X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/cd4a811b896da640e5b8ddca7e515f19085932d4..927524f1be454de021180b74999d682780b8cb6b:/services/api/test/unit/user_test.rb diff --git a/services/api/test/unit/user_test.rb b/services/api/test/unit/user_test.rb index 7fcd36d709..7368d89374 100644 --- a/services/api/test/unit/user_test.rb +++ b/services/api/test/unit/user_test.rb @@ -110,7 +110,7 @@ class UserTest < ActiveSupport::TestCase end test "new username set avoiding blacklist" do - Rails.configuration.Users.AutoSetupUsernameBlacklist = {"root"=>{}} + Rails.configuration.Users.AutoSetupUsernameBlacklist = ConfigLoader.to_OrderedOptions({"root"=>{}}) check_new_username_setting("root", "root2") end @@ -340,50 +340,54 @@ class UserTest < ActiveSupport::TestCase assert_equal(user.first_name, 'first_name_for_newly_created_user_updated') end + active_notify_list = ConfigLoader.to_OrderedOptions({"active-notify@example.com"=>{}}) + inactive_notify_list = ConfigLoader.to_OrderedOptions({"inactive-notify@example.com"=>{}}) + empty_notify_list = ConfigLoader.to_OrderedOptions({}) + test "create new user with notifications" do set_user_from_auth :admin - create_user_and_verify_setup_and_notifications true, {'active-notify-address@example.com'=>{}}, {'inactive-notify-address@example.com'=>{}}, nil, nil - create_user_and_verify_setup_and_notifications true, {'active-notify-address@example.com'=>{}}, {}, nil, nil - create_user_and_verify_setup_and_notifications true, {}, [], nil, nil - create_user_and_verify_setup_and_notifications false, {'active-notify-address@example.com'=>{}}, {'inactive-notify-address@example.com'=>{}}, nil, nil - create_user_and_verify_setup_and_notifications false, {}, {'inactive-notify-address@example.com'=>{}}, nil, nil - create_user_and_verify_setup_and_notifications false, {}, {}, nil, nil + create_user_and_verify_setup_and_notifications true, active_notify_list, inactive_notify_list, nil, nil + create_user_and_verify_setup_and_notifications true, active_notify_list, empty_notify_list, nil, nil + create_user_and_verify_setup_and_notifications true, empty_notify_list, empty_notify_list, nil, nil + create_user_and_verify_setup_and_notifications false, active_notify_list, inactive_notify_list, nil, nil + create_user_and_verify_setup_and_notifications false, empty_notify_list, inactive_notify_list, nil, nil + create_user_and_verify_setup_and_notifications false, empty_notify_list, empty_notify_list, nil, nil end [ # Easy inactive user tests. - [false, {}, {}, "inactive-none@example.com", false, false, "inactivenone"], - [false, {}, {}, "inactive-vm@example.com", true, false, "inactivevm"], - [false, {}, {}, "inactive-repo@example.com", false, true, "inactiverepo"], - [false, {}, {}, "inactive-both@example.com", true, true, "inactiveboth"], + [false, empty_notify_list, empty_notify_list, "inactive-none@example.com", false, false, "inactivenone"], + [false, empty_notify_list, empty_notify_list, "inactive-vm@example.com", true, false, "inactivevm"], + [false, empty_notify_list, empty_notify_list, "inactive-repo@example.com", false, true, "inactiverepo"], + [false, empty_notify_list, empty_notify_list, "inactive-both@example.com", true, true, "inactiveboth"], # Easy active user tests. - [true, {"active-notify@example.com"=>{}}, {"inactive-notify@example.com"=>{}}, "active-none@example.com", false, false, "activenone"], - [true, {"active-notify@example.com"=>{}}, {"inactive-notify@example.com"=>{}}, "active-vm@example.com", true, false, "activevm"], - [true, {"active-notify@example.com"=>{}}, {"inactive-notify@example.com"=>{}}, "active-repo@example.com", false, true, "activerepo"], - [true, {"active-notify@example.com"=>{}}, {"inactive-notify@example.com"=>{}}, "active-both@example.com", true, true, "activeboth"], + [true, active_notify_list, inactive_notify_list, "active-none@example.com", false, false, "activenone"], + [true, active_notify_list, inactive_notify_list, "active-vm@example.com", true, false, "activevm"], + [true, active_notify_list, inactive_notify_list, "active-repo@example.com", false, true, "activerepo"], + [true, active_notify_list, inactive_notify_list, "active-both@example.com", true, true, "activeboth"], # Test