From 4e994ae09bc12ee3cc85272626d1443b130d06c1 Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Fri, 13 Jan 2023 11:15:55 +0100
Subject: [PATCH 01/29] The adh6 check account is now able to pick the correct
 account, if more than one were retrieved during the research If the username
 was present in a member's note or in another member own username, this
 account was retrieved too Now backend is able to pick among the list returned
 by adh6 to force the username to match with the user login The issue is that
 the adh6 endpoint used is designed to do research and not to directly get an
 account with an already correct username

Fix #44
---
 backend/proxmox_api/proxmox.py     | 21 +++++++++++++--------
 backend/proxmox_api/util.py        |  2 +-
 backend/test/test_account_state.py | 10 +++++-----
 3 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/backend/proxmox_api/proxmox.py b/backend/proxmox_api/proxmox.py
index 6651cab..aaa5227 100644
--- a/backend/proxmox_api/proxmox.py
+++ b/backend/proxmox_api/proxmox.py
@@ -826,8 +826,6 @@ def check_update_cotisation(username, createEntry=False):
     #print("https://adh6.minet.net/api/member/?limit=25&filter%5Busername%5D="+str(username)+"&only=id,username")
     userInfoJson = util.adh6_search_user(username, headers)
     print(userInfoJson)
-    if (len(userInfoJson) > 1 ):
-        return {"error": "Impossible to retrieve the user info"}, 404
     if userInfoJson is None or userInfoJson  == []: # not found
         if "-" in username:
             print("ERROR : the user " + username + " is not found in ADH6. Try with", end='')
@@ -844,16 +842,23 @@ def check_update_cotisation(username, createEntry=False):
             print("ERROR : the user " , username , " failed to be retrieved :" , userInfoJson)
             return {"error" : "the user " + username + " failed to be retrieved"}, 404
     else : 
+        userId = None
+        for id in userInfoJson:
+            account = util.get_adh6_account(headers, userId)
+            if account["username"] == username:
+                userId = id
+                break
+
+        if (userId is None ):
+            return {"error": "Impossible to retrieve the user info"}, 404
         username = username.replace("_", "-") # hosting replace by default _ and .  with -.
-        userId = userInfoJson[0] 
-        membership_dict = util.check_adh6_membership(headers, userId)
-        print(membership_dict)
+        print("Adh6 account", account)
         today =  date.today()
-        if "ip" not in membership_dict: # Cotisation expired
+        if "ip" not in account: # Cotisation expired
             #print(username , "cotisation expired", membership.json())
             print(username , "cotisation expired (no ip)")
             
-            #return expiredCotisation(username, userEmail) #, datetime.strptime(membership_dict["departureDate"], "%Y-%m-%d").date())
+            #return expiredCotisation(username, userEmail) #, datetime.strptime(account["departureDate"], "%Y-%m-%d").date())
             
             status = database.getFreezeState(username)
             if status is None:
@@ -864,7 +869,7 @@ def check_update_cotisation(username, createEntry=False):
         else :  # we check anyway if the departure date is in the future
             #print(membership.json()["ip"])
             #print(membership.json()["departureDate"], end='\n\n')
-            departureDate = datetime.strptime(membership_dict["departureDate"], "%Y-%m-%d").date()
+            departureDate = datetime.strptime(account["departureDate"], "%Y-%m-%d").date()
             if departureDate < today: # Cotisation expired:
                 print(username , "cotisation expired (departure date)")
                 status = database.getFreezeState(username)
diff --git a/backend/proxmox_api/util.py b/backend/proxmox_api/util.py
index 45d2bb6..40d966e 100644
--- a/backend/proxmox_api/util.py
+++ b/backend/proxmox_api/util.py
@@ -325,7 +325,7 @@ def check_cas_token(headers):
 
 
 
-def check_adh6_membership(headers, userId):
+def get_adh6_account(headers, userId):
     response = requests.get("https://adh6.minet.net/api/member/"+str(userId), headers=headers) # memership info
     return response.json()
 
