From 9cb2fcf794ec7b56bf746fe94e71e67742b77d8c Mon Sep 17 00:00:00 2001 From: Mike Williamson Date: Thu, 23 Apr 2020 14:55:39 -0400 Subject: [PATCH 1/3] Add tests for the Users model --- api/Pipfile | 3 +- api/Pipfile.lock | 131 +++++++++++++++++--------- api/app/app.py | 0 api/functions/create_organisation.py | 14 +++ api/models/Organizations.py | 18 ++++ api/models/Users.py | 42 +++++++++ api/{models.py => models/__init__.py} | 27 +----- api/tests/test_users.py | 44 ++++++++- 8 files changed, 206 insertions(+), 73 deletions(-) create mode 100644 api/app/app.py create mode 100644 api/functions/create_organisation.py create mode 100644 api/models/Organizations.py create mode 100644 api/models/Users.py rename api/{models.py => models/__init__.py} (79%) diff --git a/api/Pipfile b/api/Pipfile index 106066ecd9..2e9cdb640b 100644 --- a/api/Pipfile +++ b/api/Pipfile @@ -29,9 +29,10 @@ flask-migrate = "*" pytest = "*" pyotp = "*" pyjwt = "*" +pytest-xdist = "*" [scripts] -test = "python -m pytest" +test = "python -m pytest -v -s" server = "python application.py" schema-export = "python schema_export.py" db-init = 'python manage.py db init' diff --git a/api/Pipfile.lock b/api/Pipfile.lock index 11ce5957a8..b49275d1cd 100644 --- a/api/Pipfile.lock +++ b/api/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "b7cfc60c14492f7d38a230f76839f44c0dc534e5a72feba8de7a51a92be4ce07" + "sha256": "bd0f0b4ad21f1aecdb91886470f2bb87dac79c7e06c8125d68f45f9986e29db0" }, "pipfile-spec": 6, "requires": { @@ -29,6 +29,13 @@ ], "version": "==7.0.0" }, + "apipkg": { + "hashes": [ + "sha256:37228cda29411948b422fae072f57e31d3396d2ee1c9783775980ee9c9990af6", + "sha256:58587dd4dc3daefad0487f6d9ae32b4542b185e1c36db6993290e7c41ca2b47c" + ], + "version": "==1.5" + }, "attrs": { "hashes": [ "sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c", @@ -119,6 +126,13 @@ ], "version": "==0.6.2" }, + "execnet": { + "hashes": [ + "sha256:cacb9df31c9680ec5f95553976c4da484d407e85e41c83cb812aa014f0eddc50", + "sha256:d4efd397930c46415f62f8a31388d6be4f27a91d7550eb79bc64a756e0056547" + ], + "version": "==1.7.1" + }, "flask": { "hashes": [ "sha256:4efa1ae2d7c9865af48986de8aeb8504bf32c7f3d6fdc9353d34b21f4b127060", @@ -222,10 +236,10 @@ }, "jinja2": { "hashes": [ - "sha256:93187ffbc7808079673ef52771baa950426fd664d3aad1d0fa3e95644360e250", - "sha256:b0eaf100007721b5c16c1fc1eecb87409464edc10469ddc9a22a27a99123be49" + "sha256:89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0", + "sha256:f0a4641d3cf955324a89c04f3d94663aa4d638abe8f733ecd3582848e1c37035" ], - "version": "==2.11.1" + "version": "==2.11.2" }, "mako": { "hashes": [ @@ -409,6 +423,21 @@ "index": "pypi", "version": "==5.4.1" }, + "pytest-forked": { + "hashes": [ + "sha256:1805699ed9c9e60cb7a8179b8d4fa2b8898098e82d229b0825d8095f0f261100", + "sha256:1ae25dba8ee2e56fb47311c9638f9e58552691da87e82d25b0ce0e4bf52b7d87" + ], + "version": "==1.1.3" + }, + "pytest-xdist": { + "hashes": [ + "sha256:0f46020d3d9619e6d17a65b5b989c1ebbb58fc7b1da8fb126d70f4bac4dfeed1", + "sha256:7dc0d027d258cd0defc618fb97055fbd1002735ca7a6d17037018cf870e24011" + ], + "index": "pypi", + "version": "==1.31.0" + }, "python-dateutil": { "hashes": [ "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c", @@ -454,17 +483,35 @@ }, "sqlalchemy": { "hashes": [ - "sha256:c4cca4aed606297afbe90d4306b49ad3a4cd36feb3f87e4bfd655c57fd9ef445" + "sha256:083e383a1dca8384d0ea6378bd182d83c600ed4ff4ec8247d3b2442cf70db1ad", + "sha256:0a690a6486658d03cc6a73536d46e796b6570ac1f8a7ec133f9e28c448b69828", + "sha256:114b6ace30001f056e944cebd46daef38fdb41ebb98f5e5940241a03ed6cad43", + "sha256:128f6179325f7597a46403dde0bf148478f868df44841348dfc8d158e00db1f9", + "sha256:13d48cd8b925b6893a4e59b2dfb3e59a5204fd8c98289aad353af78bd214db49", + "sha256:211a1ce7e825f7142121144bac76f53ac28b12172716a710f4bf3eab477e730b", + "sha256:2dc57ee80b76813759cccd1a7affedf9c4dbe5b065a91fb6092c9d8151d66078", + "sha256:3e625e283eecc15aee5b1ef77203bfb542563fa4a9aa622c7643c7b55438ff49", + "sha256:43078c7ec0457387c79b8d52fff90a7ad352ca4c7aa841c366238c3e2cf52fdf", + "sha256:5b1bf3c2c2dca738235ce08079783ef04f1a7fc5b21cf24adaae77f2da4e73c3", + "sha256:6056b671aeda3fc451382e52ab8a753c0d5f66ef2a5ccc8fa5ba7abd20988b4d", + "sha256:68d78cf4a9dfade2e6cf57c4be19f7b82ed66e67dacf93b32bb390c9bed12749", + "sha256:7025c639ce7e170db845e94006cf5f404e243e6fc00d6c86fa19e8ad8d411880", + "sha256:7224e126c00b8178dfd227bc337ba5e754b197a3867d33b9f30dc0208f773d70", + "sha256:7d98e0785c4cd7ae30b4a451416db71f5724a1839025544b4edbd92e00b91f0f", + "sha256:8d8c21e9d4efef01351bf28513648ceb988031be4159745a7ad1b3e28c8ff68a", + "sha256:bbb545da054e6297242a1bb1ba88e7a8ffb679f518258d66798ec712b82e4e07", + "sha256:d00b393f05dbd4ecd65c989b7f5a81110eae4baea7a6a4cdd94c20a908d1456e", + "sha256:e18752cecaef61031252ca72031d4d6247b3212ebb84748fc5d1a0d2029c23ea" ], "index": "pypi", - "version": "==1.3.15" + "version": "==1.3.16" }, "urllib3": { "hashes": [ - "sha256:2f3db8b19923a873b3e5256dc9c2dedfa883e33d87c690d9c7913e1f40673cdc", - "sha256:87716c2d2a7121198ebcb7ce7cccf6ce5e9ba539041cfbaeecfb641dc0bf6acc" + "sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527", + "sha256:88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115" ], - "version": "==1.25.8" + "version": "==1.25.9" }, "waitress": { "hashes": [ @@ -506,39 +553,39 @@ }, "coverage": { "hashes": [ - "sha256:03f630aba2b9b0d69871c2e8d23a69b7fe94a1e2f5f10df5049c0df99db639a0", - "sha256:046a1a742e66d065d16fb564a26c2a15867f17695e7f3d358d7b1ad8a61bca30", - "sha256:0a907199566269e1cfa304325cc3b45c72ae341fbb3253ddde19fa820ded7a8b", - "sha256:165a48268bfb5a77e2d9dbb80de7ea917332a79c7adb747bd005b3a07ff8caf0", - "sha256:1b60a95fc995649464e0cd48cecc8288bac5f4198f21d04b8229dc4097d76823", - "sha256:1f66cf263ec77af5b8fe14ef14c5e46e2eb4a795ac495ad7c03adc72ae43fafe", - "sha256:2e08c32cbede4a29e2a701822291ae2bc9b5220a971bba9d1e7615312efd3037", - "sha256:3844c3dab800ca8536f75ae89f3cf566848a3eb2af4d9f7b1103b4f4f7a5dad6", - "sha256:408ce64078398b2ee2ec08199ea3fcf382828d2f8a19c5a5ba2946fe5ddc6c31", - "sha256:443be7602c790960b9514567917af538cac7807a7c0c0727c4d2bbd4014920fd", - "sha256:4482f69e0701139d0f2c44f3c395d1d1d37abd81bfafbf9b6efbe2542679d892", - "sha256:4a8a259bf990044351baf69d3b23e575699dd60b18460c71e81dc565f5819ac1", - "sha256:513e6526e0082c59a984448f4104c9bf346c2da9961779ede1fc458e8e8a1f78", - "sha256:5f587dfd83cb669933186661a351ad6fc7166273bc3e3a1531ec5c783d997aac", - "sha256:62061e87071497951155cbccee487980524d7abea647a1b2a6eb6b9647df9006", - "sha256:641e329e7f2c01531c45c687efcec8aeca2a78a4ff26d49184dce3d53fc35014", - "sha256:65a7e00c00472cd0f59ae09d2fb8a8aaae7f4a0cf54b2b74f3138d9f9ceb9cb2", - "sha256:6ad6ca45e9e92c05295f638e78cd42bfaaf8ee07878c9ed73e93190b26c125f7", - "sha256:73aa6e86034dad9f00f4bbf5a666a889d17d79db73bc5af04abd6c20a014d9c8", - "sha256:7c9762f80a25d8d0e4ab3cb1af5d9dffbddb3ee5d21c43e3474c84bf5ff941f7", - "sha256:85596aa5d9aac1bf39fe39d9fa1051b0f00823982a1de5766e35d495b4a36ca9", - "sha256:86a0ea78fd851b313b2e712266f663e13b6bc78c2fb260b079e8b67d970474b1", - "sha256:8a620767b8209f3446197c0e29ba895d75a1e272a36af0786ec70fe7834e4307", - "sha256:922fb9ef2c67c3ab20e22948dcfd783397e4c043a5c5fa5ff5e9df5529074b0a", - "sha256:9fad78c13e71546a76c2f8789623eec8e499f8d2d799f4b4547162ce0a4df435", - "sha256:a37c6233b28e5bc340054cf6170e7090a4e85069513320275a4dc929144dccf0", - "sha256:c3fc325ce4cbf902d05a80daa47b645d07e796a80682c1c5800d6ac5045193e5", - "sha256:cda33311cb9fb9323958a69499a667bd728a39a7aa4718d7622597a44c4f1441", - "sha256:db1d4e38c9b15be1521722e946ee24f6db95b189d1447fa9ff18dd16ba89f732", - "sha256:eda55e6e9ea258f5e4add23bcf33dc53b2c319e70806e180aecbff8d90ea24de", - "sha256:f372cdbb240e09ee855735b9d85e7f50730dcfb6296b74b95a3e5dea0615c4c1" - ], - "version": "==5.0.4" + "sha256:00f1d23f4336efc3b311ed0d807feb45098fc86dee1ca13b3d6768cdab187c8a", + "sha256:01333e1bd22c59713ba8a79f088b3955946e293114479bbfc2e37d522be03355", + "sha256:0cb4be7e784dcdc050fc58ef05b71aa8e89b7e6636b99967fadbdba694cf2b65", + "sha256:0e61d9803d5851849c24f78227939c701ced6704f337cad0a91e0972c51c1ee7", + "sha256:1601e480b9b99697a570cea7ef749e88123c04b92d84cedaa01e117436b4a0a9", + "sha256:2742c7515b9eb368718cd091bad1a1b44135cc72468c731302b3d641895b83d1", + "sha256:2d27a3f742c98e5c6b461ee6ef7287400a1956c11421eb574d843d9ec1f772f0", + "sha256:402e1744733df483b93abbf209283898e9f0d67470707e3c7516d84f48524f55", + "sha256:5c542d1e62eece33c306d66fe0a5c4f7f7b3c08fecc46ead86d7916684b36d6c", + "sha256:5f2294dbf7875b991c381e3d5af2bcc3494d836affa52b809c91697449d0eda6", + "sha256:6402bd2fdedabbdb63a316308142597534ea8e1895f4e7d8bf7476c5e8751fef", + "sha256:66460ab1599d3cf894bb6baee8c684788819b71a5dc1e8fa2ecc152e5d752019", + "sha256:782caea581a6e9ff75eccda79287daefd1d2631cc09d642b6ee2d6da21fc0a4e", + "sha256:79a3cfd6346ce6c13145731d39db47b7a7b859c0272f02cdb89a3bdcbae233a0", + "sha256:7a5bdad4edec57b5fb8dae7d3ee58622d626fd3a0be0dfceda162a7035885ecf", + "sha256:8fa0cbc7ecad630e5b0f4f35b0f6ad419246b02bc750de7ac66db92667996d24", + "sha256:a027ef0492ede1e03a8054e3c37b8def89a1e3c471482e9f046906ba4f2aafd2", + "sha256:a3f3654d5734a3ece152636aad89f58afc9213c6520062db3978239db122f03c", + "sha256:a82b92b04a23d3c8a581fc049228bafde988abacba397d57ce95fe95e0338ab4", + "sha256:acf3763ed01af8410fc36afea23707d4ea58ba7e86a8ee915dfb9ceff9ef69d0", + "sha256:adeb4c5b608574a3d647011af36f7586811a2c1197c861aedb548dd2453b41cd", + "sha256:b83835506dfc185a319031cf853fa4bb1b3974b1f913f5bb1a0f3d98bdcded04", + "sha256:bb28a7245de68bf29f6fb199545d072d1036a1917dca17a1e75bbb919e14ee8e", + "sha256:bf9cb9a9fd8891e7efd2d44deb24b86d647394b9705b744ff6f8261e6f29a730", + "sha256:c317eaf5ff46a34305b202e73404f55f7389ef834b8dbf4da09b9b9b37f76dd2", + "sha256:dbe8c6ae7534b5b024296464f387d57c13caa942f6d8e6e0346f27e509f0f768", + "sha256:de807ae933cfb7f0c7d9d981a053772452217df2bf38e7e6267c9cbf9545a796", + "sha256:dead2ddede4c7ba6cb3a721870f5141c97dc7d85a079edb4bd8d88c3ad5b20c7", + "sha256:dec5202bfe6f672d4511086e125db035a52b00f1648d6407cc8e526912c0353a", + "sha256:e1ea316102ea1e1770724db01998d1603ed921c54a86a2efcb03428d5417e489", + "sha256:f90bfc4ad18450c80b024036eaf91e4a246ae287701aaa88eaebebf150868052" + ], + "version": "==5.1" }, "isort": { "hashes": [ diff --git a/api/app/app.py b/api/app/app.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/api/functions/create_organisation.py b/api/functions/create_organisation.py new file mode 100644 index 0000000000..dbdfd19fc4 --- /dev/null +++ b/api/functions/create_organisation.py @@ -0,0 +1,14 @@ +from graphql import GraphQLError +from flask_bcrypt import Bcrypt +from flask import current_app as app + +from functions.input_validators import * +from functions.error_messages import * + +from models import Organizations +from db import db_session + + +def create_organization(acronym): + return acronym + diff --git a/api/models/Organizations.py b/api/models/Organizations.py new file mode 100644 index 0000000000..16592afe9d --- /dev/null +++ b/api/models/Organizations.py @@ -0,0 +1,18 @@ +from graphene import Time +from sqlalchemy.types import Integer, Boolean, DateTime, Float +from sqlalchemy import Column, String, ForeignKey +from sqlalchemy.orm import relationship +from sqlalchemy.dialects.postgresql import JSONB +from sqlalchemy.ext.hybrid import hybrid_property, hybrid_method +from db import Base + +class Organizations(Base): + __tablename__ = 'organizations' + + id = Column(Integer, primary_key=True) + acronym = Column(String) + org_tags = Column(JSONB) + domains = relationship("Domains", back_populates="organization", cascade="all, delete") + users = relationship("User_affiliations", back_populates="user_organization", cascade="all, delete") + + diff --git a/api/models/Users.py b/api/models/Users.py new file mode 100644 index 0000000000..e22b5c0621 --- /dev/null +++ b/api/models/Users.py @@ -0,0 +1,42 @@ +from sqlalchemy.types import Integer, Boolean, Float +from sqlalchemy import Column, String, ForeignKey +from sqlalchemy import event +from flask_bcrypt import Bcrypt +from flask import current_app as app +from sqlalchemy.orm import relationship, validates +from sqlalchemy.ext.hybrid import hybrid_property, hybrid_method +from db import Base + +bcrypt = Bcrypt( + app +) # Create the bcrypt object that handles password hashing and verifying. + + +class Users(Base): + __tablename__ = "users" + + id = Column(Integer, primary_key=True, autoincrement=True) + user_name = Column(String) + display_name = Column(String) + user_password = Column(String) + preferred_lang = Column(String) + failed_login_attempts = Column(Integer, default=0) + failed_login_attempt_time = Column(Float, default=0, nullable=True) + tfa_validated = Column(Boolean, default=False) + user_affiliation = relationship( + "User_affiliations", back_populates="user", cascade="all, delete" + ) + + @hybrid_method + def find_by_user_name(self, user_name): + return self.query.filter(self.user_name == user_name).first() + + @event.listens_for(Users.user_password, "set", propagate=True) + def validate_password(target, value, oldvalue, initiator): + pw = bcrypt.generate_password_hash(password=oldvalue).decode("UTF-8") + return pw + + @validates("user_password") + def validate_password(self, key, user_password): + print("user_password") + return True diff --git a/api/models.py b/api/models/__init__.py similarity index 79% rename from api/models.py rename to api/models/__init__.py index 647d812396..2ff199b3c7 100644 --- a/api/models.py +++ b/api/models/__init__.py @@ -3,9 +3,10 @@ from sqlalchemy import Column, String, ForeignKey from sqlalchemy.orm import relationship from sqlalchemy.dialects.postgresql import JSONB - from db import Base +from models.Users import Users +from models.Organizations import Organizations class Domains(Base): __tablename__ = 'domains' @@ -19,30 +20,6 @@ class Domains(Base): dmarc_reports = relationship("Dmarc_Reports", back_populates="domain", cascade="all, delete") -class Organizations(Base): - __tablename__ = 'organizations' - - id = Column(Integer, primary_key=True) - acronym = Column(String) - org_tags = Column(JSONB) - domains = relationship("Domains", back_populates="organization", cascade="all, delete") - users = relationship("User_affiliations", back_populates="user_organization", cascade="all, delete") - - -class Users(Base): - __tablename__ = 'users' - - id = Column(Integer, primary_key=True, autoincrement=True) - user_name = Column(String) - display_name = Column(String) - user_password = Column(String) - preferred_lang = Column(String) - failed_login_attempts = Column(Integer, default=0) - failed_login_attempt_time = Column(Float, default=0, nullable=True) - tfa_validated = Column(Boolean, default=False) - user_affiliation = relationship("User_affiliations", back_populates="user", cascade="all, delete") - - class User_affiliations(Base): __tablename__ = 'user_affiliations' diff --git a/api/tests/test_users.py b/api/tests/test_users.py index 0d9c4dd044..c2d5738ec2 100644 --- a/api/tests/test_users.py +++ b/api/tests/test_users.py @@ -1,10 +1,44 @@ -from unittest import TestCase +import pytest from app import app from db import db_session +from pytest_bdd import given, when, then from models import Organizations, Users, User_affiliations +from db import db_session as db -class TestUsersModel(TestCase): - # Super Admin Tests - def test_user(self): - assert True == True +@pytest.fixture +def db(): + with app.app_context(): + yield db + Users.query.delete() + db.commit() + + +def save(thing): + db.add(thing) + db.commit() + + +@when("The database is empty") +@then("Users.find_by_user_name returns None") +def test_find_by_user_name_returns_none(db): + assert Users.find_by_user_name("bob") is None + + +@when("a user foo@example.com exists") +@then("Users.find_by_user_name returns that user") +def test_find_by_user_name_returns_a_user(db): + test_user = Users(user_name="foo@example.com") + + save(test_user) + + retrieved_user = Users.find_by_user_name("foo@example.com") + assert retrieved_user.user_name == test_user.user_name + + +@when("saving a user with a bad password") +@then("the model rejects it") +def test_password_validation(db): + test_user = Users(user_name="foo@example.com", user_password="aaa") + + assert retrieved_user.user_name == test_user.user_name From 965853966503c8c7d3bbbc8370052bbda9c08f97 Mon Sep 17 00:00:00 2001 From: Mike Williamson Date: Sat, 25 Apr 2020 23:30:25 -0400 Subject: [PATCH 2/3] Split out the Users model & give it responsibility This commit is the first step in increasing the locality of User related functionality. The key domain models (Users, Organizations and Affiliations) have been extracted from the models.py file and given a file of their own to call home. This was also the start of moving some logic into the Users model to fight its [anemia](https://martinfowler.com/bliki/AnemicDomainModel.html) and get some tests going for it. --- api/Pipfile | 3 +- api/Pipfile.lock | 31 +------------- api/app/__init__.py | 7 +--- api/application.py | 13 ++++-- api/functions/create_user.py | 10 ++--- api/functions/sign_in_user.py | 67 +++++++++++++++--------------- api/models/Organizations.py | 13 +++--- api/models/User_affiliations.py | 19 +++++++++ api/models/Users.py | 24 +++++------ api/models/__init__.py | 72 ++++++++++++++++----------------- api/tests/test_users.py | 45 +++++++++++---------- 11 files changed, 143 insertions(+), 161 deletions(-) create mode 100644 api/models/User_affiliations.py diff --git a/api/Pipfile b/api/Pipfile index 2e9cdb640b..106066ecd9 100644 --- a/api/Pipfile +++ b/api/Pipfile @@ -29,10 +29,9 @@ flask-migrate = "*" pytest = "*" pyotp = "*" pyjwt = "*" -pytest-xdist = "*" [scripts] -test = "python -m pytest -v -s" +test = "python -m pytest" server = "python application.py" schema-export = "python schema_export.py" db-init = 'python manage.py db init' diff --git a/api/Pipfile.lock b/api/Pipfile.lock index b49275d1cd..a3b216ee76 100644 --- a/api/Pipfile.lock +++ b/api/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "bd0f0b4ad21f1aecdb91886470f2bb87dac79c7e06c8125d68f45f9986e29db0" + "sha256": "b7cfc60c14492f7d38a230f76839f44c0dc534e5a72feba8de7a51a92be4ce07" }, "pipfile-spec": 6, "requires": { @@ -29,13 +29,6 @@ ], "version": "==7.0.0" }, - "apipkg": { - "hashes": [ - "sha256:37228cda29411948b422fae072f57e31d3396d2ee1c9783775980ee9c9990af6", - "sha256:58587dd4dc3daefad0487f6d9ae32b4542b185e1c36db6993290e7c41ca2b47c" - ], - "version": "==1.5" - }, "attrs": { "hashes": [ "sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c", @@ -126,13 +119,6 @@ ], "version": "==0.6.2" }, - "execnet": { - "hashes": [ - "sha256:cacb9df31c9680ec5f95553976c4da484d407e85e41c83cb812aa014f0eddc50", - "sha256:d4efd397930c46415f62f8a31388d6be4f27a91d7550eb79bc64a756e0056547" - ], - "version": "==1.7.1" - }, "flask": { "hashes": [ "sha256:4efa1ae2d7c9865af48986de8aeb8504bf32c7f3d6fdc9353d34b21f4b127060", @@ -423,21 +409,6 @@ "index": "pypi", "version": "==5.4.1" }, - "pytest-forked": { - "hashes": [ - "sha256:1805699ed9c9e60cb7a8179b8d4fa2b8898098e82d229b0825d8095f0f261100", - "sha256:1ae25dba8ee2e56fb47311c9638f9e58552691da87e82d25b0ce0e4bf52b7d87" - ], - "version": "==1.1.3" - }, - "pytest-xdist": { - "hashes": [ - "sha256:0f46020d3d9619e6d17a65b5b989c1ebbb58fc7b1da8fb126d70f4bac4dfeed1", - "sha256:7dc0d027d258cd0defc618fb97055fbd1002735ca7a6d17037018cf870e24011" - ], - "index": "pypi", - "version": "==1.31.0" - }, "python-dateutil": { "hashes": [ "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c", diff --git a/api/app/__init__.py b/api/app/__init__.py index a6d9ce1db8..a399eae169 100644 --- a/api/app/__init__.py +++ b/api/app/__init__.py @@ -1,14 +1,11 @@ from flask import Flask - from app.logger import logger -from app.create_sa import create_sa +from flask_bcrypt