firebird-qa/tests/bugs/core_2004_test.py

#coding:utf-8

"""
ID:          issue-2441
ISSUE:       2441
TITLE:       ALTER USER XXX INACTIVE
DESCRIPTION:
  We create two users ('foo' and 'bar') and make them immediatelly INACTIVE.
  One of them has been granted with RDB$ADMIN role, so he will be able to manage of other user access.
  Then we chek then connect for one of these users (e.g., 'foo') is unable because of his inactive status.
  After this we change state of FOO to active and verify that he can make connect.
  When this user successfully establish connect, he will try to :
  * create and immediatelly drop new user ('rio');
  * change state of other existing user ('bar') to active.
  Finally, we check that user 'bar' really can connect now (after he was allowed to do this by 'foo').
NOTES:
  FB config parameters AuthClient and UserManager must contain 'Srp' plugin in their values.
JIRA:        CORE-2004
FBTEST:      bugs.core_2004
"""

import pytest
from firebird.qa import *

init_script = """
    create or alter view v_check as
    select s.sec$user_name, s.sec$active, s.sec$plugin
    from rdb$database r
    left join sec$users s on lower(s.sec$user_name) in (lower('tmp$c2004_foo'), lower('tmp$c2004_bar'), lower('tmp$c2004_rio'))
    ;
"""

db = db_factory(init=init_script)

user_foo = user_factory('db', name='tmp$c2004_foo', password='123', plugin='Srp', active=False, admin=True)
user_bar = user_factory('db', name='tmp$c2004_bar', password='456', plugin='Srp', active=False)

test_script = """
    set list on;

    -- NB: currently it seems strange that one need to grant rdb$admin to 'foo'
    -- For what reason this role need to be added if 'foo' does his actions only in security_db ?
    -- Sent letter to dimitr and alex, 10-mar-18 16:00
    grant rdb$admin to tmp$c2004_foo;
    commit;

    set count on;
    select 'init_state' as msg, v.* from v_check v;
    set count off;

    select 'try to connect as INACTIVE users' as msg from rdb$database;
    commit;

    connect '$(DSN)' user tmp$c2004_foo password '123'; -- should fail
    select current_user as who_am_i from rdb$database;
    rollback;

    connect '$(DSN)' user tmp$c2004_bar password '456'; -- should fail
    select current_user as who_am_i from rdb$database;
    rollback;

    connect '$(DSN)' user SYSDBA password 'masterkey';


    -- NB: following "alter user" statement must contain "using plugin Srp" clause
    -- otherwise get:
    --    Statement failed, SQLSTATE = HY000
    --    record not found for user: TMP$C2004_BAR

    alter user tmp$c2004_foo active using plugin Srp;
    select 'try to connect as user FOO which was just set as active by SYSDBA.' as msg from rdb$database;
    commit;

    connect '$(DSN)' user tmp$c2004_foo password '123' role 'RDB$ADMIN'; -- should pass
    select current_user as who_am_i, current_role as whats_my_role from rdb$database;


     -- should pass because foo has admin role:
    create or alter user tmp$c2004_rio password '123' using plugin Srp;
    drop user tmp$c2004_rio using plugin Srp;

     -- should pass because foo has admin role:
    alter user tmp$c2004_bar active using plugin Srp;
    select 'try to connect as user BAR which was just set as active by FOO.' as msg from rdb$database;
    commit;

    connect '$(DSN)' user tmp$c2004_bar password '456'; -- should pass
    select current_user as who_am_i from rdb$database;
    commit;
"""

act = isql_act('db', test_script,
               substitutions=[('Use CONNECT or CREATE DATABASE.*', ''), ('.*After line.*', '')])

expected_stdout = """
MSG                             init_state
SEC$USER_NAME                   TMP$C2004_FOO
SEC$ACTIVE                      <false>
SEC$PLUGIN                      Srp
MSG                             init_state
SEC$USER_NAME                   TMP$C2004_BAR
SEC$ACTIVE                      <false>
SEC$PLUGIN                      Srp
Records affected: 2
MSG                             try to connect as INACTIVE users
MSG                             try to connect as user FOO which was just set as active by SYSDBA.
WHO_AM_I                        TMP$C2004_FOO
WHATS_MY_ROLE                   RDB$ADMIN
MSG                             try to connect as user BAR which was just set as active by FOO.
WHO_AM_I                        TMP$C2004_BAR
"""

expected_stderr = """
Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
After line 19 in file tmp_check_2004.sql
"""

