From: Tatjana Dehler Date: Tue, 17 Dec 2019 15:12:25 +0000 (+0100) Subject: mgr/dashboard: fix REST API test cases X-Git-Tag: v15.1.0~236^2~1 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=7015c2a82b744bbe38c846641db635f194d5bd9b;p=ceph.git mgr/dashboard: fix REST API test cases 1. Fix the test cases by using the 'assertJsonBody' method. The '_post' method doesn't return anything. That's why we need to use the 'assertJsonBody' method here instead of checking the fields directly. 2. Add the missing scope and permission definition of the 'validate_password' resource. Otherwise the resource is not restricted and 'test_validate_password_invalid_permissions' will fail. 3. Re-word error messages. Change 'cannot' to 'must not'. Signed-off-by: Tatjana Dehler --- diff --git a/qa/tasks/mgr/dashboard/test_user.py b/qa/tasks/mgr/dashboard/test_user.py index f1dd9f15c8f6..f3ee8863a673 100644 --- a/qa/tasks/mgr/dashboard/test_user.py +++ b/qa/tasks/mgr/dashboard/test_user.py @@ -196,7 +196,7 @@ class UserTest(DashboardTestCase): }) self.assertStatus(400) self.assertError('password_policy_validation_failed', 'user', - 'Password cannot be the same as the previous one.') + 'Password must not be the same as the previous one.') self._reset_login_to_admin('test1') def test_change_password_contains_username(self): @@ -208,7 +208,7 @@ class UserTest(DashboardTestCase): }) self.assertStatus(400) self.assertError('password_policy_validation_failed', 'user', - 'Password cannot contain username.') + 'Password must not contain username.') self._reset_login_to_admin('test1') def test_change_password_contains_forbidden_words(self): @@ -220,7 +220,7 @@ class UserTest(DashboardTestCase): }) self.assertStatus(400) self.assertError('password_policy_validation_failed', 'user', - 'Password cannot contain keywords.') + 'Password must not contain keywords.') self._reset_login_to_admin('test1') def test_change_password_contains_sequential_characters(self): @@ -232,7 +232,7 @@ class UserTest(DashboardTestCase): }) self.assertStatus(400) self.assertError('password_policy_validation_failed', 'user', - 'Password cannot contain sequential characters.') + 'Password must not contain sequential characters.') self._reset_login_to_admin('test1') def test_change_password_contains_repetetive_characters(self): @@ -244,7 +244,7 @@ class UserTest(DashboardTestCase): }) self.assertStatus(400) self.assertError('password_policy_validation_failed', 'user', - 'Password cannot contain repetitive characters.') + 'Password must not contain repetitive characters.') self._reset_login_to_admin('test1') def test_change_password(self): @@ -400,65 +400,79 @@ class UserTest(DashboardTestCase): 'credits': JLeaf(int), 'valuation': JLeaf(str) })) - self.assertTrue(data['valid']) - self.assertEqual(data['credits'], 11) - self.assertEqual(data['valuation'], 'Weak') + self.assertJsonBody({ + 'valid': True, + 'credits': 11, + 'valuation': 'Weak' + }) def test_validate_password_ok(self): - data = self._post('/api/user/validate_password', { + self._post('/api/user/validate_password', { 'password': 'mypassword1!@' }) self.assertStatus(200) - self.assertTrue(data['valid']) - self.assertEqual(data['credits'], 17) - self.assertEqual(data['valuation'], 'OK') + self.assertJsonBody({ + 'valid': True, + 'credits': 17, + 'valuation': 'OK' + }) def test_validate_password_strong(self): - data = self._post('/api/user/validate_password', { + self._post('/api/user/validate_password', { 'password': 'testpassword0047!@' }) self.assertStatus(200) - self.assertTrue(data['valid']) - self.assertEqual(data['credits'], 22) - self.assertEqual(data['valuation'], 'Strong') + self.assertJsonBody({ + 'valid': True, + 'credits': 22, + 'valuation': 'Strong' + }) def test_validate_password_very_strong(self): - data = self._post('/api/user/validate_password', { + self._post('/api/user/validate_password', { 'password': 'testpassword#!$!