Skip to content

Commit

Permalink
Configurable MDM payload display name
Browse files Browse the repository at this point in the history
  • Loading branch information
@np5
np5 committed May 21, 2024
1 parent ae9f79a commit ec0018c
Show file tree
Hide file tree
Showing 14 changed files with 129 additions and 23 deletions.
4 changes: 3 additions & 1 deletion tests/mdm/test_dep_enrollment_public_views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -313,7 +313,8 @@ def test_dep_web_enroll_blocked(self, vicsp, post_event):

def test_dep_web_enroll(self, vicsp, post_event):
vicsp.side_effect = lambda d: d
session, _, _ = force_dep_enrollment_session(self.mbu, realm_user=True)
display_name = get_random_string(12)
session, _, _ = force_dep_enrollment_session(self.mbu, realm_user=True, enrollment_display_name=display_name)
enrollment = session.dep_enrollment
serial_number = get_random_string(10)
udid = str(uuid.uuid4()).upper()
Expand Down Expand Up @@ -348,3 +349,4 @@ def test_dep_web_enroll(self, vicsp, post_event):
_, profile_data = verify_signed_payload(response.content)
profile = plistlib.loads(profile_data)
self.assertEqual(profile["PayloadIdentifier"], "zentral.mdm")
self.assertEqual(profile["PayloadOrganization"], display_name)
1 change: 1 addition & 0 deletions tests/mdm/test_ota_enrollment_public_views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ def test_ota_enrollment_enroll_redirect(self, post_event):
_, profile_data = verify_signed_payload(response.content)
profile = plistlib.loads(profile_data)
self.assertEqual(profile["PayloadContent"]["URL"], "https://zentral/public/mdm/ota_session_enroll/")
self.assertEqual(profile["PayloadOrganization"], enrollment.display_name)