@pytest.mark.version('>=3.0')
def test_1(act: Action, user_foo: User, user_bar: User):
    act.expected_stdout = expected_stdout
    act.expected_stderr = expected_stderr
    act.execute()
    assert (act.clean_stderr == act.clean_expected_stderr and
            act.clean_stdout == act.clean_expected_stdout)
Firebird engine tests 2021-04-26 20:07:00 +02:00			`#coding:utf-8`

New metadata + cleanup 2022-01-21 18:49:26 +01:00			`"""`
			`ID: issue-2441`
			`ISSUE: 2441`
			`TITLE: ALTER USER XXX INACTIVE`
			`DESCRIPTION:`
			`We create two users ('foo' and 'bar') and make them immediatelly INACTIVE.`
			`One of them has been granted with RDB$ADMIN role, so he will be able to manage of other user access.`
			`Then we chek then connect for one of these users (e.g., 'foo') is unable because of his inactive status.`
			`After this we change state of FOO to active and verify that he can make connect.`
			`When this user successfully establish connect, he will try to :`
			`* create and immediatelly drop new user ('rio');`
			`* change state of other existing user ('bar') to active.`
			`Finally, we check that user 'bar' really can connect now (after he was allowed to do this by 'foo').`
			`NOTES:`
			`FB config parameters AuthClient and UserManager must contain 'Srp' plugin in their values.`
			`JIRA: CORE-2004`
New metadata (missing FBTEST ID) + cleanup 2022-02-02 15:46:19 +01:00			`FBTEST: bugs.core_2004`
New metadata + cleanup 2022-01-21 18:49:26 +01:00			`"""`
Firebird engine tests 2021-04-26 20:07:00 +02:00
New metadata + cleanup 2022-01-21 18:49:26 +01:00			`import pytest`
			`from firebird.qa import *`
Firebird engine tests 2021-04-26 20:07:00 +02:00
New metadata + cleanup 2022-01-21 18:49:26 +01:00			`init_script = """`
Firebird engine tests 2021-04-26 20:07:00 +02:00			`create or alter view v_check as`
More pyton tests 2021-11-12 18:29:54 +01:00			`select s.sec$user_name, s.sec$active, s.sec$plugin`
Firebird engine tests 2021-04-26 20:07:00 +02:00			`from rdb$database r`
			`left join sec$users s on lower(s.sec$user_name) in (lower('tmp$c2004_foo'), lower('tmp$c2004_bar'), lower('tmp$c2004_rio'))`
			`;`
refactoring and other changes 2021-12-22 20:23:11 +01:00			`"""`
Firebird engine tests 2021-04-26 20:07:00 +02:00
New metadata + cleanup 2022-01-21 18:49:26 +01:00			`db = db_factory(init=init_script)`

			`user_foo = user_factory('db', name='tmp$c2004_foo', password='123', plugin='Srp', active=False, admin=True)`
			`user_bar = user_factory('db', name='tmp$c2004_bar', password='456', plugin='Srp', active=False)`

			`test_script = """`
			`set list on;`

			`-- NB: currently it seems strange that one need to grant rdb$admin to 'foo'`
			`-- For what reason this role need to be added if 'foo' does his actions only in security_db ?`
			`-- Sent letter to dimitr and alex, 10-mar-18 16:00`
			`grant rdb$admin to tmp$c2004_foo;`
			`commit;`

			`set count on;`
			`select 'init_state' as msg, v.* from v_check v;`
			`set count off;`

			`select 'try to connect as INACTIVE users' as msg from rdb$database;`
			`commit;`

