_sa_org_mutation_update_org_does_not_exist(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { updateOrganization( acronym: "TEST_ORG" @@ -497,11 +478,17 @@ def test_sa_org_mutation_update_org_does_not_exist(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, organization does not exist." + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, organization does not exist." + ) def test_sa_org_mutation_remove_org(self): """ @@ -511,29 +498,32 @@ def test_sa_org_mutation_remove_org(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) - org_id = db_session.query(Organizations).filter( - Organizations.acronym == 'SA_DELETE' - ).first().id + org_id = ( + db_session.query(Organizations) + .filter(Organizations.acronym == "SA_DELETE") + .first() + .id + ) executed = client.execute( - ''' + """ mutation { removeOrganization( acronym: "SA_DELETE" @@ -541,20 +531,27 @@ def test_sa_org_mutation_remove_org(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['removeOrganization'] - assert executed['data']['removeOrganization']['status'] + assert executed["data"] + assert executed["data"]["removeOrganization"] + assert executed["data"]["removeOrganization"]["status"] - check_org_orm = db_session.query(Organizations).filter( - Organizations.acronym == 'SA_DELETE' - ).first() + check_org_orm = ( + db_session.query(Organizations) + .filter(Organizations.acronym == "SA_DELETE") + .first() + ) assert check_org_orm is None - check_user_aff = db_session.query(User_affiliations).filter( - User_affiliations.organization_id == org_id - ).all() + check_user_aff = ( + db_session.query(User_affiliations) + .filter(User_affiliations.organization_id == org_id) + .all() + ) assert not check_user_aff assert not db_session.query(Domains).all() @@ -574,25 +571,25 @@ def test_sa_org_mutation_remove_org_sa_org(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { removeOrganization( acronym: "SA" @@ -600,11 +597,17 @@ def test_sa_org_mutation_remove_org_sa_org(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you cannot remove this organization" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you cannot remove this organization" + ) def test_sa_org_mutation_remove_org_does_not_exist(self): """ @@ -614,25 +617,25 @@ def test_sa_org_mutation_remove_org_does_not_exist(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { removeOrganization( acronym: "RANDOM" @@ -640,11 +643,16 @@ def test_sa_org_mutation_remove_org_does_not_exist(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, organization does not exist" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] == "Error, organization does not exist" + ) # Admin Test def test_admin_org_mutation_create_org_fail(self): @@ -655,25 +663,25 @@ def test_admin_org_mutation_create_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { createOrganization( acronym: "ADMIN_NEW" @@ -686,11 +694,17 @@ def test_admin_org_mutation_create_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to create organizations" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to create organizations" + ) def test_admin_org_mutation_update_org_fail(self): """ @@ -700,25 +714,25 @@ def test_admin_org_mutation_update_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { updateOrganization( acronym: "ADMIN_ORG" @@ -731,11 +745,17 @@ def test_admin_org_mutation_update_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to update organizations" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to update organizations" + ) def test_admin_org_mutation_remove_org_fail(self): """ @@ -745,25 +765,25 @@ def test_admin_org_mutation_remove_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { removeOrganization( acronym: "ADMIN_ORG" @@ -771,11 +791,17 @@ def test_admin_org_mutation_remove_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to remove organizations." + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to remove organizations." + ) # User Write Test def test_user_write_org_mutation_create_org_fail(self): @@ -786,25 +812,25 @@ def test_user_write_org_mutation_create_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { createOrganization( acronym: "USER_W_NEW" @@ -817,11 +843,17 @@ def test_user_write_org_mutation_create_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to create organizations" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to create organizations" + ) def test_user_write_org_mutation_update_org_fail(self): """ @@ -831,25 +863,25 @@ def test_user_write_org_mutation_update_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { updateOrganization( acronym: "USER_W_ORG" @@ -862,11 +894,17 @@ def test_user_write_org_mutation_update_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to update organizations" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to update organizations" + ) def test_user_write_org_mutation_remove_org_fail(self): """ @@ -876,25 +914,25 @@ def test_user_write_org_mutation_remove_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { removeOrganization( acronym: "USER_W_ORG" @@ -902,11 +940,17 @@ def test_user_write_org_mutation_remove_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to remove organizations." + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to remove organizations." + ) # User Read Test def test_user_read_org_mutation_create_org_fail(self): @@ -917,25 +961,25 @@ def test_user_read_org_mutation_create_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { createOrganization( acronym: "USER_R_NEW" @@ -948,11 +992,17 @@ def test_user_read_org_mutation_create_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to create organizations" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to create organizations" + ) def test_user_read_org_mutation_update_org_fail(self): """ @@ -962,25 +1012,25 @@ def test_user_read_org_mutation_update_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { updateOrganization( acronym: "USER_R_ORG" @@ -993,11 +1043,17 @@ def test_user_read_org_mutation_update_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to update organizations" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to update organizations" + ) def test_user_read_org_mutation_remove_org_fail(self): """ @@ -1007,25 +1063,25 @@ def test_user_read_org_mutation_remove_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { removeOrganization( acronym: "USER_R_ORG" @@ -1033,8 +1089,14 @@ def test_user_read_org_mutation_remove_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to remove organizations." + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to remove organizations." + ) diff --git a/api/tests/test_organization_resolver_access_control.py b/api/tests/test_organization_resolver_access_control.py index 425fce8858..9b539ceae6 100644 --- a/api/tests/test_organization_resolver_access_control.py +++ b/api/tests/test_organization_resolver_access_control.