users with malformed e-mail addresses. - [false, {}, {}, nil, true, true, nil], - [false, {}, {}, "arvados", true, true, nil], - [false, {}, {}, "@example.com", true, true, nil], - [true, {"active-notify@example.com"=>{}}, {"inactive-notify@example.com"=>{}}, "*!*@example.com", true, false, nil], - [true, {"active-notify@example.com"=>{}}, {"inactive-notify@example.com"=>{}}, "*!*@example.com", false, false, nil], + [false, empty_notify_list, empty_notify_list, nil, true, true, nil], + [false, empty_notify_list, empty_notify_list, "arvados", true, true, nil], + [false, empty_notify_list, empty_notify_list, "@example.com", true, true, nil], + [true, active_notify_list, inactive_notify_list, "*!*@example.com", true, false, nil], + [true, active_notify_list, inactive_notify_list, "*!*@example.com", false, false, nil], # Test users with various username transformations. - [false, {}, {}, "arvados@example.com", false, false, "arvados2"], - [true, {"active-notify@example.com"=>{}}, {"inactive-notify@example.com"=>{}}, "arvados@example.com", false, false, "arvados2"], - [true, {"active-notify@example.com"=>{}}, {"inactive-notify@example.com"=>{}}, "root@example.com", true, false, "root2"], - [false, {"active-notify@example.com"=>{}}, {"inactive-notify@example.com"=>{}}, "root@example.com", true, false, "root2"], - [true, {"active-notify@example.com"=>{}}, {"inactive-notify@example.com"=>{}}, "roo_t@example.com", false, true, "root2"], - [false, {}, {}, "^^incorrect_format@example.com", true, true, "incorrectformat"], - [true, {"active-notify@example.com"=>{}}, {"inactive-notify@example.com"=>{}}, "&4a_d9.@example.com", true, true, "ad9"], - [true, {"active-notify@example.com"=>{}}, {"inactive-notify@example.com"=>{}}, "&4a_d9.@example.com", false, false, "ad9"], - [false, {"active-notify@example.com"=>{}}, {"inactive-notify@example.com"=>{}}, "&4a_d9.@example.com", true, true, "ad9"], - [false, {"active-notify@example.com"=>{}}, {"inactive-notify@example.com"=>{}}, "&4a_d9.@example.com", false, false, "ad9"], + [false, empty_notify_list, empty_notify_list, "arvados@example.com", false, false, "arvados2"], + [true, active_notify_list, inactive_notify_list, "arvados@example.com", false, false, "arvados2"], + [true, active_notify_list, inactive_notify_list, "root@example.com", true, false, "root2"], + [false, active_notify_list, inactive_notify_list, "root@example.com", true, false, "root2"], + [true, active_notify_list, inactive_notify_list, "roo_t@example.com", false, true, "root2"], + [false, empty_notify_list, empty_notify_list, "^^incorrect_format@example.com", true, true, "incorrectformat"], + [true, active_notify_list, inactive_notify_list, "&4a_d9.@example.com", true, true, "ad9"], + [true, active_notify_list, inactive_notify_list, "&4a_d9.@example.com", false, false, "ad9"], + [false, active_notify_list, inactive_notify_list, "&4a_d9.@example.com", true, true, "ad9"], + [false, active_notify_list, inactive_notify_list, "&4a_d9.