hvdZddlZddlmcmZddlZddlZddl Z ddl Z ddl m Z dZ dZejj dZejj dZejj dZejj d Zejj d Zejj d Zejj d Zejj d Zejj dZejj dZejj dZejj dZejj dZejj dZejj dZy)a test_admin.py Purpose: Comprehensive test suite for administrative functionality including user management, audit logging, cross-user data oversight, and admin-specific security controls. Tests admin panel operations, user CRUD operations, and administrative APIs. This module implements red-team level security testing with comprehensive input validation and follows modular, well-organized patterns for production Apache2 deployment scenarios. Each test ensures proper authentication, authorization, audit logging, and database state verification. Test Categories: - Admin panel access and authentication - User management (add, remove, password changes) - Admin JSON APIs for user and camera management - Cross-user data access and management - Audit logging and security oversight - Admin-specific input validation - Authorization boundary testing - Database integrity verification N)get_dbcRttjdzdz}d|S)z'Generate a unique username for testing.@B testuser_inttime) timestamps NC:\Users\algun\Documents\ceba web\Ceba - Github\tests\functional\test_admin.pyget_unique_usernamer s)DIIK$&''1I yk ""cttjdzdz}ttjdzdz}|d|dS)z1Generate a unique 12-digit camera ID for testing.riri'08d04dr)r random_parts r get_unique_camera_idr&sJDIIK$&')3IdiikG+,u4K_[- ..rch |d}|d}|jd}|j}gd}||v}|stjd|fd||fdt j vstj |rtj|ndtj|tj|dz}d d |iz} ttj| d x}x}}|jd |d |dd} | j}d}||k(}|stjd|fd||fdt j vstj | rtj| ndtj|tj|dz}d d |iz} ttj| d x}x}}|jd}|j}d}||k(}|stjd|fd||fdt j vstj |rtj|ndtj|tj|dz}d d |iz} ttj| d x}x}}|jdddi|jd |d |dd} | j}d}||k(}|stjd|fd||fdt j vstj | rtj| ndtj|tj|dz}d d |iz} ttj| d x}x}}|jd}|j}d}||k(}|stjd|fd||fdt j vstj |rtj|ndtj|tj|dz}d d |iz} ttj| d x}x}}g}d} |j} | | v}|} |sd}|j}||v}|} | stjd|fd| | ftj| dt j vstj |rtj|ndtj| dz} dd| iz}|j||stjdfdftj|dt j vstj |rtj|ndtj|d z}d!d"|iz}|j|tj|d#iz}d$d%|iz}ttj|d x} x}x} x}x} x}x}}y )&zATest admin panel access via GET /admin with proper authorization.adminregular/admin.iiinz3%(py2)s {%(py2)s = %(py0)s.status_code } in %(py5)sresponsepy0py2py5assert %(py7)spy7N/loginusernamepasswordr%r&datar==z3%(py2)s {%(py2)s = %(py0)s.status_code } == %(py5)slogin_response/logout csrf_tokenss,,,>,,, %,,,,,,,,,,zz(#H   &3& 3 &&&& 3&&&&&&8&&&8&&& &&&3&&&&&&& KK r 2K3[[z*z*1[N  % %,, % ,,,, %,,,,,,>,,,>,,, %,,,,,,,,,,zz(#H   &3& 3 &&&& 3&&&&&&8&&&8&&& &&&3&&&&&&&L KK  .K(KhmmK(m2KKKKK KKK KKKKKKKKKKKKKKKKKKK(mKKK(KKKKKKhKKKhKKKmKKKKKKKKKKKKKKrc |d}t}d}|jd|d|dd}|j}d}||k(}|stjd |fd ||fd t j vstj|rtj|nd tj|tj|d z} d d| iz} ttj| dx}x}}|jd|j5} | jdd} ddd|jd ||d} | j}d}||k(}|stjd |fd ||fdt j vstj| rtj| ndtj|tj|d z} d d| iz} ttj| dx}x}}|jj5t}|j!d|fj#}d}||u}|stjd|fd||fdt j vstj|rtj|ndtj|dz}dd|iz} ttj| dx}}|d}||k(}|stjd |fd||ftj|dt j vstj|rtj|nddz}dd|iz} ttj| dx}}t$j&}|j(}d}||}|d }|j(}d}||}|||}|sbd!d"t j vstjt$rtjt$nd"tj|d#t j vstj|rtj|nd#tj|tj|tj|tj|tj|tj|tj|tj|d$ z}ttj|dx}x}x}x}x}x}x}x}}dddy#1swYIxYw#1swYyxYw)%z+Test adding users via POST /admin/add_user.rnewuserpass123r$r%r&r'r(rr*r,r-rr"r#Nrr/r0/admin/add_user?csrf_token=rz