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -13,63 +9,44 @@ from queries import schema from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') -def org_perm_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def org_perm_test_db_init(): with app.app_context(): test_user = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) org = Organizations( - id=1, - acronym='ORG1', - org_tags={ - "description": 'Organization 1' - } + id=1, acronym="ORG1", org_tags={"description": "Organization 1"} ) db_session.add(org) org = Organizations( - id=2, - acronym='ORG2', - org_tags={ - "description": 'Organization 2' - } + id=2, acronym="ORG2", org_tags={"description": "Organization 2"} ) db_session.add(org) org = Organizations( - id=3, - acronym='ORG3', - org_tags={ - "description": 'Organization 3' - } + id=3, acronym="ORG3", org_tags={"description": "Organization 3"} ) db_session.add(org) test_admin_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=2, - organization_id=1, - permission='super_admin' + user_id=2, organization_id=1, permission="super_admin" ) db_session.add(test_admin_role) db_session.commit() @@ -83,7 +60,7 @@ def org_perm_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('org_perm_test_db_init') +@pytest.mark.usefixtures("org_perm_test_db_init") class TestOrgResolverWithOrgs(TestCase): # Super Admin Tests def test_get_org_resolvers_by_org_super_admin_single_node(self): @@ -94,25 +71,25 @@ def test_get_org_resolvers_by_org_super_admin_single_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organization(org: "ORG1") { edges { @@ -122,19 +99,12 @@ def test_get_org_resolvers_by_org_super_admin_single_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { - "data": { - "organization": { - "edges": [ - { - "node": { - "acronym": "ORG1" - } - } - ] - } - } + "data": {"organization": {"edges": [{"node": {"acronym": "ORG1"}}]}} } self.assertDictEqual(result_refr, executed) @@ -146,25 +116,25 @@ def test_get_org_resolvers_super_admin_multi_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organizations { edges { @@ -174,26 +144,17 @@ def test_get_org_resolvers_super_admin_multi_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "organizations": { "edges": [ - { - "node": { - "acronym": "ORG1" - } - }, - { - "node": { - "acronym": "ORG2" - } - }, - { - "node": { - "acronym": "ORG3" - } - } + {"node": {"acronym": "ORG1"}}, + {"node": {"acronym": "ORG2"}}, + {"node": {"acronym": "ORG3"}}, ] } } @@ -210,25 +171,25 @@ def test_get_org_resolvers_by_org_user_read_single_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organization(org: "ORG1") { edges { @@ -238,19 +199,12 @@ def test_get_org_resolvers_by_org_user_read_single_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { - "data": { - "organization": { - "edges": [ - { - "node": { - "acronym": "ORG1" - } - } - ] - } - } + "data": {"organization": {"edges": [{"node": {"acronym": "ORG1"}}]}} } self.assertDictEqual(result_refr, executed) @@ -263,25 +217,25 @@ def test_get_org_resolvers_by_org_user_read_multi_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organizations { edges { @@ -291,19 +245,12 @@ def test_get_org_resolvers_by_org_user_read_multi_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { - "data": { - "organizations": { - "edges": [ - { - "node": { - "acronym": "ORG1" - } - } - ] - } - } + "data": {"organizations": {"edges": [{"node": {"acronym": "ORG1"}}]}} } self.assertDictEqual(result_refr, executed) @@ -316,25 +263,25 @@ def test_get_org_resolvers_by_org_user_read_no_access(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organization(org: "ORG2") { edges { @@ -344,29 +291,30 @@ def test_get_org_resolvers_by_org_user_read_no_access(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to view that organization" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to view that organization" + ) -@pytest.fixture(scope='class') +@pytest.fixture(scope="class") def org_no_perm_test_db_init(): - bcrypt = Bcrypt(app) with app.app_context(): test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) - test_admin_role = User_affiliations( - user_id=2, - permission='super_admin' - ) + test_admin_role = User_affiliations(user_id=2, permission="super_admin") db_session.add(test_admin_role) db_session.commit() @@ -378,9 +326,8 @@ def org_no_perm_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('org_no_perm_test_db_init') +@pytest.mark.usefixtures("org_no_perm_test_db_init") class TestOrgResolverWithoutOrgs(TestCase): - def test_get_org_resolvers_super_admin_no_orgs(self): """ Test org resolver by organization as a super admin, no orgs exist @@ -389,25 +336,25 @@ def test_get_org_resolvers_super_admin_no_orgs(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organizations { edges { @@ -417,10 +364,13 @@ def test_get_org_resolvers_super_admin_no_orgs(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, no organizations to view" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == "Error, no organizations to view" def test_get_org_resolvers_by_org_super_admin_no_orgs(self): """ @@ -430,25 +380,25 @@ def test_get_org_resolvers_by_org_super_admin_no_orgs(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organization(org: "ORG3"){ edges { @@ -458,7 +408,12 @@ def test_get_org_resolvers_by_org_super_admin_no_orgs(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, organization does not exist" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] == "Error, organization does not exist" + ) diff --git a/api/tests/test_organization_resolver_values.py b/api/tests/test_organization_resolver_values.py index d2074960b3..b228a97595 100644 --- a/api/tests/test_organization_resolver_values.py +++ b/api/tests/test_organization_resolver_values.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -13,95 +9,76 @@ from queries import schema from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') -def org_perm_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def org_perm_test_db_init(): with app.app_context(): test_user = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) org = Organizations( id=1, - acronym='ORG1', + acronym="ORG1", org_tags={ "description": "Organization 1", "zone": "Prov", "sector": "Banking", "province": "Alberta", - "city": "Calgary" - } + "city": "Calgary", + }, ) db_session.add(org) org = Organizations( id=2, - acronym='ORG2', + acronym="ORG2", org_tags={ "description": "Organization 2", "zone": "Muni", "sector": "Transportation", "province": "NS", - "city": "Halifax" - } + "city": "Halifax", + }, ) db_session.add(org) org = Organizations( id=3, - acronym='ORG3', + acronym="ORG3", org_tags={ "description": "Organization 3", "zone": "Federal", "sector": "Arts", "province": "Ontario", - "city": "Toronto" - } + "city": "Toronto", + }, ) db_session.add(org) test_admin_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=2, - organization_id=1, - permission='super_admin' + user_id=2, organization_id=1, permission="super_admin" ) db_session.add(test_admin_role) - domain = Domains( - id=1, - domain='somecooldomain.ca', - organization_id=1 - ) + domain = Domains(id=1, domain="somecooldomain.ca", organization_id=1) db_session.add(domain) - domain = Domains( - id=2, - domain='anothercooldomain.ca', - organization_id=2 - ) + domain = Domains(id=2, domain="anothercooldomain.ca", organization_id=2) db_session.add(domain) - domain = Domains( - id=3, - domain='somelamedomain.ca', - organization_id=3 - ) + domain = Domains(id=3, domain="somelamedomain.ca", organization_id=3) db_session.add(domain) db_session.commit() @@ -115,7 +92,7 @@ def org_perm_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('org_perm_test_db_init') +@pytest.mark.usefixtures("org_perm_test_db_init") class