@$' }) self.assertStatus(200) - self.assertTrue(data['valid']) - self.assertEqual(data['credits'], 30) - self.assertEqual(data['valuation'], 'Very strong') + self.assertJsonBody({ + 'valid': True, + 'credits': 30, + 'valuation': 'Very strong' + }) def test_validate_password_fail(self): - data = self._post('/api/user/validate_password', { + self._post('/api/user/validate_password', { 'password': 'foo' }) self.assertStatus(200) - self.assertFalse(data['valid']) - self.assertEqual(data['credits'], 0) - self.assertEqual(data['valuation'], 'Password is too weak.') + self.assertJsonBody({ + 'valid': False, + 'credits': 0, + 'valuation': 'Password is too weak.' + }) def test_validate_password_fail_name(self): - data = self._post('/api/user/validate_password', { + self._post('/api/user/validate_password', { 'password': 'x1zhugo_10', 'username': 'hugo' }) self.assertStatus(200) - self.assertFalse(data['valid']) - self.assertEqual(data['credits'], 0) - self.assertEqual(data['valuation'], 'Password cannot contain username.') + self.assertJsonBody({ + 'valid': False, + 'credits': 0, + 'valuation': 'Password must not contain username.' + }) def test_validate_password_fail_oldpwd(self): - data = self._post('/api/user/validate_password', { + self._post('/api/user/validate_password', { 'password': 'x1zt-st10', 'old_password': 'x1zt-st10' }) self.assertStatus(200) - self.assertFalse(data['valid']) - self.assertEqual(data['credits'], 0) - self.assertEqual(data['valuation'], 'Password cannot be the same as the previous one.') + self.assertJsonBody({ + 'valid': False, + 'credits': 0, + 'valuation': 'Password must not be the same as the previous one.' + }) @DashboardTestCase.RunAs('test', 'test', [{'user': ['read', 'delete']}]) def test_validate_password_invalid_permissions(self): @@ -466,4 +480,4 @@ class UserTest(DashboardTestCase): 'password': 'foo' }) self.assertStatus(403) - self.assertError(code='invalid_credentials', component='auth') + self.assertError(detail='You don\'t have permissions to access that resource') diff --git a/src/pybind/mgr/dashboard/controllers/user.py b/src/pybind/mgr/dashboard/controllers/user.py index b70a9837bbff..dfafb4ff71f8 100644 --- a/src/pybind/mgr/dashboard/controllers/user.py +++ b/src/pybind/mgr/dashboard/controllers/user.py @@ -7,7 +7,7 @@ import time import cherrypy -from . import BaseController, ApiController, RESTController, Endpoint +from . import BaseController, ApiController, RESTController, Endpoint, CreatePermission from .. import mgr from ..exceptions import DashboardException, UserAlreadyExists, \ UserDoesNotExist, PasswordPolicyException, PwdExpirationDateNotValid @@ -139,9 +139,11 @@ class User(RESTController): return User._user_to_dict(user) -@ApiController('/user') +@ApiController('/user', Scope.USER) class UserPasswordPolicy(RESTController): + @Endpoint('POST') + @CreatePermission def validate_password(self, password, username=None, old_password=None): """ Check if the password meets the password policy. diff --git a/src/pybind/mgr/dashboard/services/access_control.py b/src/pybind/mgr/dashboard/services/access_control.py index d136ca6c07f9..339e4eb2b414 100644 --- a/src/pybind/mgr/dashboard/services/access_control.py +++ b/src/pybind/mgr/dashboard/services/access_control.py @@ -123,15 +123,15 @@ class PasswordPolicy(object): if self.check_password_characters() < 10 or not self.check_password_length(): raise PasswordPolicyException('Password is too weak.') if self.check_is_old_password(): - raise PasswordPolicyException('Password cannot be the same as the previous one.') + raise PasswordPolicyException('Password must not be the same as the previous one.') if self.check_if_contains_username(): - raise PasswordPolicyException('Password cannot contain username.') + raise PasswordPolicyException('Password must not contain username.') if self.check_if_contains_forbidden_words(): - raise PasswordPolicyException('Password cannot contain keywords.') + raise PasswordPolicyException('Password must not contain keywords.') if self.check_if_repetetive_characters(): - raise PasswordPolicyException('Password cannot contain repetitive characters.') + raise PasswordPolicyException('Password must not contain repetitive characters.') if self.check_if_sequential_characters(): - raise PasswordPolicyException('Password cannot contain sequential characters.') + raise PasswordPolicyException('Password must not contain sequential characters.') class Role(object):