1
0
mirror of https://github.com/GNS3/gns3-server synced 2024-12-25 16:28:11 +00:00

Add default super admin account in controller db.

This commit is contained in:
grossmj 2021-04-18 17:39:47 +09:30
parent 9404c00411
commit c03226e368
5 changed files with 69 additions and 9 deletions

View File

@ -28,7 +28,7 @@ from gns3server import schemas
from gns3server.controller.controller_error import (
ControllerBadRequestError,
ControllerNotFoundError,
ControllerUnauthorizedError,
ControllerForbiddenError,
)
from gns3server.db.repositories.users import UsersRepository
@ -110,8 +110,8 @@ async def delete_user(
Delete an user.
"""
if current_user.is_superuser:
raise ControllerUnauthorizedError("The super user cannot be deleted")
if current_user.is_superadmin:
raise ControllerForbiddenError("The super user cannot be deleted")
success = await users_repo.delete_user(user_id)
if not success:

View File

@ -15,9 +15,14 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from sqlalchemy import Boolean, Column, String
from sqlalchemy import Boolean, Column, String, event
from .base import BaseTable, generate_uuid, GUID
from gns3server.services import auth_service
import logging
log = logging.getLogger(__name__)
class User(BaseTable):
@ -30,4 +35,18 @@ class User(BaseTable):
full_name = Column(String)
hashed_password = Column(String)
is_active = Column(Boolean, default=True)
is_superuser = Column(Boolean, default=False)
is_superadmin = Column(Boolean, default=False)
@event.listens_for(User.__table__, 'after_create')
def create_default_super_admin(target, connection, **kw):
hashed_password = auth_service.hash_password("admin")
stmt = target.insert().values(
username="admin",
full_name="Super Administrator",
hashed_password=hashed_password,
is_superadmin=True
)
connection.execute(stmt)
connection.commit()
log.info("Default super admin account added")

View File

@ -52,7 +52,7 @@ class User(DateTimeModelMixin, UserBase):
user_id: UUID
is_active: bool = True
is_superuser: bool = False
is_superadmin: bool = False
class Config:
orm_mode = True

View File

@ -118,7 +118,7 @@ class TestUserRoutes:
response = await client.get(app.url_path_for("get_users"))
assert response.status_code == status.HTTP_200_OK
assert len(response.json()) == 3 # user1, user2 and user3 should exist
assert len(response.json()) == 4 # admin, user1, user2 and user3 should exist
class TestAuthTokens:
@ -265,3 +265,30 @@ class TestUserMe:
res = await client.get(app.url_path_for("get_current_active_user"))
assert res.status_code == status.HTTP_401_UNAUTHORIZED
class TestSuperAdmin:
async def test_super_admin_exists(
self,
app: FastAPI,
client: AsyncClient,
db_session: AsyncSession
) -> None:
user_repo = UsersRepository(db_session)
admin_in_db = await user_repo.get_user_by_username("admin")
assert admin_in_db is not None
assert auth_service.verify_password("admin", admin_in_db.hashed_password)
async def test_cannot_delete_super_admin(
self,
app: FastAPI,
admin_client: AsyncClient,
db_session: AsyncSession
) -> None:
user_repo = UsersRepository(db_session)
admin_in_db = await user_repo.get_user_by_username("admin")
res = await admin_client.delete(app.url_path_for("delete_user", user_id=admin_in_db.user_id))
assert res.status_code == status.HTTP_403_FORBIDDEN

View File

@ -79,8 +79,12 @@ async def db_session(db_engine):
# preferred and faster way would be to rollback the session/transaction
# but it doesn't work for some reason
async with db_engine.begin() as conn:
await conn.run_sync(Base.metadata.drop_all)
await conn.run_sync(Base.metadata.create_all)
# Speed up tests by avoiding to hash the 'admin' password everytime the default super admin is added
# to the database using the "after_create" sqlalchemy event
hashed_password = "$2b$12$jPsNU9IS7.EWEqXahtDfo.26w6VLOLCuFEHKNvDpOjxs5e0WpqJfa"
with patch("gns3server.services.authentication.AuthService.hash_password", return_value=hashed_password):
await conn.run_sync(Base.metadata.drop_all)
await conn.run_sync(Base.metadata.create_all)
session = AsyncSession(db_engine)
try:
@ -152,6 +156,16 @@ def authorized_client(client: AsyncClient, test_user: User) -> AsyncClient:
}
return client
@pytest.fixture
async def admin_client(client: AsyncClient) -> AsyncClient:
# user "admin" is automatically created when the users table is created
access_token = auth_service.create_access_token("admin")
client.headers = {
**client.headers,
"Authorization": f"Bearer {access_token}",
}
return client
@pytest.fixture
def controller_config_path(tmpdir):