diff --git a/backend/test/test_account_state.py b/backend/test/test_account_state.py
index a30fbf0..7a0c672 100644
--- a/backend/test/test_account_state.py
+++ b/backend/test/test_account_state.py
@@ -68,7 +68,7 @@ def fake_adh6_search_user(username, headers):
     db = SQLAlchemy()
     db.init_app(app.app)
     with app.app.app_context():
-        monkeypatch.setattr(util, 'check_adh6_membership', fake_adh6_check)
+        monkeypatch.setattr(util, 'get_adh6_account', fake_adh6_check)
         monkeypatch.setattr(util, 'adh6_search_user', fake_adh6_search_user)
         r = proxmox.get_freeze_state("expired-user-1")
         dict,status_code = r
@@ -90,7 +90,7 @@ def fake_adh6_search_user(username, headers):
     db = SQLAlchemy()
     db.init_app(app.app)
     with app.app.app_context():
-        monkeypatch.setattr(util, 'check_adh6_membership', fake_adh6_check)
+        monkeypatch.setattr(util, 'get_adh6_account', fake_adh6_check)
         monkeypatch.setattr(util, 'adh6_search_user', fake_adh6_search_user)
         r = proxmox.get_freeze_state("expired-user-2")
         dict,status_code = r
@@ -112,7 +112,7 @@ def fake_adh6_search_user(username, headers):
     db = SQLAlchemy()
     db.init_app(app.app)
     with app.app.app_context():
-        monkeypatch.setattr(util, 'check_adh6_membership', fake_adh6_check)
+        monkeypatch.setattr(util, 'get_adh6_account', fake_adh6_check)
         monkeypatch.setattr(util, 'adh6_search_user', fake_adh6_search_user)
         r = proxmox.get_freeze_state("expired-user-3")
         dict,status_code = r
@@ -134,7 +134,7 @@ def fake_adh6_search_user(username, headers):
     db = SQLAlchemy()
     db.init_app(app.app)
     with app.app.app_context():
-        monkeypatch.setattr(util, 'check_adh6_membership', fake_adh6_check)
+        monkeypatch.setattr(util, 'get_adh6_account', fake_adh6_check)
         monkeypatch.setattr(util, 'adh6_search_user', fake_adh6_search_user)
         r = proxmox.get_freeze_state("expired-user-4")
         dict,status_code = r
@@ -159,7 +159,7 @@ def fake_adh6_search_user(username, headers):
     db = SQLAlchemy()
     db.init_app(app.app)
     with app.app.app_context():
-        monkeypatch.setattr(util, 'check_adh6_membership', fake_adh6_check)
+        monkeypatch.setattr(util, 'get_adh6_account', fake_adh6_check)
         monkeypatch.setattr(util, 'adh6_search_user', fake_adh6_search_user)
         r = proxmox.get_freeze_state("new-user-to-be-checked")
         dict,status_code = r

From 5bce19cd6ab79f8d56745a124f314a094af41b59 Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Fri, 13 Jan 2023 17:40:53 +0100
Subject: [PATCH 02/29] Correct test for new check made on adh6 user's account

---
 backend/test/test_account_state.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/backend/test/test_account_state.py b/backend/test/test_account_state.py
index 7a0c672..075d01e 100644
--- a/backend/test/test_account_state.py
+++ b/backend/test/test_account_state.py
@@ -60,7 +60,7 @@ def test_expired_account_freezed_1(monkeypatch, init_user_database):
     freeze state of 1
     """
     def fake_adh6_check(username, headers):
-        return {}
+        return {'username' : username}
     def fake_adh6_search_user(username, headers):
         return [0]
 
@@ -82,7 +82,7 @@ def test_expired_account_freezed_2(monkeypatch, init_user_database):
     """
 
     def fake_adh6_check(username, headers):
-        return {}
+        return {"username":username}
     def fake_adh6_search_user(username, headers):
         return [0]
 
@@ -104,7 +104,7 @@ def test_expired_account_freezed_3(monkeypatch, init_user_database):
     """
 
     def fake_adh6_check(username, headers):
-        return {}
+        return {'username' : username}
     def fake_adh6_search_user(username, headers):
         return [0]
 
@@ -126,7 +126,7 @@ def test_expired_account_freezed_4(monkeypatch,init_user_database):
     """
 
     def fake_adh6_check(username, headers):
-        return {}
+        return {'username' : username}
     def fake_adh6_search_user(username, headers):
         return [0]
 
@@ -149,7 +149,7 @@ def test_new_account_to_be_checked(monkeypatch, init_user_database):
     """
 
     def fake_adh6_check(username, headers):
-        return {'ip': "127.0.0.1", "departureDate" : "2199-01-01"}
+        return {'ip': "127.0.0.1", "departureDate" : "2199-01-01", 'username' : username}
     def fake_adh6_search_user(username, headers):
         return [0]
 

From 5dcf92758693018aa3a18c6902b0bd2262df5979 Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Fri, 13 Jan 2023 22:26:03 +0100
Subject: [PATCH 03/29] Correct mocked function

---
 backend/test/test_account_state.py | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/backend/test/test_account_state.py b/backend/test/test_account_state.py
index 075d01e..ed3e5c6 100644
--- a/backend/test/test_account_state.py
+++ b/backend/test/test_account_state.py
@@ -59,7 +59,8 @@ def test_expired_account_freezed_1(monkeypatch, init_user_database):
 
     freeze state of 1
     """
-    def fake_adh6_check(username, headers):
+    username = "expired-user-1"
+    def fake_adh6_check(headers, userId):
         return {'username' : username}
     def fake_adh6_search_user(username, headers):
         return [0]
@@ -70,7 +71,7 @@ def fake_adh6_search_user(username, headers):
     with app.app.app_context():
         monkeypatch.setattr(util, 'get_adh6_account', fake_adh6_check)
         monkeypatch.setattr(util, 'adh6_search_user', fake_adh6_search_user)
-        r = proxmox.get_freeze_state("expired-user-1")
+        r = proxmox.get_freeze_state(username)
         dict,status_code = r
         assert status_code == 200
         assert dict['freezeState'] == '1'
@@ -81,7 +82,8 @@ def test_expired_account_freezed_2(monkeypatch, init_user_database):
     freeze state of 2
     """
 