import Bcrypt app = Flask(__name__) +bcrypt = Bcrypt(app) def create_application(): - app.debug = True - create_sa() - return app diff --git a/api/application.py b/api/application.py index aa240bb7b2..410f7cec6b 100644 --- a/api/application.py +++ b/api/application.py @@ -1,18 +1,23 @@ from waitress import serve - from app import create_application from app.graphql_endpoint import add_graphql_endpoint - from db import db_session +from app.create_sa import create_sa app = create_application() add_graphql_endpoint(app) +@app.before_first_request +def setup_super_admin(): + print("Creating Super Admin User") + create_sa() + + @app.teardown_request def shutdown_session(exception=None): db_session.remove() -if __name__ == '__main__': - serve(app, host='0.0.0.0', port=5000) +if __name__ == "__main__": + serve(app, host="0.0.0.0", port=5000) diff --git a/api/functions/create_user.py b/api/functions/create_user.py index 8b2ec20e28..04d34bed2f 100644 --- a/api/functions/create_user.py +++ b/api/functions/create_user.py @@ -1,5 +1,4 @@ from graphql import GraphQLError -from flask_bcrypt import Bcrypt from flask import current_app as app from functions.input_validators import * @@ -30,17 +29,14 @@ def create_user(display_name, password, confirm_password, user_name): if password != confirm_password: raise GraphQLError(error_passwords_do_not_match()) - bcrypt = Bcrypt(app) # Create the bcrypt object that handles password hashing and verifying. - - user = User.query.filter(User.user_name == user_name).first() + user = User.find_by_user_name(user_name) if user is None: user = User( user_name=user_name, display_name=display_name, - preferred_lang='English', - user_password=bcrypt.generate_password_hash( - password=password).decode('UTF-8') # Hash the password + preferred_lang="English", + user_password=password, ) db_session.add(user) diff --git a/api/functions/sign_in_user.py b/api/functions/sign_in_user.py index 93fbfd9cd7..c160311827 100644 --- a/api/functions/sign_in_user.py +++ b/api/functions/sign_in_user.py @@ -2,14 +2,12 @@ import datetime import os from graphql import GraphQLError -from flask_bcrypt import Bcrypt +from app import bcrypt from flask import current_app as app from sqlalchemy.orm import load_only - from functions.input_validators import * from functions.error_messages import * from functions.orm_to_dict import orm_to_dict - from models import Users from models import User_affiliations from db import db_session @@ -24,63 +22,61 @@ def sign_in_user(user_name, password): """ user_name = cleanse_input(user_name) password = cleanse_input(password) - user = Users.query.filter(Users.user_name == user_name).first() + user = Users.find_by_user_name(user_name) if user is None: raise GraphQLError(error_user_does_not_exist()) # Checks the amount of failed login attempts and if the time since the last # Attempt was more than 30min (1800s) - if user.failed_login_attempts and (user.failed_login_attempt_time + 1800) \ - < datetime.datetime.now().timestamp(): + if ( + user.failed_login_attempts + and (user.failed_login_attempt_time + 1800) + < datetime.datetime.now().timestamp() + ): raise GraphQLError(error_too_many_failed_login_attempts()) - bcrypt = Bcrypt(app) # Create the bcrypt object that will handle password hashing and verification - email_match = user_name == user.user_name password_match = bcrypt.check_password_hash(user.user_password, password) # If the given user credentials are valid if email_match and password_match: # Fetch user's role from the database and include it as claims on the JWT being generated - user_aff = User_affiliations.query.filter(User_affiliations.user_id == user.id).all() + user_aff = User_affiliations.query.filter( + User_affiliations.user_id == user.id + ).all() user_aff = orm_to_dict(user_aff) if len(user_aff): user_roles = [] for select in user_aff: temp_dict = { - 'user_id': select['user_id'], - 'org_id': select['organization_id'], - 'permission': select['permission'] + "user_id": select["user_id"], + "org_id": select["organization_id"], + "permission": select["permission"], } user_roles.append(temp_dict) else: - user_roles = ['none'] + user_roles = ["none"] try: payload = { - 'exp': datetime.datetime.utcnow() + datetime.timedelta(days=0, seconds=1800), - 'iat': datetime.datetime.utcnow(), - 'user_id': user.id, - "roles": user_roles + "exp": datetime.datetime.utcnow() + + datetime.timedelta(days=0, seconds=1800), + "iat": datetime.datetime.utcnow(), + "user_id": user.id, + "roles": user_roles, } token = jwt.encode( - payload, - str(os.getenv('SUPER_SECRET_SALT')), - algorithm='HS256' - ).decode('utf-8') + payload, str(os.getenv("SUPER_SECRET_SALT")), algorithm="HS256" + ).decode("utf-8") except Exception as e: - raise GraphQLError('Token Generation Error: ' + str(e)) + raise GraphQLError("Token Generation Error: " + str(e)) # A temporary dictionary that will be returned to the graphql resolver - temp_dict = { - 'auth_token': token, - 'user': user - } + temp_dict = {"auth_token": token, "user": user} - Users.query.filter(Users.user_name == user_name).update({ - 'failed_login_attempts': 0, - 'failed_login_attempt_time': 0 - }) + Users.query.filter(Users.user_name == user_name).update( + {"failed_login_attempts": 0, "failed_login_attempt_time": 0} + ) db_session.commit() return temp_dict @@ -89,11 +85,12 @@ def sign_in_user(user_name, password): # Generate a timestamp and also add that to the user update. time_stamp = datetime.datetime.now().timestamp() - Users.query.filter(Users.user_name == user_name)\ - .update({ - 'failed_login_attempts': Users.failed_login_attempts + 1, - 'failed_login_attempt_time': time_stamp - }) + Users.query.filter(Users.user_name == user_name).update( + { + "failed_login_attempts": Users.failed_login_attempts + 1, + "failed_login_attempt_time": time_stamp, + } + ) db_session.commit() raise GraphQLError(error_invalid_credentials()) diff --git a/api/models/Organizations.py b/api/models/Organizations.py index 16592afe9d..93272c94ef 100644 --- a/api/models/Organizations.py +++ b/api/models/Organizations.py @@ -6,13 +6,16 @@ from sqlalchemy.ext.hybrid import hybrid_property, hybrid_method from db import Base + class Organizations(Base): - __tablename__ = 'organizations' + __tablename__ = "organizations" id = Column(Integer, primary_key=True) acronym = Column(String) org_tags = Column(JSONB) - domains = relationship("Domains", back_populates="organization", cascade="all, delete") - users = relationship("User_affiliations", back_populates="user_organization", cascade="all, delete") - - + domains = relationship( + "Domains", back_populates="organization", cascade="all, delete" + ) + users = relationship( + "User_affiliations", back_populates="user_organization", cascade="all, delete" + ) diff --git a/api/models/User_affiliations.py b/api/models/User_affiliations.py new file mode 100644 index 0000000000..b0d22d73c9 --- /dev/null +++ b/api/models/User_affiliations.py @@ -0,0 +1,19 @@ +from sqlalchemy.types import Integer +from sqlalchemy import Column, String, ForeignKey +from sqlalchemy.orm import relationship +from db import Base + + +class User_affiliations(Base): + __tablename__ = "user_affiliations" + + id = Column(Integer, primary_key=True, autoincrement=True) + user_id = Column(Integer, ForeignKey("users.id"), primary_key=True) + organization_id = Column(Integer, ForeignKey("organizations.id")) + permission = Column(String) + user = relationship( + "Users", back_populates="user_affiliation", cascade="all, delete" + ) + user_organization = relationship( + "Organizations", back_populates="users", cascade="all, delete" + ) diff --git a/api/models/Users.py b/api/models/Users.py index e22b5c0621..0f4745be08 100644 --- a/api/models/Users.py +++ b/api/models/Users.py @@ -1,16 +1,11 @@ from sqlalchemy.types import Integer, Boolean, Float from sqlalchemy import Column, String, ForeignKey from sqlalchemy import event -from flask_bcrypt import Bcrypt -from flask import current_app as app +from app import bcrypt from sqlalchemy.orm import relationship, validates from sqlalchemy.ext.hybrid import hybrid_property, hybrid_method from db import Base -bcrypt = Bcrypt( - app -) # Create the bcrypt object that handles password hashing and verifying. - class Users(Base): __tablename__ = "users" @@ -31,12 +26,13 @@ class Users(Base): def find_by_user_name(self, user_name): return self.query.filter(self.user_name == user_name).first() - @event.listens_for(Users.user_password, "set", propagate=True) - def validate_password(target, value, oldvalue, initiator): - pw = bcrypt.generate_password_hash(password=oldvalue).decode("UTF-8") - return pw + @hybrid_property + def password(self): + return self.user_password - @validates("user_password") - def validate_password(self, key, user_password): - print("user_password") - return True + @password.setter + def password(self, password): + if len(password) < 12: + raise ValueError("Password must be greater than 12 characters") + else: + self.user_password = bcrypt.generate_password_hash(password).decode("UTF-8") diff --git a/api/models/__init__.py b/api/models/__init__.py index 2ff199b3c7..3db59e5fc2 100644 --- a/api/models/__init__.py +++ b/api/models/__init__.py @@ -4,104 +4,102 @@ from sqlalchemy.orm import relationship from sqlalchemy.dialects.postgresql import JSONB from db import Base - from models.Users import Users +from models.User_affiliations import User_affiliations from models.Organizations import Organizations + class Domains(Base): - __tablename__ = 'domains' + __tablename__ = "domains" id = Column(Integer, primary_key=True) domain = Column(String) last_run = Column(DateTime) - organization_id = Column(Integer, ForeignKey('organizations.id')) - organization = relationship("Organizations", back_populates="domains", cascade="all, delete") + organization_id = Column(Integer, ForeignKey("organizations.id")) + organization = relationship( + "Organizations", back_populates="domains", cascade="all, delete" + ) scans = relationship("Scans", back_populates="domain", cascade="all, delete") - dmarc_reports = relationship("Dmarc_Reports", back_populates="domain", cascade="all, delete") - - -class User_affiliations(Base): - __tablename__ = 'user_affiliations' - - id = Column(Integer, primary_key=True, autoincrement=True) - user_id = Column(Integer, ForeignKey('users.id'), primary_key=True) - organization_id = Column(Integer, ForeignKey('organizations.id')) - permission = Column(String) - user = relationship("Users", back_populates="user_affiliation", cascade="all, delete") - user_organization = relationship("Organizations", back_populates="users", cascade="all, delete") + dmarc_reports = relationship( + "Dmarc_Reports", back_populates="domain", cascade="all, delete" + ) class Dmarc_Reports(Base): - __tablename__ = 'dmarc_reports' + __tablename__ = "dmarc_reports" id = Column(Integer, primary_key=True, autoincrement=True) - domain_id = Column(Integer, ForeignKey('domains.id')) + domain_id = Column(Integer, ForeignKey("domains.id")) start_date = Column(DateTime) end_date = Column(DateTime) report = Column(JSONB) - domain = relationship("Domains", back_populates="dmarc_reports", cascade="all, delete") + domain = relationship( + "Domains", back_populates="dmarc_reports", cascade="all, delete" + ) class Scans(Base): - __tablename__ = 'scans' + __tablename__ = "scans" id = Column(Integer, primary_key=True) - domain_id = Column(Integer, ForeignKey('domains.id')) + domain_id = Column(Integer, ForeignKey("domains.id")) scan_date = Column(DateTime) - initiated_by = Column(Integer, ForeignKey('users.id')) + initiated_by = Column(Integer, ForeignKey("users.id")) domain = relationship("Domains", back_populates="scans", cascade="all, delete") class Dmarc_scans(Base): - __tablename__ = 'dmarc_scans' + __tablename__ = "dmarc_scans" - id = Column(Integer, ForeignKey('scans.id'), primary_key=True) + id = Column(Integer, ForeignKey("scans.id"), primary_key=True) dmarc_phase = Column(Integer) dmarc_scan = Column(JSONB) class Dkim_scans(Base): - __tablename__ = 'dkim_scans' + __tablename__ = "dkim_scans" - id = Column(Integer, ForeignKey('scans.id'), primary_key=True) + id = Column(Integer, ForeignKey("scans.id"), primary_key=True) dkim_scan = Column(JSONB) + class Mx_scans(Base): - __tablename__ = 'mx_scans' + __tablename__ = "mx_scans" - id = Column(Integer, ForeignKey('scans.id'), primary_key=True) + id = Column(Integer, ForeignKey("scans.id"), primary_key=True) mx_scan = Column(JSONB) + class Spf_scans(Base): - __tablename__ = 'spf_scans' + __tablename__ = "spf_scans" - id = Column(Integer, ForeignKey('scans.id'), primary_key=True) + id = Column(Integer, ForeignKey("scans.id"), primary_key=True) spf_scan = Column(JSONB) class Https_scans(Base): - __tablename__ = 'https_scans' + __tablename__ = "https_scans" - id = Column(Integer, ForeignKey('scans.id'), primary_key=True) + id = Column(Integer, ForeignKey("scans.id"), primary_key=True) https_scan = Column(JSONB) class Ssl_scans(Base): - __tablename__ = 'ssl_scans' + __tablename__ = "ssl_scans" - id = Column(Integer, ForeignKey('scans.id'), primary_key=True) + id = Column(Integer, ForeignKey("scans.id"), primary_key=True) ssl_scan = Column(JSONB) class Ciphers(Base): - __tablename__ = 'ciphers' + __tablename__ = "ciphers" id = Column(Integer, primary_key=True) cipher_type = Column(String) class Guidance(Base): - __tablename__ = 'guidance' + __tablename__ = "guidance" id = Column(Integer, primary_key=True) tag_name = Column(String) @@ -110,7 +108,7 @@ class Guidance(Base): class Classification(Base): - __tablename__ = 'Classification' + __tablename__ = "Classification" id = Column(Integer, primary_key=True) UNCLASSIFIED = Column(String) diff --git a/api/tests/test_users.py b/api/tests/test_users.py index c2d5738ec2..a856056bb4 100644 --- a/api/tests/test_users.py +++ b/api/tests/test_users.py @@ -1,33 +1,25 @@ import pytest from app import app +from models import Users from db import db_session -from pytest_bdd import given, when, then -from models import Organizations, Users, User_affiliations -from db import db_session as db @pytest.fixture -def db(): +def save(): + def save(thing): + db_session.add(thing) + db_session.commit() + with app.app_context(): - yield db + yield save Users.query.delete() - db.commit() - - -def save(thing): - db.add(thing) - db.commit() -@when("The database is empty") -@then("Users.find_by_user_name returns None") -def test_find_by_user_name_returns_none(db): +def test_find_by_user_name_returns_none(): assert Users.find_by_user_name("bob") is None -@when("a user foo@example.com exists") -@then("Users.find_by_user_name returns that user") -def test_find_by_user_name_returns_a_user(db): +def test_find_by_user_name_returns_a_user(save): test_user = Users(user_name="foo@example.com") save(test_user) @@ -36,9 +28,18 @@ def test_find_by_user_name_returns_a_user(db): assert retrieved_user.user_name == test_user.user_name -@when("saving a user with a bad password") -@then("the model rejects it") -def test_password_validation(db): - test_user = Users(user_name="foo@example.com", user_password="aaa") +def test_short_passwords_raise_an_error(): + with pytest.raises(ValueError): + Users(user_name="foo@example.com", password="1") - assert retrieved_user.user_name == test_user.user_name + +def test_user_model_encrypts_the_user_password(): + acceptable_password = "twelvechars!" + user = Users( + user_name="foo", + display_name="Foo", + preferred_lang="English", + password=acceptable_password, + ) + + assert len(user.password) is 60 From ef98e8d004700e26e50a72ffa0aabc60bd5a6f71 Mon Sep 17 00:00:00 2001 From: Mike Williamson Date: Sun, 26 Apr 2020 11:33:01 -0400 Subject: [PATCH 3/3] The payoff. --- api/functions/create_organisation.py | 14 - api/functions/update_user_password.py | 24 +- api/tests/test_auth_functions.py | 86 +- api/tests/test_auth_wrapper.py | 183 ++- api/tests/test_cost_check.py | 57 +- api/tests/test_depth_check.py | 57 +- api/tests/test_domains_mutations.py | 1027 ++++++++--------- .../test_domains_resolver_access_control.py | 396 +++---- api/tests/test_domains_resolver_values.py | 279 +++-- api/tests/test_organization_mutations.py | 680 ++++++----- ...st_organization_resolver_access_control.py | 281 ++--- .../test_organization_resolver_values.py | 335 +++--- api/tests/test_user_access_control.py | 216 ++-- api/tests/test_user_mutations.py | 198 ++-- api/tests/test_user_roles.py | 225 ++-- api/tests/test_user_sign_in.py | 117 +- api/tests/test_user_values.py | 131 +-- api/tests/test_users_access_control.py | 228 ++-- api/tests/test_users_values.py | 118 +- 19 files changed, 2191 insertions(+), 2461 deletions(-) delete mode 100644 api/functions/create_organisation.py diff --git a/api/functions/create_organisation.py b/api/functions/create_organisation.py deleted file mode 100644 index dbdfd19fc4..0000000000 --- a/api/functions/create_organisation.py +++ /dev/null @@ -1,14 +0,0 @@ -from graphql import GraphQLError -from flask_bcrypt import Bcrypt -from flask import current_app as app - -from functions.input_validators import * -from functions.error_messages import * - -from models import Organizations -from db import db_session - - -def create_organization(acronym): - return acronym - diff --git a/api/functions/update_user_password.py b/api/functions/update_user_password.py index fbbfec0755..0609386131 100644 --- a/api/functions/update_user_password.py +++ b/api/functions/update_user_password.py @@ -1,11 +1,8 @@ import datetime - from graphql import GraphQLError -from flask_bcrypt import Bcrypt - +from app import bcrypt from functions.input_validators import * from functions.error_messages import * - from models import Users as User from app import app from db import db_session @@ -29,19 +26,18 @@ def update_password(user_name, password, confirm_password): if password != confirm_password: raise GraphQLError(error_passwords_do_not_match()) - user = User.query.filter(User.user_name == user_name).first() + user = User.find_by_user_name(user_name) if user is None: raise GraphQLError(error_user_does_not_exist()) - bcrypt = Bcrypt(app) # Create the bcrypt object that will handle password hashing and verification - - user = User.query.filter(User.user_name == user_name) \ - .update({ - 'user_password': bcrypt.generate_password_hash(password).decode('UTF-8'), - 'failed_login_attempts': 0, - 'failed_login_attempt_time': 0 - }) + user = User.query.filter(User.user_name == user_name).update( + { + "user_password": bcrypt.generate_password_hash(password).decode("UTF-8"), + "failed_login_attempts": 0, + "failed_login_attempt_time": 0, + } + ) db_session.commit() @@ -49,5 +45,5 @@ def update_password(user_name, password, confirm_password): raise GraphQLError(error_password_not_updated()) else: # Re-query the user to ensure the latest object is returned - user = User.query.filter(User.user_name == user_name).first() + user = User.find_by_user_name(user_name) return user diff --git a/api/tests/test_auth_functions.py b/api/tests/test_auth_functions.py index 2c0762dc62..b87e301665 100644 --- a/api/tests/test_auth_functions.py +++ b/api/tests/test_auth_functions.py @@ -1,7 +1,3 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath -from flask_bcrypt import Bcrypt import pytest from app import app from db import db_session @@ -10,77 +6,59 @@ is_super_admin, is_admin, is_user_write, - is_user_read + is_user_read, ) -@pytest.fixture(scope='class') +@pytest.fixture(scope="class") def user_role_test_db_init(): - bcrypt = Bcrypt(app) - with app.app_context(): test_user = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_user = Users( id=2, display_name="testuserwrite", user_name="testuserwrite@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_admin = Users( id=3, display_name="testadmin", user_name="testadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_super_admin = Users( id=4, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) org = Organizations( - id=1, - acronym='ORG1', - org_tags={ - "description": 'Organization 1' - } + id=1, acronym="ORG1", org_tags={"description": "Organization 1"} ) db_session.add(org) test_admin_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=2, - organization_id=1, - permission='user_write' + user_id=2, organization_id=1, permission="user_write" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=3, - organization_id=1, - permission='admin' + user_id=3, organization_id=1, permission="admin" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=4, - organization_id=1, - permission='super_admin' + user_id=4, organization_id=1, permission="super_admin" ) db_session.add(test_admin_role) db_session.commit() @@ -94,99 +72,99 @@ def user_role_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('user_role_test_db_init') +@pytest.mark.usefixtures("user_role_test_db_init") class TestAuthFunctions: def test_user_read_check_perm_user_read(self): - user_role = [{'user_id': 1, 'org_id': 1, 'permission': 'user_read'}] + user_role = [{"user_id": 1, "org_id": 1, "permission": "user_read"}] org_id = 1 assert is_user_read(user_role, org_id) def test_user_read_check_perm_user_write(self): - user_role = [{'user_id': 2, 'org_id': 1, 'permission': 'user_write'}] + user_role = [{"user_id": 2, "org_id": 1, "permission": "user_write"}] org_id = 1 assert is_user_read(user_role, org_id) def test_user_read_check_perm_user_admin(self): - user_role = [{'user_id': 3, 'org_id': 1, 'permission': 'admin'}] + user_role = [{"user_id": 3, "org_id": 1, "permission": "admin"}] org_id = 1 assert is_user_read(user_role, org_id) def test_user_read_check_perm_super_admin(self): - user_role = [{'user_id': 4, 'org_id': 1, 'permission': 'super_admin'}] + user_role = [{"user_id": 4, "org_id": 1, "permission": "super_admin"}] org_id = 1 assert is_user_read(user_role, org_id) def test_user_read_check_invalid(self): - user_role = [{'user_id': 1, 'org_id': 1, 'permission': ''}] + user_role = [{"user_id": 1, "org_id": 1, "permission": ""}] org_id = 1 assert not is_user_read(user_role, org_id) def test_user_write_check_perm_user_read(self): - user_role = [{'user_id': 1, 'org_id': 1, 'permission': 'user_read'}] + user_role = [{"user_id": 1, "org_id": 1, "permission": "user_read"}] org_id = 1 assert not is_user_write(user_role, org_id) def test_user_write_check_perm_user_write(self): - user_role = [{'user_id': 2, 'org_id': 1, 'permission': 'user_write'}] + user_role = [{"user_id": 2, "org_id": 1, "permission": "user_write"}] org_id = 1 assert is_user_write(user_role, org_id) def test_user_write_check_perm_user_admin(self): - user_role = [{'user_id': 3, 'org_id': 1, 'permission': 'admin'}] + user_role = [{"user_id": 3, "org_id": 1, "permission": "admin"}] org_id = 1 assert is_user_write(user_role, org_id) def test_user_write_check_perm_super_admin(self): - user_role = [{'user_id': 4, 'org_id': 1, 'permission': 'super_admin'}] + user_role = [{"user_id": 4, "org_id": 1, "permission": "super_admin"}] org_id = 1 assert is_user_write(user_role, org_id) def test_user_write_check_invalid(self): - user_role = [{'user_id': 1, 'org_id': 1, 'permission': ''}] + user_role = [{"user_id": 1, "org_id": 1, "permission": ""}] org_id = 1 assert not is_user_write(user_role, org_id) def test_admin_check_perm_user_read(self): - user_role = [{'user_id': 1, 'org_id': 1, 'permission': 'user_read'}] + user_role = [{"user_id": 1, "org_id": 1, "permission": "user_read"}] org_id = 1 assert not is_admin(user_role, org_id) def test_admin_check_perm_user_write(self): - user_role = [{'user_id': 2, 'org_id': 1, 'permission': 'user_write'}] + user_role = [{"user_id": 2, "org_id": 1, "permission": "user_write"}] org_id = 1 assert not is_admin(user_role, org_id) def test_admin_check_perm_user_admin(self): - user_role = [{'user_id': 3, 'org_id': 1, 'permission': 'admin'}] + user_role = [{"user_id": 3, "org_id": 1, "permission": "admin"}] org_id = 1 assert is_admin(user_role, org_id) def test_admin_check_perm_super_admin(self): - user_role = [{'user_id': 4, 'org_id': 1, 'permission': 'super_admin'}] + user_role = [{"user_id": 4, "org_id": 1, "permission": "super_admin"}] org_id = 1 assert is_admin(user_role, org_id) def test_admin_check_invalid(self): - user_role = [{'user_id': 1, 'org_id': 1, 'permission': ''}] + user_role = [{"user_id": 1, "org_id": 1, "permission": ""}] org_id = 1 assert not is_admin(user_role, org_id) def test_super_admin_check_perm_user_read(self): - user_role = [{'user_id': 1, 'org_id': 1, 'permission': 'user_read'}] + user_role = [{"user_id": 1, "org_id": 1, "permission": "user_read"}] assert not is_super_admin(user_role) def test_super_admin_check_perm_user_write(self): - user_role = [{'user_id': 2, 'org_id': 1, 'permission': 'user_write'}] + user_role = [{"user_id": 2, "org_id": 1, "permission": "user_write"}] assert not is_super_admin(user_role) def test_super_admin_check_perm_user_admin(self): - user_role = [{'user_id': 3, 'org_id': 1, 'permission': 'admin'}] + user_role = [{"user_id": 3, "org_id": 1, "permission": "admin"}] assert not is_super_admin(user_role) def test_super_admin_check_perm_super_admin(self): - user_role = [{'user_id': 4, 'org_id': 1, 'permission': 'super_admin'}] + user_role = [{"user_id": 4, "org_id": 1, "permission": "super_admin"}] assert is_super_admin(user_role) def test_super_admin_check_invalid(self): - user_role = [{'user_id': 1, 'org_id': 1, 'permission': ''}] + user_role = [{"user_id": 1, "org_id": 1, "permission": ""}] assert not is_super_admin(user_role) diff --git a/api/tests/test_auth_wrapper.py b/api/tests/test_auth_wrapper.py index a77da50b6a..1fd36aabd5 100644 --- a/api/tests/test_auth_wrapper.py +++ b/api/tests/test_auth_wrapper.py @@ -1,8 +1,4 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath from graphene.test import Client -from flask_bcrypt import Bcrypt from flask import Request from werkzeug.test import create_environ import pytest @@ -13,73 +9,56 @@ from models import Users, User_affiliations, Organizations from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') -def user_role_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def user_role_test_db_init(): with app.app_context(): test_user = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_user = Users( id=2, display_name="testuserwrite", user_name="testuserwrite@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_admin = Users( id=3, display_name="testadmin", user_name="testadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_super_admin = Users( id=4, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) org = Organizations( - id=1, - acronym='ORG1', - org_tags={ - "description": 'Organization 1' - } + id=1, acronym="ORG1", org_tags={"description": "Organization 1"} ) db_session.add(org) test_admin_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=2, - organization_id=1, - permission='user_write' + user_id=2, organization_id=1, permission="user_write" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=3, - organization_id=1, - permission='admin' + user_id=3, organization_id=1, permission="admin" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=4, - organization_id=1, - permission='super_admin' + user_id=4, organization_id=1, permission="super_admin" ) db_session.add(test_admin_role) db_session.commit() @@ -93,164 +72,182 @@ def user_role_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('user_role_test_db_init') +@pytest.mark.usefixtures("user_role_test_db_init") class TestUserRole(TestCase): def test_user_read_claim(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { testUserClaims(org: "ORG1", role: USER_READ) } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['testUserClaims'] - assert executed['data']['testUserClaims'] == 'User Passed User Read Claim' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["testUserClaims"] + assert executed["data"]["testUserClaims"] == "User Passed User Read Claim" def test_user_write_claim(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { testUserClaims(org: "ORG1", role: USER_WRITE) } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['testUserClaims'] - assert executed['data']['testUserClaims'] == 'User Passed User Write Claim' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["testUserClaims"] + assert executed["data"]["testUserClaims"] == "User Passed User Write Claim" def test_admin_claim(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { testUserClaims(org: "ORG1", role: ADMIN) } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['testUserClaims'] - assert executed['data']['testUserClaims'] == 'User Passed Admin Claim' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["testUserClaims"] + assert executed["data"]["testUserClaims"] == "User Passed Admin Claim" def test_super_admin_claim(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { testUserClaims(org: "ORG1", role: SUPER_ADMIN) } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['testUserClaims'] - assert executed['data']['testUserClaims'] == 'User Passed Super Admin Claim' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["testUserClaims"] + assert executed["data"]["testUserClaims"] == "User Passed Super Admin Claim" def test_user_not_admin(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { testUserClaims(org: "ORG1", role: ADMIN) } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == 'Error, user is not an admin for that org' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, user is not an admin for that org" + ) diff --git a/api/tests/test_cost_check.py b/api/tests/test_cost_check.py index fa84185d57..2f042a7d36 100644 --- a/api/tests/test_cost_check.py +++ b/api/tests/test_cost_check.py @@ -1,11 +1,7 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from graphene.test import Client from werkzeug.test import create_environ from flask import Request -from flask_bcrypt import Bcrypt from unittest import TestCase from db import db_session from app import app @@ -13,17 +9,15 @@ from models import Users from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') -def user_schema_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def user_schema_test_db_init(): with app.app_context(): test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) db_session.commit() @@ -37,54 +31,49 @@ def user_schema_test_db_init(): ## # This class of tests works within the 'createUser' api endpoint -@pytest.mark.usefixtures('user_schema_test_db_init') +@pytest.mark.usefixtures("user_schema_test_db_init") class TestCostCheck(TestCase): def test_valid_cost_query(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) query = client.execute( - ''' + """ { user { displayName } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "user": [ - { - "displayName": "testsuperadmin" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"user": [{"displayName": "testsuperadmin"}]}} self.assertDictEqual(result_refr, query) def test_invalid_cost_query(self): backend = SecurityAnalysisBackend(10, 5) client = Client(schema) executed = client.execute( - ''' + """ { getSectorById(id: 1) { groups { @@ -124,7 +113,9 @@ def test_invalid_cost_query(self): } } } - ''', backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == 'Query cost is too high' + """, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == "Query cost is too high" diff --git a/api/tests/test_depth_check.py b/api/tests/test_depth_check.py index f0edcd3bb2..e6184763e0 100644 --- a/api/tests/test_depth_check.py +++ b/api/tests/test_depth_check.py @@ -1,11 +1,7 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath from werkzeug.test import create_environ from flask import Request import pytest from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from app import app from db import db_session @@ -13,17 +9,15 @@ from models import Users from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') -def user_schema_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def user_schema_test_db_init(): with app.app_context(): test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) db_session.commit() @@ -37,54 +31,49 @@ def user_schema_test_db_init(): ## # This class of tests works within the 'createUser' api endpoint -@pytest.mark.usefixtures('user_schema_test_db_init') +@pytest.mark.usefixtures("user_schema_test_db_init") class TestDepthCheck(TestCase): def test_valid_depth_query(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) query = client.execute( - ''' + """ { user { displayName } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "user": [ - { - "displayName": "testsuperadmin" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"user": [{"displayName": "testsuperadmin"}]}} self.assertDictEqual(result_refr, query) def test_invalid_depth_query(self): backend = SecurityAnalysisBackend(10) client = Client(schema) executed = client.execute( - ''' + """ { getSectorById(id: 1) { groups{ @@ -128,7 +117,9 @@ def test_invalid_depth_query(self): } } } - ''', backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == 'Query is too complex' + """, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == "Query is too complex" diff --git a/api/tests/test_domains_mutations.py b/api/tests/test_domains_mutations.py index bf722f5cff..3873eb2d7d 100644 --- a/api/tests/test_domains_mutations.py +++ b/api/tests/test_domains_mutations.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -22,266 +18,191 @@ Https_scans, Mx_scans, Spf_scans, - Ssl_scans + Ssl_scans, ) -@pytest.fixture(scope='class') -def domain_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def domain_test_db_init(): with app.app_context(): test_read = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_read) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) test_admin = Users( id=3, display_name="testadmin", user_name="testadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_admin = Users( id=4, display_name="testadmin2", user_name="testadmin2@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_write = Users( id=5, display_name="testuserwrite", user_name="testuserwrite@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_write) test_write2 = Users( id=6, display_name="testuserwrite2", user_name="testuserwrite2@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_write2) - org = Organizations( - id=1, - acronym='ORG1' - ) + org = Organizations(id=1, acronym="ORG1") db_session.add(org) - org = Organizations( - id=2, - acronym='ORG2' - ) + org = Organizations(id=2, acronym="ORG2") db_session.add(org) test_user_read_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_user_read_role) test_super_admin_role = User_affiliations( - user_id=2, - organization_id=2, - permission='super_admin' + user_id=2, organization_id=2, permission="super_admin" ) db_session.add(test_super_admin_role) test_admin_role = User_affiliations( - user_id=3, - organization_id=1, - permission='admin' + user_id=3, organization_id=1, permission="admin" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=4, - organization_id=2, - permission='admin' + user_id=4, organization_id=2, permission="admin" ) db_session.add(test_admin_role) test_user_write_role = User_affiliations( - user_id=5, - organization_id=1, - permission='user_write' + user_id=5, organization_id=1, permission="user_write" ) db_session.add(test_user_write_role) test_user_write_role_2 = User_affiliations( - user_id=6, - organization_id=2, - permission='user_write' + user_id=6, organization_id=2, permission="user_write" ) db_session.add(test_user_write_role_2) - sa_update_domain = Domains( - domain="sa.update.domain.ca", - organization_id=1 - ) + sa_update_domain = Domains(domain="sa.update.domain.ca", organization_id=1) db_session.add(sa_update_domain) - sa_remove_domain = Domains( - domain="sa.remove.domain.ca", - organization_id=1 - ) + sa_remove_domain = Domains(domain="sa.remove.domain.ca", organization_id=1) db_session.add(sa_remove_domain) org_admin_update_domain = Domains( - domain="admin.update.domain.ca", - organization_id=1 + domain="admin.update.domain.ca", organization_id=1 ) db_session.add(org_admin_update_domain) - org_admin_domain = Domains( - domain="admin.remove.domain.ca", - organization_id=1 - ) + org_admin_domain = Domains(domain="admin.remove.domain.ca", organization_id=1) db_session.add(org_admin_domain) org_admin_update_domain2 = Domains( - domain="admin2.update.domain.ca", - organization_id=1 + domain="admin2.update.domain.ca", organization_id=1 ) db_session.add(org_admin_update_domain2) - org_admin_domain2 = Domains( - domain="admin2.remove.domain.ca", - organization_id=1 - ) + org_admin_domain2 = Domains(domain="admin2.remove.domain.ca", organization_id=1) db_session.add(org_admin_domain2) user_write_update_domain = Domains( - domain="user.write.update.domain.ca", - organization_id=1 + domain="user.write.update.domain.ca", organization_id=1 ) db_session.add(user_write_update_domain) user_write_domain = Domains( - domain="user.write.remove.domain.ca", - organization_id=1 + domain="user.write.remove.domain.ca", organization_id=1 ) db_session.add(user_write_domain) user_write_update_domain_2 = Domains( - domain="user2.write.update.domain.ca", - organization_id=1 + domain="user2.write.update.domain.ca", organization_id=1 ) db_session.add(user_write_update_domain_2) user_write_domain_2 = Domains( - domain="user2.write.remove.domain.ca", - organization_id=1 + domain="user2.write.remove.domain.ca", organization_id=1 ) db_session.add(user_write_domain_2) user_read_update_domain = Domains( - domain="user.read.update.domain.ca", - organization_id=1 + domain="user.read.update.domain.ca", organization_id=1 ) db_session.add(user_read_update_domain) user_read_domain = Domains( - domain="user.read.remove.domain.ca", - organization_id=1 + domain="user.read.remove.domain.ca", organization_id=1 ) db_session.add(user_read_domain) db_session.commit() # Super Admin Scans - domain_id = db_session.query(Domains).filter( - Domains.domain == 'sa.remove.domain.ca' - ).first().id - sa_scan = Scans( - id=1, - domain_id=domain_id + domain_id = ( + db_session.query(Domains) + .filter(Domains.domain == "sa.remove.domain.ca") + .first() + .id ) + sa_scan = Scans(id=1, domain_id=domain_id) db_session.add(sa_scan) db_session.commit() - sa_dkim = Dkim_scans( - id=1 - ) + sa_dkim = Dkim_scans(id=1) db_session.add(sa_dkim) - sa_dmarc = Dmarc_scans( - id=1 - ) + sa_dmarc = Dmarc_scans(id=1) db_session.add(sa_dmarc) - sa_https = Https_scans( - id=1 - ) + sa_https = Https_scans(id=1) db_session.add(sa_https) - sa_ssl = Ssl_scans( - id=1 - ) + sa_ssl = Ssl_scans(id=1) db_session.add(sa_ssl) - sa_spf = Spf_scans( - id=1 - ) + sa_spf = Spf_scans(id=1) db_session.add(sa_spf) db_session.commit() # Admin Scans - domain_id = db_session.query(Domains).filter( - Domains.domain == 'admin.remove.domain.ca' - ).first().id - admin_scan = Scans( - id=2, - domain_id=domain_id + domain_id = ( + db_session.query(Domains) + .filter(Domains.domain == "admin.remove.domain.ca") + .first() + .id ) + admin_scan = Scans(id=2, domain_id=domain_id) db_session.add(admin_scan) db_session.commit() - admin_dkim = Dkim_scans( - id=2 - ) + admin_dkim = Dkim_scans(id=2) db_session.add(admin_dkim) - admin_dmarc = Dmarc_scans( - id=2 - ) + admin_dmarc = Dmarc_scans(id=2) db_session.add(admin_dmarc) - admin_https = Https_scans( - id=2 - ) + admin_https = Https_scans(id=2) db_session.add(admin_https) - admin_ssl = Ssl_scans( - id=2 - ) + admin_ssl = Ssl_scans(id=2) db_session.add(admin_ssl) - admin_spf = Spf_scans( - id=2 - ) + admin_spf = Spf_scans(id=2) db_session.add(admin_spf) db_session.commit() # User Write Scans - domain_id = db_session.query(Domains).filter( - Domains.domain == 'user.write.remove.domain.ca' - ).first().id - user_w_scan = Scans( - id=3, - domain_id=domain_id + domain_id = ( + db_session.query(Domains) + .filter(Domains.domain == "user.write.remove.domain.ca") + .first() + .id ) + user_w_scan = Scans(id=3, domain_id=domain_id) db_session.add(user_w_scan) db_session.commit() - user_w_dkim = Dkim_scans( - id=3 - ) + user_w_dkim = Dkim_scans(id=3) db_session.add(user_w_dkim) - user_w_dmarc = Dmarc_scans( - id=3 - ) + user_w_dmarc = Dmarc_scans(id=3) db_session.add(user_w_dmarc) - user_w_https = Https_scans( - id=3 - ) + user_w_https = Https_scans(id=3) db_session.add(user_w_https) - user_w_ssl = Ssl_scans( - id=3 - ) + user_w_ssl = Ssl_scans(id=3) db_session.add(user_w_ssl) - user_w_spf = Spf_scans( - id=3 - ) + user_w_spf = Spf_scans(id=3) db_session.add(user_w_spf) db_session.commit() @@ -302,7 +223,7 @@ def domain_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('domain_test_db_init') +@pytest.mark.usefixtures("domain_test_db_init") class TestDomainMutationAccessControl(TestCase): # Super Admin Tests def test_domain_creation_super_admin(self): @@ -313,52 +234,50 @@ def test_domain_creation_super_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ createDomain(org: "ORG1", url: "sa.create.