Skip to content

Commit

Permalink
test: rename admin user in fixture (#5415)
Browse files Browse the repository at this point in the history 
### 💭 Notes
Developer-facing changes only. Changes the username of the admin user to
`adminuser` in preparation for disallowing the name `admin` as part of
https://www.notion.so/kobotoolbox/Anonymous-submissions-dont-work-if-user-named-admin-owns-asset-1767e515f65480608dfcee76ba9b3710
  • Loading branch information
@rgraber
rgraber authored Jan 13, 2025
1 parent c18c3ba commit 8e8d6bb
Show file tree
Hide file tree
Showing 13 changed files with 74 additions and 72 deletions.
31 changes: 15 additions & 16 deletions kobo/apps/audit_log/tests/api/v2/test_api_audit_log.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ def test_list_as_superuser(self):
action=AuditAction.DELETE,
log_type=AuditType.DATA_EDITING,
)
self.login_user(username='admin', password='pass')
self.login_user(username='adminuser', password='pass')
expected = [
{
'app_label': 'foo',
Expand Down Expand Up @@ -242,7 +242,7 @@ def test_filter_list(self):
action=AuditAction.DELETE,
log_type=AuditType.DATA_EDITING,
)
self.login_user(username='admin', password='pass')
self.login_user(username='adminuser', password='pass')
expected = [
{
'app_label': 'foo',
Expand Down Expand Up @@ -363,14 +363,14 @@ def test_regular_user_access_returns_forbidden(self):
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

def test_show_all_access_logs_succeeds_for_superuser(self):
self.force_login_user(User.objects.get(username='admin'))
self.force_login_user(User.objects.get(username='adminuser'))
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_200_OK)

def test_show_all_access_logs_includes_all_users(self):
user1 = User.objects.get(username='someuser')
user2 = User.objects.get(username='anotheruser')
admin = User.objects.get(username='admin')
admin = User.objects.get(username='adminuser')
AccessLog.objects.create(user=user1)
AccessLog.objects.create(user=user2)
self.force_login_user(admin)
Expand All @@ -384,7 +384,7 @@ def test_endpoint_groups_submissions(self):
# this is just to ensure that we're using the grouping query
user1 = User.objects.get(username='someuser')
user2 = User.objects.get(username='anotheruser')
admin = User.objects.get(username='admin')
admin = User.objects.get(username='adminuser')

self.force_login_user(admin)
jan_1_1_30_am = datetime.fromisoformat('2024-01-01T01:30:25.123456+00:00')
Expand Down Expand Up @@ -440,10 +440,9 @@ def test_endpoint_groups_submissions(self):
def test_can_search_access_logs_by_username(self):
user1 = User.objects.get(username='someuser')
user2 = User.objects.get(username='anotheruser')
admin = User.objects.get(username='admin')
AccessLog.objects.create(user=user1)
AccessLog.objects.create(user=user2)
self.force_login_user(User.objects.get(username='admin'))
self.force_login_user(User.objects.get(username='adminuser'))
response = self.client.get(f'{self.url}?q=user__username:anotheruser')

# only return logs from user1
Expand All @@ -456,7 +455,7 @@ def test_can_search_access_logs_by_username_including_submission_groups(
):
user1 = User.objects.get(username='someuser')
user2 = User.objects.get(username='anotheruser')
admin = User.objects.get(username='admin')
admin = User.objects.get(username='adminuser')
self.force_login_user(admin)

# create two submissions that will be grouped together
Expand Down Expand Up @@ -489,7 +488,7 @@ def test_can_search_access_logs_by_username_including_submission_groups(
def test_can_search_access_logs_by_date(self):
user = User.objects.get(username='someuser')
with skip_login_access_log():
self.client.force_login(User.objects.get(username='admin'))
self.client.force_login(User.objects.get(username='adminuser'))
tomorrow = timezone.now() + timedelta(days=1)
tomorrow_str = tomorrow.strftime('%Y-%m-%d')
# create one log from today and one from tomorrow
Expand All @@ -514,7 +513,7 @@ def test_can_search_access_logs_by_date(self):
def test_can_search_access_logs_by_date_including_submission_groups(self):
user = User.objects.get(username='someuser')
with skip_login_access_log():
self.client.force_login(User.objects.get(username='admin'))
self.client.force_login(User.objects.get(username='adminuser'))
tomorrow = timezone.now() + timedelta(days=1)
two_days_from_now = tomorrow + timedelta(days=1)
tomorrow_str = tomorrow.strftime('%Y-%m-%d')
Expand Down Expand Up @@ -649,7 +648,7 @@ def get_endpoint_basename(self):

def setUp(self):
super().setUp()
self.user = User.objects.get(username='admin')
self.user = User.objects.get(username='adminuser')
self.asset = Asset.objects.get(pk=1)
self.force_login_user(self.user)