-    def fake_adh6_check(username, headers):
+    username = "expired-user-2"
+    def fake_adh6_check(headers, userId):
         return {"username":username}
     def fake_adh6_search_user(username, headers):
         return [0]
@@ -92,7 +94,7 @@ def fake_adh6_search_user(username, headers):
     with app.app.app_context():
         monkeypatch.setattr(util, 'get_adh6_account', fake_adh6_check)
         monkeypatch.setattr(util, 'adh6_search_user', fake_adh6_search_user)
-        r = proxmox.get_freeze_state("expired-user-2")
+        r = proxmox.get_freeze_state(username)
         dict,status_code = r
         assert status_code == 200
         assert dict['freezeState'] == '2'
@@ -103,7 +105,8 @@ def test_expired_account_freezed_3(monkeypatch, init_user_database):
     freeze state of 3
     """
 
-    def fake_adh6_check(username, headers):
+    username = "expired-user-3"
+    def fake_adh6_check(headers, userId):
         return {'username' : username}
     def fake_adh6_search_user(username, headers):
         return [0]
@@ -114,7 +117,7 @@ def fake_adh6_search_user(username, headers):
     with app.app.app_context():
         monkeypatch.setattr(util, 'get_adh6_account', fake_adh6_check)
         monkeypatch.setattr(util, 'adh6_search_user', fake_adh6_search_user)
-        r = proxmox.get_freeze_state("expired-user-3")
+        r = proxmox.get_freeze_state(username)
         dict,status_code = r
         assert status_code == 200
         assert dict['freezeState'] == '3'
@@ -125,7 +128,8 @@ def test_expired_account_freezed_4(monkeypatch,init_user_database):
     freeze state of 4
     """
 
-    def fake_adh6_check(username, headers):
+    username = "expired-user-4"
+    def fake_adh6_check(headers, userId):
         return {'username' : username}
     def fake_adh6_search_user(username, headers):
         return [0]
@@ -136,7 +140,7 @@ def fake_adh6_search_user(username, headers):
     with app.app.app_context():
         monkeypatch.setattr(util, 'get_adh6_account', fake_adh6_check)
         monkeypatch.setattr(util, 'adh6_search_user', fake_adh6_search_user)
-        r = proxmox.get_freeze_state("expired-user-4")
+        r = proxmox.get_freeze_state(username)
         dict,status_code = r
         assert status_code == 200 
         assert dict['freezeState'] == '4'
@@ -148,7 +152,8 @@ def test_new_account_to_be_checked(monkeypatch, init_user_database):
     Account that must be checked by adh6
     """
 
-    def fake_adh6_check(username, headers):
+    username = "new-user-to-be-checked"
+    def fake_adh6_check(headers, userId):
         return {'ip': "127.0.0.1", "departureDate" : "2199-01-01", 'username' : username}
     def fake_adh6_search_user(username, headers):
         return [0]
@@ -161,7 +166,7 @@ def fake_adh6_search_user(username, headers):
     with app.app.app_context():
         monkeypatch.setattr(util, 'get_adh6_account', fake_adh6_check)
         monkeypatch.setattr(util, 'adh6_search_user', fake_adh6_search_user)
-        r = proxmox.get_freeze_state("new-user-to-be-checked")
+        r = proxmox.get_freeze_state(username)
         dict,status_code = r
         assert status_code == 200
         assert dict['freezeState'] == '0'
\ No newline at end of file

From 95a5a1fe457809a2e45d2bd4e1395e6173b4ee70 Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Mon, 16 Jan 2023 12:22:47 +0100
Subject: [PATCH 04/29] Classic logo

---
 frontend/src/app/app.component.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/src/app/app.component.html b/frontend/src/app/app.component.html
index 135aa6c..0865467 100644
--- a/frontend/src/app/app.component.html
+++ b/frontend/src/app/app.component.html
@@ -3,7 +3,7 @@
     <router-outlet *ngIf="(validToken$ | async)  || router.url === this.cookie.get('lang')+'/manual' || router.url === '/legal'; else landing"></router-outlet>
     <ng-template #landing>
         <div class="text-center">
-            <img id="logo" class="mb-3" style="height: 150px" src="assets/images/minet_light_noel.png">
+            <img id="logo" class="mb-3" style="height: 150px" src="assets/images/minet.png">
             <div class="alert alert-success" role="alert">
                 <p>Welcome to MiNET's new hosting service. It is still in beta, please report any problem
                     to our <a href="mailto:webmaster@listes.minet.net"> webmaster</a>.</p>

From 32f6c3c317f1d578889f5a58166c8cf785205478 Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Wed, 18 Jan 2023 12:35:21 +0100
Subject: [PATCH 05/29] Add job to stop VM when account is expired (each day)
 Only in prod

