firebird-qa/tests/bugs/core_5770_test.py

#coding:utf-8

"""
ID:          issue-6033
ISSUE:       6033
TITLE:       User who is allowed to manage other users must have this ability WITHOUT need to grant him RDB$ADMIN role
DESCRIPTION:
JIRA:        CORE-5770
FBTEST:      bugs.core_5770
"""

import pytest
from firebird.qa import *

db = db_factory()

test_script = """
    set list on;
    set wng off;

    recreate view v_sec as
    select
        current_user as who_am_i
        ,s.sec$user_name
        ,s.sec$active
        ,s.sec$admin
        ,s.sec$plugin
    from sec$users s
    where upper(sec$user_name) = upper('tmp$c5770_bar');
    commit;
    grant select on v_sec to public;
    commit;

    create or alter user tmp$c5770_foo password '123' using plugin Srp grant admin role;
    create or alter user tmp$c5770_bar password '456' inactive using plugin Srp;
    commit;
    revoke all on all from tmp$c5770_foo;
    revoke all on all from tmp$c5770_bar;
    commit;

    connect '$(DSN)' user tmp$c5770_foo password '123';
    --select current_user as who_am_i from rdb$database;
    commit;

    -- check that sub-admin user 'foo' can make common user 'bar' ACTIVE:
    alter user tmp$c5770_bar active using plugin Srp;
    commit;
    select * from v_sec;
    commit;

    connect '$(DSN)' user tmp$c5770_bar password '456'; -- should PASS because he is ACTIVE now
    select current_user as who_am_i from rdb$database;
    commit;

    connect '$(DSN)' user tmp$c5770_foo password '123';

    -- check that sub-admin user 'foo' can make common user 'bar' INACTIVE:
    alter user tmp$c5770_bar inactive using plugin Srp;
    commit;
    select * from v_sec;
    commit;

    -- this should raise SQLSTATE = 28000: user 'tmp$c5770_bar' again become inactive:
    connect '$(DSN)' user tmp$c5770_bar password '456';
    select current_user as who_am_i from rdb$database;
    commit;

    -- cleanup: drop foo and bar.
    connect '$(DSN)' user sysdba password 'masterkey';
    drop user tmp$c5770_foo using plugin Srp;
    drop user tmp$c5770_bar using plugin Srp;
    commit;
"""

act = isql_act('db', test_script, substitutions=[('Use CONNECT or CREATE DATABASE.*', '')])

expected_stdout = """
    WHO_AM_I                        TMP$C5770_FOO
    SEC$USER_NAME                   TMP$C5770_BAR
    SEC$ACTIVE                      <true>
    SEC$ADMIN                       <false>
    SEC$PLUGIN                      Srp

    WHO_AM_I                        TMP$C5770_BAR

    WHO_AM_I                        TMP$C5770_FOO
    SEC$USER_NAME                   TMP$C5770_BAR
    SEC$ACTIVE                      <false>
    SEC$ADMIN                       <false>
    SEC$PLUGIN                      Srp
"""

expected_stderr = """
    Statement failed, SQLSTATE = 28000
    Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
"""

@pytest.mark.version('>=4.0')
def test_1(act: Action):
    act.expected_stdout = expected_stdout
    act.expected_stderr = expected_stderr
    act.execute()
    assert (act.clean_stderr == act.clean_expected_stderr and
            act.clean_stdout == act.clean_expected_stdout)
Firebird engine tests 2021-04-26 20:07:00 +02:00			`#coding:utf-8`

New metadata + cleanup 2022-01-26 21:10:46 +01:00			`"""`
			`ID: issue-6033`
			`ISSUE: 6033`
			`TITLE: User who is allowed to manage other users must have this ability WITHOUT need to grant him RDB$ADMIN role`
			`DESCRIPTION:`
			`JIRA: CORE-5770`
New metadata (missing FBTEST ID) + cleanup 2022-02-02 15:46:19 +01:00			`FBTEST: bugs.core_5770`
New metadata + cleanup 2022-01-26 21:10:46 +01:00			`"""`
Firebird engine tests 2021-04-26 20:07:00 +02:00
New metadata + cleanup 2022-01-26 21:10:46 +01:00			`import pytest`
			`from firebird.qa import *`
Firebird engine tests 2021-04-26 20:07:00 +02:00
New metadata + cleanup 2022-01-26 21:10:46 +01:00			`db = db_factory()`
Firebird engine tests 2021-04-26 20:07:00 +02:00
New metadata + cleanup 2022-01-26 21:10:46 +01:00			`test_script = """`
Firebird engine tests 2021-04-26 20:07:00 +02:00			`set list on;`
			`set wng off;`
New metadata + cleanup 2022-01-26 21:10:46 +01:00
Firebird engine tests 2021-04-26 20:07:00 +02:00			`recreate view v_sec as`
New metadata + cleanup 2022-01-26 21:10:46 +01:00			`select`
Firebird engine tests 2021-04-26 20:07:00 +02:00			`current_user as who_am_i`
			`,s.sec$user_name`
			`,s.sec$active`
			`,s.sec$admin`
			`,s.sec$plugin`
New metadata + cleanup 2022-01-26 21:10:46 +01:00			`from sec$users s`
Firebird engine tests 2021-04-26 20:07:00 +02:00			`where upper(sec$user_name) = upper('tmp$c5770_bar');`
			`commit;`
			`grant select on v_sec to public;`
			`commit;`

