self.create_user('admin2', 'admin2', ['administrator'])
self._post("/api/auth", {'username': 'admin2', 'password': 'admin2'})
self.assertStatus(201)
- self.assertJsonBody({"username": "admin2"})
+ # self.assertJsonBody({"username": "admin2"})
+ data = self.jsonBody()
+ self.assertIn('username', data)
+ self.assertEqual(data['username'], "admin2")
+ self.assertIn('permissions', data)
+ for scope, perms in data['permissions'].items():
+ self.assertIsNotNone(scope)
+ self.assertIn('read', perms)
+ self.assertIn('update', perms)
+ self.assertIn('create', perms)
+ self.assertIn('delete', perms)
self.delete_user('admin2')
def test_login_valid(self):
self._post("/api/auth", {'username': 'admin', 'password': 'admin'})
self.assertStatus(201)
- self.assertJsonBody({"username": "admin"})
+ data = self.jsonBody()
+ self.assertIn('username', data)
+ self.assertEqual(data['username'], "admin")
+ self.assertIn('permissions', data)
+ for scope, perms in data['permissions'].items():
+ self.assertIsNotNone(scope)
+ self.assertIn('read', perms)
+ self.assertIn('update', perms)
+ self.assertIn('create', perms)
+ self.assertIn('delete', perms)
def test_login_stay_signed_in(self):
self._post("/api/auth", {
def create(self, username, password, stay_signed_in=False):
now = time.time()
- if AuthManager.authenticate(username, password):
+ user_perms = AuthManager.authenticate(username, password)
+ if user_perms is not None:
cherrypy.session.regenerate()
cherrypy.session[Session.USERNAME] = username
cherrypy.session[Session.TS] = now
cherrypy.session[Session.EXPIRE_AT_BROWSER_CLOSE] = not stay_signed_in
logger.debug('Login successful')
- return {'username': username}
+ return {
+ 'username': username,
+ 'permissions': user_perms
+ }
logger.debug('Login failed')
raise DashboardException(msg='Invalid credentials',
return True
return False
+ def permissions_dict(self):
+ perms = {}
+ for role in self.roles:
+ for scope, perms_list in role.scopes_permissions.items():
+ if scope in perms:
+ perms_tmp = set(perms[scope]).union(set(perms_list))
+ perms[scope] = list(perms_tmp)
+ else:
+ perms[scope] = perms_list
+
+ return perms
+
def to_dict(self):
return {
'username': self.username,
try:
user = ACCESS_CTRL_DB.get_user(username)
pass_hash = password_hash(password, user.password)
- return pass_hash == user.password
+ if pass_hash == user.password:
+ return user.permissions_dict()
except UserDoesNotExist:
logger.debug("User '%s' does not exist", username)
- return False
+ return None
def authorize(self, username, scope, permissions):
user = ACCESS_CTRL_DB.get_user(username)
projects / ceph.git / commitdiff