cover the generated user record

Author: albu-diku

mig/server/createuser.py

@@ -216,7 +216,8 @@ def _main(configuration, args,
           role=None,
           peer_pattern=None,
           slack_secs=0,
-          hash_password=True
+          hash_password=True,
+          _generate_salt=None
           ):
     if configuration is None:
         if conf_path == keyword_auto:
@@ -306,7 +307,7 @@ def _main(configuration, args,
 
     if user_dict['password']:
         if hash_password:
-            user_dict['password_hash'] = make_hash(user_dict['password'])
+            user_dict['password_hash'] = make_hash(user_dict['password'], _generate_salt=_generate_salt)
             user_dict['password'] = ''
         else:
             salt = configuration.site_password_salt

mig/shared/pwcrypto.py

@@ -114,9 +114,17 @@ def best_crypt_salt(configuration):
     return salt_data
 
 
-def make_hash(password):
+def _random_salt():
+    return b64encode(urandom(SALT_LENGTH))
+
+
+def make_hash(password, _generate_salt=None):
     """Generate a random salt and return a new hash for the password."""
-    salt = b64encode(urandom(SALT_LENGTH))
+
+    if _generate_salt is None:
+        _generate_salt = _random_salt
+
+    salt = _generate_salt()
     derived = b64encode(hashlib.pbkdf2_hmac(HASH_FUNCTION,
                                             force_utf8(password), salt,
                                             COST_FACTOR, KEY_LENGTH))

tests/support/__init__.py

@@ -41,6 +41,8 @@
 from unittest import TestCase, main as testmain
 
 from tests.support.configsupp import FakeConfiguration
+from tests.support.picklesupp import ensure_path_within_output_dir, \
+    is_path_within
 from tests.support.suppconst import MIG_BASE, TEST_BASE, TEST_FIXTURE_DIR, \
     TEST_DATA_DIR, TEST_OUTPUT_DIR, ENVHELP_OUTPUT_DIR
 
@@ -296,16 +298,6 @@ def pretty_display_path(absolute_path):
         return relative_path
 
 
-def is_path_within(path, start=None, _msg=None):
-    """Check if path is within start directory"""
-    try:
-        assert os.path.isabs(path), _msg
-        relative = os.path.relpath(path, start=start)
-    except:
-        return False
-    return not relative.startswith('..')
-
-
 def ensure_dirs_exist(absolute_dir):
     """A simple helper to create absolute_dir and any parents if missing"""
     try:
@@ -399,22 +391,7 @@ def temppath(relative_path, test_case, ensure_dir=False, skip_clean=False):
     """
     assert isinstance(test_case, MigTestCase)
 
-    if os.path.isabs(relative_path):
-        # the only permitted paths are those within the output directory set
-        # aside for execution of the test suite: this will be enforced below
-        # so effectively submit the supplied path for scrutiny
-        tmp_path = relative_path
-    else:
-        tmp_path = os.path.join(TEST_OUTPUT_DIR, relative_path)
-
-    # failsafe path checking that supplied paths are rooted within valid paths
-    is_tmp_path_within_safe_dir = False
-    for start in (ENVHELP_OUTPUT_DIR):
-        is_tmp_path_within_safe_dir = is_path_within(tmp_path, start=start)
-        if is_tmp_path_within_safe_dir:
-            break
-    if not is_tmp_path_within_safe_dir:
-        raise AssertionError("ABORT: corrupt test path=%s" % (tmp_path,))
+    tmp_path = ensure_path_within_output_dir(relative_path)
 
     if ensure_dir:
         try:

tests/support/_path.py

@@ -0,0 +1,34 @@
+import os
+
+from tests.support.suppconst import TEST_OUTPUT_DIR, ENVHELP_OUTPUT_DIR
+
+
+def is_path_within(path, start=None, _msg=None):
+    """Check if path is within start directory"""
+    try:
+        assert os.path.isabs(path), _msg
+        relative = os.path.relpath(path, start=start)
+    except:
+        return False
+    return not relative.startswith('..')
+
+
+def ensure_path_within_output_dir(relative_path):
+    if os.path.isabs(relative_path):
+        # the only permitted paths are those within the output directory set
+        # aside for execution of the test suite: this will be enforced below
+        # so effectively submit the supplied path for scrutiny
+        tmp_path = relative_path
+    else:
+        tmp_path = os.path.join(TEST_OUTPUT_DIR, relative_path)
+
+    # failsafe path checking that supplied paths are rooted within valid paths
+    is_tmp_path_within_safe_dir = False
+    for start in (ENVHELP_OUTPUT_DIR):
+        is_tmp_path_within_safe_dir = is_path_within(tmp_path, start=start)
+        if is_tmp_path_within_safe_dir:
+            break
+    if not is_tmp_path_within_safe_dir:
+        raise AssertionError("ABORT: corrupt test path=%s" % (tmp_path,))
+
+    return tmp_path