# ota_enroll

Expand Down
14 changes: 14 additions & 0 deletions tests/mdm/test_setup_dep_enrollment.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,11 +66,13 @@ def test_create_dep_enrollment_get(self):
def test_create_dep_enrollment_os_version_errors(self):
self._login("mdm.add_depenrollment", "mdm.view_depenrollment")
name = get_random_string(64)
display_name = get_random_string(12)
push_certificate = force_push_certificate()
scep_config = force_scep_config()
dep_virtual_server = force_dep_virtual_server()
response = self.client.post(reverse("mdm:create_dep_enrollment"),
{"de-name": name,
"de-display_name": display_name,
"de-scep_config": scep_config.pk,
"de-push_certificate": push_certificate.pk,
"de-virtual_server": dep_virtual_server.pk,
Expand Down Expand Up @@ -226,11 +228,13 @@ def test_create_dep_enrollment_post(self, from_dep_virtual_server):
from_dep_virtual_server.return_value = client
self._login("mdm.add_depenrollment", "mdm.view_depenrollment")
name = get_random_string(64)
display_name = get_random_string(12)
push_certificate = force_push_certificate()
scep_config = force_scep_config()
dep_virtual_server = force_dep_virtual_server()
response = self.client.post(reverse("mdm:create_dep_enrollment"),
{"de-name": name,
"de-display_name": display_name,
"de-scep_config": scep_config.pk,
"de-scep_verification": "",
"de-push_certificate": push_certificate.pk,
Expand All @@ -249,11 +253,13 @@ def test_create_dep_enrollment_post(self, from_dep_virtual_server):
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, "mdm/depenrollment_detail.html")
self.assertContains(response, name)
self.assertContains(response, display_name)
self.assertContains(response, push_certificate.name)
self.assertContains(response, scep_config.name)
self.assertContains(response, "without CSR verification")
enrollment = response.context["object"]
self.assertEqual(enrollment.name, name)
self.assertEqual(enrollment.display_name, display_name)
self.assertEqual(enrollment.push_certificate, push_certificate)
self.assertEqual(enrollment.scep_config, scep_config)
self.assertEqual(enrollment.ios_max_version, "")
Expand Down Expand Up @@ -294,6 +300,7 @@ def test_view_dep_enrollment_no_extra_perms(self):
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, "mdm/depenrollment_detail.html")
self.assertContains(response, enrollment.name)
self.assertContains(response, enrollment.display_name)
self.assertContains(response, enrollment.push_certificate.name)
self.assertNotContains(response, enrollment.push_certificate.get_absolute_url())
self.assertContains(response, enrollment.scep_config.name)
Expand Down Expand Up @@ -419,8 +426,10 @@ def test_update_dep_enrollment_post(self, from_dep_virtual_server):
from_dep_virtual_server.return_value = client
self._login("mdm.change_depenrollment", "mdm.view_depenrollment")
new_name = get_random_string(12)
new_display_name = get_random_string(12)
response = self.client.post(reverse("mdm:update_dep_enrollment", args=(enrollment.pk,)),
{"de-name": new_name,
"de-display_name": new_display_name,
"de-realm": realm.pk,
"de-scep_config": enrollment.scep_config.pk,
"de-scep_verification": "on",
Expand All @@ -441,12 +450,14 @@ def test_update_dep_enrollment_post(self, from_dep_virtual_server):
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, "mdm/depenrollment_detail.html")
self.assertContains(response, new_name)
self.assertContains(response, new_display_name)
self.assertContains(response, realm.name)
self.assertContains(response, enrollment.push_certificate.name)
self.assertContains(response, enrollment.scep_config.name)
self.assertContains(response, "with CSR verification")
enrollment = response.context["object"]
self.assertEqual(enrollment.name, new_name)
self.assertEqual(enrollment.display_name, new_display_name)
self.assertEqual(enrollment.realm, realm)
self.assertEqual(enrollment.macos_min_version, "13.3.1")
self.assertEqual(enrollment.skip_setup_items, ["AppleID"])
Expand Down Expand Up @@ -482,6 +493,7 @@ def test_update_dep_enrollment_post_remove_admin(self, from_dep_virtual_server):
self._login("mdm.change_depenrollment", "mdm.view_depenrollment")
response = self.client.post(reverse("mdm:update_dep_enrollment", args=(enrollment.pk,)),
{"de-name": enrollment.name,
"de-display_name": enrollment.display_name,
"de-realm": realm.pk,
"de-scep_config": enrollment.scep_config.pk,
"de-push_certificate": enrollment.push_certificate.pk,
Expand Down Expand Up @@ -514,6 +526,7 @@ def test_update_dep_enrollment_post_update_admin_keep_pwd(self, from_dep_virtual
self._login("mdm.change_depenrollment", "mdm.view_depenrollment")
response = self.client.post(reverse("mdm:update_dep_enrollment", args=(enrollment.pk,)),
{"de-name": enrollment.name,
"de-display_name": enrollment.display_name,
"de-realm": realm.pk,
"de-scep_config": enrollment.scep_config.pk,
"de-push_certificate": enrollment.push_certificate.pk,
Expand Down Expand Up @@ -549,6 +562,7 @@ def test_update_dep_enrollment_post_update_admin_update_pwd(self, from_dep_virtu
self._login("mdm.change_depenrollment", "mdm.view_depenrollment")
response = self.client.post(reverse("mdm:update_dep_enrollment", args=(enrollment.pk,)),
{"de-name": enrollment.name,
"de-display_name": enrollment.display_name,
"de-realm": realm.pk,
"de-scep_config": enrollment.scep_config.pk,
"de-push_certificate": enrollment.push_certificate.pk,
Expand Down
9 changes: 9 additions & 0 deletions tests/mdm/test_setup_ota_enrollment.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,10 +62,12 @@ def test_create_ota_enrollment_get(self):
def test_create_ota_enrollment_post(self):
self._login("mdm.add_otaenrollment", "mdm.view_otaenrollment")
name = get_random_string(64)
display_name = get_random_string(12)
push_certificate = force_push_certificate()
scep_config = force_scep_config()
response = self.client.post(reverse("mdm:create_ota_enrollment"),
{"oe-name": name,
"oe-display_name": display_name,
"oe-scep_config": scep_config.pk,
"oe-scep_verification": "",
"oe-push_certificate": push_certificate.pk,
Expand All @@ -74,11 +76,13 @@ def test_create_ota_enrollment_post(self):
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, "mdm/otaenrollment_detail.html")
self.assertContains(response, name)
self.assertContains(response, display_name)
self.assertContains(response, push_certificate.name)
self.assertContains(response, scep_config.name)
self.assertContains(response, "without CSR verification")
enrollment = response.context["object"]
self.assertEqual(enrollment.name, name)
self.assertEqual(enrollment.display_name, display_name)
self.assertEqual(enrollment.push_certificate, push_certificate)
self.assertEqual(enrollment.scep_config, scep_config)