---
 backend/proxmox_api/__main__.py | 33 ++++++++++++++-----------------
 backend/proxmox_api/proxmox.py  | 35 ++++++++++++++++++++-------------
 2 files changed, 36 insertions(+), 32 deletions(-)

diff --git a/backend/proxmox_api/__main__.py b/backend/proxmox_api/__main__.py
index d5b8a99..5e55838 100644
--- a/backend/proxmox_api/__main__.py
+++ b/backend/proxmox_api/__main__.py
@@ -8,11 +8,11 @@
 
 
 print("config = ",  config.ENV)
-if config.ENV == "DEV":
+if config.ENV == "TEST":
     print("**************************************************")
     print("**************************************************")
     print("**************************************************")
-    print("************* ENTERING IN DEV MODE ***************")
+    print("************* ENTERING IN TEST MODE ***************")
     print("********* NOT DESIGNED FOR PRODUCTION ************")
     print("**************************************************")
     print("**************************************************")
@@ -32,27 +32,24 @@ def create_app():
 
 
 def conf_jobs(app):
+    app.app.config['JOBS'] = JOBS
     app.app.config['SCHEDULER_API_ENABLE'] = False
 
-
-
-
-
-
 ## init db
 app, scheduler = create_app()
 
-#JOBS = [
-#        {
-#            "id": "update_vm_ips",
-#            "func": "proxmox_api.proxmox:update_vm_ips_job",
-#            "args": (app.app,),
-#            "trigger": "interval",
-#            "seconds": 120,
-#        }
-#    ]
-#
-#conf_jobs(app)
+JOBS = [
+        {
+            "id": "stop_expired_vm",
+            "func": "proxmox_api.proxmox:stop_expired_vm",
+            "args": (app.app,),
+            "trigger": "interval",
+            'seconds': 86400,# 1 day
+        }
+    ]
+
+if config.ENV == "PROD":
+    conf_jobs(app)
 
 
 db.init_app(app.app)
diff --git a/backend/proxmox_api/proxmox.py b/backend/proxmox_api/proxmox.py
index aaa5227..2cfa267 100644
--- a/backend/proxmox_api/proxmox.py
+++ b/backend/proxmox_api/proxmox.py
@@ -881,19 +881,7 @@ def check_update_cotisation(username, createEntry=False):
             else :
                 print(username, "cotisation up to date")
                 database.updateFreezeState(username, "0.0")
-                return  {"freezeState": "0"}, 200
-
-            
-
-            
-#####
-# For the jenkins script
-####
-
-
-    
-
-        
+                return  {"freezeState": "0"}, 200  
 
 
 def next_available_vmid():# determine the next available vmid from both db and proxmox
@@ -904,4 +892,23 @@ def next_available_vmid():# determine the next available vmid from both db and p
         next_vmid_db = database.getNextVmID(next_vmid_db)
        
         is_vmid_available_prox = is_vmid_available_cluster(next_vmid_db)
-    return next_vmid_db
\ No newline at end of file
+    return next_vmid_db
+
+
+    """_summary_ : This function is called by the job to stop expired vm when the account freeze state is 2.x or 3.1
+    """
+def stop_expired_vm(app):
+    print("Executing expired vm jobs ...")
+    with app.app_context():    # Needs application context
+        users = database.get_expired_users(minimumFreezeState=2)
+        
+        for user in users:
+            print("Checking vm for user : ", user)
+            userVms = database.get_vm_list(user_id=user)
+            for vmid in userVms:
+                node = get_node_from_vm(vmid)
+                status,_ = get_proxmox_vm_status(vmid, node)
+                if status["status"] == "running":
+                    print("Stopping vm", vmid , "which was running")
+                    stop_vm(vmid, node)
+            print("VMs stopped for user", user)

From 0202da72cd0084f3716d9739175612f4d97274eb Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Wed, 18 Jan 2023 12:36:06 +0100
Subject: [PATCH 06/29] Add a db function in charge of retrieving expired user
 account

---
 backend/proxmox_api/db/db_functions.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/backend/proxmox_api/db/db_functions.py b/backend/proxmox_api/db/db_functions.py
index 40808d4..4bb67e5 100644
--- a/backend/proxmox_api/db/db_functions.py
+++ b/backend/proxmox_api/db/db_functions.py
@@ -217,4 +217,15 @@ def setNeedToBeRestored(vmid, needToBeRestored):
     vm.needToBeRestored = needToBeRestored
     db.session.commit()
 
+
+# Return expired users with a freezeState >= minimumFreezeState
+def get_expired_users(minimumFreezeState = 1):
+    list = []
+    for user in User.query.all():
+        if user.freezeState !=None:
+            state = user.freezeState.split(".")[0]
+            if int(state) >= minimumFreezeState:
+                list.append(user.id)
+    return list
+
 #######

From 3f07b45af9a3d39b72ad16b07c7904b51039b0df Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Wed, 18 Jan 2023 12:37:12 +0100
Subject: [PATCH 07/29] Change DEV env to TEST env As for now, the DEV env is
 no more designed for tests, but for hosting-dev. In hosting-dev, jobs are not
 executed

---
 backend/proxmox_api/config/configuration.py | 7 +++++--
 backend/proxmox_api/db/db_models.py         | 2 +-
 backend/proxmox_api/util.py                 | 2 +-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/backend/proxmox_api/config/configuration.py b/backend/proxmox_api/config/configuration.py
index c774400..06d0801 100644
--- a/backend/proxmox_api/config/configuration.py
+++ b/backend/proxmox_api/config/configuration.py
@@ -31,10 +31,13 @@
 """Be sure to set "set global log_bin_trust_function_creators=1"; in the database if mysql"""
 