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['createDomain'] - assert executed['data']['createDomain']['status'] + assert executed["data"] + assert executed["data"]["createDomain"] + assert executed["data"]["createDomain"]["status"] executed = client.execute( - ''' + """ { domain(url: "sa.create.domain.ca") { url } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "domain": [ - { - "url": "sa.create.domain.ca" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"domain": [{"url": "sa.create.domain.ca"}]}} self.assertDictEqual(result_refr, executed) def test_domain_modification_super_admin(self): @@ -369,24 +288,24 @@ def test_domain_modification_super_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateDomain( currentUrl: "sa.update.domain.ca", @@ -395,29 +314,27 @@ def test_domain_modification_super_admin(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['updateDomain'] - assert executed['data']['updateDomain']['status'] + assert executed["data"] + assert executed["data"]["updateDomain"] + assert executed["data"]["updateDomain"]["status"] executed = client.execute( - ''' + """ { domain(url: "updated.sa.update.domain.ca") { url } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "domain": [ - { - "url": "updated.sa.update.domain.ca" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"domain": [{"url": "updated.sa.update.domain.ca"}]}} self.assertDictEqual(result_refr, executed) def test_domain_removal_super_admin(self): @@ -428,75 +345,50 @@ def test_domain_removal_super_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ removeDomain(url: "sa.remove.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) - - assert executed['data'] - assert executed['data']['removeDomain'] - assert executed['data']['removeDomain']['status'] - - assert not db_session.query( - Domains - ).filter( - Domains.domain == 'sa.remove.domain.ca' - ).all() - assert not db_session.query( - Scans - ).filter( - Scans.id == 1 - ).all() - assert not db_session.query( - Dkim_scans - ).filter( - Dkim_scans.id == 1 - ).all() - assert not db_session.query( - Dmarc_scans - ).filter( - Dmarc_scans.id == 1 - ).all() - assert not db_session.query( - Https_scans - ).filter( - Https_scans.id == 1 - ).all() - assert not db_session.query( - Mx_scans - ).filter( - Mx_scans.id == 1 - ).all() - assert not db_session.query( - Ssl_scans - ).filter( - Ssl_scans.id == 1 - ).all() - assert not db_session.query( - Spf_scans - ).filter( - Spf_scans.id == 1 - ).all() + """, + context_value=request_headers, + backend=backend, + ) + + assert executed["data"] + assert executed["data"]["removeDomain"] + assert executed["data"]["removeDomain"]["status"] + + assert ( + not db_session.query(Domains) + .filter(Domains.domain == "sa.remove.domain.ca") + .all() + ) + assert not db_session.query(Scans).filter(Scans.id == 1).all() + assert not db_session.query(Dkim_scans).filter(Dkim_scans.id == 1).all() + assert not db_session.query(Dmarc_scans).filter(Dmarc_scans.id == 1).all() + assert not db_session.query(Https_scans).filter(Https_scans.id == 1).all() + assert not db_session.query(Mx_scans).filter(Mx_scans.id == 1).all() + assert not db_session.query(Ssl_scans).filter(Ssl_scans.id == 1).all() + assert not db_session.query(Spf_scans).filter(Spf_scans.id == 1).all() def test_domain_creation_super_admin_acronym_sa(self): """ @@ -506,34 +398,40 @@ def test_domain_creation_super_admin_acronym_sa(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ createDomain(org: "SA", url: "sa.create.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == 'Error, you cannot add a domain to this organization.' + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you cannot add a domain to this organization." + ) # Org Admin Tests def test_domain_creation_org_admin(self): @@ -544,52 +442,50 @@ def test_domain_creation_org_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ createDomain(org: "ORG1", url: "admin.create.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['createDomain'] - assert executed['data']['createDomain']['status'] + assert executed["data"] + assert executed["data"]["createDomain"] + assert executed["data"]["createDomain"]["status"] executed = client.execute( - ''' + """ { domain(url: "admin.create.domain.ca") { url } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "domain": [ - { - "url": "admin.create.domain.ca" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"domain": [{"url": "admin.create.domain.ca"}]}} self.assertDictEqual(result_refr, executed) def test_domain_modification_org_admin(self): @@ -600,24 +496,24 @@ def test_domain_modification_org_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateDomain( currentUrl: "admin.update.domain.ca", @@ -626,28 +522,28 @@ def test_domain_modification_org_admin(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['updateDomain'] - assert executed['data']['updateDomain']['status'] + assert executed["data"] + assert executed["data"]["updateDomain"] + assert executed["data"]["updateDomain"]["status"] executed = client.execute( - ''' + """ { domain(url: "updated.admin.update.domain.ca") { url } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { - "data": { - "domain": [ - { - "url": "updated.admin.update.domain.ca" - } - ] - } + "data": {"domain": [{"url": "updated.admin.update.domain.ca"}]} } self.assertDictEqual(result_refr, executed) @@ -659,75 +555,50 @@ def test_domain_removal_org_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ removeDomain(url: "admin.remove.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) - - assert executed['data'] - assert executed['data']['removeDomain'] - assert executed['data']['removeDomain']['status'] - - assert not db_session.query( - Domains - ).filter( - Domains.domain == 'admin.remove.domain.ca' - ).all() - assert not db_session.query( - Scans - ).filter( - Scans.id == 2 - ).all() - assert not db_session.query( - Dkim_scans - ).filter( - Dkim_scans.id == 2 - ).all() - assert not db_session.query( - Dmarc_scans - ).filter( - Dmarc_scans.id == 2 - ).all() - assert not db_session.query( - Https_scans - ).filter( - Https_scans.id == 2 - ).all() - assert not db_session.query( - Mx_scans - ).filter( - Mx_scans.id == 2 - ).all() - assert not db_session.query( - Ssl_scans - ).filter( - Ssl_scans.id == 2 - ).all() - assert not db_session.query( - Spf_scans - ).filter( - Spf_scans.id == 2 - ).all() + """, + context_value=request_headers, + backend=backend, + ) + + assert executed["data"] + assert executed["data"]["removeDomain"] + assert executed["data"]["removeDomain"]["status"] + + assert ( + not db_session.query(Domains) + .filter(Domains.domain == "admin.remove.domain.ca") + .all() + ) + assert not db_session.query(Scans).filter(Scans.id == 2).all() + assert not db_session.query(Dkim_scans).filter(Dkim_scans.id == 2).all() + assert not db_session.query(Dmarc_scans).filter(Dmarc_scans.id == 2).all() + assert not db_session.query(Https_scans).filter(Https_scans.id == 2).all() + assert not db_session.query(Mx_scans).filter(Mx_scans.id == 2).all() + assert not db_session.query(Ssl_scans).filter(Ssl_scans.id == 2).all() + assert not db_session.query(Spf_scans).filter(Spf_scans.id == 2).all() # Different Org Admin def test_domain_creation_diff_org_admin(self): @@ -738,34 +609,40 @@ def test_domain_creation_diff_org_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin2@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ createDomain(org: "ORG1", url: "admin2.create.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to create a domain for that organization" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to create a domain for that organization" + ) def test_domain_modification_diff_org_admin(self): """ @@ -775,24 +652,24 @@ def test_domain_modification_diff_org_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin2@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateDomain( currentUrl: "admin2.update.domain.ca", @@ -801,11 +678,17 @@ def test_domain_modification_diff_org_admin(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to edit domains belonging to another organization" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to edit domains belonging to another organization" + ) def test_domain_removal_diff_org_admin(self): """ @@ -815,34 +698,40 @@ def test_domain_removal_diff_org_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin2@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ removeDomain(url: "admin2.remove.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to remove domains." + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to remove domains." + ) # User Write Tests def test_domain_creation_user_write(self): @@ -853,52 +742,50 @@ def test_domain_creation_user_write(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ createDomain(org: "ORG1", url: "user.write.create.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['createDomain'] - assert executed['data']['createDomain']['status'] + assert executed["data"] + assert executed["data"]["createDomain"] + assert executed["data"]["createDomain"]["status"] executed = client.execute( - ''' + """ { domain(url: "user.write.create.domain.ca") { url } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "domain": [ - { - "url": "user.write.create.domain.ca" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"domain": [{"url": "user.write.create.domain.ca"}]}} self.assertDictEqual(result_refr, executed) def test_domain_modification_user_write(self): @@ -909,24 +796,24 @@ def test_domain_modification_user_write(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateDomain( currentUrl: "user.write.update.domain.ca", @@ -935,28 +822,28 @@ def test_domain_modification_user_write(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['updateDomain'] - assert executed['data']['updateDomain']['status'] + assert executed["data"] + assert executed["data"]["updateDomain"] + assert executed["data"]["updateDomain"]["status"] executed = client.execute( - ''' + """ { domain(url: "updated.user.write.update.domain.ca") { url } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { - "data": { - "domain": [ - { - "url": "updated.user.write.update.domain.ca" - } - ] - } + "data": {"domain": [{"url": "updated.user.write.update.domain.ca"}]} } self.assertDictEqual(result_refr, executed) @@ -968,88 +855,66 @@ def test_domain_removal_user_write(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ removeDomain(url: "user.write.remove.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['removeDomain'] - assert executed['data']['removeDomain']['status'] + assert executed["data"] + assert executed["data"]["removeDomain"] + assert executed["data"]["removeDomain"]["status"] executed = client.execute( - ''' + """ { domain(url: "user.write.remove.domain.ca") { url } } - ''', context_value=request_headers, backend=backend) - - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, domain does not exist" - - assert not db_session.query( - Domains - ).filter( - Domains.domain == 'user.write.remove.domain.ca' - ).all() - assert not db_session.query( - Scans - ).filter( - Scans.id == 3 - ).all() - assert not db_session.query( - Dkim_scans - ).filter( - Dkim_scans.id == 3 - ).all() - assert not db_session.query( - Dmarc_scans - ).filter( - Dmarc_scans.id == 3 - ).all() - assert not db_session.query( - Https_scans - ).filter( - Https_scans.id == 3 - ).all() - assert not db_session.query( - Mx_scans - ).filter( - Mx_scans.id == 3 - ).all() - assert not db_session.query( - Ssl_scans - ).filter( - Ssl_scans.id == 3 - ).all() - assert not db_session.query( - Spf_scans - ).filter( - Spf_scans.id == 3 - ).all() + """, + context_value=request_headers, + backend=backend, + ) + + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == "Error, domain does not exist" + + assert ( + not db_session.query(Domains) + .filter(Domains.domain == "user.write.remove.domain.ca") + .all() + ) + assert not db_session.query(Scans).filter(Scans.id == 3).all() + assert not db_session.query(Dkim_scans).filter(Dkim_scans.id == 3).all() + assert not db_session.query(Dmarc_scans).filter(Dmarc_scans.id == 3).all() + assert not db_session.query(Https_scans).filter(Https_scans.id == 3).all() + assert not db_session.query(Mx_scans).filter(Mx_scans.id == 3).all() + assert not db_session.query(Ssl_scans).filter(Ssl_scans.id == 3).all() + assert not db_session.query(Spf_scans).filter(Spf_scans.id == 3).all() # Different Org User Write def test_domain_creation_diff_org_user_write(self): @@ -1060,34 +925,40 @@ def test_domain_creation_diff_org_user_write(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite2@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ createDomain(org: "ORG1", url: "admin2.create.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to create a domain for that organization" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to create a domain for that organization" + ) def test_domain_modification_diff_org_user_write(self): """ @@ -1097,24 +968,24 @@ def test_domain_modification_diff_org_user_write(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite2@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateDomain( currentUrl: "user2.write.update.domain.ca", @@ -1123,11 +994,17 @@ def test_domain_modification_diff_org_user_write(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to edit domains belonging to another organization" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to edit domains belonging to another organization" + ) def test_domain_removal_diff_org_user_write(self): """ @@ -1137,34 +1014,40 @@ def test_domain_removal_diff_org_user_write(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite2@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ removeDomain(url: "user2.write.remove.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to remove domains." + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to remove domains." + ) # Different Org User Read def test_domain_creation_org_user_read(self): @@ -1175,34 +1058,40 @@ def test_domain_creation_org_user_read(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ createDomain(org: "ORG1", url: "user.read.create.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to create a domain for that organization" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to create a domain for that organization" + ) def test_domain_modification_org_user_read(self): """ @@ -1212,24 +1101,24 @@ def test_domain_modification_org_user_read(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateDomain( currentUrl: "user.read.update.domain.ca", @@ -1238,11 +1127,17 @@ def test_domain_modification_org_user_read(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to edit domains belonging to another organization" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to edit domains belonging to another organization" + ) def test_domain_removal_org_user_read(self): """ @@ -1252,31 +1147,37 @@ def test_domain_removal_org_user_read(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ removeDomain(url: "user.read.remove.domain.ca") { status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to remove domains." + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to remove domains." + ) diff --git a/api/tests/test_domains_resolver_access_control.py b/api/tests/test_domains_resolver_access_control.py index 5ad9f143ea..4ffd527dca 100644 --- a/api/tests/test_domains_resolver_access_control.py +++ b/api/tests/test_domains_resolver_access_control.