			`create or alter user tmp$c5770_foo password '123' using plugin Srp grant admin role;`
			`create or alter user tmp$c5770_bar password '456' inactive using plugin Srp;`
			`commit;`
			`revoke all on all from tmp$c5770_foo;`
			`revoke all on all from tmp$c5770_bar;`
			`commit;`

			`connect '$(DSN)' user tmp$c5770_foo password '123';`
			`--select current_user as who_am_i from rdb$database;`
			`commit;`
New metadata + cleanup 2022-01-26 21:10:46 +01:00
Firebird engine tests 2021-04-26 20:07:00 +02:00			`-- check that sub-admin user 'foo' can make common user 'bar' ACTIVE:`
			`alter user tmp$c5770_bar active using plugin Srp;`
			`commit;`
			`select * from v_sec;`
			`commit;`

			`connect '$(DSN)' user tmp$c5770_bar password '456'; -- should PASS because he is ACTIVE now`
			`select current_user as who_am_i from rdb$database;`
			`commit;`

			`connect '$(DSN)' user tmp$c5770_foo password '123';`

			`-- check that sub-admin user 'foo' can make common user 'bar' INACTIVE:`
			`alter user tmp$c5770_bar inactive using plugin Srp;`
New metadata + cleanup 2022-01-26 21:10:46 +01:00			`commit;`
Firebird engine tests 2021-04-26 20:07:00 +02:00			`select * from v_sec;`
			`commit;`

			`-- this should raise SQLSTATE = 28000: user 'tmp$c5770_bar' again become inactive:`
			`connect '$(DSN)' user tmp$c5770_bar password '456';`
			`select current_user as who_am_i from rdb$database;`
			`commit;`

			`-- cleanup: drop foo and bar.`
			`connect '$(DSN)' user sysdba password 'masterkey';`
			`drop user tmp$c5770_foo using plugin Srp;`
			`drop user tmp$c5770_bar using plugin Srp;`
			`commit;`
refactoring and other changes 2021-12-22 20:23:11 +01:00			`"""`
Firebird engine tests 2021-04-26 20:07:00 +02:00
New metadata + cleanup 2022-01-26 21:10:46 +01:00			`act = isql_act('db', test_script, substitutions=[('Use CONNECT or CREATE DATABASE.*', '')])`
Firebird engine tests 2021-04-26 20:07:00 +02:00
New metadata + cleanup 2022-01-26 21:10:46 +01:00			`expected_stdout = """`
Firebird engine tests 2021-04-26 20:07:00 +02:00			`WHO_AM_I TMP$C5770_FOO`
			`SEC$USER_NAME TMP$C5770_BAR`
			`SEC$ACTIVE <true>`
			`SEC$ADMIN <false>`
			`SEC$PLUGIN Srp`

			`WHO_AM_I TMP$C5770_BAR`

			`WHO_AM_I TMP$C5770_FOO`
			`SEC$USER_NAME TMP$C5770_BAR`
			`SEC$ACTIVE <false>`
			`SEC$ADMIN <false>`
			`SEC$PLUGIN Srp`
refactoring and other changes 2021-12-22 20:23:11 +01:00			`"""`
New metadata + cleanup 2022-01-26 21:10:46 +01:00
			`expected_stderr = """`
Firebird engine tests 2021-04-26 20:07:00 +02:00			`Statement failed, SQLSTATE = 28000`
			`Your user name and password are not defined. Ask your database administrator to set up a Firebird login.`
refactoring and other changes 2021-12-22 20:23:11 +01:00			`"""`
Firebird engine tests 2021-04-26 20:07:00 +02:00
			`@pytest.mark.version('>=4.0')`
New metadata + cleanup 2022-01-26 21:10:46 +01:00			`def test_1(act: Action):`
			`act.expected_stdout = expected_stdout`
			`act.expected_stderr = expected_stderr`
			`act.execute()`
			`assert (act.clean_stderr == act.clean_expected_stderr and`
			`act.clean_stdout == act.clean_expected_stdout)`