Expand All @@ -101,6 +105,7 @@ def test_view_ota_enrollment_no_extra_perms(self):
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, "mdm/otaenrollment_detail.html")
self.assertContains(response, enrollment.name)
self.assertContains(response, enrollment.display_name)
self.assertContains(response, enrollment.push_certificate.name)
self.assertNotContains(response, enrollment.push_certificate.get_absolute_url())
self.assertContains(response, enrollment.scep_config.name)
Expand Down Expand Up @@ -170,8 +175,10 @@ def test_update_ota_enrollment_post(self):
enrollment = force_ota_enrollment(self.mbu)
self._login("mdm.change_otaenrollment", "mdm.view_otaenrollment")
new_name = get_random_string(64)
new_display_name = get_random_string(12)
response = self.client.post(reverse("mdm:update_ota_enrollment", args=(enrollment.pk,)),
{"oe-name": new_name,
"oe-display_name": new_display_name,
"oe-scep_config": enrollment.scep_config.pk,
"oe-scep_verification": "on",
"oe-push_certificate": enrollment.push_certificate.pk,
Expand All @@ -180,11 +187,13 @@ def test_update_ota_enrollment_post(self):
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, "mdm/otaenrollment_detail.html")
self.assertContains(response, new_name)
self.assertContains(response, new_display_name)
self.assertContains(response, enrollment.push_certificate.name)
self.assertContains(response, enrollment.scep_config.name)
self.assertContains(response, "with CSR verification")
enrollment = response.context["object"]
self.assertEqual(enrollment.name, new_name)
self.assertEqual(enrollment.display_name, new_display_name)

# revoke OTA enrollment

Expand Down
10 changes: 10 additions & 0 deletions tests/mdm/test_setup_user_enrollment.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,17 +71,20 @@ def test_create_user_enrollment_no_realm(self):
follow=True)
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, "mdm/userenrollment_form.html")
self.assertFormError(response.context["user_enrollment_form"], "display_name", "This field is required.")
self.assertFormError(response.context["user_enrollment_form"], "realm", "This field is required")

def test_create_user_enrollment_post(self):
self._login("mdm.add_userenrollment", "mdm.view_userenrollment")
realm = force_realm()
name = get_random_string(64)
display_name = get_random_string(12)
push_certificate = force_push_certificate()
scep_config = force_scep_config()
response = self.client.post(reverse("mdm:create_user_enrollment"),
{"ue-realm": realm.pk,
"ue-name": name,
"ue-display_name": display_name,
"ue-scep_config": scep_config.pk,
"ue-scep_verification": "",
"ue-push_certificate": push_certificate.pk,
Expand All @@ -90,11 +93,13 @@ def test_create_user_enrollment_post(self):
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, "mdm/userenrollment_detail.html")
self.assertContains(response, name)
self.assertContains(response, display_name)
self.assertContains(response, push_certificate.name)
self.assertContains(response, scep_config.name)
self.assertContains(response, "without CSR verification")
enrollment = response.context["object"]
self.assertEqual(enrollment.name, name)
self.assertEqual(enrollment.display_name, display_name)
self.assertEqual(enrollment.push_certificate, push_certificate)
self.assertEqual(enrollment.scep_config, scep_config)

Expand All @@ -117,6 +122,7 @@ def test_view_user_enrollment_no_extra_perms(self):
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, "mdm/userenrollment_detail.html")
self.assertContains(response, enrollment.name)
self.assertContains(response, enrollment.display_name)
self.assertContains(response, enrollment.push_certificate.name)
self.assertNotContains(response, enrollment.push_certificate.get_absolute_url())
self.assertContains(response, enrollment.scep_config.name)
Expand Down Expand Up @@ -159,9 +165,11 @@ def test_update_user_enrollment_post(self):
self._login("mdm.change_userenrollment", "mdm.view_userenrollment")
new_realm = force_realm()
new_name = get_random_string(64)
new_display_name = get_random_string(12)
response = self.client.post(reverse("mdm:update_user_enrollment", args=(enrollment.pk,)),
{"ue-realm": new_realm.pk,
"ue-name": new_name,
"ue-display_name": new_display_name,
"ue-scep_config": enrollment.scep_config.pk,
"ue-scep_verification": "on",
"ue-push_certificate": enrollment.push_certificate.pk,
Expand All @@ -171,12 +179,14 @@ def test_update_user_enrollment_post(self):
self.assertTemplateUsed(response, "mdm/userenrollment_detail.html")
self.assertContains(response, new_realm.name)
self.assertContains(response, new_name)
self.assertContains(response, new_display_name)
self.assertContains(response, enrollment.push_certificate.name)
self.assertContains(response, enrollment.scep_config.name)
self.assertContains(response, "with CSR verification")
enrollment = response.context["object"]
self.assertEqual(enrollment.realm, new_realm)
self.assertEqual(enrollment.name, new_name)
self.assertEqual(enrollment.display_name, new_display_name)