tests/support/picklesupp.py

@@ -0,0 +1,12 @@
+import pickle
+
+from tests.support._path import ensure_path_within_output_dir, \
+    is_path_within
+
+
+class PickleAssertMixin:
+    def assertPickledFile(self, pickle_file):
+        ensure_path_within_output_dir(pickle_file)
+
+        with open(pickle_file, 'rb') as picklefile:
+            return pickle.load(picklefile)

tests/test_mig_server_createuser.py

@@ -33,12 +33,13 @@
 import sys
 
 from tests.support import MIG_BASE, TEST_OUTPUT_DIR, MigTestCase, testmain
+from tests.support.picklesupp import PickleAssertMixin
 
 from mig.server.createuser import _main as createuser
 from mig.shared.useradm import _USERADM_CONFIG_DIR_KEYS
 
 
-class TestBooleans(MigTestCase):
+class TestMigServerCreateuser(MigTestCase, PickleAssertMixin):
     def before_each(self):
         configuration = self.configuration
         test_state_path = configuration.state_path
@@ -51,17 +52,18 @@ def before_each(self):
                 pass
 
         self.expected_user_db_home = configuration.user_db_home[0:-1]
+        self.expected_user_db_file = os.path.join(self.expected_user_db_home, 'MiG-users.db')
 
     def _provide_configuration(self):
         return 'testconfig'
 
-    def test_user_db_is_created_and_user_is_added(self):
+    def test_user_db_is_created_when_absent(self):
         args = [
             "Test User",
             "Test Org",
             "NA",
             "DK",
-            "dummy-user",
+            "user@example.com",
             "This is the create comment",
             "password"
         ]
@@ -79,5 +81,54 @@ def test_user_db_is_created_and_user_is_added(self):
         self.assertEqual(path_kind, 'file')
 
 
+    def test_user_entry_is_recorded(self):
+        expected_user_id = '/C=DK/ST=NA/L=NA/O=Test Org/OU=NA/CN=Test User/emailAddress=user@example.com'
+        args = [
+            "Test User",
+            "Test Org",
+            "NA",
+            "DK",
+            "user@example.com",
+            "This is the create comment",
+            "password"
+        ]
+        print("")  # acount for output generated by the logic
+
+        def _generate_salt():
+            return b'CCCC12344321CCCC'
+        createuser(self.configuration, args, default_renew=True,
+            _generate_salt=_generate_salt)
+
+        pickled = self.assertPickledFile(self.expected_user_db_file)
+
+        self.assertIn(expected_user_id, pickled)
+        actual_user_object = dict(pickled[expected_user_id])
+
+        # TODO: remove resetting the handful of keys here done because changes
+        #       to make them assertion frienfly values will increase the size
+        #       of the diff which, at time of commit, are best minimised.
+        actual_user_object['created'] = 9999999999.9999999
+        actual_user_object['expire'] = 1234567890
+        actual_user_object['unique_id'] = '__UNIQUE_ID__'
+
+        self.assertEqual(actual_user_object, {
+            'comment': "This is the create comment",
+            'country': 'DK',
+            'created': 9999999999.9999999,
+            'distinguished_name': expected_user_id,
+            'email': "user@example.com",
+            'expire': 1234567890,
+            'full_name': 'Test User',
+            'locality': '',
+            'openid_names': [],
+            'organization': 'Test Org',
+            'organizational_unit': '',
+            "password": "",
+            "password_hash": "PBKDF2$sha256$10000$b'CCCC12344321CCCC'$b'bph8p/avUq42IYeOdJoJuUqrJ7Q32eaT'",
+            'state': 'NA',
+            'unique_id': '__UNIQUE_ID__'
+        })
+
+
 if __name__ == '__main__':
     testmain()