@example.com", false, false, "ad9"], ].each do |active, new_user_recipients, inactive_recipients, email, auto_setup_vm, auto_setup_repo, expect_username| - test "create new user with auto setup #{active} #{email} #{auto_setup_vm} #{auto_setup_repo}" do + test "create new user with auto setup active=#{active} email=#{email} vm=#{auto_setup_vm} repo=#{auto_setup_repo}" do set_user_from_auth :admin Rails.configuration.Users.AutoSetupNewUsers = true @@ -443,30 +447,40 @@ class UserTest < ActiveSupport::TestCase assert_not_allowed { User.new.save } end - test "setup new user" do - set_user_from_auth :admin + [true, false].each do |visible| + test "setup new user with ActivatedUsersAreVisibleToOthers=#{visible}" do + Rails.configuration.Users.ActivatedUsersAreVisibleToOthers = visible + set_user_from_auth :admin - email = 'foo@example.com' + email = 'foo@example.com' - user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email}) + user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email}) - vm = VirtualMachine.create + vm = VirtualMachine.create - response = user.setup(repo_name: 'foo/testrepo', - vm_uuid: vm.uuid) + response = user.setup(repo_name: 'foo/testrepo', + vm_uuid: vm.uuid) - resp_user = find_obj_in_resp response, 'User' - verify_user resp_user, email + resp_user = find_obj_in_resp response, 'User' + verify_user resp_user, email - group_perm = find_obj_in_resp response, 'Link', 'arvados#group' - verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil + group_perm = find_obj_in_resp response, 'Link', 'arvados#group' + verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil - repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository' - verify_link repo_perm, 'permission', 'can_manage', resp_user[:uuid], nil + group_perm2 = find_obj_in_resp response, 'Link', 'arvados#user' + if visible + verify_link group_perm2, 'permission', 'can_read', groups(:all_users).uuid, nil + else + assert_nil group_perm2 + end - vm_perm = find_obj_in_resp response, 'Link', 'arvados#virtualMachine' - verify_link vm_perm, 'permission', 'can_login', resp_user[:uuid], vm.uuid - assert_equal("foo", vm_perm.properties["username"]) + repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository' + verify_link repo_perm, 'permission', 'can_manage', resp_user[:uuid], nil + + vm_perm = find_obj_in_resp response, 'Link', 'arvados#virtualMachine' + verify_link vm_perm, 'permission', 'can_login', resp_user[:uuid], vm.uuid + assert_equal("foo", vm_perm.properties["username"]) + end end test "setup new user with junk in database" do @@ -510,6 +524,9 @@ class UserTest < ActiveSupport::TestCase group_perm = find_obj_in_resp response, 'Link', 'arvados#group' verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil + group_perm2 = find_obj_in_resp response, 'Link', 'arvados#user' + verify_link group_perm2, 'permission', 'can_read', groups(:all_users).uuid, nil + # invoke setup again with repo_name response = user.setup(repo_name: 'foo/testrepo') resp_user = find_obj_in_resp response, 'User', nil @@ -556,7 +573,7 @@ class UserTest < ActiveSupport::TestCase break end else # looking for a link - if ArvadosModel::resource_class_for_uuid(x['head_uuid']).kind == head_kind + if ArvadosModel::resource_class_for_uuid(x['head_uuid']).andand.kind == head_kind return_obj = x break end @@ -569,7 +586,6 @@ class UserTest < ActiveSupport::TestCase assert_not_nil resp_user, 'expected user object' assert_not_nil resp_user['uuid'], 'expected user object' assert_equal email, resp_user['email'], 'expected email not found' - end def verify_link (link_object, link_class, link_name, tail_uuid, head_uuid) @@ -618,6 +634,7 @@ class UserTest < ActiveSupport::TestCase Rails.configuration.Users.AutoSetupNewUsersWithRepository), named_repo.uuid, user.uuid, "permission", "can_manage") end + # Check for VM login. if (auto_vm_uuid = Rails.configuration.Users.AutoSetupNewUsersWithVmUUID) != "" verify_link_exists(can_setup, auto_vm_uuid, user.uuid, @@ -648,7 +665,7 @@ class UserTest < ActiveSupport::TestCase if not new_user_recipients.empty? then assert_not_nil new_user_email, 'Expected new user email after setup' assert_equal Rails.configuration.Users.UserNotifierEmailFrom, new_user_email.from[0] - assert_equal