Expand Down Expand Up @@ -705,7 +704,7 @@ def test_export_for_user_returns_success(self):
self.assertEqual(response.status_code, status.HTTP_202_ACCEPTED)

def test_export_for_superuser_commences(self):
self.force_login_user(User.objects.get(username='admin'))
self.force_login_user(User.objects.get(username='adminuser'))
response = self.client.post(self.url)
self.assertEqual(response.status_code, status.HTTP_202_ACCEPTED)

Expand Down Expand Up @@ -790,12 +789,12 @@ def test_regular_user_cannot_export_access_logs(self):
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

def test_export_access_logs_for_superuser_returns_success(self):
self.force_login_user(User.objects.get(username='admin'))
self.force_login_user(User.objects.get(username='adminuser'))
response = self.client.post(self.url)
self.assertEqual(response.status_code, status.HTTP_202_ACCEPTED)

def test_superuser_create_export_task_on_post(self):
test_superuser = User.objects.get(username='admin')
test_superuser = User.objects.get(username='adminuser')
self.force_login_user(test_superuser)

response = self.client.post(self.url)
Expand All @@ -811,7 +810,7 @@ def test_superuser_create_export_task_on_post(self):
self.assertTrue(task.get_all_logs)

def test_superuser_get_status_tasks(self):
test_superuser = User.objects.get(username='admin')
test_superuser = User.objects.get(username='adminuser')
self.force_login_user(test_superuser)

AccessLogExportTask.objects.create(
Expand Down Expand Up @@ -844,7 +843,7 @@ def test_permission_denied_for_non_superusers_on_get_status(self):
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

def test_multiple_export_tasks_not_allowed(self):
test_superuser = User.objects.get(username='admin')
test_superuser = User.objects.get(username='adminuser')
self.force_login_user(test_superuser)

response_first = self.client.post(self.url)
Expand Down
22 changes: 12 additions & 10 deletions kobo/apps/audit_log/tests/test_project_history_logs.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ class TestProjectHistoryLogs(BaseAuditLogTestCase):
def setUp(self):
super().setUp()
# log in as admin
user = User.objects.get(username='admin')
user = User.objects.get(username='adminuser')
self.user = user
self.client.force_login(user=user)
# use the same asset
Expand Down Expand Up @@ -1390,7 +1390,9 @@ def test_no_logs_if_bulk_request_fails(self):
'permission': reverse(
'api_v2:permission-detail', kwargs={'codename': PERM_VIEW_ASSET}
),
'user': reverse('api_v2:user-kpi-detail', kwargs={'username': 'admin'}),
'user': reverse(
'api_v2:user-kpi-detail', kwargs={'username': 'adminuser'}
),
},
]
self.client.post(
Expand Down Expand Up @@ -1476,9 +1478,9 @@ def test_no_log_created_for_non_project_transfer(self):
)
self.assertEqual(ProjectHistoryLog.objects.count(), 0)

@data('admin', 'someuser')
@data('adminuser', 'someuser')
def test_log_created_for_duplicate_submission(self, duplicating_user):
self._add_submission('admin')
self._add_submission('adminuser')
submissions = self.asset.deployment.get_submissions(
self.asset.owner, fields=['_id']
)
Expand All @@ -1505,7 +1507,7 @@ def test_log_created_for_duplicate_submission(self, duplicating_user):
)
self.assertEqual(metadata['submission']['submitted_by'], duplicating_user)

@data('admin', None)
@data('adminuser', None)
def test_update_one_submission_content(self, username):
self._add_submission(username)
submissions_xml = self.asset.deployment.get_submissions(
Expand Down Expand Up @@ -1550,7 +1552,7 @@ def test_update_one_submission_content(self, username):
self.assertEqual(log.metadata['submission']['submitted_by'], submitted_by)

def test_update_multiple_submissions_content(self):
self._add_submission('admin')
self._add_submission('adminuser')
self._add_submission('someuser')
self._add_submission(None)