 
-if os.environ.get('ENVIRONMENT') == 'DEV':
-    ENV = "DEV"
+if os.environ.get('ENVIRONMENT') == 'TEST':
+    ENV = "TEST"
     #DATABASE_URI = os.environ.get('PROXMOX_BACK_DB_DEV')
     DATABASE_URI = 'sqlite:///proxmox_dev.db'
+elif os.environ.get('ENVIRONMENT') == 'DEV':
+    ENV = "DEV"
+    DATABASE_URI = os.environ.get('PROXMOX_BACK_DB')
 else :
     ENV = "PROD"
     DATABASE_URI = os.environ.get('PROXMOX_BACK_DB')
diff --git a/backend/proxmox_api/db/db_models.py b/backend/proxmox_api/db/db_models.py
index 70e1659..b8cbfa1 100644
--- a/backend/proxmox_api/db/db_models.py
+++ b/backend/proxmox_api/db/db_models.py
@@ -38,7 +38,7 @@ class History(db.Model):
     date = db.Column(db.TIMESTAMP,default=db.func.current_timestamp(),  nullable=False)
 
 
-if ENV != "DEV":
+if ENV != "TEST":
 ### Trigger for ip tracking
     TRIGGER_CREATION =  """
             CREATE TRIGGER history_insert_vm AFTER UPDATE ON vm
diff --git a/backend/proxmox_api/util.py b/backend/proxmox_api/util.py
index 40d966e..68b9af7 100644
--- a/backend/proxmox_api/util.py
+++ b/backend/proxmox_api/util.py
@@ -311,7 +311,7 @@ def create_app():
 
 
 def check_cas_token(headers):
-    #if config.ENV == "DEV":
+    #if config.ENV == "TEST":
     #    if headers["Fake-User"] == "admin":
     #        return 200, {'sub': 'fake-admin', "attributes" : {"memberOf" : 'cn=cluster-hosting,ou=groups,dc=minet,dc=net'}}
     #    else :

From 382d1887bfd27ce259a5aa65df08b80f76a96d27 Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Wed, 18 Jan 2023 12:37:34 +0100
Subject: [PATCH 08/29] Use TEST env

---
 backend/test/conftest.py | 55 ++++++++++++++++++++++++++++++++++++----
 1 file changed, 50 insertions(+), 5 deletions(-)

diff --git a/backend/test/conftest.py b/backend/test/conftest.py
index 9aabeb7..970dd59 100644
--- a/backend/test/conftest.py
+++ b/backend/test/conftest.py
@@ -10,13 +10,13 @@
 
 #@pytest.fixture
 #def client():
-#    os.environ.update({"ENVIRONNMENT": "dev"})
+#    os.environ.update({"ENVIRONNMENT": "TEST"})
 #
 #
 @pytest.fixture()
 def init_user_database():
-    if configuration.ENV != "DEV":
-        raise Exception("You must set the environnement to DEV to run the tests")
+    if configuration.ENV != "TEST":
+        raise Exception("You must set the environnement to TEST to run the tests")
     db = SQLAlchemy()
     db.init_app(flask_app.app)
     with flask_app.app.app_context():
@@ -62,8 +62,8 @@ def create_post_model(user):
 
 @pytest.fixture()
 def init_vm_database():
-    if configuration.ENV != "DEV":
-        raise Exception("You must set the environnement to DEV to run the tests")
+    if configuration.ENV != "TEST":
+        raise Exception("You must set the environnement to TEST to run the tests")
     db = SQLAlchemy()
     db.init_app(flask_app.app)
     with flask_app.app.app_context():
@@ -107,6 +107,51 @@ def create_vm_model(vms):
         db.session.commit()
 
 
+@pytest.fixture()
+def init_expired_vm_database():
+    if configuration.ENV != "TEST":
+        raise Exception("You must set the environnement to TEST to run the tests")
+    db = SQLAlchemy()
+    db.init_app(flask_app.app)
+    with flask_app.app.app_context():
+        try:
+            db.session.query(model.Vm).delete()
+        except:
+            print("No VM to delete")
+        db.create_all()
+
+        # List of test VM
+        test_vms = [
+            {"id" : 1, "userId" : "user-1", "type":"bare", "ip" : None, "mac" : None,"needToBeRestored" : False},
+            {"id" : 2, "userId" : "expired-user-1", "type":"bare", "ip" : None, "mac" : None,"needToBeRestored" : False},
+            {"id" : 3, "userId" : "expired-user-2", "type":"bare", "ip" : None, "mac" : None,"needToBeRestored" : False},
+            {"id" : 4, "userId" : "expired-user-3", "type":"bare", "ip" : None, "mac" : None,"needToBeRestored" : False},
+            {"id" : 5, "userId" : "expired-user-2", "type":"bare", "ip" : None, "mac" : None,"needToBeRestored" : False}
+        ]
+
+
+        # Convert the list of dictionaries to a list of User    objects
+        def create_user_model(user):
+            return model.User(**user)
+        def create_vm_model(vms):
+            return model.Vm(**vms)
+        
+        # Create a list of objects
+        mapped_vms = map(create_vm_model, test_vms)
+        t_vms = list(mapped_vms)
+
+        db.session.add_all(t_vms)
+
+        # Commit the changes for the users
+        db.session.commit()
+
+        yield db  # this is where the testing happens!
+        db.session.remove()  # looks like db.session.close() would  work as well
+        # Drop the database table
+        #model.User.query.delete()
+        db.session.query(model.User).delete()
+        db.session.query(model.Vm).delete()
+        db.session.commit()
 