# list User enrollments

Expand Down
4 changes: 3 additions & 1 deletion tests/mdm/test_user_enrollment_public_views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,8 @@ def test_enroll_user_invalid_access_token(self, post_event):
self.assertAbort(post_event, "Invalid access token")

def test_enroll_user(self, post_event):
enrollment = force_user_enrollment(self.mbu, self.realm)
display_name = get_random_string(12)
enrollment = force_user_enrollment(self.mbu, self.realm, enrollment_display_name=display_name)
_, realm_user = force_realm_user(self.realm)
enrollment_session = UserEnrollmentSession.objects.create_from_user_enrollment(enrollment)
enrollment_session.set_account_driven_authenticated_status(realm_user)
Expand All @@ -105,6 +106,7 @@ def test_enroll_user(self, post_event):
self.assertSuccess(post_event)
_, data = verify_signed_payload(response.content)
payload = plistlib.loads(data)
self.assertEqual(payload["PayloadOrganization"], display_name)
mdm_payload = [p for p in payload["PayloadContent"] if p["PayloadType"] == "com.apple.mdm"][0]
self.assertEqual(mdm_payload["AssignedManagedAppleID"], realm_user.email)
self.assertEqual(mdm_payload["EnrollmentMode"], "BYOD")
Expand Down
14 changes: 9 additions & 5 deletions tests/mdm/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,10 +211,11 @@ def force_dep_device(
# enrollments


def force_dep_enrollment(mbu, push_certificate=None):
def force_dep_enrollment(mbu, push_certificate=None, display_name=None):
if push_certificate is None:
push_certificate = force_push_certificate()
return DEPEnrollment.objects.create(
display_name=display_name or get_random_string(12),
name=get_random_string(12),
uuid=uuid.uuid4(),
push_certificate=push_certificate,
Expand All @@ -225,23 +226,25 @@ def force_dep_enrollment(mbu, push_certificate=None):
)


def force_ota_enrollment(mbu, realm=None):
def force_ota_enrollment(mbu, realm=None, display_name=None):
return OTAEnrollment.objects.create(
push_certificate=force_push_certificate(),
scep_config=force_scep_config(),
name=get_random_string(12),
enrollment_secret=EnrollmentSecret.objects.create(meta_business_unit=mbu),
realm=realm,
display_name=display_name or get_random_string(12),
)


def force_user_enrollment(mbu, realm=None):
def force_user_enrollment(mbu, realm=None, enrollment_display_name=None):
return UserEnrollment.objects.create(
push_certificate=force_push_certificate(),
realm=realm or force_realm(),
scep_config=force_scep_config(),
name=get_random_string(12),
enrollment_secret=EnrollmentSecret.objects.create(meta_business_unit=mbu)
enrollment_secret=EnrollmentSecret.objects.create(meta_business_unit=mbu),
display_name=enrollment_display_name or get_random_string(12)
)


Expand Down Expand Up @@ -304,8 +307,9 @@ def force_dep_enrollment_session(
realm_user=False,
realm_user_email=None,
realm_user_username=None,
enrollment_display_name=None,
):
dep_enrollment = force_dep_enrollment(mbu, push_certificate)
dep_enrollment = force_dep_enrollment(mbu, push_certificate, display_name=enrollment_display_name)
if realm_user:
dep_enrollment.use_realm_user = True
dep_enrollment.username_pattern = DEPEnrollment.UsernamePattern.DEVICE_USERNAME
Expand Down
6 changes: 3 additions & 3 deletions zentral/contrib/mdm/forms.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,15 +34,15 @@
class OTAEnrollmentForm(forms.ModelForm):
class Meta:
model = OTAEnrollment
fields = ("name", "realm", "push_certificate",
fields = ("name", "display_name", "realm", "push_certificate",
"scep_config", "scep_verification",
"blueprint")


class UserEnrollmentForm(forms.ModelForm):
class Meta:
model = UserEnrollment
fields = ("name", "realm", "push_certificate",
fields = ("name", "display_name", "realm", "push_certificate",
"scep_config", "scep_verification",
"blueprint")

Expand Down Expand Up @@ -373,7 +373,7 @@ def __init__(self, *args, **kwargs):
required=False
)
field_order.append(key)
field_order.extend(["realm", "use_realm_user", "username_pattern", "realm_user_is_admin",
field_order.extend(["display_name", "realm", "use_realm_user", "username_pattern", "realm_user_is_admin",
"admin_full_name", "admin_short_name", "admin_password",
"ios_max_version", "ios_min_version", "macos_max_version", "macos_min_version"])
self.order_fields(field_order)
Expand Down

0 comments on commit ec0018c

Please sign in to comment.