X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/7f5e5b88c9161cbec69725108e438aa1532acaf5..ecdc08f29a97a6127cd36c71cc56683f09907289:/services/api/test/unit/user_test.rb diff --git a/services/api/test/unit/user_test.rb b/services/api/test/unit/user_test.rb index 4df6cc0b36..185653e873 100644 --- a/services/api/test/unit/user_test.rb +++ b/services/api/test/unit/user_test.rb @@ -1,3 +1,7 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + require 'test_helper' class UserTest < ActiveSupport::TestCase @@ -106,7 +110,7 @@ class UserTest < ActiveSupport::TestCase end test "new username set avoiding blacklist" do - Rails.configuration.auto_setup_name_blacklist = ["root"] + Rails.configuration.Users.AutoSetupUsernameBlacklist = ["root"] check_new_username_setting("root", "root2") end @@ -136,7 +140,6 @@ class UserTest < ActiveSupport::TestCase test "admin can't clear username when user owns repositories" do set_user_from_auth :admin user = users(:active) - start_username = user.username user.username = nil assert_not_allowed { user.save } refute_empty(user.errors[:username]) @@ -154,8 +157,8 @@ class UserTest < ActiveSupport::TestCase [false, 'bar@example.com', nil, true], [true, 'foo@example.com', true, nil], [true, 'bar@example.com', true, true], - [false, false, nil, nil], - [true, false, true, nil] + [false, '', nil, nil], + [true, '', true, nil] ].each do |auto_admin_first_user_config, auto_admin_user_config, foo_should_be_admin, bar_should_be_admin| # In each case, 'foo' is created first, then 'bar', then 'bar2', then 'baz'. test "auto admin with auto_admin_first=#{auto_admin_first_user_config} auto_admin=#{auto_admin_user_config}" do @@ -163,12 +166,12 @@ class UserTest < ActiveSupport::TestCase if auto_admin_first_user_config # This test requires no admin users exist (except for the system user) users(:admin).delete - @all_users = User.where("uuid not like '%-000000000000000'").where(:is_admin => true).find(:all) - assert_equal 0, @all_users.size, "No admin users should exist (except for the system user)" + @all_users = User.where("uuid not like '%-000000000000000'").where(:is_admin => true) + assert_equal 0, @all_users.count, "No admin users should exist (except for the system user)" end - Rails.configuration.auto_admin_first_user = auto_admin_first_user_config - Rails.configuration.auto_admin_user = auto_admin_user_config + Rails.configuration.Users.AutoAdminFirstUser = auto_admin_first_user_config + Rails.configuration.Users.AutoAdminUserWithEmail = auto_admin_user_config # See if the foo user has is_admin foo = User.new @@ -277,14 +280,16 @@ class UserTest < ActiveSupport::TestCase assert @uninvited_user.can? :write=>"#{@uninvited_user.uuid}" assert @uninvited_user.can? :manage=>"#{@uninvited_user.uuid}" - assert @uninvited_user.groups_i_can(:read).size == 1, "inactive and uninvited user can only read anonymous user group" - assert @uninvited_user.groups_i_can(:read).first.ends_with? 'anonymouspublic' , "inactive and uninvited user can only read anonymous user group" - assert @uninvited_user.groups_i_can(:write).size == 0, "inactive and uninvited user should not be able write to any groups" - assert @uninvited_user.groups_i_can(:manage).size == 0, "inactive and uninvited user should not be able manage any groups" + assert_equal(@uninvited_user.groups_i_can(:read).sort, + [@uninvited_user.uuid, groups(:anonymous_group).uuid].sort) + assert_equal(@uninvited_user.groups_i_can(:write), + [@uninvited_user.uuid]) + assert_equal(@uninvited_user.groups_i_can(:manage), + [@uninvited_user.uuid]) end test "find user method checks" do - User.find(:all).each do |user| + User.all.each do |user| assert_not_nil user.uuid, "non-null uuid expected for " + user.full_name end @@ -312,14 +317,14 @@ class UserTest < ActiveSupport::TestCase test "create new user" do set_user_from_auth :admin - @all_users = User.find(:all) + @all_users = User.all.to_a user = User.new user.first_name = "first_name_for_newly_created_user" user.save # verify there is one extra user in the db now - assert_equal @all_users.size+1, User.find(:all).size + assert_equal @all_users.size+1, User.all.count user = User.find(user.id) # get the user back assert_equal(user.first_name, 'first_name_for_newly_created_user') @@ -379,15 +384,15 @@ class UserTest < ActiveSupport::TestCase test "create new user with auto setup #{active} #{email} #{auto_setup_vm} #{auto_setup_repo}" do set_user_from_auth :admin - Rails.configuration.auto_setup_new_users = true + Rails.configuration.Users.AutoSetupNewUsers = true if auto_setup_vm - Rails.configuration.auto_setup_new_users_with_vm_uuid = virtual_machines(:testvm)['uuid'] + Rails.configuration.Users.AutoSetupNewUsersWithVmUUID = virtual_machines(:testvm)['uuid'] else - Rails.configuration.auto_setup_new_users_with_vm_uuid = false + Rails.configuration.Users.AutoSetupNewUsersWithVmUUID = "" end - Rails.configuration.auto_setup_new_users_with_repository = auto_setup_repo + Rails.configuration.Users.AutoSetupNewUsersWithRepository = auto_setup_repo create_user_and_verify_setup_and_notifications active, new_user_recipients, inactive_recipients, email, expect_username end @@ -421,7 +426,7 @@ class UserTest < ActiveSupport::TestCase @active_user.delete found_deleted_user = false - User.find(:all).each do |user| + User.all.each do |user| if user.uuid == active_user_uuid found_deleted_user = true break @@ -446,7 +451,9 @@ class UserTest < ActiveSupport::TestCase vm = VirtualMachine.create - response = User.setup user, openid_prefix, 'foo/testrepo', vm.uuid + response = user.setup(openid_prefix: openid_prefix, + repo_name: 'foo/testrepo', + vm_uuid: vm.uuid) resp_user = find_obj_in_resp response, 'User' verify_user resp_user, email @@ -489,7 +496,9 @@ class UserTest < ActiveSupport::TestCase verify_link resp_link, 'permission', 'can_login', email, bad_uuid - response = User.setup user, openid_prefix, 'foo/testrepo', vm.uuid + response = user.setup(openid_prefix: openid_prefix, + repo_name: 'foo/testrepo', + vm_uuid: vm.uuid) resp_user = find_obj_in_resp response, 'User' verify_user resp_user, email @@ -521,7 +530,7 @@ class UserTest < ActiveSupport::TestCase user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email}) - response = User.setup user, openid_prefix + response = user.setup(openid_prefix: openid_prefix) resp_user = find_obj_in_resp response, 'User' verify_user resp_user, email @@ -536,7 +545,8 @@ class UserTest < ActiveSupport::TestCase verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil # invoke setup again with repo_name - response = User.setup user, openid_prefix, 'foo/testrepo' + response = user.setup(openid_prefix: openid_prefix, + repo_name: 'foo/testrepo') resp_user = find_obj_in_resp response, 'User', nil verify_user resp_user, email assert_equal user.uuid, resp_user[:uuid], 'expected uuid not found' @@ -550,7 +560,9 @@ class UserTest < ActiveSupport::TestCase # invoke setup again with a vm_uuid vm = VirtualMachine.create - response = User.setup user, openid_prefix, 'foo/testrepo', vm.uuid + response = user.setup(openid_prefix: openid_prefix, + repo_name: 'foo/testrepo', + vm_uuid: vm.uuid) resp_user = find_obj_in_resp response, 'User', nil verify_user resp_user, email @@ -613,12 +625,12 @@ class UserTest < ActiveSupport::TestCase end def create_user_and_verify_setup_and_notifications (active, new_user_recipients, inactive_recipients, email, expect_username) - Rails.configuration.new_user_notification_recipients = new_user_recipients - Rails.configuration.new_inactive_user_notification_recipients = inactive_recipients + Rails.configuration.Users.NewUserNotificationRecipients = new_user_recipients + Rails.configuration.Users.NewInactiveUserNotificationRecipients = inactive_recipients ActionMailer::Base.deliveries = [] - can_setup = (Rails.configuration.auto_setup_new_users and + can_setup = (Rails.configuration.Users.AutoSetupNewUsers and (not expect_username.nil?)) expect_repo_name = "#{expect_username}/#{expect_username}" prior_repo = Repository.where(name: expect_repo_name).first @@ -631,21 +643,21 @@ class UserTest < ActiveSupport::TestCase assert_equal(expect_username, user.username) # check user setup - verify_link_exists(Rails.configuration.auto_setup_new_users, + verify_link_exists(Rails.configuration.Users.AutoSetupNewUsers || active, groups(:all_users).uuid, user.uuid, "permission", "can_read") # Check for OID login link. - verify_link_exists(Rails.configuration.auto_setup_new_users, + verify_link_exists(Rails.configuration.Users.AutoSetupNewUsers || active, user.uuid, user.email, "permission", "can_login") # Check for repository. if named_repo = (prior_repo or Repository.where(name: expect_repo_name).first) verify_link_exists((can_setup and prior_repo.nil? and - Rails.configuration.auto_setup_new_users_with_repository), + Rails.configuration.Users.AutoSetupNewUsersWithRepository), named_repo.uuid, user.uuid, "permission", "can_manage") end # Check for VM login. - if auto_vm_uuid = Rails.configuration.auto_setup_new_users_with_vm_uuid + if (auto_vm_uuid = Rails.configuration.Users.AutoSetupNewUsersWithVmUUID) != "" verify_link_exists(can_setup, auto_vm_uuid, user.uuid, "permission", "can_login", "username", expect_username) end @@ -654,17 +666,17 @@ class UserTest < ActiveSupport::TestCase new_user_email = nil new_inactive_user_email = nil - new_user_email_subject = "#{Rails.configuration.email_subject_prefix}New user created notification" - if Rails.configuration.auto_setup_new_users + new_user_email_subject = "#{Rails.configuration.Users.EmailSubjectPrefix}New user created notification" + if Rails.configuration.Users.AutoSetupNewUsers new_user_email_subject = (expect_username or active) ? - "#{Rails.configuration.email_subject_prefix}New user created and setup notification" : - "#{Rails.configuration.email_subject_prefix}New user created, but not setup notification" + "#{Rails.configuration.Users.EmailSubjectPrefix}New user created and setup notification" : + "#{Rails.configuration.Users.EmailSubjectPrefix}New user created, but not setup notification" end ActionMailer::Base.deliveries.each do |d| if d.subject == new_user_email_subject then new_user_email = d - elsif d.subject == "#{Rails.configuration.email_subject_prefix}New inactive user notification" then + elsif d.subject == "#{Rails.configuration.Users.EmailSubjectPrefix}New inactive user notification" then new_inactive_user_email = d end end @@ -673,7 +685,7 @@ class UserTest < ActiveSupport::TestCase # if the new user email recipients config parameter is set if not new_user_recipients.empty? then assert_not_nil new_user_email, 'Expected new user email after setup' - assert_equal Rails.configuration.user_notifier_email_from, new_user_email.from[0] + assert_equal Rails.configuration.Users.UserNotifierEmailFrom, new_user_email.from[0] assert_equal new_user_recipients, new_user_email.to[0] assert_equal new_user_email_subject, new_user_email.subject else @@ -683,9 +695,9 @@ class UserTest < ActiveSupport::TestCase if not active if not inactive_recipients.empty? then assert_not_nil new_inactive_user_email, 'Expected new inactive user email after setup' - assert_equal Rails.configuration.user_notifier_email_from, new_inactive_user_email.from[0] + assert_equal Rails.configuration.Users.UserNotifierEmailFrom, new_inactive_user_email.from[0] assert_equal inactive_recipients, new_inactive_user_email.to[0] - assert_equal "#{Rails.configuration.email_subject_prefix}New inactive user notification", new_inactive_user_email.subject + assert_equal "#{Rails.configuration.Users.EmailSubjectPrefix}New inactive user notification", new_inactive_user_email.subject else assert_nil new_inactive_user_email, 'Did not expect new inactive user email after setup' end @@ -709,4 +721,83 @@ class UserTest < ActiveSupport::TestCase end end + [ + [:active, 'zzzzz-borkd-abcde12345abcde'], + [:active, 'zzzzz-j7d0g-abcde12345abcde'], + [:active, 'zzzzz-tpzed-borkd'], + [:system_user, 'zzzzz-tpzed-abcde12345abcde'], + [:anonymous, 'zzzzz-tpzed-abcde12345abcde'], + ].each do |fixture, new_uuid| + test "disallow update_uuid #{fixture} -> #{new_uuid}" do + u = users(fixture) + orig_uuid = u.uuid + act_as_system_user do + assert_raises do + u.update_uuid(new_uuid: new_uuid) + end + end + # "Successfully aborted orig->new" outcome looks the same as + # "successfully updated new->orig". + assert_update_success(old_uuid: new_uuid, + new_uuid: orig_uuid, + expect_owned_objects: fixture == :active) + end + end + + [:active, :spectator, :admin].each do |target| + test "update_uuid on #{target} as non-admin user" do + act_as_user users(:active) do + assert_raises(ArvadosModel::PermissionDeniedError) do + users(target).update_uuid(new_uuid: 'zzzzz-tpzed-abcde12345abcde') + end + end + end + end + + test "update_uuid to existing uuid" do + u = users(:active) + orig_uuid = u.uuid + new_uuid = users(:admin).uuid + act_as_system_user do + assert_raises do + u.update_uuid(new_uuid: new_uuid) + end + end + u.reload + assert_equal u.uuid, orig_uuid + assert_not_empty Collection.where(owner_uuid: orig_uuid) + assert_not_empty Group.where(owner_uuid: orig_uuid) + end + + [ + [:active, 'zbbbb-tpzed-abcde12345abcde'], + [:active, 'zzzzz-tpzed-abcde12345abcde'], + [:admin, 'zbbbb-tpzed-abcde12345abcde'], + [:admin, 'zzzzz-tpzed-abcde12345abcde'], + ].each do |fixture, new_uuid| + test "update_uuid #{fixture} to unused uuid #{new_uuid}" do + u = users(fixture) + orig_uuid = u.uuid + act_as_system_user do + u.update_uuid(new_uuid: new_uuid) + end + assert_update_success(old_uuid: orig_uuid, + new_uuid: new_uuid, + expect_owned_objects: fixture == :active) + end + end + + def assert_update_success(old_uuid:, new_uuid:, expect_owned_objects: true) + [[User, :uuid], + [Link, :head_uuid], + [Link, :tail_uuid], + [Group, :owner_uuid], + [Collection, :owner_uuid], + ].each do |klass, attr| + assert_empty klass.where(attr => old_uuid) + if klass == User || expect_owned_objects + assert_not_empty klass.where(attr => new_uuid) + end + end + end end