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -13,83 +9,52 @@ from queries import schema from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') -def domain_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def domain_test_db_init(): with app.app_context(): test_user = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) org = Organizations( - id=1, - acronym='ORG1', - org_tags={ - "description": 'Organization 1' - } + id=1, acronym="ORG1", org_tags={"description": "Organization 1"} ) db_session.add(org) org = Organizations( - id=2, - acronym='ORG2', - org_tags={ - "description": 'Organization 2' - } + id=2, acronym="ORG2", org_tags={"description": "Organization 2"} ) db_session.add(org) org = Organizations( - id=3, - acronym='ORG3', - org_tags={ - "description": 'Organization 3' - } + id=3, acronym="ORG3", org_tags={"description": "Organization 3"} ) db_session.add(org) test_admin_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=2, - organization_id=1, - permission='super_admin' + user_id=2, organization_id=1, permission="super_admin" ) db_session.add(test_admin_role) - domain = Domains( - id=1, - domain='somecooldomain.ca', - organization_id=1 - ) + domain = Domains(id=1, domain="somecooldomain.ca", organization_id=1) db_session.add(domain) - domain = Domains( - id=2, - domain='anothercooldomain.ca', - organization_id=1 - ) + domain = Domains(id=2, domain="anothercooldomain.ca", organization_id=1) db_session.add(domain) - domain = Domains( - id=3, - domain='somelamedomain.ca', - organization_id=2 - ) + domain = Domains(id=3, domain="somelamedomain.ca", organization_id=2) db_session.add(domain) db_session.commit() @@ -103,7 +68,7 @@ def domain_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('domain_test_db_init') +@pytest.mark.usefixtures("domain_test_db_init") class TestDomainsResolver(TestCase): # Super Admin Tests def test_get_domain_resolvers_by_url_super_admin_single_node(self): @@ -112,40 +77,35 @@ def test_get_domain_resolvers_by_url_super_admin_single_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "somelamedomain.ca") { url } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "domain": [ - { - "url": "somelamedomain.ca" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"domain": [{"url": "somelamedomain.ca"}]}} self.assertDictEqual(result_refr, executed) def test_get_domain_resolvers_by_org_super_admin_single_node(self): @@ -157,25 +117,25 @@ def test_get_domain_resolvers_by_org_super_admin_single_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domains(organization: "ORG2") { edges { @@ -185,19 +145,12 @@ def test_get_domain_resolvers_by_org_super_admin_single_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { - "data": { - "domains": { - "edges": [ - { - "node": { - "url": "somelamedomain.ca" - } - } - ] - } - } + "data": {"domains": {"edges": [{"node": {"url": "somelamedomain.ca"}}]}} } self.assertDictEqual(result_refr, executed) @@ -209,25 +162,25 @@ def test_get_domain_resolvers_by_org_super_admin_multi_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domains(organization: "ORG1") { edges { @@ -237,21 +190,16 @@ def test_get_domain_resolvers_by_org_super_admin_multi_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "domains": { "edges": [ - { - "node": { - "url": "somecooldomain.ca" - } - }, - { - "node": { - "url": "anothercooldomain.ca" - } - } + {"node": {"url": "somecooldomain.ca"}}, + {"node": {"url": "anothercooldomain.ca"}}, ] } } @@ -266,34 +214,37 @@ def test_get_domain_resolvers_by_url_super_admin_invalid_domain(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "google.ca") { url } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, domain does not exist" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == "Error, domain does not exist" def test_get_domain_resolvers_by_org_super_admin_org_no_domains(self): """ @@ -303,25 +254,25 @@ def test_get_domain_resolvers_by_org_super_admin_org_no_domains(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domains(organization: "ORG3") { edges { @@ -331,10 +282,16 @@ def test_get_domain_resolvers_by_org_super_admin_org_no_domains(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, no domains associated with that organization" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, no domains associated with that organization" + ) # User read tests def test_get_domain_resolvers_by_url_user_read_single_node(self): @@ -346,40 +303,35 @@ def test_get_domain_resolvers_by_url_user_read_single_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "somecooldomain.ca") { url } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "domain": [ - { - "url": "somecooldomain.ca" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"domain": [{"url": "somecooldomain.ca"}]}} self.assertDictEqual(result_refr, executed) def test_get_domain_resolvers_by_org_user_read_multi_node(self): @@ -391,25 +343,25 @@ def test_get_domain_resolvers_by_org_user_read_multi_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domains(organization: "ORG1") { edges { @@ -419,21 +371,16 @@ def test_get_domain_resolvers_by_org_user_read_multi_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "domains": { "edges": [ - { - "node": { - "url": "somecooldomain.ca" - } - }, - { - "node": { - "url": "anothercooldomain.ca" - } - } + {"node": {"url": "somecooldomain.ca"}}, + {"node": {"url": "anothercooldomain.ca"}}, ] } } @@ -449,34 +396,40 @@ def test_get_domain_resolvers_by_url_user_read_no_access(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "somelamedomain.ca") { url } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to view that domain" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to view that domain" + ) def test_get_domain_resolvers_by_org_user_read_no_access(self): """ @@ -487,25 +440,25 @@ def test_get_domain_resolvers_by_org_user_read_no_access(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domains(organization: "ORG2") { edges { @@ -515,10 +468,16 @@ def test_get_domain_resolvers_by_org_user_read_no_access(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to view that organization" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to view that organization" + ) def test_get_domain_resolvers_by_url_user_read_invalid_domain(self): """ @@ -529,34 +488,37 @@ def test_get_domain_resolvers_by_url_user_read_invalid_domain(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "google.ca") { url } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, domain does not exist" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == "Error, domain does not exist" def test_get_domain_resolvers_by_org_user_read_org_no_domains(self): """ @@ -567,25 +529,25 @@ def test_get_domain_resolvers_by_org_user_read_org_no_domains(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domains(organization: "ORG3") { edges { @@ -595,7 +557,13 @@ def test_get_domain_resolvers_by_org_user_read_org_no_domains(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to view that organization" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to view that organization" + ) diff --git a/api/tests/test_domains_resolver_values.py b/api/tests/test_domains_resolver_values.py index ea632356cd..e1bcfa9067 100644 --- a/api/tests/test_domains_resolver_values.py +++ b/api/tests/test_domains_resolver_values.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -23,51 +19,35 @@ Https_scans, Mx_scans, Spf_scans, - Ssl_scans + Ssl_scans, ) -@pytest.fixture(scope='class') +@pytest.fixture(scope="class") def domain_test_db_init(): - bcrypt = Bcrypt(app) with app.app_context(): test_user = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) org = Organizations( - id=1, - acronym='ORG1', - org_tags={ - "description": 'Organization 1' - } + id=1, acronym="ORG1", org_tags={"description": "Organization 1"} ) db_session.add(org) test_user_read_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_user_read_role) - domain = Domains( - id=1, - domain='accurateplastics.com', - organization_id=1 - ) + domain = Domains(id=1, domain="accurateplastics.com", organization_id=1) db_session.add(domain) - domain = Domains( - id=2, - domain='addisonfoods.com', - organization_id=1 - ) + domain = Domains(id=2, domain="addisonfoods.com", organization_id=1) db_session.add(domain) test_dmarc_report = Dmarc_Reports( @@ -86,7 +66,7 @@ def domain_test_db_init(): "end_date": "2018-10-01 13:07:12", "errors": [ "Invalid XML: not well-formed (invalid token): line 5, column 17" - ] + ], }, "policy_published": { "domain": "example.com", @@ -95,7 +75,7 @@ def domain_test_db_init(): "p": "none", "sp": "reject", "pct": "100", - "fo": "0" + "fo": "0", }, "records": [ { @@ -103,46 +83,36 @@ def domain_test_db_init(): "ip_address": "12.20.127.122", "country": "US", "reverse_dns": "null", - "base_domain": "null" + "base_domain": "null", }, "count": 1, - "alignment": { - "spf": False, - "dkim": False, - "dmarc": False - }, + "alignment": {"spf": False, "dkim": False, "dmarc": False}, "policy_evaluated": { "disposition": "none", "dkim": "fail", "spf": "fail", - "policy_override_reasons": [ - "TESTING TEXT" - ] + "policy_override_reasons": ["TESTING TEXT"], }, "identifiers": { "header_from": "example.com", "envelope_from": "null", - "envelope_to": "null" + "envelope_to": "null", }, "auth_results": { "dkim": [ { "domain": "toptierhighticket.club", "selector": "default", - "result": "pass" + "result": "pass", } ], "spf": [ - { - "domain": "null", - "scope": "mfrom", - "result": "none" - } - ] - } + {"domain": "null", "scope": "mfrom", "result": "none"} + ], + }, } - ] - } + ], + }, ) db_session.add(test_dmarc_report) db_session.commit() @@ -165,7 +135,7 @@ def domain_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('domain_test_db_init') +@pytest.mark.usefixtures("domain_test_db_init") class TestDomainsResolver(TestCase): def test_get_domain_resolver_dmarc_report(self): """ @@ -175,25 +145,25 @@ def test_get_domain_resolver_dmarc_report(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "accurateplastics.com") { url @@ -256,8 +226,11 @@ def test_get_domain_resolver_dmarc_report(self): } } } - ''', context_value=request_headers, backend=backend) - result_refr ={ + """, + context_value=request_headers, + backend=backend, + ) + result_refr = { "data": { "domain": [ { @@ -280,7 +253,7 @@ def test_get_domain_resolver_dmarc_report(self): "p": "none", "sp": "reject", "pct": 100, - "fo": 0 + "fo": 0, }, "records": [ { @@ -289,12 +262,12 @@ def test_get_domain_resolver_dmarc_report(self): "ipAddress": "12.20.127.122", "country": "US", "reverseDns": "null", - "baseDomain": "null" + "baseDomain": "null", }, "alignment": { "spf": False, "dkim": False, - "dmarc": False + "dmarc": False, }, "policyEvaluated": { "disposition": "none", @@ -302,35 +275,35 @@ def test_get_domain_resolver_dmarc_report(self): "spf": "fail", "policyOverrideReasons": [ "TESTING TEXT" - ] + ], }, "identifiers": { "headerFrom": "example.com", "envelopeFrom": "null", - "envelopeTo": "null" + "envelopeTo": "null", }, "authResults": { "dkim": [ { "domain": "toptierhighticket.club", "selector": "default", - "result": "pass" + "result": "pass", } ], "spf": [ { "domain": "null", "scope": "mfrom", - "result": "none" + "result": "none", } - ] - } + ], + }, } - ] + ], } } ] - } + }, } ] } @@ -345,25 +318,25 @@ def test_get_domain_resolver_dmarc_report_in_date_range(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "accurateplastics.com") { url @@ -426,8 +399,11 @@ def test_get_domain_resolver_dmarc_report_in_date_range(self): } } } - ''', context_value=request_headers, backend=backend) - result_refr ={ + """, + context_value=request_headers, + backend=backend, + ) + result_refr = { "data": { "domain": [ { @@ -450,7 +426,7 @@ def test_get_domain_resolver_dmarc_report_in_date_range(self): "p": "none", "sp": "reject", "pct": 100, - "fo": 0 + "fo": 0, }, "records": [ { @@ -459,12 +435,12 @@ def test_get_domain_resolver_dmarc_report_in_date_range(self): "ipAddress": "12.20.127.122", "country": "US", "reverseDns": "null", - "baseDomain": "null" + "baseDomain": "null", }, "alignment": { "spf": False, "dkim": False, - "dmarc": False + "dmarc": False, }, "policyEvaluated": { "disposition": "none", @@ -472,35 +448,35 @@ def test_get_domain_resolver_dmarc_report_in_date_range(self): "spf": "fail", "policyOverrideReasons": [ "TESTING TEXT" - ] + ], }, "identifiers": { "headerFrom": "example.com", "envelopeFrom": "null", - "envelopeTo": "null" + "envelopeTo": "null", }, "authResults": { "dkim": [ { "domain": "toptierhighticket.club", "selector": "default", - "result": "pass" + "result": "pass", } ], "spf": [ { "domain": "null", "scope": "mfrom", - "result": "none" + "result": "none", } - ] - } + ], + }, } - ] + ], } } ] - } + }, } ] } @@ -515,25 +491,25 @@ def test_get_domain_resolver_dmarc_report_out_of_date_range(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "accurateplastics.com") { url @@ -596,10 +572,16 @@ def test_get_domain_resolver_dmarc_report_out_of_date_range(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, no reports for that domain in that date range." + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, no reports for that domain in that date range." + ) def test_get_domain_resolver_dmarc_report_domain_missing_report(self): """ @@ -609,25 +591,25 @@ def test_get_domain_resolver_dmarc_report_domain_missing_report(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "addisonfoods.com") { url @@ -690,10 +672,15 @@ def test_get_domain_resolver_dmarc_report_domain_missing_report(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == 'Error, no reports for that domain.' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] == "Error, no reports for that domain." + ) def test_get_domain_resolver_dmarc_report_no_start_date(self): """ @@ -703,25 +690,25 @@ def test_get_domain_resolver_dmarc_report_no_start_date(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "addisonfoods.com") { url @@ -784,10 +771,16 @@ def test_get_domain_resolver_dmarc_report_no_start_date(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == 'Error, both start and end dates are required.' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, both start and end dates are required." + ) def test_get_domain_resolver_dmarc_report_no_end_date(self): """ @@ -797,25 +790,25 @@ def test_get_domain_resolver_dmarc_report_no_end_date(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { domain(url: "addisonfoods.com") { url @@ -878,7 +871,13 @@ def test_get_domain_resolver_dmarc_report_no_end_date(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == 'Error, both start and end dates are required.' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, both start and end dates are required." + ) diff --git a/api/tests/test_organization_mutations.py b/api/tests/test_organization_mutations.py index bc4fe7c607..52596f772f 100644 --- a/api/tests/test_organization_mutations.py +++ b/api/tests/test_organization_mutations.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -22,161 +18,126 @@ Https_scans, Mx_scans, Spf_scans, - Ssl_scans + Ssl_scans, ) -@pytest.fixture(scope='class') -def organization_mutation_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def organization_mutation_db_init(): with app.app_context(): test_super_admin = Users( id=1, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) test_admin = Users( id=2, display_name="testadmin", user_name="testadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_write = Users( id=3, display_name="testuserwrite", user_name="testuserwrite@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_write) test_read = Users( id=4, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_read) # Super Admin Test Values - sa_org = Organizations( - acronym='SA' - ) + sa_org = Organizations(acronym="SA") db_session.add(sa_org) db_session.commit() - org_orm = db_session.query(Organizations).filter( - Organizations.acronym == 'SA' - ).first() + org_orm = ( + db_session.query(Organizations) + .filter(Organizations.acronym == "SA") + .first() + ) sa_user_aff = User_affiliations( - organization_id=org_orm.id, - user_id=1, - permission='super_admin' + organization_id=org_orm.id, user_id=1, permission="super_admin" ) db_session.add(sa_user_aff) db_session.commit() - sa_check_org = Organizations( - acronym="SA_CHECK" - ) + sa_check_org = Organizations(acronym="SA_CHECK") db_session.add(sa_check_org) - sa_update_org = Organizations( - acronym="SA_UPDATE" - ) + sa_update_org = Organizations(acronym="SA_UPDATE") db_session.add(sa_update_org) - sa_delete_org = Organizations( - acronym="SA_DELETE" - ) + sa_delete_org = Organizations(acronym="SA_DELETE") db_session.add(sa_delete_org) db_session.commit() - org_orm = db_session.query(Organizations).filter( - Organizations.acronym == 'SA_DELETE' - ).first() - sa_domain = Domains( - id=1, - organization_id=org_orm.id + org_orm = ( + db_session.query(Organizations) + .filter(Organizations.acronym == "SA_DELETE") + .first() ) + sa_domain = Domains(id=1, organization_id=org_orm.id) db_session.add(sa_domain) - sa_scan = Scans( - id=1, - domain_id=1 - ) + sa_scan = Scans(id=1, domain_id=1) db_session.add(sa_scan) db_session.commit() - sa_dkim = Dkim_scans( - id=1 - ) + sa_dkim = Dkim_scans(id=1) db_session.add(sa_dkim) - sa_dmarc = Dmarc_scans( - id=1 - ) + sa_dmarc = Dmarc_scans(id=1) db_session.add(sa_dmarc) - sa_https = Https_scans( - id=1 - ) + sa_https = Https_scans(id=1) db_session.add(sa_https) - sa_mx = Mx_scans( - id=1 - ) + sa_mx = Mx_scans(id=1) db_session.add(sa_mx) - sa_spf = Spf_scans( - id=1 - ) + sa_spf = Spf_scans(id=1) db_session.add(sa_spf) - sa_ssl = Ssl_scans( - id=1 - ) + sa_ssl = Ssl_scans(id=1) db_session.add(sa_ssl) db_session.commit() # Admin Db Inserts - admin_org = Organizations( - acronym="ADMIN_ORG" - ) + admin_org = Organizations(acronym="ADMIN_ORG") db_session.add(admin_org) db_session.commit() - org_orm = db_session.query(Organizations).filter( - Organizations.acronym == 'ADMIN_ORG' - ).first() + org_orm = ( + db_session.query(Organizations) + .filter(Organizations.acronym == "ADMIN_ORG") + .first() + ) admin_aff = User_affiliations( - organization_id=org_orm.id, - user_id=2, - permission='admin' + organization_id=org_orm.id, user_id=2, permission="admin" ) db_session.add(admin_aff) # User Write Db Inserts - user_write_org = Organizations( - acronym="USER_W_ORG" - ) + user_write_org = Organizations(acronym="USER_W_ORG") db_session.add(user_write_org) db_session.commit() - org_orm = db_session.query(Organizations).filter( - Organizations.acronym == 'USER_W_ORG' - ).first() + org_orm = ( + db_session.query(Organizations) + .filter(Organizations.acronym == "USER_W_ORG") + .first() + ) user_write_aff = User_affiliations( - organization_id=org_orm.id, - user_id=3, - permission='user_write' + organization_id=org_orm.id, user_id=3, permission="user_write" ) db_session.add(user_write_aff) # User Read Db Inserts - user_read_org = Organizations( - acronym="USER_R_ORG" - ) + user_read_org = Organizations(acronym="USER_R_ORG") db_session.add(user_read_org) db_session.commit() - org_orm = db_session.query(Organizations).filter( - Organizations.acronym == 'USER_R_ORG' - ).first() + org_orm = ( + db_session.query(Organizations) + .filter(Organizations.acronym == "USER_R_ORG") + .first() + ) user_read_aff = User_affiliations( - organization_id=org_orm.id, - user_id=4, - permission='user_read' + organization_id=org_orm.id, user_id=4, permission="user_read" ) db_session.add(user_read_aff) db_session.commit() @@ -198,7 +159,7 @@ def organization_mutation_db_init(): db_session.commit() -@pytest.mark.usefixtures('organization_mutation_db_init') +@pytest.mark.usefixtures("organization_mutation_db_init") class TestOrganizationMutations(TestCase): # Super Admin Tests def test_sa_org_mutation_create_org(self): @@ -209,25 +170,25 @@ def test_sa_org_mutation_create_org(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { createOrganization( acronym: "TEST_ORG" @@ -240,14 +201,17 @@ def test_sa_org_mutation_create_org(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['createOrganization'] - assert executed['data']['createOrganization']['status'] + assert executed["data"] + assert executed["data"]["createOrganization"] + assert executed["data"]["createOrganization"]["status"] executed = client.execute( - ''' + """ { organization(org: "TEST_ORG") { edges { @@ -262,7 +226,10 @@ def test_sa_org_mutation_create_org(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "organization": { @@ -274,7 +241,7 @@ def test_sa_org_mutation_create_org(self): "zone": "Test Zone", "sector": "Test Sector", "province": "Nova Scotia", - "city": "Halifax" + "city": "Halifax", } } ] @@ -291,25 +258,25 @@ def test_sa_org_mutation_create_org_already_exists(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { createOrganization( acronym: "SA_CHECK" @@ -322,11 +289,16 @@ def test_sa_org_mutation_create_org_already_exists(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, Organization alredy exists" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] == "Error, Organization alredy exists" + ) def test_sa_org_mutation_update_org(self): """ @@ -336,25 +308,25 @@ def test_sa_org_mutation_update_org(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { updateOrganization( acronym: "TEST_ORG" @@ -368,14 +340,17 @@ def test_sa_org_mutation_update_org(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['updateOrganization'] - assert executed['data']['updateOrganization']['status'] + assert executed["data"] + assert executed["data"]["updateOrganization"] + assert executed["data"]["updateOrganization"]["status"] executed = client.execute( - ''' + """ { organization(org: "NEW_ORG") { edges { @@ -390,7 +365,10 @@ def test_sa_org_mutation_update_org(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "organization": { @@ -402,7 +380,7 @@ def test_sa_org_mutation_update_org(self): "zone": "Test Zone", "sector": "Test Sector", "province": "Nova Scotia", - "city": "Halifax" + "city": "Halifax", } } ] @@ -419,25 +397,25 @@ def test_sa_org_mutation_update_org_acronym_already_in_use(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { updateOrganization( acronym: "SA_UPDATE" @@ -451,11 +429,14 @@ def test_sa_org_mutation_update_org_acronym_already_in_use(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, acronym already in use." + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == "Error, acronym already in use." def test_sa_org_mutation_update_org_does_not_exist(self): """ @@ -465,25 +446,25 @@ def test_sa_org_mutation_update_org_does_not_exist(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { updateOrganization( acronym: "TEST_ORG" @@ -497,11 +478,17 @@ def