paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-10-23 04:52:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
389b851f81b8ad907e9a9cbd7a57210fb4e633e3
zulip/tools/test-api
Mateusz Mandera 389b851f81 update_user_backend: Allow authorized org owners to change user emails. 
This adds a new special UserProfile flag can_change_user_emails(disabled
by default) and the ability for changing the email address of users in
the realm via update_user_backend. This is useful for allowing
organizations to update user emails without needing to set up a SCIM
integration, but since it gives the ability to hijack user accounts, it
needs to be behind this additional permission and can't be just given to
organization owners by default. Analogical to how the
create_user_backend endpoint works.
2024-10-22 16:36:38 -07:00

150 lines
4.5 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/env python3
import argparse
import os
import sys
os.environ["RUNNING_OPENAPI_CURL_TEST"] = "1"
ZULIP_PATH = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
sys.path.insert(0, ZULIP_PATH)
os.chdir(ZULIP_PATH)
# check for the venv
from tools.lib import sanity_check
sanity_check.check_venv(__file__)
from zulip import Client
from tools.lib.test_script import add_provision_check_override_param, assert_provisioning_status_ok
from tools.lib.test_server import test_server_running
usage = """test-api [options]"""
parser = argparse.ArgumentParser(usage)
add_provision_check_override_param(parser)
options = parser.parse_args()
assert_provisioning_status_ok(options.skip_provision_check)
with test_server_running(
skip_provision_check=options.skip_provision_check, external_host="zulipdev.com:9981"
):
# zerver imports should happen after `django.setup()` is run
# by the test_server_running decorator.
from zerver.actions.create_user import do_create_user, do_reactivate_user
from zerver.actions.realm_settings import (
do_change_realm_permission_group_setting,
do_deactivate_realm,
do_reactivate_realm,
)
from zerver.actions.users import change_user_is_active
from zerver.lib.test_helpers import reset_email_visibility_to_everyone_in_zulip_realm
from zerver.lib.users import get_api_key
from zerver.models.groups import NamedUserGroup, SystemGroups
from zerver.models.realms import get_realm
from zerver.models.users import get_user
from zerver.openapi.javascript_examples import test_js_bindings
from zerver.openapi.python_examples import (
test_invalid_api_key,
test_realm_deactivated,
test_the_api,
test_user_account_deactivated,
)
from zerver.openapi.test_curl_examples import test_generated_curl_examples_for_success
print("Running API tests...")
reset_email_visibility_to_everyone_in_zulip_realm()
# Prepare the admin client
email = "iago@zulip.com" # Iago is an admin
realm = get_realm("zulip")
iago = get_user(email, realm)
user = iago
# Iago needs permission to manage all user groups.
admins_group = NamedUserGroup.objects.get(
name=SystemGroups.ADMINISTRATORS, realm=realm, is_system_group=True
)
do_change_realm_permission_group_setting(
realm, "can_manage_all_groups", admins_group, acting_user=None
)
# Required to test can_create_users and can_change_user_emails endpoints.
user.can_create_users = True
user.can_change_user_emails = True
user.save(update_fields=["can_create_users", "can_change_user_emails"])
api_key = get_api_key(user)
site = "http://zulip.zulipdev.com:9981"
client = Client(
email=email,
api_key=api_key,
site=site,
)
# Prepare the owner client
email = "desdemona@zulip.com" # desdemona is an owner
realm = get_realm("zulip")
user = get_user(email, realm)
api_key = get_api_key(user)
site = "http://zulip.zulipdev.com:9981"
owner_client = Client(
email=email,
api_key=api_key,
site=site,
)
# Prepare the non-admin client
email = "guest@zulip.com" # guest is not an admin
guest_user = do_create_user(
"guest@zulip.com", "secret", get_realm("zulip"), "Mr. Guest", acting_user=None
)
api_key = get_api_key(guest_user)
nonadmin_client = Client(
email=email,
api_key=api_key,
site=site,
)
test_the_api(client, nonadmin_client, owner_client)
test_generated_curl_examples_for_success(client)
test_js_bindings(client)
# Test error payloads
client = Client(
email=email,
api_key="X" * 32,
site=site,
)
test_invalid_api_key(client)
# Test account deactivated error
# we deactivate user manually because do_deactivate_user removes user session
change_user_is_active(guest_user, False)
client = Client(
email=email,
api_key=api_key,
site=site,
)
test_user_account_deactivated(client)
# reactivate user to avoid any side-effects in other tests.
do_reactivate_user(guest_user, acting_user=None)
# Test realm deactivated error
do_deactivate_realm(
guest_user.realm, acting_user=None, deactivation_reason="owner_request", email_owners=False
)
client = Client(
email=email,
api_key=api_key,
site=site,
)
test_realm_deactivated(client)
do_reactivate_realm(guest_user.realm)
print("API tests passed!")
Reference in New Issue View Git Blame Copy Permalink