TestOrgResolverWithOrgsAndValues(TestCase): # Super Admin Tests def test_get_org_resolvers_by_org_super_admin_single_node(self): @@ -127,25 +104,25 @@ def test_get_org_resolvers_by_org_super_admin_single_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organization(org: "ORG1") { edges { @@ -177,7 +154,10 @@ def test_get_org_resolvers_by_org_super_admin_single_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "organization": { @@ -192,11 +172,7 @@ def test_get_org_resolvers_by_org_super_admin_single_node(self): "city": "Calgary", "domains": { "edges": [ - { - "node": { - "url": "somecooldomain.ca" - } - } + {"node": {"url": "somecooldomain.ca"}} ] }, "affiliatedUsers": { @@ -206,7 +182,7 @@ def test_get_org_resolvers_by_org_super_admin_single_node(self): "user": { "displayName": "testuserread" }, - "permission": "USER_READ" + "permission": "USER_READ", } }, { @@ -214,11 +190,11 @@ def test_get_org_resolvers_by_org_super_admin_single_node(self): "user": { "displayName": "testsuperadmin" }, - "permission": "SUPER_ADMIN" + "permission": "SUPER_ADMIN", } - } + }, ] - } + }, } } ] @@ -236,25 +212,25 @@ def test_get_org_resolvers_super_admin_multi_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organizations { edges { @@ -286,98 +262,85 @@ def test_get_org_resolvers_super_admin_multi_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { - "data": { - "organizations": { - "edges": [ - { - "node": { - "acronym": "ORG1", - "description": "Organization 1", - "zone": "Prov", - "sector": "Banking", - "province": "Alberta", - "city": "Calgary", - "domains": { - "edges": [ - { - "node": { - "url": "somecooldomain.ca" - } - } - ] - }, - "affiliatedUsers": { - "edges": [ - { - "node": { - "user": { - "displayName": "testuserread" - }, - "permission": "USER_READ" - } - }, - { - "node": { - "user": { - "displayName": "testsuperadmin" - }, - "permission": "SUPER_ADMIN" - } - } - ] - } - } - }, - { - "node": { - "acronym": "ORG2", - "description": "Organization 2", - "zone": "Muni", - "sector": "Transportation", - "province": "NS", - "city": "Halifax", - "domains": { - "edges": [ - { - "node": { - "url": "anothercooldomain.ca" - } + "data": { + "organizations": { + "edges": [ + { + "node": { + "acronym": "ORG1", + "description": "Organization 1", + "zone": "Prov", + "sector": "Banking", + "province": "Alberta", + "city": "Calgary", + "domains": { + "edges": [ + {"node": {"url": "somecooldomain.ca"}} + ] + }, + "affiliatedUsers": { + "edges": [ + { + "node": { + "user": { + "displayName": "testuserread" + }, + "permission": "USER_READ", } - ] - }, - "affiliatedUsers": { - "edges": [] - } - } - }, - { - "node": { - "acronym": "ORG3", - "description": "Organization 3", - "zone": "Federal", - "sector": "Arts", - "province": "Ontario", - "city": "Toronto", - "domains": { - "edges": [ - { - "node": { - "url": "somelamedomain.ca" - } + }, + { + "node": { + "user": { + "displayName": "testsuperadmin" + }, + "permission": "SUPER_ADMIN", } - ] - }, - "affiliatedUsers": { - "edges": [] - } - } + }, + ] + }, } - ] - } + }, + { + "node": { + "acronym": "ORG2", + "description": "Organization 2", + "zone": "Muni", + "sector": "Transportation", + "province": "NS", + "city": "Halifax", + "domains": { + "edges": [ + {"node": {"url": "anothercooldomain.ca"}} + ] + }, + "affiliatedUsers": {"edges": []}, + } + }, + { + "node": { + "acronym": "ORG3", + "description": "Organization 3", + "zone": "Federal", + "sector": "Arts", + "province": "Ontario", + "city": "Toronto", + "domains": { + "edges": [ + {"node": {"url": "somelamedomain.ca"}} + ] + }, + "affiliatedUsers": {"edges": []}, + } + }, + ] } } + } self.assertDictEqual(result_refr, executed) # User read tests @@ -390,25 +353,25 @@ def test_get_org_resolvers_by_org_user_read_single_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organization(org: "ORG1") { edges { @@ -440,7 +403,10 @@ def test_get_org_resolvers_by_org_user_read_single_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "organization": { @@ -455,16 +421,10 @@ def test_get_org_resolvers_by_org_user_read_single_node(self): "city": "Calgary", "domains": { "edges": [ - { - "node": { - "url": "somecooldomain.ca" - } - } + {"node": {"url": "somecooldomain.ca"}} ] }, - "affiliatedUsers": { - "edges": [] - } + "affiliatedUsers": {"edges": []}, } } ] @@ -482,25 +442,25 @@ def test_get_org_resolvers_by_org_user_read_multi_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organizations { edges { @@ -532,7 +492,10 @@ def test_get_org_resolvers_by_org_user_read_multi_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "organizations": { @@ -547,16 +510,10 @@ def test_get_org_resolvers_by_org_user_read_multi_node(self): "city": "Calgary", "domains": { "edges": [ - { - "node": { - "url": "somecooldomain.ca" - } - } + {"node": {"url": "somecooldomain.ca"}} ] }, - "affiliatedUsers": { - "edges": [] - } + "affiliatedUsers": {"edges": []}, } } ] @@ -564,5 +521,3 @@ def test_get_org_resolvers_by_org_user_read_multi_node(self): } } self.assertDictEqual(result_refr, executed) - - diff --git a/api/tests/test_user_access_control.py b/api/tests/test_user_access_control.py index cb1ab9fa6c..634b02031d 100644 --- a/api/tests/test_user_access_control.py +++ b/api/tests/test_user_access_control.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -13,96 +9,71 @@ from queries import schema from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') -def user_resolver_ac_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def user_resolver_ac_test_db_init(): with app.app_context(): test_read = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_read) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) test_admin = Users( id=3, display_name="testadmin", user_name="testadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_admin = Users( id=4, display_name="testadmin2", user_name="testadmin2@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_write = Users( id=5, display_name="testuserwrite", user_name="testuserwrite@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_write) - org = Organizations( - id=1, - acronym='ORG1' - ) + org = Organizations(id=1, acronym="ORG1") db_session.add(org) - org = Organizations( - id=2, - acronym='ORG2' - ) + org = Organizations(id=2, acronym="ORG2") db_session.add(org) - org = Organizations( - id=3, - acronym='ORG3' - ) + org = Organizations(id=3, acronym="ORG3") db_session.add(org) test_user_read_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_user_read_role) test_super_admin_role = User_affiliations( - user_id=2, - organization_id=2, - permission='super_admin' + user_id=2, organization_id=2, permission="super_admin" ) db_session.add(test_super_admin_role) test_admin_role = User_affiliations( - user_id=3, - organization_id=1, - permission='admin' + user_id=3, organization_id=1, permission="admin" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=4, - organization_id=2, - permission='admin' + user_id=4, organization_id=2, permission="admin" ) db_session.add(test_admin_role) test_user_write_role = User_affiliations( - user_id=5, - organization_id=1, - permission='user_write' + user_id=5, organization_id=1, permission="user_write" ) db_session.add(test_user_write_role) db_session.commit() @@ -116,7 +87,7 @@ def user_resolver_ac_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('user_resolver_ac_test_db_init') +@pytest.mark.usefixtures("user_resolver_ac_test_db_init") class TestUserResolverAccessControl(TestCase): # Super Admin Tests def test_get_user_as_super_admin(self): @@ -128,40 +99,35 @@ def test_get_user_as_super_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { user(userName: "testuserread@testemail.ca") { displayName } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "user": [ - { - "displayName": "testuserread" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"user": [{"displayName": "testuserread"}]}} self.assertDictEqual(result_refr, executed) # Admin Same Org @@ -174,40 +140,35 @@ def test_get_user_from_same_org(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { user(userName: "testuserread@testemail.ca") { displayName } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "user": [ - { - "displayName": "testuserread" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"user": [{"displayName": "testuserread"}]}} self.assertDictEqual(result_refr, executed) # Admin different org @@ -220,36 +181,41 @@ def test_get_user_admin_from_different_org(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin2@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { user(userName: "testuserread@testemail.ca") { displayName } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, user does not " \ - "belong to any of your" \ - " organizations" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] == "Error, user does not " + "belong to any of your" + " organizations" + ) # User write tests def test_get_user_user_write(self): @@ -261,34 +227,40 @@ def test_get_user_user_write(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { user(userName: "testuserread@testemail.ca") { displayName } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to view this users information" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to view this users information" + ) # User read tests def test_get_user_user_read(self): @@ -300,31 +272,37 @@ def test_get_user_user_read(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { user(userName: "testuserread@testemail.ca") { displayName } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to view this users information" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to view this users information" + ) diff --git a/api/tests/test_user_mutations.py b/api/tests/test_user_mutations.py index ab35560b50..4d72fe5b3e 100644 --- a/api/tests/test_user_mutations.py +++ b/api/tests/test_user_mutations.py @@ -1,9 +1,5 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pyotp import pytest -from flask_bcrypt import Bcrypt from graphene.test import Client from app import app from db import db_session @@ -12,23 +8,20 @@ from backend.security_check import SecurityAnalysisBackend from functions.error_messages import * -@pytest.fixture(scope='class') -def user_schema_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def user_schema_test_db_init(): with app.app_context(): test_user = Users( display_name="testuser", user_name="testuser@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_admin = Users( display_name="testadmin", user_name="testadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) db_session.commit() @@ -42,7 +35,7 @@ def user_schema_test_db_init(): ## # This class of tests works within the 'createUser' api endpoint -@pytest.mark.usefixtures('user_schema_test_db_init') +@pytest.mark.usefixtures("user_schema_test_db_init") class TestCreateUser: def test_successful_creation(self): """Test that ensures a user can be created successfully using the api endpoint""" @@ -50,7 +43,7 @@ def test_successful_creation(self): backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation{ createUser(displayName:"user-test", userName:"different-email@testemail.ca", password:"testpassword123", confirmPassword:"testpassword123"){ @@ -60,12 +53,17 @@ def test_successful_creation(self): } } } - ''', backend=backend) - assert executed['data'] - assert executed['data']['createUser'] - assert executed['data']['createUser']['user'] - assert executed['data']['createUser']['user']['userName'] == "different-email@testemail.ca" - assert executed['data']['createUser']['user']['displayName'] == "user-test" + """, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["createUser"] + assert executed["data"]["createUser"]["user"] + assert ( + executed["data"]["createUser"]["user"]["userName"] + == "different-email@testemail.ca" + ) + assert executed["data"]["createUser"]["user"]["displayName"] == "user-test" def test_email_address_in_use(self): """Test that ensures each user has a unique email address""" @@ -73,7 +71,7 @@ def test_email_address_in_use(self): backend = SecurityAnalysisBackend() client = Client(schema) executed_first = client.execute( - ''' + """ mutation{ createUser(displayName:"testuser", userName:"testuser@testemail.ca", password:"testpassword123", confirmPassword:"testpassword123"){ @@ -82,9 +80,11 @@ def test_email_address_in_use(self): } } } - ''', backend=backend) + """, + backend=backend, + ) executed = client.execute( - ''' + """ mutation{ createUser(displayName:"testuser", userName:"testuser@testemail.ca", password:"testpassword123", confirmPassword:"testpassword123"){ @@ -93,18 +93,20 @@ def test_email_address_in_use(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == error_email_in_use() + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == error_email_in_use() def test_password_too_short(self): """Test that ensure that a user's password meets the valid length requirements""" backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation{ createUser(displayName:"testuser", userName:"test@test-email.ca", password:"test", confirmPassword:"test"){ user{ @@ -112,18 +114,23 @@ def test_password_too_short(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == error_password_does_not_meet_requirements() + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == error_password_does_not_meet_requirements() + ) def test_passwords_do_not_match(self): """Test to ensure that user password matches their password confirmation""" backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation{ createUser(displayName:"testuser", userName:"test@test-email.ca", password:"A-Val1d-Pa$$word", confirmPassword:"also-A-Val1d-Pa$$word"){ @@ -132,16 +139,18 @@ def test_passwords_do_not_match(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == error_passwords_do_not_match() + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == error_passwords_do_not_match() ## # This class of tests works within the 'updatePassword' api endpoint -@pytest.mark.usefixtures('user_schema_test_db_init') +@pytest.mark.usefixtures("user_schema_test_db_init") class TestUpdatePassword: def test_update_password_success(self): """Test to ensure that a user is returned when their password is updated successfully""" @@ -149,7 +158,7 @@ def test_update_password_success(self): backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation { updatePassword(userName: "testuser@testemail.ca", password: "another-super-long-password", confirmPassword: "another-super-long-password") { @@ -159,20 +168,27 @@ def