test_sa_org_mutation_update_org_does_not_exist(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, organization does not exist." + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, organization does not exist." + ) def test_sa_org_mutation_remove_org(self): """ @@ -511,29 +498,32 @@ def test_sa_org_mutation_remove_org(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) - org_id = db_session.query(Organizations).filter( - Organizations.acronym == 'SA_DELETE' - ).first().id + org_id = ( + db_session.query(Organizations) + .filter(Organizations.acronym == "SA_DELETE") + .first() + .id + ) executed = client.execute( - ''' + """ mutation { removeOrganization( acronym: "SA_DELETE" @@ -541,20 +531,27 @@ def test_sa_org_mutation_remove_org(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['data'] - assert executed['data']['removeOrganization'] - assert executed['data']['removeOrganization']['status'] + assert executed["data"] + assert executed["data"]["removeOrganization"] + assert executed["data"]["removeOrganization"]["status"] - check_org_orm = db_session.query(Organizations).filter( - Organizations.acronym == 'SA_DELETE' - ).first() + check_org_orm = ( + db_session.query(Organizations) + .filter(Organizations.acronym == "SA_DELETE") + .first() + ) assert check_org_orm is None - check_user_aff = db_session.query(User_affiliations).filter( - User_affiliations.organization_id == org_id - ).all() + check_user_aff = ( + db_session.query(User_affiliations) + .filter(User_affiliations.organization_id == org_id) + .all() + ) assert not check_user_aff assert not db_session.query(Domains).all() @@ -574,25 +571,25 @@ def test_sa_org_mutation_remove_org_sa_org(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { removeOrganization( acronym: "SA" @@ -600,11 +597,17 @@ def test_sa_org_mutation_remove_org_sa_org(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you cannot remove this organization" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you cannot remove this organization" + ) def test_sa_org_mutation_remove_org_does_not_exist(self): """ @@ -614,25 +617,25 @@ def test_sa_org_mutation_remove_org_does_not_exist(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { removeOrganization( acronym: "RANDOM" @@ -640,11 +643,16 @@ def test_sa_org_mutation_remove_org_does_not_exist(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, organization does not exist" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] == "Error, organization does not exist" + ) # Admin Test def test_admin_org_mutation_create_org_fail(self): @@ -655,25 +663,25 @@ def test_admin_org_mutation_create_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { createOrganization( acronym: "ADMIN_NEW" @@ -686,11 +694,17 @@ def test_admin_org_mutation_create_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to create organizations" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to create organizations" + ) def test_admin_org_mutation_update_org_fail(self): """ @@ -700,25 +714,25 @@ def test_admin_org_mutation_update_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { updateOrganization( acronym: "ADMIN_ORG" @@ -731,11 +745,17 @@ def test_admin_org_mutation_update_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to update organizations" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to update organizations" + ) def test_admin_org_mutation_remove_org_fail(self): """ @@ -745,25 +765,25 @@ def test_admin_org_mutation_remove_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { removeOrganization( acronym: "ADMIN_ORG" @@ -771,11 +791,17 @@ def test_admin_org_mutation_remove_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to remove organizations." + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to remove organizations." + ) # User Write Test def test_user_write_org_mutation_create_org_fail(self): @@ -786,25 +812,25 @@ def test_user_write_org_mutation_create_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { createOrganization( acronym: "USER_W_NEW" @@ -817,11 +843,17 @@ def test_user_write_org_mutation_create_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to create organizations" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to create organizations" + ) def test_user_write_org_mutation_update_org_fail(self): """ @@ -831,25 +863,25 @@ def test_user_write_org_mutation_update_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { updateOrganization( acronym: "USER_W_ORG" @@ -862,11 +894,17 @@ def test_user_write_org_mutation_update_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to update organizations" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to update organizations" + ) def test_user_write_org_mutation_remove_org_fail(self): """ @@ -876,25 +914,25 @@ def test_user_write_org_mutation_remove_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { removeOrganization( acronym: "USER_W_ORG" @@ -902,11 +940,17 @@ def test_user_write_org_mutation_remove_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to remove organizations." + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to remove organizations." + ) # User Read Test def test_user_read_org_mutation_create_org_fail(self): @@ -917,25 +961,25 @@ def test_user_read_org_mutation_create_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { createOrganization( acronym: "USER_R_NEW" @@ -948,11 +992,17 @@ def test_user_read_org_mutation_create_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to create organizations" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to create organizations" + ) def test_user_read_org_mutation_update_org_fail(self): """ @@ -962,25 +1012,25 @@ def test_user_read_org_mutation_update_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { updateOrganization( acronym: "USER_R_ORG" @@ -993,11 +1043,17 @@ def test_user_read_org_mutation_update_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to update organizations" + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to update organizations" + ) def test_user_read_org_mutation_remove_org_fail(self): """ @@ -1007,25 +1063,25 @@ def test_user_read_org_mutation_remove_org_fail(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation { removeOrganization( acronym: "USER_R_ORG" @@ -1033,8 +1089,14 @@ def test_user_read_org_mutation_remove_org_fail(self): status } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to remove organizations." + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to remove organizations." + ) diff --git a/api/tests/test_organization_resolver_access_control.py b/api/tests/test_organization_resolver_access_control.py index 425fce8858..9b539ceae6 100644 --- a/api/tests/test_organization_resolver_access_control.py +++ b/api/tests/test_organization_resolver_access_control.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -13,63 +9,44 @@ from queries import schema from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') -def org_perm_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def org_perm_test_db_init(): with app.app_context(): test_user = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) org = Organizations( - id=1, - acronym='ORG1', - org_tags={ - "description": 'Organization 1' - } + id=1, acronym="ORG1", org_tags={"description": "Organization 1"} ) db_session.add(org) org = Organizations( - id=2, - acronym='ORG2', - org_tags={ - "description": 'Organization 2' - } + id=2, acronym="ORG2", org_tags={"description": "Organization 2"} ) db_session.add(org) org = Organizations( - id=3, - acronym='ORG3', - org_tags={ - "description": 'Organization 3' - } + id=3, acronym="ORG3", org_tags={"description": "Organization 3"} ) db_session.add(org) test_admin_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=2, - organization_id=1, - permission='super_admin' + user_id=2, organization_id=1, permission="super_admin" ) db_session.add(test_admin_role) db_session.commit() @@ -83,7 +60,7 @@ def org_perm_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('org_perm_test_db_init') +@pytest.mark.usefixtures("org_perm_test_db_init") class TestOrgResolverWithOrgs(TestCase): # Super Admin Tests def test_get_org_resolvers_by_org_super_admin_single_node(self): @@ -94,25 +71,25 @@ def test_get_org_resolvers_by_org_super_admin_single_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organization(org: "ORG1") { edges { @@ -122,19 +99,12 @@ def test_get_org_resolvers_by_org_super_admin_single_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { - "data": { - "organization": { - "edges": [ - { - "node": { - "acronym": "ORG1" - } - } - ] - } - } + "data": {"organization": {"edges": [{"node": {"acronym": "ORG1"}}]}} } self.assertDictEqual(result_refr, executed) @@ -146,25 +116,25 @@ def test_get_org_resolvers_super_admin_multi_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organizations { edges { @@ -174,26 +144,17 @@ def test_get_org_resolvers_super_admin_multi_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "organizations": { "edges": [ - { - "node": { - "acronym": "ORG1" - } - }, - { - "node": { - "acronym": "ORG2" - } - }, - { - "node": { - "acronym": "ORG3" - } - } + {"node": {"acronym": "ORG1"}}, + {"node": {"acronym": "ORG2"}}, + {"node": {"acronym": "ORG3"}}, ] } } @@ -210,25 +171,25 @@ def test_get_org_resolvers_by_org_user_read_single_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organization(org: "ORG1") { edges { @@ -238,19 +199,12 @@ def test_get_org_resolvers_by_org_user_read_single_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { - "data": { - "organization": { - "edges": [ - { - "node": { - "acronym": "ORG1" - } - } - ] - } - } + "data": {"organization": {"edges": [{"node": {"acronym": "ORG1"}}]}} } self.assertDictEqual(result_refr, executed) @@ -263,25 +217,25 @@ def test_get_org_resolvers_by_org_user_read_multi_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organizations { edges { @@ -291,19 +245,12 @@ def test_get_org_resolvers_by_org_user_read_multi_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { - "data": { - "organizations": { - "edges": [ - { - "node": { - "acronym": "ORG1" - } - } - ] - } - } + "data": {"organizations": {"edges": [{"node": {"acronym": "ORG1"}}]}} } self.assertDictEqual(result_refr, executed) @@ -316,25 +263,25 @@ def test_get_org_resolvers_by_org_user_read_no_access(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organization(org: "ORG2") { edges { @@ -344,29 +291,30 @@ def test_get_org_resolvers_by_org_user_read_no_access(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to view that organization" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to view that organization" + ) -@pytest.fixture(scope='class') +@pytest.fixture(scope="class") def org_no_perm_test_db_init(): - bcrypt = Bcrypt(app) with app.app_context(): test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) - test_admin_role = User_affiliations( - user_id=2, - permission='super_admin' - ) + test_admin_role = User_affiliations(user_id=2, permission="super_admin") db_session.add(test_admin_role) db_session.commit() @@ -378,9 +326,8 @@ def org_no_perm_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('org_no_perm_test_db_init') +@pytest.mark.usefixtures("org_no_perm_test_db_init") class TestOrgResolverWithoutOrgs(TestCase): - def test_get_org_resolvers_super_admin_no_orgs(self): """ Test org resolver by organization as a super admin, no orgs exist @@ -389,25 +336,25 @@ def test_get_org_resolvers_super_admin_no_orgs(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organizations { edges { @@ -417,10 +364,13 @@ def test_get_org_resolvers_super_admin_no_orgs(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, no organizations to view" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == "Error, no organizations to view" def test_get_org_resolvers_by_org_super_admin_no_orgs(self): """ @@ -430,25 +380,25 @@ def test_get_org_resolvers_by_org_super_admin_no_orgs(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organization(org: "ORG3"){ edges { @@ -458,7 +408,12 @@ def test_get_org_resolvers_by_org_super_admin_no_orgs(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, organization does not exist" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] == "Error, organization does not exist" + ) diff --git a/api/tests/test_organization_resolver_values.py b/api/tests/test_organization_resolver_values.py index d2074960b3..b228a97595 100644 --- a/api/tests/test_organization_resolver_values.py +++ b/api/tests/test_organization_resolver_values.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -13,95 +9,76 @@ from queries import schema from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') -def org_perm_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def org_perm_test_db_init(): with app.app_context(): test_user = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) org = Organizations( id=1, - acronym='ORG1', + acronym="ORG1", org_tags={ "description": "Organization 1", "zone": "Prov", "sector": "Banking", "province": "Alberta", - "city": "Calgary" - } + "city": "Calgary", + }, ) db_session.add(org) org = Organizations( id=2, - acronym='ORG2', + acronym="ORG2", org_tags={ "description": "Organization 2", "zone": "Muni", "sector": "Transportation", "province": "NS", - "city": "Halifax" - } + "city": "Halifax", + }, ) db_session.add(org) org = Organizations( id=3, - acronym='ORG3', + acronym="ORG3", org_tags={ "description": "Organization 3", "zone": "Federal", "sector": "Arts", "province": "Ontario", - "city": "Toronto" - } + "city": "Toronto", + }, ) db_session.add(org) test_admin_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=2, - organization_id=1, - permission='super_admin' + user_id=2, organization_id=1, permission="super_admin" ) db_session.add(test_admin_role) - domain = Domains( - id=1, - domain='somecooldomain.ca', - organization_id=1 - ) + domain = Domains(id=1, domain="somecooldomain.ca", organization_id=1) db_session.add(domain) - domain = Domains( - id=2, - domain='anothercooldomain.ca', - organization_id=2 - ) + domain = Domains(id=2, domain="anothercooldomain.ca", organization_id=2) db_session.add(domain) - domain = Domains( - id=3, - domain='somelamedomain.ca', - organization_id=3 - ) + domain = Domains(id=3, domain="somelamedomain.ca", organization_id=3) db_session.add(domain) db_session.commit() @@ -115,7 +92,7 @@ def org_perm_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('org_perm_test_db_init') +@pytest.mark.usefixtures("org_perm_test_db_init") class TestOrgResolverWithOrgsAndValues(TestCase): # Super Admin Tests def test_get_org_resolvers_by_org_super_admin_single_node(self): @@ -127,25 +104,25 @@ def test_get_org_resolvers_by_org_super_admin_single_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organization(org: "ORG1") { edges { @@ -177,7 +154,10 @@ def test_get_org_resolvers_by_org_super_admin_single_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "organization": { @@ -192,11 +172,7 @@ def test_get_org_resolvers_by_org_super_admin_single_node(self): "city": "Calgary", "domains": { "edges": [ - { - "node": { - "url": "somecooldomain.ca" - } - } + {"node": {"url": "somecooldomain.ca"}} ] }, "affiliatedUsers": { @@ -206,7 +182,7 @@ def test_get_org_resolvers_by_org_super_admin_single_node(self): "user": { "displayName": "testuserread" }, - "permission": "USER_READ" + "permission": "USER_READ", } }, { @@ -214,11 +190,11 @@ def test_get_org_resolvers_by_org_super_admin_single_node(self): "user": { "displayName": "testsuperadmin" }, - "permission": "SUPER_ADMIN" + "permission": "SUPER_ADMIN", } - } + }, ] - } + }, } } ] @@ -236,25 +212,25 @@ def test_get_org_resolvers_super_admin_multi_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organizations { edges { @@ -286,98 +262,85 @@ def test_get_org_resolvers_super_admin_multi_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { - "data": { - "organizations": { - "edges": [ - { - "node": { - "acronym": "ORG1", - "description": "Organization 1", - "zone": "Prov", - "sector": "Banking", - "province": "Alberta", - "city": "Calgary", - "domains": { - "edges": [ - { - "node": { - "url": "somecooldomain.ca" - } - } - ] - }, - "affiliatedUsers": { - "edges": [ - { - "node": { - "user": { - "displayName": "testuserread" - }, - "permission": "USER_READ" - } - }, - { - "node": { - "user": { - "displayName": "testsuperadmin" - }, - "permission": "SUPER_ADMIN" - } - } - ] - } - } - }, - { - "node": { - "acronym": "ORG2", - "description": "Organization 2", - "zone": "Muni", - "sector": "Transportation", - "province": "NS", - "city": "Halifax", - "domains": { - "edges": [ - { - "node": { - "url": "anothercooldomain.ca" - } + "data": { + "organizations": { + "edges": [ + { + "node": { + "acronym": "ORG1", + "description": "Organization 1", + "zone": "Prov", + "sector": "Banking", + "province": "Alberta", + "city": "Calgary", + "domains": { + "edges": [ + {"node": {"url": "somecooldomain.ca"}} + ] + }, + "affiliatedUsers": { + "edges": [ + { + "node": { + "user": { + "displayName": "testuserread" + }, + "permission": "USER_READ", } - ] - }, - "affiliatedUsers": { - "edges": [] - } - } - }, - { - "node": { - "acronym": "ORG3", - "description": "Organization 3", - "zone": "Federal", - "sector": "Arts", - "province": "Ontario", - "city": "Toronto", - "domains": { - "edges": [ - { - "node": { - "url": "somelamedomain.ca" - } + }, + { + "node": { + "user": { + "displayName": "testsuperadmin" + }, + "permission": "SUPER_ADMIN", } - ] - }, - "affiliatedUsers": { - "edges": [] - } - } + }, + ] + }, } - ] - } + }, + { + "node": { + "acronym": "ORG2", + "description": "Organization 2", + "zone": "Muni", + "sector": "Transportation", + "province": "NS", + "city": "Halifax", + "domains": { + "edges": [ + {"node": {"url": "anothercooldomain.ca"}} + ] + }, + "affiliatedUsers": {"edges": []}, + } + }, + { + "node": { + "acronym": "ORG3", + "description": "Organization 3", + "zone": "Federal", + "sector": "Arts", + "province": "Ontario", + "city": "Toronto", + "domains": { + "edges": [ + {"node": {"url": "somelamedomain.ca"}} + ] + }, + "affiliatedUsers": {"edges": []}, + } + }, + ] } } + } self.assertDictEqual(result_refr, executed) # User read tests @@ -390,25 +353,25 @@ def test_get_org_resolvers_by_org_user_read_single_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organization(org: "ORG1") { edges { @@ -440,7 +403,10 @@ def test_get_org_resolvers_by_org_user_read_single_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "organization": { @@ -455,16 +421,10 @@ def test_get_org_resolvers_by_org_user_read_single_node(self): "city": "Calgary", "domains": { "edges": [ - { - "node": { - "url": "somecooldomain.ca" - } - } + {"node": {"url": "somecooldomain.ca"}} ] }, - "affiliatedUsers": { - "edges": [] - } + "affiliatedUsers": {"edges": []}, } } ] @@ -482,25 +442,25 @@ def test_get_org_resolvers_by_org_user_read_multi_node(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { organizations { edges { @@ -532,7 +492,10 @@ def test_get_org_resolvers_by_org_user_read_multi_node(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "organizations": { @@ -547,16 +510,10 @@ def test_get_org_resolvers_by_org_user_read_multi_node(self): "city": "Calgary", "domains": { "edges": [ - { - "node": { - "url": "somecooldomain.ca" - } - } + {"node": {"url": "somecooldomain.ca"}} ] }, - "affiliatedUsers": { - "edges": [] - } + "affiliatedUsers": {"edges": []}, } } ] @@ -564,5 +521,3 @@ def test_get_org_resolvers_by_org_user_read_multi_node(self): } } self.assertDictEqual(result_refr, executed) - - diff --git a/api/tests/test_user_access_control.py b/api/tests/test_user_access_control.py index cb1ab9fa6c..634b02031d 100644 --- a/api/tests/test_user_access_control.py +++ b/api/tests/test_user_access_control.