Expand All @@ -1574,7 +1576,7 @@ def test_update_multiple_submissions_content(self):

self.assertEqual(ProjectHistoryLog.objects.count(), 3)
log1 = ProjectHistoryLog.objects.filter(
metadata__submission__submitted_by='admin'
metadata__submission__submitted_by='adminuser'
).first()
self._check_common_metadata(log1.metadata, PROJECT_HISTORY_LOG_PROJECT_SUBTYPE)
self.assertEqual(log1.action, AuditAction.MODIFY_SUBMISSION)
Expand All @@ -1591,7 +1593,7 @@ def test_update_multiple_submissions_content(self):
self._check_common_metadata(log2.metadata, PROJECT_HISTORY_LOG_PROJECT_SUBTYPE)
self.assertEqual(log2.action, AuditAction.MODIFY_SUBMISSION)

@data('admin', None)
@data('adminuser', None)
def test_update_single_submission_validation_status(self, username):
self._add_submission(username)
submissions_json = self.asset.deployment.get_submissions(
Expand All @@ -1615,7 +1617,7 @@ def test_update_single_submission_validation_status(self, username):
self.assertEqual(log_metadata['submission']['status'], 'On Hold')

def test_multiple_submision_validation_statuses(self):
self._add_submission('admin')
self._add_submission('adminuser')
self._add_submission('someuser')
self._add_submission(None)
submissions_json = self.asset.deployment.get_submissions(
Expand All @@ -1639,7 +1641,7 @@ def test_multiple_submision_validation_statuses(self):

self.assertEqual(ProjectHistoryLog.objects.count(), 3)
log1 = ProjectHistoryLog.objects.filter(
metadata__submission__submitted_by='admin'
metadata__submission__submitted_by='adminuser'
).first()
self._check_common_metadata(log1.metadata, PROJECT_HISTORY_LOG_PROJECT_SUBTYPE)
self.assertEqual(log1.action, AuditAction.MODIFY_SUBMISSION)
Expand Down
2 changes: 1 addition & 1 deletion kobo/apps/organizations/tests/admin/test_organization_admin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ def setUp(self):

self.someuser = User.objects.get(username='someuser')
self.anotheruser = User.objects.get(username='anotheruser')
self.admin = User.objects.get(username='admin')
self.admin = User.objects.get(username='adminuser')

self.organization.add_user(self.someuser) # someuser becomes the owner

Expand Down
6 changes: 3 additions & 3 deletions kobo/apps/trash_bin/tests/test_utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ def test_delete_user(self):
someuser = get_user_model().objects.get(username='someuser')
someuser_uid = someuser.extra_details.uid
someuser_id = someuser.pk
admin = get_user_model().objects.get(username='admin')
admin = get_user_model().objects.get(username='adminuser')

# Create dummy logs for someuser
audit_log = AuditLog.objects.create(
Expand Down Expand Up @@ -114,7 +114,7 @@ def test_move_to_trash(self):
def test_put_back(self):
self.test_move_to_trash()
someuser = get_user_model().objects.get(username='someuser')
admin = get_user_model().objects.get(username='admin')
admin = get_user_model().objects.get(username='adminuser')
assert not someuser.is_active
account_trash = AccountTrash.objects.get(user=someuser)
periodic_task_id = account_trash.periodic_task_id
Expand Down Expand Up @@ -154,7 +154,7 @@ def test_remove_user(self):
everything from their account is deleted except their username
"""
someuser = get_user_model().objects.get(username='someuser')
admin = get_user_model().objects.get(username='admin')
admin = get_user_model().objects.get(username='adminuser')
someuser.extra_details.data['name'] = 'someuser'
someuser.extra_details.save(update_fields=['data'])

Expand Down
2 changes: 1 addition & 1 deletion kpi/fixtures/test_data.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
"last_name": "",
"password": "pbkdf2_sha256$15000$fsiY4ICrvcIa$z8esAlmJ/ip0sR7TZkmpxxt4CWw1O1+cfWLbZ3/ip4E=",
"user_permissions": [],
"username": "admin"
"username": "adminuser"
},
"model": "kobo_auth.user",
"pk": 1
Expand Down
3 changes: 2 additions & 1 deletion kpi/tests/api/v1/test_api_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
from kobo.apps.kobo_auth.shortcuts import User
from kpi.constants import ASSET_TYPE_COLLECTION
from kpi.models import Asset, ObjectPermission