 @pytest.fixture()
 def proxmoxAPI():

From d974b3000e076baf251d45dc7960660c2397f91a Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Wed, 18 Jan 2023 12:38:06 +0100
Subject: [PATCH 09/29] Add tests for stop expired vm func

---
 backend/test/test_stop_expired_vm.py | 30 ++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 backend/test/test_stop_expired_vm.py

diff --git a/backend/test/test_stop_expired_vm.py b/backend/test/test_stop_expired_vm.py
new file mode 100644
index 0000000..86f6490
--- /dev/null
+++ b/backend/test/test_stop_expired_vm.py
@@ -0,0 +1,30 @@
+import pytest
+from proxmox_api import proxmox
+from test.conftest import *
+
+stopped_func = []
+
+# mocking func
+def mock_stop_vm(vm_id, node):
+    stopped_func.append(vm_id)
+    return True
+
+def mock_get_node_from_vm(vmid):
+    return "node1"
+
+def mock_get_proxmox_vm_status(vmid, node):
+    if vmid == 5 :
+        return {"status" : "stopped"} ,200
+    return {"status" : "running"}, 200
+
+
+def test_stop_expired_vm(init_user_database, init_expired_vm_database, monkeypatch):
+    monkeypatch.setattr(proxmox, "stop_vm", mock_stop_vm)
+    monkeypatch.setattr(proxmox, "get_node_from_vm", mock_get_node_from_vm)
+    monkeypatch.setattr(proxmox, "get_proxmox_vm_status", mock_get_proxmox_vm_status)
+    proxmox.stop_expired_vm(flask_app.app)
+    assert 3 in stopped_func
+    assert 4 in stopped_func
+    
+
+    
\ No newline at end of file

From 52422582a242b16e7a46b261e33b29287fff2146 Mon Sep 17 00:00:00 2001
From: Nathan STCHEPINSKY <seaweedbrain@minet.net>
Date: Wed, 18 Jan 2023 11:46:03 +0000
Subject: [PATCH 10/29] Add test env

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4e78060..59ce702 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -55,7 +55,7 @@ test_backend:
     - export no_proxy="192.168.104.7"
     - apt update 
     - apt install sqlite3
-    - export ENVIRONMENT='DEV'
+    - export ENVIRONMENT='TEST'
     - export KEYRING_DNS_SECRET=$KEYRING_DNS_SECRET
     - export PROXMOX_API_KEY_NAME=$PROXMOX_API_KEY_NAME
     - export PROXMOX_API_KEY=$PROXMOX_API_KEY

From e7a1cd77a18963235d3b20e516f65c5a33af1090 Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Wed, 18 Jan 2023 13:53:18 +0100
Subject: [PATCH 11/29] use tmp replicated 2 times as storage

---
 backend/proxmox_api/proxmox.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/proxmox_api/proxmox.py b/backend/proxmox_api/proxmox.py
index 2cfa267..309cf1e 100644
--- a/backend/proxmox_api/proxmox.py
+++ b/backend/proxmox_api/proxmox.py
@@ -222,6 +222,7 @@ def create_vm(name, vm_type, user_id, password="no", vm_user="", main_ssh_key="n
             newid=next_vmid,
             target=node,
             full=1,
+            storage="tmp_replicated_2_times"
         )
 
 
@@ -493,7 +494,7 @@ def get_vm(user_id = 0, search=None):
             for user in user_filtered:
                 vm_filtered_list += database.get_vm_list(user_id = user.id)
             start = time.time()
-            vm_list = database.get_vm_list() # only id
+            vm_list = database.get_vm_list() # get all vm vut only id
             for vmid in vm_list:
                 node = get_node_from_vm(vmid)
                 if vmid not in vm_filtered_list :

From ce1162f3e832f61f3dc32a0f7dbcf84395458647 Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Wed, 18 Jan 2023 21:36:10 +0100
Subject: [PATCH 12/29] Specify env var usage