new_user_recipients.keys.first, new_user_email.to[0] + assert_equal new_user_recipients.stringify_keys.keys.first, new_user_email.to[0] assert_equal new_user_email_subject, new_user_email.subject else assert_nil new_user_email, 'Did not expect new user email after setup' @@ -658,7 +675,7 @@ class UserTest < ActiveSupport::TestCase if not inactive_recipients.empty? then assert_not_nil new_inactive_user_email, 'Expected new inactive user email after setup' assert_equal Rails.configuration.Users.UserNotifierEmailFrom, new_inactive_user_email.from[0] - assert_equal inactive_recipients.keys.first, new_inactive_user_email.to[0] + assert_equal inactive_recipients.stringify_keys.keys.first, new_inactive_user_email.to[0] assert_equal "#{Rails.configuration.Users.EmailSubjectPrefix}New inactive user notification", new_inactive_user_email.subject else assert_nil new_inactive_user_email, 'Did not expect new inactive user email after setup' @@ -667,7 +684,6 @@ class UserTest < ActiveSupport::TestCase assert_nil new_inactive_user_email, 'Expected no inactive user email after setting up active user' end ActionMailer::Base.deliveries = [] - end def verify_link_exists link_exists, head_uuid, tail_uuid, link_class, link_name, property_name=nil, property_value=nil @@ -675,7 +691,7 @@ class UserTest < ActiveSupport::TestCase tail_uuid: tail_uuid, link_class: link_class, name: link_name) - assert_equal link_exists, all_links.any?, "Link #{'not' if link_exists} found for #{link_name} #{link_class} #{property_value}" + assert_equal link_exists, all_links.any?, "Link#{' not' if link_exists} found for #{link_name} #{link_class} #{property_value}" if link_exists && property_name && property_value all_links.each do |link| assert_equal true, all_links.first.properties[property_name].start_with?(property_value), 'Property not found in link' @@ -683,72 +699,6 @@ class UserTest < ActiveSupport::TestCase end end - [ - [:active, 'zzzzz-borkd-abcde12345abcde'], - [:active, 'zzzzz-j7d0g-abcde12345abcde'], - [:active, 'zzzzz-tpzed-borkd'], - [:system_user, 'zzzzz-tpzed-abcde12345abcde'], - [:anonymous, 'zzzzz-tpzed-abcde12345abcde'], - ].each do |fixture, new_uuid| - test "disallow update_uuid #{fixture} -> #{new_uuid}" do - u = users(fixture) - orig_uuid = u.uuid - act_as_system_user do - assert_raises do - u.update_uuid(new_uuid: new_uuid) - end - end - # "Successfully aborted orig->new" outcome looks the same as - # "successfully updated new->orig". - assert_update_success(old_uuid: new_uuid, - new_uuid: orig_uuid, - expect_owned_objects: fixture == :active) - end - end - - [:active, :spectator, :admin].each do |target| - test "update_uuid on #{target} as non-admin user" do - act_as_user users(:active) do - assert_raises(ArvadosModel::PermissionDeniedError) do - users(target).update_uuid(new_uuid: 'zzzzz-tpzed-abcde12345abcde') - end - end - end - end - - test "update_uuid to existing uuid" do - u = users(:active) - orig_uuid = u.uuid - new_uuid = users(:admin).uuid - act_as_system_user do - assert_raises do - u.update_uuid(new_uuid: new_uuid) - end - end - u.reload - assert_equal u.uuid, orig_uuid - assert_not_empty Collection.where(owner_uuid: orig_uuid) - assert_not_empty Group.where(owner_uuid: orig_uuid) - end - - [ - [:active, 'zbbbb-tpzed-abcde12345abcde'], - [:active, 'zzzzz-tpzed-abcde12345abcde'], - [:admin, 'zbbbb-tpzed-abcde12345abcde'], - [:admin, 'zzzzz-tpzed-abcde12345abcde'], - ].each do |fixture, new_uuid| - test "update_uuid #{fixture} to unused uuid #{new_uuid}" do - u = users(fixture) - orig_uuid = u.uuid - act_as_system_user do - u.update_uuid(new_uuid: new_uuid) - end - assert_update_success(old_uuid: orig_uuid, - new_uuid: new_uuid, - expect_owned_objects: fixture == :active) - end - end - def assert_update_success(old_uuid:, new_uuid:, expect_owned_objects: true) [[User, :uuid], [Link, :head_uuid],