test_update_password_success(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['data'] - assert executed['data']['updatePassword'] - assert executed['data']['updatePassword']['user'] - assert executed['data']['updatePassword']['user']['userName'] == "testuser@testemail.ca" - assert executed['data']['updatePassword']['user']['displayName'] == "testuser" + assert executed["data"] + assert executed["data"]["updatePassword"] + assert executed["data"]["updatePassword"]["user"] + assert ( + executed["data"]["updatePassword"]["user"]["userName"] + == "testuser@testemail.ca" + ) + assert ( + executed["data"]["updatePassword"]["user"]["displayName"] == "testuser" + ) def test_updated_passwords_do_not_match(self): """Test to ensure that user's new password matches their password confirmation""" backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation { updatePassword(userName: "test@test-email.ca", password: "a-super-long-password", confirmPassword: "another-super-long-password") { @@ -181,18 +197,20 @@ def test_updated_passwords_do_not_match(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == error_passwords_do_not_match() + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == error_passwords_do_not_match() def test_updated_password_too_short(self): """Test that ensure that a user's password meets the valid length requirements""" backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation { updatePassword(userName: "test@test-email.ca", password: "password", confirmPassword: "password") { user { @@ -200,18 +218,23 @@ def test_updated_password_too_short(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == error_password_does_not_meet_requirements() + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == error_password_does_not_meet_requirements() + ) def test_updated_password_no_user_email(self): """Test that ensures an empty string submitted as email will not be accepted""" backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation { updatePassword(userName: "", password: "valid-password", confirmPassword: "valid-password") { user { @@ -219,39 +242,52 @@ def test_updated_password_no_user_email(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == scalar_error_type("email address", "") + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == scalar_error_type( + "email address", "" + ) ## # This class of tests works within the 'authenticateTwoFactor' api endpoint -@pytest.mark.usefixtures('user_schema_test_db_init') +@pytest.mark.usefixtures("user_schema_test_db_init") class TestValidateTwoFactor: def test_successful_validation(self): """Test that ensures a validation is successful when all params are proper""" with app.app_context(): backend = SecurityAnalysisBackend() - totp = pyotp.TOTP('base32secret3232') - otp_code = totp.now() # Generates a code that is valid for 30s. Plenty of time to execute the query + totp = pyotp.TOTP("base32secret3232") + otp_code = ( + totp.now() + ) # Generates a code that is valid for 30s. Plenty of time to execute the query client = Client(schema) executed = client.execute( ''' mutation { - authenticateTwoFactor(userName: "testuser@testemail.ca", otpCode: "''' + otp_code + '''") { + authenticateTwoFactor(userName: "testuser@testemail.ca", otpCode: "''' + + otp_code + + """") { user { userName } } } - ''', backend=backend) - assert executed['data'] - assert executed['data']['authenticateTwoFactor'] - assert executed['data']['authenticateTwoFactor']['user'] - assert executed['data']['authenticateTwoFactor']['user']['userName'] == "testuser@testemail.ca" + """, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["authenticateTwoFactor"] + assert executed["data"]["authenticateTwoFactor"]["user"] + assert ( + executed["data"]["authenticateTwoFactor"]["user"]["userName"] + == "testuser@testemail.ca" + ) def test_user_does_not_exist(self): """Test that an error is raised if the user specified does not exist""" @@ -259,7 +295,7 @@ def test_user_does_not_exist(self): backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation { authenticateTwoFactor(userName: "anotheruser@testemail.ca", otpCode: "000000") { user { @@ -267,19 +303,21 @@ def test_user_does_not_exist(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == error_user_does_not_exist() + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == error_user_does_not_exist() def test_invalid_otp_code(self): """Test that an error is raised if the user specified does not exist""" with app.app_context(): - backend=SecurityAnalysisBackend() + backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation { authenticateTwoFactor(userName: "testuser@testemail.ca", otpCode: "000000") { user { @@ -287,8 +325,10 @@ def test_invalid_otp_code(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == error_otp_code_is_invalid() + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == error_otp_code_is_invalid() diff --git a/api/tests/test_user_roles.py b/api/tests/test_user_roles.py index 8e2946fc73..2d967d2415 100644 --- a/api/tests/test_user_roles.py +++ b/api/tests/test_user_roles.py @@ -1,8 +1,4 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath from graphene.test import Client -from flask_bcrypt import Bcrypt from flask import Request from werkzeug.test import create_environ import pytest @@ -15,45 +11,33 @@ from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') +@pytest.fixture(scope="class") def user_role_test_db_init(): - bcrypt = Bcrypt(app) - with app.app_context(): test_user = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) org = Organizations( - id=1, - acronym='ORG1', - org_tags={ - "description": 'Organization 1' - } + id=1, acronym="ORG1", org_tags={"description": "Organization 1"} ) db_session.add(org) test_admin_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=2, - organization_id=1, - permission='super_admin' + user_id=2, organization_id=1, permission="super_admin" ) db_session.add(test_admin_role) db_session.commit() @@ -67,236 +51,257 @@ def user_role_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('user_role_test_db_init') +@pytest.mark.usefixtures("user_role_test_db_init") class TestUserUpdateWriteRole(TestCase): def test_user_claim_update_to_user_write(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateUserRole(org: "ORG1", role: USER_WRITE, userName:"testuserread@testemail.ca"){ status } } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['updateUserRole'] - assert executed['data']['updateUserRole']['status'] == 'Update Successful' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["updateUserRole"] + assert executed["data"]["updateUserRole"]["status"] == "Update Successful" client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { testUserClaims(org: "ORG1", role: USER_WRITE) } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['testUserClaims'] - assert executed['data']['testUserClaims'] == 'User Passed User Write Claim' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["testUserClaims"] + assert executed["data"]["testUserClaims"] == "User Passed User Write Claim" -@pytest.mark.usefixtures('user_role_test_db_init') +@pytest.mark.usefixtures("user_role_test_db_init") class TestUserUpdateAdminRole(TestCase): def test_user_claim_update_to_admin(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateUserRole(org: "ORG1", role: ADMIN, userName:"testuserread@testemail.ca"){ status } } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['updateUserRole'] - assert executed['data']['updateUserRole']['status'] == 'Update Successful' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["updateUserRole"] + assert executed["data"]["updateUserRole"]["status"] == "Update Successful" client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { testUserClaims(org: "ORG1", role: ADMIN) } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['testUserClaims'] - assert executed['data']['testUserClaims'] == 'User Passed Admin Claim' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["testUserClaims"] + assert executed["data"]["testUserClaims"] == "User Passed Admin Claim" -@pytest.mark.usefixtures('user_role_test_db_init') +@pytest.mark.usefixtures("user_role_test_db_init") class TestUserUpdateSuperAdminRole(TestCase): def test_user_claim_update_to_super_admin(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateUserRole(org: "ORG1", role: SUPER_ADMIN, userName:"testuserread@testemail.ca"){ status } } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['updateUserRole'] - assert executed['data']['updateUserRole']['status'] == 'Update Successful' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["updateUserRole"] + assert executed["data"]["updateUserRole"]["status"] == "Update Successful" client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { testUserClaims(org: "ORG1", role: SUPER_ADMIN) } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['testUserClaims'] - assert executed['data']['testUserClaims'] == 'User Passed Super Admin Claim' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["testUserClaims"] + assert executed["data"]["testUserClaims"] == "User Passed Super Admin Claim" -@pytest.mark.usefixtures('user_role_test_db_init') +@pytest.mark.usefixtures("user_role_test_db_init") class TestUserUpdateAdminRoleInvalid(TestCase): def test_user_claim_update_to_user_write(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateUserRole(org: "ORG1", role: ADMIN, userName:"testsuperadmin@testemail.ca"){ status } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == error_not_an_admin() + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == error_not_an_admin() diff --git a/api/tests/test_user_sign_in.py b/api/tests/test_user_sign_in.py index 9eac7be081..a1172b2c80 100644 --- a/api/tests/test_user_sign_in.py +++ b/api/tests/test_user_sign_in.py @@ -1,52 +1,45 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import datetime import pyotp import pytest -from flask_bcrypt import Bcrypt from graphene.test import Client from db import db_session from app import app from queries import schema from models import Users from backend.security_check import SecurityAnalysisBackend -from functions.error_messages import( +from functions.error_messages import ( error_invalid_credentials, error_too_many_failed_login_attempts, - error_user_does_not_exist + error_user_does_not_exist, ) -@pytest.fixture(scope='class') +@pytest.fixture(scope="class") def user_schema_test_db_init(): - bcrypt = Bcrypt(app) - with app.app_context(): test_user = Users( display_name="testuser", user_name="testuser@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), - failed_login_attempt_time=datetime.datetime.now().timestamp() + 1920, # This mocks that the user is accessing the service 32 mins after their last failed login attempt + password="testpassword123", + failed_login_attempt_time=datetime.datetime.now().timestamp() + + 1920, # This mocks that the user is accessing the service 32 mins after their last failed login attempt ) db_session.add(test_user) test_already_failed_user = Users( display_name="test_failed_user", user_name="test_already_failed_user@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", failed_login_attempts=3, - failed_login_attempt_time=datetime.datetime.now().timestamp() + 1920, # This mocks that the user is accessing the service 32 mins after their last failed login attempt + failed_login_attempt_time=datetime.datetime.now().timestamp() + + 1920, # This mocks that the user is accessing the service 32 mins after their last failed login attempt ) db_session.add(test_already_failed_user) test_too_many_failed_user = Users( display_name="test_too_many_fails_user", user_name="test_too_many_failed_user@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", failed_login_attempts=30, failed_login_attempt_time=0, ) @@ -63,7 +56,7 @@ def user_schema_test_db_init(): ## # This class of tests works within the 'signIn' api endpoint -@pytest.mark.usefixtures('user_schema_test_db_init') +@pytest.mark.usefixtures("user_schema_test_db_init") class TestSignInUser: def test_successful_sign_in(self): """ @@ -73,7 +66,7 @@ def test_successful_sign_in(self): backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation{ signIn(userName:"testuser@testemail.ca", password:"testpassword123"){ @@ -82,12 +75,16 @@ def test_successful_sign_in(self): } } } - ''', backend=backend) - assert executed['data'] - assert executed['data']['signIn'] - assert executed['data']['signIn']['user'] - assert executed['data']['signIn']['user']['userName'] \ - == "testuser@testemail.ca" + """, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["signIn"] + assert executed["data"]["signIn"]["user"] + assert ( + executed["data"]["signIn"]["user"]["userName"] + == "testuser@testemail.ca" + ) def test_invalid_credentials(self): """ @@ -97,7 +94,7 @@ def test_invalid_credentials(self): with app.app_context(): client = Client(schema) executed = client.execute( - ''' + """ mutation{ signIn(userName:"testuser@testemail.ca", password:"testpassword1234"){ @@ -106,15 +103,16 @@ def test_invalid_credentials(self): } } } - ''') - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] - assert executed['errors'][0]['message'] \ - == error_invalid_credentials() + """ + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] + assert executed["errors"][0]["message"] == error_invalid_credentials() - failed_user = Users.query\ - .filter(Users.user_name == "testuser@testemail.ca").first() + failed_user = Users.query.filter( + Users.user_name == "testuser@testemail.ca" + ).first() assert failed_user is not None assert failed_user.failed_login_attempts == 1 @@ -128,7 +126,7 @@ def test_successful_login_sets_failed_attempts_to_zero(self): with app.app_context(): client = Client(schema) executed = client.execute( - ''' + """ mutation{ signIn(userName:"test_already_failed_user@testemail.ca", password:"testpassword123"){ @@ -137,19 +135,23 @@ def test_successful_login_sets_failed_attempts_to_zero(self): } } } - ''') + """ + ) - user = Users.query\ - .filter(Users.user_name == - "test_already_failed_user@testemail.ca").first() + user = Users.query.filter( + Users.user_name == "test_already_failed_user@testemail.ca" + ).first() assert user is not None assert user.failed_login_attempts == 0 assert user.failed_login_attempt_time == 0 - assert executed['data'] - assert executed['data']['signIn'] - assert executed['data']['signIn']['user']['userName'] == "test_already_failed_user@testemail.ca" + assert executed["data"] + assert executed["data"]["signIn"] + assert ( + executed["data"]["signIn"]["user"]["userName"] + == "test_already_failed_user@testemail.ca" + ) def test_too_many_failed_attempts(self): """Test that ensures a user can be signed in""" @@ -157,7 +159,7 @@ def test_too_many_failed_attempts(self): backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation{ signIn(userName:"test_too_many_failed_user@testemail.ca", password:"testpassword123"){ @@ -166,19 +168,23 @@ def test_too_many_failed_attempts(self): } } } - ''', backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] - assert executed['errors'][0]['message'] \ - == error_too_many_failed_login_attempts() + """, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] + assert ( + executed["errors"][0]["message"] + == error_too_many_failed_login_attempts() + ) def test_no_such_user(self): """Test that ensures error message is sent if user does not exist""" with app.app_context(): client = Client(schema) executed = client.execute( - ''' + """ mutation{ signIn(userName:"nouser@testemail.ca", password:"testpassword123"){ @@ -187,8 +193,9 @@ def test_no_such_user(self): } } } - ''') - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] - assert executed['errors'][0]['message'] == error_user_does_not_exist() + """ + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] + assert executed["errors"][0]["message"] == error_user_does_not_exist() diff --git a/api/tests/test_user_values.py b/api/tests/test_user_values.py index af7e42dc1a..e58a29a645 100644 --- a/api/tests/test_user_values.py +++ b/api/tests/test_user_values.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -13,56 +9,41 @@ from queries import schema from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') + +@pytest.fixture(scope="class") def user_resolver_test_db_init(): - bcrypt = Bcrypt(app) with app.app_context(): test_user = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", preferred_lang="English", - tfa_validated=False + tfa_validated=False, ) db_session.add(test_user) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) - org = Organizations( - id=1, - acronym='ORG1' - ) + org = Organizations(id=1, acronym="ORG1") db_session.add(org) - org = Organizations( - id=2, - acronym='ORG2' - ) + org = Organizations(id=2, acronym="ORG2") db_session.add(org) - org = Organizations( - id=3, - acronym='ORG3' - ) + org = Organizations(id=3, acronym="ORG3") db_session.add(org) test_admin_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=2, - organization_id=1, - permission='super_admin' + user_id=2, organization_id=1, permission="super_admin" ) db_session.add(test_admin_role) @@ -77,7 +58,7 @@ def user_resolver_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('user_resolver_test_db_init') +@pytest.mark.usefixtures("user_resolver_test_db_init") class TestUserResolverValues(TestCase): # Super Admin Tests def test_get_another_users_information(self): @@ -88,25 +69,25 @@ def test_get_another_users_information(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { user(userName: "testuserread@testemail.ca") { userName @@ -122,7 +103,10 @@ def test_get_another_users_information(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "user": [ @@ -131,15 +115,7 @@ def test_get_another_users_information(self): "displayName": "testuserread", "lang": "English", "tfa": False, - "affiliations": { - "edges": [ - { - "node": { - "userId": 1 - } - } - ] - } + "affiliations": {"edges": [{"node": {"userId": 1}}]}, } ] } @@ -154,25 +130,25 @@ def test_get_another_users_information_user_does_not_exist(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { user(userName: "IdontThinkSo@testemail.ca") { userName @@ -188,11 +164,13 @@ def test_get_another_users_information_user_does_not_exist(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, user cannot be " \ - "found" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == "Error, user cannot be " "found" # User read tests def test_get_own_user_information(self): @@ -203,25 +181,25 @@ def test_get_own_user_information(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { user { userName @@ -237,7 +215,10 @@ def test_get_own_user_information(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "user": [ @@ -246,15 +227,7 @@ def test_get_own_user_information(self): "displayName": "testuserread", "lang": "English", "tfa": False, - "affiliations": { - "edges": [ - { - "node": { - "userId": 1 - } - } - ] - } + "affiliations": {"edges": [{"node": {"userId": 1}}]}, } ] } diff --git a/api/tests/test_users.py b/api/tests/test_users.py index 0d9c4dd044..a856056bb4 100644 --- a/api/tests/test_users.py +++ b/api/tests/test_users.py @@ -1,10 +1,45 @@ -from unittest import TestCase +import pytest from app import app +from models import Users from db import db_session -from models import Organizations, Users, User_affiliations -class TestUsersModel(TestCase): - # Super Admin Tests - def test_user(self): - assert True == True +@pytest.fixture +def save(): + def save(thing): + db_session.add(thing) + db_session.commit() + + with app.app_context(): + yield save + Users.query.delete() + + +def test_find_by_user_name_returns_none(): + assert Users.find_by_user_name("bob") is None + + +def test_find_by_user_name_returns_a_user(save): + test_user = Users(user_name="foo@example.com") + + save(test_user) + + retrieved_user = Users.find_by_user_name("foo@example.com") + assert retrieved_user.user_name == test_user.user_name + + +def test_short_passwords_raise_an_error(): + with pytest.raises(ValueError): + Users(user_name="foo@example.com", password="1") + + +def test_user_model_encrypts_the_user_password(): + acceptable_password = "twelvechars!" + user = Users( + user_name="foo", + display_name="Foo", + preferred_lang="English", + password=acceptable_password, + ) + + assert len(user.password) is 60 diff --git a/api/tests/test_users_access_control.py b/api/tests/test_users_access_control.py index 77b3583020..2b899c5711 100644 --- a/api/tests/test_users_access_control.py +++ b/api/tests/test_users_access_control.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -14,96 +10,70 @@ from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') +@pytest.fixture(scope="class") def users_resolver_test_db_init(): - bcrypt = Bcrypt(app) - with app.app_context(): test_read = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_read) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) test_admin = Users( id=3, display_name="testadmin", user_name="testadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_admin = Users( id=4, display_name="testadmin2", user_name="testadmin2@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_write = Users( id=5, display_name="testuserwrite", user_name="testuserwrite@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_write) - org = Organizations( - id=1, - acronym='ORG1' - ) + org = Organizations(id=1, acronym="ORG1") db_session.add(org) - org = Organizations( - id=2, - acronym='ORG2' - ) + org = Organizations(id=2, acronym="ORG2") db_session.add(org) - org = Organizations( - id=3, - acronym='ORG3' - ) + org = Organizations(id=3, acronym="ORG3") db_session.add(org) test_user_read_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_user_read_role) test_super_admin_role = User_affiliations( - user_id=2, - organization_id=2, - permission='super_admin' + user_id=2, organization_id=2, permission="super_admin" ) db_session.add(test_super_admin_role) test_admin_role = User_affiliations( - user_id=3, - organization_id=1, - permission='admin' + user_id=3, organization_id=1, permission="admin" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=4, - organization_id=2, - permission='admin' + user_id=4, organization_id=2, permission="admin" ) db_session.add(test_admin_role) test_user_write_role = User_affiliations( - user_id=5, - organization_id=1, - permission='user_write' + user_id=5, organization_id=1, permission="user_write" ) db_session.add(test_user_write_role) db_session.commit() @@ -117,7 +87,7 @@ def users_resolver_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('users_resolver_test_db_init') +@pytest.mark.usefixtures("users_resolver_test_db_init") class TestUsersResolverAccessControl(TestCase): # Super Admin Tests def test_get_users_as_super_admin(self): @@ -129,25 +99,25 @@ def test_get_users_as_super_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { users(org: "ORG1") { edges { @@ -157,26 +127,17 @@ def test_get_users_as_super_admin(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "users": { "edges": [ - { - "node": { - "displayName": "testuserread" - } - }, - { - "node": { - "displayName": "testadmin" - } - }, - { - "node": { - "displayName": "testuserwrite" - } - } + {"node": {"displayName": "testuserread"}}, + {"node": {"displayName": "testadmin"}}, + {"node": {"displayName": "testuserwrite"}}, ] } } @@ -193,25 +154,25 @@ def test_get_users_from_same_org(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { users(org: "ORG1") { edges { @@ -221,26 +182,17 @@ def test_get_users_from_same_org(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "users": { "edges": [ - { - "node": { - "displayName": "testuserread" - } - }, - { - "node": { - "displayName": "testadmin" - } - }, - { - "node": { - "displayName": "testuserwrite" - } - } + {"node": {"displayName": "testuserread"}}, + {"node": {"displayName": "testadmin"}}, + {"node": {"displayName": "testuserwrite"}}, ] } } @@ -257,25 +209,25 @@ def test_get_users_admin_from_different_org(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin2@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { users(org: "ORG1") { edges { @@ -285,10 +237,16 @@ def test_get_users_admin_from_different_org(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have access to view this organization" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have access to view this organization" + ) # User write tests def test_get_users_user_write(self): @@ -299,25 +257,25 @@ def test_get_users_user_write(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { users(org: "ORG1") { edges { @@ -327,10 +285,16 @@ def test_get_users_user_write(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have access to view this organization" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have access to view this organization" + ) # User read tests def test_get_users_user_read(self): @@ -341,25 +305,25 @@ def test_get_users_user_read(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { users(org: "ORG1") { edges { @@ -369,7 +333,13 @@ def test_get_users_user_read(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have access to view this organization" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have access to view this organization" + ) diff --git a/api/tests/test_users_values.py b/api/tests/test_users_values.py index cc6ac2a261..39d7096f02 100644 --- a/api/tests/test_users_values.py +++ b/api/tests/test_users_values.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -13,96 +9,72 @@ from queries import schema from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') + +@pytest.fixture(scope="class") def users_resolver_test_db_init(): - bcrypt = Bcrypt(app) with app.app_context(): test_read = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_read) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) test_admin = Users( id=3, display_name="testadmin", user_name="testadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_admin = Users( id=4, display_name="testadmin2", user_name="testadmin2@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_write = Users( id=5, display_name="testuserwrite", user_name="testuserwrite@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_write) - org = Organizations( - id=1, - acronym='ORG1' - ) + org = Organizations(id=1, acronym="ORG1") db_session.add(org) - org = Organizations( - id=2, - acronym='ORG2' - ) + org = Organizations(id=2, acronym="ORG2") db_session.add(org) - org = Organizations( - id=3, - acronym='ORG3' - ) + org = Organizations(id=3, acronym="ORG3") db_session.add(org) test_user_read_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_user_read_role) test_super_admin_role = User_affiliations( - user_id=2, - organization_id=2, - permission='super_admin' + user_id=2, organization_id=2, permission="super_admin" ) db_session.add(test_super_admin_role) test_admin_role = User_affiliations( - user_id=3, - organization_id=1, - permission='admin' + user_id=3, organization_id=1, permission="admin" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=4, - organization_id=2, - permission='admin' + user_id=4, organization_id=2, permission="admin" ) db_session.add(test_admin_role) test_user_write_role = User_affiliations( - user_id=5, - organization_id=1, - permission='user_write' + user_id=5, organization_id=1, permission="user_write" ) db_session.add(test_user_write_role) db_session.commit() @@ -116,7 +88,7 @@ def users_resolver_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('users_resolver_test_db_init') +@pytest.mark.usefixtures("users_resolver_test_db_init") class TestUsersResolverValues(TestCase): # Super Admin Tests def test_get_users_as_super_admin(self): @@ -127,25 +99,25 @@ def test_get_users_as_super_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { users(org: "ORG1") { edges { @@ -157,7 +129,10 @@ def test_get_users_as_super_admin(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "users": { @@ -166,23 +141,23 @@ def test_get_users_as_super_admin(self): "node": { "userName": "testuserread@testemail.ca", "displayName": "testuserread", - "permission": "USER_READ" + "permission": "USER_READ", } }, { "node": { "userName": "testadmin@testemail.ca", "displayName": "testadmin", - "permission": "ADMIN" + "permission": "ADMIN", } }, { "node": { "userName": "testuserwrite@testemail.ca", "displayName": "testuserwrite", - "permission": "USER_WRITE" + "permission": "USER_WRITE", } - } + }, ] } } @@ -198,25 +173,25 @@ def test_get_users_as_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { users(org: "ORG1") { edges { @@ -228,7 +203,10 @@ def test_get_users_as_admin(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "users": { @@ -237,23 +215,23 @@ def test_get_users_as_admin(self): "node": { "userName": "testuserread@testemail.ca", "displayName": "testuserread", - "permission": "USER_READ" + "permission": "USER_READ", } }, { "node": { "userName": "testadmin@testemail.ca", "displayName": "testadmin", - "permission": "ADMIN" + "permission": "ADMIN", } }, { "node": { "userName": "testuserwrite@testemail.ca", "displayName": "testuserwrite", - "permission": "USER_WRITE" + "permission": "USER_WRITE", } - } + }, ] } }