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index ab828bd..6fffa21 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,13 @@ KEYRING_DNS_SECRET : clé pour utiliser le ddns (ajouter / supprimer des entrée
 PROXMOX_API_KEY_NAME : nom de la clé pour accéder à l'api proxmox
 PROXMOX_API_KEY : clé pour utiliser l'api proxmox
 PROXMOX_BACK_DB : mysql:// lien vers la db contenant le passwd, user, nom de la database et bien sûr ip de celle-ci
+ENVIRONMENT="DEV" ou "TEST" (ou "PROD")
 ```
+L'environnement conditionne certains composants de l'application. 
+1. "PROD" est réservé à l'execution de l'application dans un environnement de production. C'est par exemple au sein de cet environment que les cron jobs s'executeront. Il est impératif que seul l'env de PROD soit en charge de ce genre d'opérations
+2. "DEV" désactive certaines fonctionnalités réservées à la prod, comme les cron jobs. Mais il utilise la même pas de données la production. C'est l'environment à utiliser en local ou sur hosting-dev
+3. "TEST" est l'environment utilisé pour effectuer les tests unitaires et d'intégrations du backend. Il déploie un base de donnée particulière réservée aux tests.
+
 - vous ensuite devez vous rendre dans backend/ et exécuter la commande `python3 -m proxmox_api`. Le serveur se lance alors. *Assurez vous qu'il est joignable via le port 8080 de votre machine pour qu'il puisse être joint par le `frontend`*
 
 

From 4ac35e7db0f802bc325c604ad2b5f4118b9adc1c Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Wed, 18 Jan 2023 21:36:51 +0100
Subject: [PATCH 13/29] Add support of ownership transfer in patch vm func

---
 backend/proxmox_api/controllers/default_controller.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/backend/proxmox_api/controllers/default_controller.py b/backend/proxmox_api/controllers/default_controller.py
index fac682d..497894d 100644
--- a/backend/proxmox_api/controllers/default_controller.py
+++ b/backend/proxmox_api/controllers/default_controller.py
@@ -733,6 +733,10 @@ def patch_vm(vmid, body=None):  # noqa: E501
             return proxmox.stop_vm(vmid, node)
         elif requetsBody.status == "switch_autoreboot":
             return proxmox.switch_autoreboot(vmid, node)
+        elif requetsBody.status == "transfering_ownership":
+            print(requetsBody)
+            new_owner = slugify(requetsBody.user.replace('_', '-'))
+            return proxmox.transfer_ownership(vmid, node, newowner=new_owner)
         else:
             return {"status": "uknown status"}, 500
     else:

From c105b585910984abfb1c2c16e3d757619d2b26d2 Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Wed, 18 Jan 2023 21:37:20 +0100
Subject: [PATCH 14/29] Add function to update the userId of a vm

---
 backend/proxmox_api/db/db_functions.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/backend/proxmox_api/db/db_functions.py b/backend/proxmox_api/db/db_functions.py
index 4bb67e5..bdf108a 100644
--- a/backend/proxmox_api/db/db_functions.py
+++ b/backend/proxmox_api/db/db_functions.py
@@ -42,6 +42,11 @@ def get_user_list(user_id=None, searchItem = None): # filter is for the user nam
     else : 
         return User.query.all()
 
+def update_vm_userid(vmid, userid):
+    vm = Vm.query.filter_by(id=vmid).first()
+    vm.userId = userid
+    db.session.commit()
+
 # Return all the VM of an user
 def get_vm_list(user_id=""): 
     if user_id != "":  # dans ce cas on affiche ce qui est lié à l'user

From ae617594ab92109d0a3703318362f7b90aec21de Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Wed, 18 Jan 2023 21:38:58 +0100
Subject: [PATCH 15/29] Add function in charge of updating userId of a vm The
 code in charge of retrieving an user's adh6 account in now in util file

---
 backend/proxmox_api/proxmox.py | 109 +++++++++++++++++----------------
 1 file changed, 55 insertions(+), 54 deletions(-)

diff --git a/backend/proxmox_api/proxmox.py b/backend/proxmox_api/proxmox.py
index 309cf1e..05ee131 100644
--- a/backend/proxmox_api/proxmox.py
+++ b/backend/proxmox_api/proxmox.py
@@ -823,66 +823,40 @@ def check_update_cotisation(username, createEntry=False):
         
     print("check cotisation of", username)
     #headers = {"Authorization": req_headers}
-    headers = {"X-API-KEY": configuration.ADH6_API_KEY}
-    #print("https://adh6.minet.net/api/member/?limit=25&filter%5Busername%5D="+str(username)+"&only=id,username")
-    userInfoJson = util.adh6_search_user(username, headers)
-    print(userInfoJson)
-    if userInfoJson is None or userInfoJson  == []: # not found
-        if "-" in username:
-            print("ERROR : the user " + username + " is not found in ADH6. Try with", end='')
-            new_username = username.replace("-","_") # hosting replace by default _ with -. So we try if not found
-            print("'"+new_username+"'")
-            return check_update_cotisation(new_username)
-            
-        elif "_" in username: # same
-            print("ERROR : the user " + username + " is not found in ADH6. Try with", end='')
-            new_username = username.replace("_",".").strip() # hosting replace by default _ with -. So we try if not found
-            print("'"+new_username+"'")
-            return check_update_cotisation(new_username)
-        else :
-            print("ERROR : the user " , username , " failed to be retrieved :" , userInfoJson)
-            return {"error" : "the user " + username + " failed to be retrieved"}, 404
-    else : 
-        userId = None
-        for id in userInfoJson:
-            account = util.get_adh6_account(headers, userId)
-            if account["username"] == username:
-                userId = id
-                break
-