# importing module instead of the class, avoid running the tests twice
from kpi.tests.api.v2 import test_api_permissions
from kpi.tests.kpi_test_case import KpiTestCase
Expand Down Expand Up @@ -40,7 +41,7 @@ class ApiAssignedPermissionsTestCase(KpiTestCase):
def setUp(self):
super().setUp()
self.anon = get_anonymous_user()
self.super = User.objects.get(username='admin')
self.super = User.objects.get(username='adminuser')
self.super_password = 'pass'
self.someuser = User.objects.get(username='someuser')
self.someuser_password = 'someuser'
Expand Down
2 changes: 1 addition & 1 deletion kpi/tests/api/v2/test_api_asset_bulk_actions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ def _get_asset_detail_results(self, asset_uid: str) -> Response:

def _login_superuser(self):
self.client.logout()
self.client.login(username='admin', password='pass')
self.client.login(username='adminuser', password='pass')

def _login_user(self, userpass: str):
self.client.logout()
Expand Down
22 changes: 11 additions & 11 deletions kpi/tests/api/v2/test_api_asset_permission_assignment.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,11 @@ class BaseApiAssetPermissionTestCase(PermissionAssignmentTestCaseMixin, KpiTestC
URL_NAMESPACE = ROUTER_URL_NAMESPACE

def setUp(self):
self.admin = User.objects.get(username='admin')
self.admin = User.objects.get(username='adminuser')
self.someuser = User.objects.get(username='someuser')
self.anotheruser = User.objects.get(username='anotheruser')

self.client.login(username='admin', password='pass')
self.client.login(username='adminuser', password='pass')
self.asset = self.create_asset('An asset to be shared')

def _grant_perm_as_logged_in_user(self, username, codename):
Expand Down Expand Up @@ -342,7 +342,7 @@ def test_cannot_assign_permissions_to_owner(self):
self._grant_perm_as_logged_in_user('someuser', PERM_MANAGE_ASSET)
self.client.login(username='someuser', password='someuser')
response = self._assign_perms_as_logged_in_user(
[('admin', PERM_VIEW_ASSET), ('admin', PERM_CHANGE_ASSET)]
[('adminuser', PERM_VIEW_ASSET), ('adminuser', PERM_CHANGE_ASSET)]
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)

Expand Down Expand Up @@ -381,14 +381,14 @@ def test_owner_can_assign_permissions(self):
),
sorted(
[
('admin', PERM_VIEW_ASSET),
('admin', PERM_CHANGE_ASSET),
('admin', PERM_MANAGE_ASSET),
('admin', PERM_ADD_SUBMISSIONS),
('admin', PERM_DELETE_SUBMISSIONS),
('admin', PERM_VIEW_SUBMISSIONS),
('admin', PERM_CHANGE_SUBMISSIONS),
('admin', PERM_VALIDATE_SUBMISSIONS),
('adminuser', PERM_VIEW_ASSET),
('adminuser', PERM_CHANGE_ASSET),
('adminuser', PERM_MANAGE_ASSET),
('adminuser', PERM_ADD_SUBMISSIONS),
('adminuser', PERM_DELETE_SUBMISSIONS),
('adminuser', PERM_VIEW_SUBMISSIONS),
('adminuser', PERM_CHANGE_SUBMISSIONS),
('adminuser', PERM_VALIDATE_SUBMISSIONS),
('someuser', PERM_VIEW_ASSET),
('anotheruser', PERM_VIEW_ASSET),
('anotheruser', PERM_CHANGE_ASSET),
Expand Down
2 changes: 1 addition & 1 deletion kpi/tests/api/v2/test_api_assets.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1098,7 +1098,7 @@ def test_report_submissions(self):

# Verify an admin user has access to the data
self.client.logout()
self.client.login(username='admin', password='pass')
self.client.login(username='adminuser', password='pass')
response = self.client.get(report_url)
self.assertEqual(response.status_code, status.HTTP_200_OK)

Expand Down
Loading

0 comments on commit 8e8d6bb

Please sign in to comment.