			`connect '$(DSN)' user tmp$c2004_foo password '123'; -- should fail`
			`select current_user as who_am_i from rdb$database;`
			`rollback;`

			`connect '$(DSN)' user tmp$c2004_bar password '456'; -- should fail`
			`select current_user as who_am_i from rdb$database;`
			`rollback;`

			`connect '$(DSN)' user SYSDBA password 'masterkey';`


			`-- NB: following "alter user" statement must contain "using plugin Srp" clause`
			`-- otherwise get:`
			`-- Statement failed, SQLSTATE = HY000`
			`-- record not found for user: TMP$C2004_BAR`

			`alter user tmp$c2004_foo active using plugin Srp;`
			`select 'try to connect as user FOO which was just set as active by SYSDBA.' as msg from rdb$database;`
			`commit;`

			`connect '$(DSN)' user tmp$c2004_foo password '123' role 'RDB$ADMIN'; -- should pass`
			`select current_user as who_am_i, current_role as whats_my_role from rdb$database;`


			`-- should pass because foo has admin role:`
			`create or alter user tmp$c2004_rio password '123' using plugin Srp;`
			`drop user tmp$c2004_rio using plugin Srp;`
Firebird engine tests 2021-04-26 20:07:00 +02:00
New metadata + cleanup 2022-01-21 18:49:26 +01:00			`-- should pass because foo has admin role:`
			`alter user tmp$c2004_bar active using plugin Srp;`
			`select 'try to connect as user BAR which was just set as active by FOO.' as msg from rdb$database;`
			`commit;`
More pyton tests 2021-11-12 18:29:54 +01:00
New metadata + cleanup 2022-01-21 18:49:26 +01:00			`connect '$(DSN)' user tmp$c2004_bar password '456'; -- should pass`
			`select current_user as who_am_i from rdb$database;`
			`commit;`
			`"""`
More pyton tests 2021-11-12 18:29:54 +01:00
New metadata + cleanup 2022-01-21 18:49:26 +01:00			`act = isql_act('db', test_script,`
			`substitutions=[('Use CONNECT or CREATE DATABASE.', ''), ('.After line.*', '')])`
Firebird engine tests 2021-04-26 20:07:00 +02:00
New metadata + cleanup 2022-01-21 18:49:26 +01:00			`expected_stdout = """`
More pyton tests 2021-11-12 18:29:54 +01:00			`MSG init_state`
			`SEC$USER_NAME TMP$C2004_FOO`
			`SEC$ACTIVE <false>`
			`SEC$PLUGIN Srp`
			`MSG init_state`
			`SEC$USER_NAME TMP$C2004_BAR`
			`SEC$ACTIVE <false>`
			`SEC$PLUGIN Srp`
			`Records affected: 2`
			`MSG try to connect as INACTIVE users`
			`MSG try to connect as user FOO which was just set as active by SYSDBA.`
			`WHO_AM_I TMP$C2004_FOO`
			`WHATS_MY_ROLE RDB$ADMIN`
			`MSG try to connect as user BAR which was just set as active by FOO.`
			`WHO_AM_I TMP$C2004_BAR`
			`"""`

New metadata + cleanup 2022-01-21 18:49:26 +01:00			`expected_stderr = """`
More pyton tests 2021-11-12 18:29:54 +01:00			`Statement failed, SQLSTATE = 28000`
			`Your user name and password are not defined. Ask your database administrator to set up a Firebird login.`
			`Statement failed, SQLSTATE = 28000`
			`Your user name and password are not defined. Ask your database administrator to set up a Firebird login.`
			`After line 19 in file tmp_check_2004.sql`
			`"""`
Firebird engine tests 2021-04-26 20:07:00 +02:00
			`@pytest.mark.version('>=3.0')`
New metadata + cleanup 2022-01-21 18:49:26 +01:00			`def test_1(act: Action, user_foo: User, user_bar: User):`
			`act.expected_stdout = expected_stdout`
			`act.expected_stderr = expected_stderr`
			`act.execute()`
			`assert (act.clean_stderr == act.clean_expected_stderr and`
			`act.clean_stdout == act.clean_expected_stdout)`