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -13,96 +9,71 @@ from queries import schema from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') -def user_resolver_ac_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def user_resolver_ac_test_db_init(): with app.app_context(): test_read = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_read) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) test_admin = Users( id=3, display_name="testadmin", user_name="testadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_admin = Users( id=4, display_name="testadmin2", user_name="testadmin2@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_write = Users( id=5, display_name="testuserwrite", user_name="testuserwrite@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_write) - org = Organizations( - id=1, - acronym='ORG1' - ) + org = Organizations(id=1, acronym="ORG1") db_session.add(org) - org = Organizations( - id=2, - acronym='ORG2' - ) + org = Organizations(id=2, acronym="ORG2") db_session.add(org) - org = Organizations( - id=3, - acronym='ORG3' - ) + org = Organizations(id=3, acronym="ORG3") db_session.add(org) test_user_read_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_user_read_role) test_super_admin_role = User_affiliations( - user_id=2, - organization_id=2, - permission='super_admin' + user_id=2, organization_id=2, permission="super_admin" ) db_session.add(test_super_admin_role) test_admin_role = User_affiliations( - user_id=3, - organization_id=1, - permission='admin' + user_id=3, organization_id=1, permission="admin" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=4, - organization_id=2, - permission='admin' + user_id=4, organization_id=2, permission="admin" ) db_session.add(test_admin_role) test_user_write_role = User_affiliations( - user_id=5, - organization_id=1, - permission='user_write' + user_id=5, organization_id=1, permission="user_write" ) db_session.add(test_user_write_role) db_session.commit() @@ -116,7 +87,7 @@ def user_resolver_ac_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('user_resolver_ac_test_db_init') +@pytest.mark.usefixtures("user_resolver_ac_test_db_init") class TestUserResolverAccessControl(TestCase): # Super Admin Tests def test_get_user_as_super_admin(self): @@ -128,40 +99,35 @@ def test_get_user_as_super_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { user(userName: "testuserread@testemail.ca") { displayName } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "user": [ - { - "displayName": "testuserread" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"user": [{"displayName": "testuserread"}]}} self.assertDictEqual(result_refr, executed) # Admin Same Org @@ -174,40 +140,35 @@ def test_get_user_from_same_org(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { user(userName: "testuserread@testemail.ca") { displayName } } - ''', context_value=request_headers, backend=backend) - result_refr = { - "data": { - "user": [ - { - "displayName": "testuserread" - } - ] - } - } + """, + context_value=request_headers, + backend=backend, + ) + result_refr = {"data": {"user": [{"displayName": "testuserread"}]}} self.assertDictEqual(result_refr, executed) # Admin different org @@ -220,36 +181,41 @@ def test_get_user_admin_from_different_org(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin2@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { user(userName: "testuserread@testemail.ca") { displayName } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, user does not " \ - "belong to any of your" \ - " organizations" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] == "Error, user does not " + "belong to any of your" + " organizations" + ) # User write tests def test_get_user_user_write(self): @@ -261,34 +227,40 @@ def test_get_user_user_write(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { user(userName: "testuserread@testemail.ca") { displayName } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to view this users information" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to view this users information" + ) # User read tests def test_get_user_user_read(self): @@ -300,31 +272,37 @@ def test_get_user_user_read(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { user(userName: "testuserread@testemail.ca") { displayName } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have permission to view this users information" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have permission to view this users information" + ) diff --git a/api/tests/test_user_mutations.py b/api/tests/test_user_mutations.py index ab35560b50..4d72fe5b3e 100644 --- a/api/tests/test_user_mutations.py +++ b/api/tests/test_user_mutations.py @@ -1,9 +1,5 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pyotp import pytest -from flask_bcrypt import Bcrypt from graphene.test import Client from app import app from db import db_session @@ -12,23 +8,20 @@ from backend.security_check import SecurityAnalysisBackend from functions.error_messages import * -@pytest.fixture(scope='class') -def user_schema_test_db_init(): - bcrypt = Bcrypt(app) +@pytest.fixture(scope="class") +def user_schema_test_db_init(): with app.app_context(): test_user = Users( display_name="testuser", user_name="testuser@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_admin = Users( display_name="testadmin", user_name="testadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) db_session.commit() @@ -42,7 +35,7 @@ def user_schema_test_db_init(): ## # This class of tests works within the 'createUser' api endpoint -@pytest.mark.usefixtures('user_schema_test_db_init') +@pytest.mark.usefixtures("user_schema_test_db_init") class TestCreateUser: def test_successful_creation(self): """Test that ensures a user can be created successfully using the api endpoint""" @@ -50,7 +43,7 @@ def test_successful_creation(self): backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation{ createUser(displayName:"user-test", userName:"different-email@testemail.ca", password:"testpassword123", confirmPassword:"testpassword123"){ @@ -60,12 +53,17 @@ def test_successful_creation(self): } } } - ''', backend=backend) - assert executed['data'] - assert executed['data']['createUser'] - assert executed['data']['createUser']['user'] - assert executed['data']['createUser']['user']['userName'] == "different-email@testemail.ca" - assert executed['data']['createUser']['user']['displayName'] == "user-test" + """, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["createUser"] + assert executed["data"]["createUser"]["user"] + assert ( + executed["data"]["createUser"]["user"]["userName"] + == "different-email@testemail.ca" + ) + assert executed["data"]["createUser"]["user"]["displayName"] == "user-test" def test_email_address_in_use(self): """Test that ensures each user has a unique email address""" @@ -73,7 +71,7 @@ def test_email_address_in_use(self): backend = SecurityAnalysisBackend() client = Client(schema) executed_first = client.execute( - ''' + """ mutation{ createUser(displayName:"testuser", userName:"testuser@testemail.ca", password:"testpassword123", confirmPassword:"testpassword123"){ @@ -82,9 +80,11 @@ def test_email_address_in_use(self): } } } - ''', backend=backend) + """, + backend=backend, + ) executed = client.execute( - ''' + """ mutation{ createUser(displayName:"testuser", userName:"testuser@testemail.ca", password:"testpassword123", confirmPassword:"testpassword123"){ @@ -93,18 +93,20 @@ def test_email_address_in_use(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == error_email_in_use() + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == error_email_in_use() def test_password_too_short(self): """Test that ensure that a user's password meets the valid length requirements""" backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation{ createUser(displayName:"testuser", userName:"test@test-email.ca", password:"test", confirmPassword:"test"){ user{ @@ -112,18 +114,23 @@ def test_password_too_short(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == error_password_does_not_meet_requirements() + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == error_password_does_not_meet_requirements() + ) def test_passwords_do_not_match(self): """Test to ensure that user password matches their password confirmation""" backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation{ createUser(displayName:"testuser", userName:"test@test-email.ca", password:"A-Val1d-Pa$$word", confirmPassword:"also-A-Val1d-Pa$$word"){ @@ -132,16 +139,18 @@ def test_passwords_do_not_match(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == error_passwords_do_not_match() + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == error_passwords_do_not_match() ## # This class of tests works within the 'updatePassword' api endpoint -@pytest.mark.usefixtures('user_schema_test_db_init') +@pytest.mark.usefixtures("user_schema_test_db_init") class TestUpdatePassword: def test_update_password_success(self): """Test to ensure that a user is returned when their password is updated successfully""" @@ -149,7 +158,7 @@ def test_update_password_success(self): backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation { updatePassword(userName: "testuser@testemail.ca", password: "another-super-long-password", confirmPassword: "another-super-long-password") { @@ -159,20 +168,27 @@ def test_update_password_success(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['data'] - assert executed['data']['updatePassword'] - assert executed['data']['updatePassword']['user'] - assert executed['data']['updatePassword']['user']['userName'] == "testuser@testemail.ca" - assert executed['data']['updatePassword']['user']['displayName'] == "testuser" + assert executed["data"] + assert executed["data"]["updatePassword"] + assert executed["data"]["updatePassword"]["user"] + assert ( + executed["data"]["updatePassword"]["user"]["userName"] + == "testuser@testemail.ca" + ) + assert ( + executed["data"]["updatePassword"]["user"]["displayName"] == "testuser" + ) def test_updated_passwords_do_not_match(self): """Test to ensure that user's new password matches their password confirmation""" backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation { updatePassword(userName: "test@test-email.ca", password: "a-super-long-password", confirmPassword: "another-super-long-password") { @@ -181,18 +197,20 @@ def test_updated_passwords_do_not_match(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == error_passwords_do_not_match() + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == error_passwords_do_not_match() def test_updated_password_too_short(self): """Test that ensure that a user's password meets the valid length requirements""" backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation { updatePassword(userName: "test@test-email.ca", password: "password", confirmPassword: "password") { user { @@ -200,18 +218,23 @@ def test_updated_password_too_short(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == error_password_does_not_meet_requirements() + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == error_password_does_not_meet_requirements() + ) def test_updated_password_no_user_email(self): """Test that ensures an empty string submitted as email will not be accepted""" backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation { updatePassword(userName: "", password: "valid-password", confirmPassword: "valid-password") { user { @@ -219,39 +242,52 @@ def test_updated_password_no_user_email(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == scalar_error_type("email address", "") + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == scalar_error_type( + "email address", "" + ) ## # This class of tests works within the 'authenticateTwoFactor' api endpoint -@pytest.mark.usefixtures('user_schema_test_db_init') +@pytest.mark.usefixtures("user_schema_test_db_init") class TestValidateTwoFactor: def test_successful_validation(self): """Test that ensures a validation is successful when all params are proper""" with app.app_context(): backend = SecurityAnalysisBackend() - totp = pyotp.TOTP('base32secret3232') - otp_code = totp.now() # Generates a code that is valid for 30s. Plenty of time to execute the query + totp = pyotp.TOTP("base32secret3232") + otp_code = ( + totp.now() + ) # Generates a code that is valid for 30s. Plenty of time to execute the query client = Client(schema) executed = client.execute( ''' mutation { - authenticateTwoFactor(userName: "testuser@testemail.ca", otpCode: "''' + otp_code + '''") { + authenticateTwoFactor(userName: "testuser@testemail.ca", otpCode: "''' + + otp_code + + """") { user { userName } } } - ''', backend=backend) - assert executed['data'] - assert executed['data']['authenticateTwoFactor'] - assert executed['data']['authenticateTwoFactor']['user'] - assert executed['data']['authenticateTwoFactor']['user']['userName'] == "testuser@testemail.ca" + """, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["authenticateTwoFactor"] + assert executed["data"]["authenticateTwoFactor"]["user"] + assert ( + executed["data"]["authenticateTwoFactor"]["user"]["userName"] + == "testuser@testemail.ca" + ) def test_user_does_not_exist(self): """Test that an error is raised if the user specified does not exist""" @@ -259,7 +295,7 @@ def test_user_does_not_exist(self): backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation { authenticateTwoFactor(userName: "anotheruser@testemail.ca", otpCode: "000000") { user { @@ -267,19 +303,21 @@ def test_user_does_not_exist(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == error_user_does_not_exist() + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == error_user_does_not_exist() def test_invalid_otp_code(self): """Test that an error is raised if the user specified does not exist""" with app.app_context(): - backend=SecurityAnalysisBackend() + backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation { authenticateTwoFactor(userName: "testuser@testemail.ca", otpCode: "000000") { user { @@ -287,8 +325,10 @@ def test_invalid_otp_code(self): } } } - ''', backend=backend) + """, + backend=backend, + ) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == error_otp_code_is_invalid() + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == error_otp_code_is_invalid() diff --git a/api/tests/test_user_roles.py b/api/tests/test_user_roles.py index 8e2946fc73..2d967d2415 100644 --- a/api/tests/test_user_roles.py +++ b/api/tests/test_user_roles.py @@ -1,8 +1,4 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath from graphene.test import Client -from flask_bcrypt import Bcrypt from flask import Request from werkzeug.test import create_environ import pytest @@ -15,45 +11,33 @@ from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') +@pytest.fixture(scope="class") def user_role_test_db_init(): - bcrypt = Bcrypt(app) - with app.app_context(): test_user = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_user) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) org = Organizations( - id=1, - acronym='ORG1', - org_tags={ - "description": 'Organization 1' - } + id=1, acronym="ORG1", org_tags={"description": "Organization 1"} ) db_session.add(org) test_admin_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=2, - organization_id=1, - permission='super_admin' + user_id=2, organization_id=1, permission="super_admin" ) db_session.add(test_admin_role) db_session.commit() @@ -67,236 +51,257 @@ def user_role_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('user_role_test_db_init') +@pytest.mark.usefixtures("user_role_test_db_init") class TestUserUpdateWriteRole(TestCase): def test_user_claim_update_to_user_write(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateUserRole(org: "ORG1", role: USER_WRITE, userName:"testuserread@testemail.ca"){ status } } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['updateUserRole'] - assert executed['data']['updateUserRole']['status'] == 'Update Successful' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["updateUserRole"] + assert executed["data"]["updateUserRole"]["status"] == "Update Successful" client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { testUserClaims(org: "ORG1", role: USER_WRITE) } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['testUserClaims'] - assert executed['data']['testUserClaims'] == 'User Passed User Write Claim' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["testUserClaims"] + assert executed["data"]["testUserClaims"] == "User Passed User Write Claim" -@pytest.mark.usefixtures('user_role_test_db_init') +@pytest.mark.usefixtures("user_role_test_db_init") class TestUserUpdateAdminRole(TestCase): def test_user_claim_update_to_admin(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateUserRole(org: "ORG1", role: ADMIN, userName:"testuserread@testemail.ca"){ status } } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['updateUserRole'] - assert executed['data']['updateUserRole']['status'] == 'Update Successful' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["updateUserRole"] + assert executed["data"]["updateUserRole"]["status"] == "Update Successful" client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { testUserClaims(org: "ORG1", role: ADMIN) } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['testUserClaims'] - assert executed['data']['testUserClaims'] == 'User Passed Admin Claim' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["testUserClaims"] + assert executed["data"]["testUserClaims"] == "User Passed Admin Claim" -@pytest.mark.usefixtures('user_role_test_db_init') +@pytest.mark.usefixtures("user_role_test_db_init") class TestUserUpdateSuperAdminRole(TestCase): def test_user_claim_update_to_super_admin(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateUserRole(org: "ORG1", role: SUPER_ADMIN, userName:"testuserread@testemail.ca"){ status } } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['updateUserRole'] - assert executed['data']['updateUserRole']['status'] == 'Update Successful' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["updateUserRole"] + assert executed["data"]["updateUserRole"]["status"] == "Update Successful" client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { testUserClaims(org: "ORG1", role: SUPER_ADMIN) } - ''', context_value=request_headers, backend=backend) - assert executed['data'] - assert executed['data']['testUserClaims'] - assert executed['data']['testUserClaims'] == 'User Passed Super Admin Claim' + """, + context_value=request_headers, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["testUserClaims"] + assert executed["data"]["testUserClaims"] == "User Passed Super Admin Claim" -@pytest.mark.usefixtures('user_role_test_db_init') +@pytest.mark.usefixtures("user_role_test_db_init") class TestUserUpdateAdminRoleInvalid(TestCase): def test_user_claim_update_to_user_write(self): with app.app_context(): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ mutation{ updateUserRole(org: "ORG1", role: ADMIN, userName:"testsuperadmin@testemail.ca"){ status } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == error_not_an_admin() + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == error_not_an_admin() diff --git a/api/tests/test_user_sign_in.py b/api/tests/test_user_sign_in.py index 9eac7be081..a1172b2c80 100644 --- a/api/tests/test_user_sign_in.py +++ b/api/tests/test_user_sign_in.py @@ -1,52 +1,45 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import datetime import pyotp import pytest -from flask_bcrypt import Bcrypt from graphene.test import Client from db import db_session from app import app from queries import schema from models import Users from backend.security_check import SecurityAnalysisBackend -from functions.error_messages import( +from functions.error_messages import ( error_invalid_credentials, error_too_many_failed_login_attempts, - error_user_does_not_exist + error_user_does_not_exist, ) -@pytest.fixture(scope='class') +@pytest.fixture(scope="class") def user_schema_test_db_init(): - bcrypt = Bcrypt(app) - with app.app_context(): test_user = Users( display_name="testuser", user_name="testuser@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), - failed_login_attempt_time=datetime.datetime.now().timestamp() + 1920, # This mocks that the user is accessing the service 32 mins after their last failed login attempt + password="testpassword123", + failed_login_attempt_time=datetime.datetime.now().timestamp() + + 1920, # This mocks that the user is accessing the service 32 mins after their last failed login attempt ) db_session.add(test_user) test_already_failed_user = Users( display_name="test_failed_user", user_name="test_already_failed_user@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", failed_login_attempts=3, - failed_login_attempt_time=datetime.datetime.now().timestamp() + 1920, # This mocks that the user is accessing the service 32 mins after their last failed login attempt + failed_login_attempt_time=datetime.datetime.now().timestamp() + + 1920, # This mocks that the user is accessing the service 32 mins after their last failed login attempt ) db_session.add(test_already_failed_user) test_too_many_failed_user = Users( display_name="test_too_many_fails_user", user_name="test_too_many_failed_user@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", failed_login_attempts=30, failed_login_attempt_time=0, ) @@ -63,7 +56,7 @@ def user_schema_test_db_init(): ## # This class of tests works within the 'signIn' api endpoint -@pytest.mark.usefixtures('user_schema_test_db_init') +@pytest.mark.usefixtures("user_schema_test_db_init") class TestSignInUser: def test_successful_sign_in(self): """ @@ -73,7 +66,7 @@ def test_successful_sign_in(self): backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation{ signIn(userName:"testuser@testemail.ca", password:"testpassword123"){ @@ -82,12 +75,16 @@ def test_successful_sign_in(self): } } } - ''', backend=backend) - assert executed['data'] - assert executed['data']['signIn'] - assert executed['data']['signIn']['user'] - assert executed['data']['signIn']['user']['userName'] \ - == "testuser@testemail.ca" + """, + backend=backend, + ) + assert executed["data"] + assert executed["data"]["signIn"] + assert executed["data"]["signIn"]["user"] + assert ( + executed["data"]["signIn"]["user"]["userName"] + == "testuser@testemail.ca" + ) def test_invalid_credentials(self): """ @@ -97,7 +94,7 @@ def test_invalid_credentials(self): with app.app_context(): client = Client(schema) executed = client.execute( - ''' + """ mutation{ signIn(userName:"testuser@testemail.ca", password:"testpassword1234"){ @@ -106,15 +103,16 @@ def test_invalid_credentials(self): } } } - ''') - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] - assert executed['errors'][0]['message'] \ - == error_invalid_credentials() + """ + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] + assert executed["errors"][0]["message"] == error_invalid_credentials() - failed_user = Users.query\ - .filter(Users.user_name == "testuser@testemail.ca").first() + failed_user = Users.query.filter( + Users.user_name == "testuser@testemail.ca" + ).first() assert failed_user is not None assert failed_user.failed_login_attempts == 1 @@ -128,7 +126,7 @@ def test_successful_login_sets_failed_attempts_to_zero(self): with app.app_context(): client = Client(schema) executed = client.execute( - ''' + """ mutation{ signIn(userName:"test_already_failed_user@testemail.ca", password:"testpassword123"){ @@ -137,19 +135,23 @@ def test_successful_login_sets_failed_attempts_to_zero(self): } } } - ''') + """ + ) - user = Users.query\ - .filter(Users.user_name == - "test_already_failed_user@testemail.ca").first() + user = Users.query.filter( + Users.user_name == "test_already_failed_user@testemail.ca" + ).first() assert user is not None assert user.failed_login_attempts == 0 assert user.failed_login_attempt_time == 0 - assert executed['data'] - assert executed['data']['signIn'] - assert executed['data']['signIn']['user']['userName'] == "test_already_failed_user@testemail.ca" + assert executed["data"] + assert executed["data"]["signIn"] + assert ( + executed["data"]["signIn"]["user"]["userName"] + == "test_already_failed_user@testemail.ca" + ) def test_too_many_failed_attempts(self): """Test that ensures a user can be signed in""" @@ -157,7 +159,7 @@ def test_too_many_failed_attempts(self): backend = SecurityAnalysisBackend() client = Client(schema) executed = client.execute( - ''' + """ mutation{ signIn(userName:"test_too_many_failed_user@testemail.ca", password:"testpassword123"){ @@ -166,19 +168,23 @@ def test_too_many_failed_attempts(self): } } } - ''', backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] - assert executed['errors'][0]['message'] \ - == error_too_many_failed_login_attempts() + """, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] + assert ( + executed["errors"][0]["message"] + == error_too_many_failed_login_attempts() + ) def test_no_such_user(self): """Test that ensures error message is sent if user does not exist""" with app.app_context(): client = Client(schema) executed = client.execute( - ''' + """ mutation{ signIn(userName:"nouser@testemail.ca", password:"testpassword123"){ @@ -187,8 +193,9 @@ def test_no_such_user(self): } } } - ''') - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] - assert executed['errors'][0]['message'] == error_user_does_not_exist() + """ + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] + assert executed["errors"][0]["message"] == error_user_does_not_exist() diff --git a/api/tests/test_user_values.py b/api/tests/test_user_values.py index af7e42dc1a..e58a29a645 100644 --- a/api/tests/test_user_values.py +++ b/api/tests/test_user_values.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -13,56 +9,41 @@ from queries import schema from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') + +@pytest.fixture(scope="class") def user_resolver_test_db_init(): - bcrypt = Bcrypt(app) with app.app_context(): test_user = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", preferred_lang="English", - tfa_validated=False + tfa_validated=False, ) db_session.add(test_user) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) - org = Organizations( - id=1, - acronym='ORG1' - ) + org = Organizations(id=1, acronym="ORG1") db_session.add(org) - org = Organizations( - id=2, - acronym='ORG2' - ) + org = Organizations(id=2, acronym="ORG2") db_session.add(org) - org = Organizations( - id=3, - acronym='ORG3' - ) + org = Organizations(id=3, acronym="ORG3") db_session.add(org) test_admin_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=2, - organization_id=1, - permission='super_admin' + user_id=2, organization_id=1, permission="super_admin" ) db_session.add(test_admin_role) @@ -77,7 +58,7 @@ def user_resolver_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('user_resolver_test_db_init') +@pytest.mark.usefixtures("user_resolver_test_db_init") class TestUserResolverValues(TestCase): # Super Admin Tests def test_get_another_users_information(self): @@ -88,25 +69,25 @@ def test_get_another_users_information(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { user(userName: "testuserread@testemail.ca") { userName @@ -122,7 +103,10 @@ def test_get_another_users_information(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "user": [ @@ -131,15 +115,7 @@ def test_get_another_users_information(self): "displayName": "testuserread", "lang": "English", "tfa": False, - "affiliations": { - "edges": [ - { - "node": { - "userId": 1 - } - } - ] - } + "affiliations": {"edges": [{"node": {"userId": 1}}]}, } ] } @@ -154,25 +130,25 @@ def test_get_another_users_information_user_does_not_exist(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { user(userName: "IdontThinkSo@testemail.ca") { userName @@ -188,11 +164,13 @@ def test_get_another_users_information_user_does_not_exist(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, user cannot be " \ - "found" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert executed["errors"][0]["message"] == "Error, user cannot be " "found" # User read tests def test_get_own_user_information(self): @@ -203,25 +181,25 @@ def test_get_own_user_information(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { user { userName @@ -237,7 +215,10 @@ def test_get_own_user_information(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "user": [ @@ -246,15 +227,7 @@ def test_get_own_user_information(self): "displayName": "testuserread", "lang": "English", "tfa": False, - "affiliations": { - "edges": [ - { - "node": { - "userId": 1 - } - } - ] - } + "affiliations": {"edges": [{"node": {"userId": 1}}]}, } ] } diff --git a/api/tests/test_users_access_control.py b/api/tests/test_users_access_control.py index 77b3583020..2b899c5711 100644 --- a/api/tests/test_users_access_control.py +++ b/api/tests/test_users_access_control.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -14,96 +10,70 @@ from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') +@pytest.fixture(scope="class") def users_resolver_test_db_init(): - bcrypt = Bcrypt(app) - with app.app_context(): test_read = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_read) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) test_admin = Users( id=3, display_name="testadmin", user_name="testadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_admin = Users( id=4, display_name="testadmin2", user_name="testadmin2@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_write = Users( id=5, display_name="testuserwrite", user_name="testuserwrite@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_write) - org = Organizations( - id=1, - acronym='ORG1' - ) + org = Organizations(id=1, acronym="ORG1") db_session.add(org) - org = Organizations( - id=2, - acronym='ORG2' - ) + org = Organizations(id=2, acronym="ORG2") db_session.add(org) - org = Organizations( - id=3, - acronym='ORG3' - ) + org = Organizations(id=3, acronym="ORG3") db_session.add(org) test_user_read_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_user_read_role) test_super_admin_role = User_affiliations( - user_id=2, - organization_id=2, - permission='super_admin' + user_id=2, organization_id=2, permission="super_admin" ) db_session.add(test_super_admin_role) test_admin_role = User_affiliations( - user_id=3, - organization_id=1, - permission='admin' + user_id=3, organization_id=1, permission="admin" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=4, - organization_id=2, - permission='admin' + user_id=4, organization_id=2, permission="admin" ) db_session.add(test_admin_role) test_user_write_role = User_affiliations( - user_id=5, - organization_id=1, - permission='user_write' + user_id=5, organization_id=1, permission="user_write" ) db_session.add(test_user_write_role) db_session.commit() @@ -117,7 +87,7 @@ def users_resolver_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('users_resolver_test_db_init') +@pytest.mark.usefixtures("users_resolver_test_db_init") class TestUsersResolverAccessControl(TestCase): # Super Admin Tests def test_get_users_as_super_admin(self): @@ -129,25 +99,25 @@ def test_get_users_as_super_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { users(org: "ORG1") { edges { @@ -157,26 +127,17 @@ def test_get_users_as_super_admin(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "users": { "edges": [ - { - "node": { - "displayName": "testuserread" - } - }, - { - "node": { - "displayName": "testadmin" - } - }, - { - "node": { - "displayName": "testuserwrite" - } - } + {"node": {"displayName": "testuserread"}}, + {"node": {"displayName": "testadmin"}}, + {"node": {"displayName": "testuserwrite"}}, ] } } @@ -193,25 +154,25 @@ def test_get_users_from_same_org(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { users(org: "ORG1") { edges { @@ -221,26 +182,17 @@ def test_get_users_from_same_org(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "users": { "edges": [ - { - "node": { - "displayName": "testuserread" - } - }, - { - "node": { - "displayName": "testadmin" - } - }, - { - "node": { - "displayName": "testuserwrite" - } - } + {"node": {"displayName": "testuserread"}}, + {"node": {"displayName": "testadmin"}}, + {"node": {"displayName": "testuserwrite"}}, ] } } @@ -257,25 +209,25 @@ def test_get_users_admin_from_different_org(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin2@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { users(org: "ORG1") { edges { @@ -285,10 +237,16 @@ def test_get_users_admin_from_different_org(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have access to view this organization" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have access to view this organization" + ) # User write tests def test_get_users_user_write(self): @@ -299,25 +257,25 @@ def test_get_users_user_write(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserwrite@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { users(org: "ORG1") { edges { @@ -327,10 +285,16 @@ def test_get_users_user_write(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have access to view this organization" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have access to view this organization" + ) # User read tests def test_get_users_user_read(self): @@ -341,25 +305,25 @@ def test_get_users_user_read(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testuserread@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { users(org: "ORG1") { edges { @@ -369,7 +333,13 @@ def test_get_users_user_read(self): } } } - ''', context_value=request_headers, backend=backend) - assert executed['errors'] - assert executed['errors'][0] - assert executed['errors'][0]['message'] == "Error, you do not have access to view this organization" + """, + context_value=request_headers, + backend=backend, + ) + assert executed["errors"] + assert executed["errors"][0] + assert ( + executed["errors"][0]["message"] + == "Error, you do not have access to view this organization" + ) diff --git a/api/tests/test_users_values.py b/api/tests/test_users_values.py index cc6ac2a261..39d7096f02 100644 --- a/api/tests/test_users_values.py +++ b/api/tests/test_users_values.py @@ -1,10 +1,6 @@ -import sys -import os -from os.path import dirname, join, expanduser, normpath, realpath import pytest from flask import Request from graphene.test import Client -from flask_bcrypt import Bcrypt from unittest import TestCase from werkzeug.test import create_environ from app import app @@ -13,96 +9,72 @@ from queries import schema from backend.security_check import SecurityAnalysisBackend -@pytest.fixture(scope='class') + +@pytest.fixture(scope="class") def users_resolver_test_db_init(): - bcrypt = Bcrypt(app) with app.app_context(): test_read = Users( id=1, display_name="testuserread", user_name="testuserread@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8"), + password="testpassword123", ) db_session.add(test_read) test_super_admin = Users( id=2, display_name="testsuperadmin", user_name="testsuperadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_super_admin) test_admin = Users( id=3, display_name="testadmin", user_name="testadmin@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_admin = Users( id=4, display_name="testadmin2", user_name="testadmin2@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_admin) test_write = Users( id=5, display_name="testuserwrite", user_name="testuserwrite@testemail.ca", - user_password=bcrypt.generate_password_hash( - password="testpassword123").decode("UTF-8") + password="testpassword123", ) db_session.add(test_write) - org = Organizations( - id=1, - acronym='ORG1' - ) + org = Organizations(id=1, acronym="ORG1") db_session.add(org) - org = Organizations( - id=2, - acronym='ORG2' - ) + org = Organizations(id=2, acronym="ORG2") db_session.add(org) - org = Organizations( - id=3, - acronym='ORG3' - ) + org = Organizations(id=3, acronym="ORG3") db_session.add(org) test_user_read_role = User_affiliations( - user_id=1, - organization_id=1, - permission='user_read' + user_id=1, organization_id=1, permission="user_read" ) db_session.add(test_user_read_role) test_super_admin_role = User_affiliations( - user_id=2, - organization_id=2, - permission='super_admin' + user_id=2, organization_id=2, permission="super_admin" ) db_session.add(test_super_admin_role) test_admin_role = User_affiliations( - user_id=3, - organization_id=1, - permission='admin' + user_id=3, organization_id=1, permission="admin" ) db_session.add(test_admin_role) test_admin_role = User_affiliations( - user_id=4, - organization_id=2, - permission='admin' + user_id=4, organization_id=2, permission="admin" ) db_session.add(test_admin_role) test_user_write_role = User_affiliations( - user_id=5, - organization_id=1, - permission='user_write' + user_id=5, organization_id=1, permission="user_write" ) db_session.add(test_user_write_role) db_session.commit() @@ -116,7 +88,7 @@ def users_resolver_test_db_init(): db_session.commit() -@pytest.mark.usefixtures('users_resolver_test_db_init') +@pytest.mark.usefixtures("users_resolver_test_db_init") class TestUsersResolverValues(TestCase): # Super Admin Tests def test_get_users_as_super_admin(self): @@ -127,25 +99,25 @@ def test_get_users_as_super_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testsuperadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { users(org: "ORG1") { edges { @@ -157,7 +129,10 @@ def test_get_users_as_super_admin(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "users": { @@ -166,23 +141,23 @@ def test_get_users_as_super_admin(self): "node": { "userName": "testuserread@testemail.ca", "displayName": "testuserread", - "permission": "USER_READ" + "permission": "USER_READ", } }, { "node": { "userName": "testadmin@testemail.ca", "displayName": "testadmin", - "permission": "ADMIN" + "permission": "ADMIN", } }, { "node": { "userName": "testuserwrite@testemail.ca", "displayName": "testuserwrite", - "permission": "USER_WRITE" + "permission": "USER_WRITE", } - } + }, ] } } @@ -198,25 +173,25 @@ def test_get_users_as_admin(self): backend = SecurityAnalysisBackend() client = Client(schema) get_token = client.execute( - ''' + """ mutation{ signIn(userName:"testadmin@testemail.ca", password:"testpassword123"){ authToken } } - ''', backend=backend) - assert get_token['data']['signIn']['authToken'] is not None - token = get_token['data']['signIn']['authToken'] + """, + backend=backend, + ) + assert get_token["data"]["signIn"]["authToken"] is not None + token = get_token["data"]["signIn"]["authToken"] assert token is not None environ = create_environ() - environ.update( - HTTP_AUTHORIZATION=token - ) + environ.update(HTTP_AUTHORIZATION=token) request_headers = Request(environ) executed = client.execute( - ''' + """ { users(org: "ORG1") { edges { @@ -228,7 +203,10 @@ def test_get_users_as_admin(self): } } } - ''', context_value=request_headers, backend=backend) + """, + context_value=request_headers, + backend=backend, + ) result_refr = { "data": { "users": { @@ -237,23 +215,23 @@ def test_get_users_as_admin(self): "node": { "userName": "testuserread@testemail.ca", "displayName": "testuserread", - "permission": "USER_READ" + "permission": "USER_READ", } }, { "node": { "userName": "testadmin@testemail.ca", "displayName": "testadmin", - "permission": "ADMIN" + "permission": "ADMIN", } }, { "node": { "userName": "testuserwrite@testemail.ca", "displayName": "testuserwrite", - "permission": "USER_WRITE" + "permission": "USER_WRITE", } - } + }, ] } }