]>
git.proxmox.com Git - ceph.git/blob - ceph/qa/tasks/mgr/dashboard/test_auth.py
468fe379641ced23f59e731ff1ed4736fca7cca0
1 # -*- coding: utf-8 -*-
3 from __future__
import absolute_import
9 from tasks
.mgr
.dashboard
.helper
import DashboardTestCase
, JObj
, JLeaf
12 class AuthTest(DashboardTestCase
):
14 AUTO_AUTHENTICATE
= False
17 super(AuthTest
, self
).setUp()
20 def _validate_jwt_token(self
, token
, username
, permissions
):
21 payload
= jwt
.decode(token
, verify
=False)
22 self
.assertIn('username', payload
)
23 self
.assertEqual(payload
['username'], username
)
25 for scope
, perms
in permissions
.items():
26 self
.assertIsNotNone(scope
)
27 self
.assertIn('read', perms
)
28 self
.assertIn('update', perms
)
29 self
.assertIn('create', perms
)
30 self
.assertIn('delete', perms
)
32 def test_a_set_login_credentials(self
):
33 self
.create_user('admin2', 'admin2', ['administrator'])
34 self
._post
("/api/auth", {'username': 'admin2', 'password': 'admin2'})
35 self
.assertStatus(201)
36 data
= self
.jsonBody()
37 self
._validate
_jwt
_token
(data
['token'], "admin2", data
['permissions'])
38 self
.delete_user('admin2')
40 def test_login_valid(self
):
41 self
._post
("/api/auth", {'username': 'admin', 'password': 'admin'})
42 self
.assertStatus(201)
43 data
= self
.jsonBody()
44 self
.assertSchema(data
, JObj(sub_elems
={
46 'username': JLeaf(str),
47 'permissions': JObj(sub_elems
={}, allow_unknown
=True),
49 'pwdExpirationDate': JLeaf(int, none
=True),
50 'pwdUpdateRequired': JLeaf(bool)
51 }, allow_unknown
=False))
52 self
._validate
_jwt
_token
(data
['token'], "admin", data
['permissions'])
54 def test_login_invalid(self
):
55 self
._post
("/api/auth", {'username': 'admin', 'password': 'inval'})
56 self
.assertStatus(400)
59 "code": "invalid_credentials",
60 "detail": "Invalid credentials"
63 def test_login_without_password(self
):
64 self
.create_user('admin2', '', ['administrator'])
65 self
._post
("/api/auth", {'username': 'admin2', 'password': ''})
66 self
.assertStatus(400)
69 "code": "invalid_credentials",
70 "detail": "Invalid credentials"
72 self
.delete_user('admin2')
74 def test_logout(self
):
75 self
._post
("/api/auth", {'username': 'admin', 'password': 'admin'})
76 self
.assertStatus(201)
77 data
= self
.jsonBody()
78 self
._validate
_jwt
_token
(data
['token'], "admin", data
['permissions'])
79 self
.set_jwt_token(data
['token'])
80 self
._post
("/api/auth/logout")
81 self
.assertStatus(200)
83 "redirect_url": "#/login"
85 self
._get
("/api/host")
86 self
.assertStatus(401)
87 self
.set_jwt_token(None)
89 def test_token_ttl(self
):
90 self
._ceph
_cmd
(['dashboard', 'set-jwt-token-ttl', '5'])
91 self
._post
("/api/auth", {'username': 'admin', 'password': 'admin'})
92 self
.assertStatus(201)
93 self
.set_jwt_token(self
.jsonBody()['token'])
94 self
._get
("/api/host")
95 self
.assertStatus(200)
97 self
._get
("/api/host")
98 self
.assertStatus(401)
99 self
._ceph
_cmd
(['dashboard', 'set-jwt-token-ttl', '28800'])
100 self
.set_jwt_token(None)
102 def test_remove_from_blacklist(self
):
103 self
._ceph
_cmd
(['dashboard', 'set-jwt-token-ttl', '5'])
104 self
._post
("/api/auth", {'username': 'admin', 'password': 'admin'})
105 self
.assertStatus(201)
106 self
.set_jwt_token(self
.jsonBody()['token'])
107 # the following call adds the token to the blacklist
108 self
._post
("/api/auth/logout")
109 self
.assertStatus(200)
110 self
._get
("/api/host")
111 self
.assertStatus(401)
113 self
._ceph
_cmd
(['dashboard', 'set-jwt-token-ttl', '28800'])
114 self
.set_jwt_token(None)
115 self
._post
("/api/auth", {'username': 'admin', 'password': 'admin'})
116 self
.assertStatus(201)
117 self
.set_jwt_token(self
.jsonBody()['token'])
118 # the following call removes expired tokens from the blacklist
119 self
._post
("/api/auth/logout")
120 self
.assertStatus(200)
122 def test_unauthorized(self
):
123 self
._get
("/api/host")
124 self
.assertStatus(401)
126 def test_invalidate_token_by_admin(self
):
127 self
._get
("/api/host")
128 self
.assertStatus(401)
129 self
.create_user('user', 'user', ['read-only'])
131 self
._post
("/api/auth", {'username': 'user', 'password': 'user'})
132 self
.assertStatus(201)
133 self
.set_jwt_token(self
.jsonBody()['token'])
134 self
._get
("/api/host")
135 self
.assertStatus(200)
137 self
._ceph
_cmd
(['dashboard', 'ac-user-set-password', '--force-password',
140 self
._get
("/api/host")
141 self
.assertStatus(401)
142 self
.set_jwt_token(None)
143 self
._post
("/api/auth", {'username': 'user', 'password': 'user2'})
144 self
.assertStatus(201)
145 self
.set_jwt_token(self
.jsonBody()['token'])
146 self
._get
("/api/host")
147 self
.assertStatus(200)
148 self
.delete_user("user")
150 def test_check_token(self
):
151 self
.login("admin", "admin")
152 self
._post
("/api/auth/check", {"token": self
.jsonBody()["token"]})
153 self
.assertStatus(200)
154 data
= self
.jsonBody()
155 self
.assertSchema(data
, JObj(sub_elems
={
156 "username": JLeaf(str),
157 "permissions": JObj(sub_elems
={}, allow_unknown
=True),
159 "pwdUpdateRequired": JLeaf(bool)
160 }, allow_unknown
=False))
163 def test_check_wo_token(self
):
164 self
.login("admin", "admin")
165 self
._post
("/api/auth/check", {"token": ""})
166 self
.assertStatus(200)
167 data
= self
.jsonBody()
168 self
.assertSchema(data
, JObj(sub_elems
={
169 "login_url": JLeaf(str)
170 }, allow_unknown
=False))