-        if (userId is None ):
-            return {"error": "Impossible to retrieve the user info"}, 404
-        username = username.replace("_", "-") # hosting replace by default _ and .  with -.
-        print("Adh6 account", account)
-        today =  date.today()
-        if "ip" not in account: # Cotisation expired
-            #print(username , "cotisation expired", membership.json())
-            print(username , "cotisation expired (no ip)")
-            
-            #return expiredCotisation(username, userEmail) #, datetime.strptime(account["departureDate"], "%Y-%m-%d").date())
-            
+    account, status = util.get_adh6_account(username)
+    if (account is None):
+        return {"error": "Impossible to retrieve the user info"}, 404
+    username = username.replace("_", "-") # hostingreplace by default _ and .  with -.
+    print("Adh6 account", account)
+    today =  date.today()
+    if "ip" not in account: # Cotisation expired
+        #print(username , "cotisation expired", membership.json())
+        print(username , "cotisation expired (no ip)")
+        
+        #return expiredCotisation(username, userEmail) #, datetime.strptime(account["departureDate"], "%Y-%m-%d").date())
+        
+        status = database.getFreezeState(username)
+        if status is None:
+            status = '1'
+            database.updateFreezeState(username, "1.0")
+        return {"freezeState": status}, 200
+
+    else :  # we check anyway if the departure date is inthe future
+        #print(membership.json()["ip"])
+        #print(membership.json()["departureDate"], end='\n\n')
+        departureDate = datetime.strptime(account["departureDate"], "%Y-%m-%d").date()
+        if departureDate < today: # Cotisation expired:
+            print(username , "cotisation expired (departure date)")
             status = database.getFreezeState(username)
             if status is None:
                 status = '1'
                 database.updateFreezeState(username, "1.0")
             return {"freezeState": status}, 200
 
-        else :  # we check anyway if the departure date is in the future
-            #print(membership.json()["ip"])
-            #print(membership.json()["departureDate"], end='\n\n')
-            departureDate = datetime.strptime(account["departureDate"], "%Y-%m-%d").date()
-            if departureDate < today: # Cotisation expired:
-                print(username , "cotisation expired (departure date)")
-                status = database.getFreezeState(username)
-                if status is None:
-                    status = '1'
-                    database.updateFreezeState(username, "1.0")
-                return {"freezeState": status}, 200
-
-            else :
-                print(username, "cotisation up to date")
-                database.updateFreezeState(username, "0.0")
-                return  {"freezeState": "0"}, 200  
+        else :
+            print(username, "cotisation up to date")
+            database.updateFreezeState(username, "0.0")
+            return  {"freezeState": "0"}, 200  
 
 
 def next_available_vmid():# determine the next available vmid from both db and proxmox
@@ -913,3 +887,30 @@ def stop_expired_vm(app):
                     print("Stopping vm", vmid , "which was running")
                     stop_vm(vmid, node)
             print("VMs stopped for user", user)
+
+# Transfer the ownership of a vm to another user.
+def transfer_ownership(vmid, node, newowner):
+    if newowner == "" or newowner == None :
+        return {"error": "No login given"}, 400
+    
+    user = database.get_user_list(user_id=newowner)
+    if user == None: # We search it in ADH6
+        account, status = util.get_adh6_account(newowner)
+        if status != 200:
+            return account, status
+        if account is None:
+            return {"error": "User not found"}, 404
+        else:
+            print("account", account)
+            userid = account["username"]
+            # We add the user in the database
+            database.add_user(userid)
+    else: 
+        userid = newowner
+        userVms = database.get_vm_list(user_id=userid)
+        if len(userVms) >= 3:
+            return {"error": "User already has 3 VMs"}, 400
+    database.update_vm_userid(vmid, userid)
+    return {"status": "ok"}, 201
+
+    
\ No newline at end of file

From 39ea9cc5492dcacd9a7ebd75364f2d843c68234a Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Wed, 18 Jan 2023 21:39:31 +0100
Subject: [PATCH 16/29] Add doc for patch vm endpoint use

---
 backend/proxmox_api/swagger/swagger.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/proxmox_api/swagger/swagger.yaml b/backend/proxmox_api/swagger/swagger.yaml
index 6d71ce8..54952e1 100644
--- a/backend/proxmox_api/swagger/swagger.yaml
+++ b/backend/proxmox_api/swagger/swagger.yaml
@@ -119,7 +119,7 @@ paths:
           type: string
           example: "105"
       requestBody:
-        description: VM to update
+        description: VM to update. Avalaible status are start, reboot, stop, switch_autoreboot, transfer_ownership
         content:
           application/json:
             schema:

From a4a6d1e61c41ff2e79f724b3dedcff1e762d9298 Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Wed, 18 Jan 2023 21:39:54 +0100
Subject: [PATCH 17/29] Add code in charge of retrieving an user's adh6 account

---
 backend/proxmox_api/util.py | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/backend/proxmox_api/util.py b/backend/proxmox_api/util.py
index 68b9af7..f74bba8 100644
--- a/backend/proxmox_api/util.py
+++ b/backend/proxmox_api/util.py
@@ -319,15 +319,40 @@ def check_cas_token(headers):
     #elif config.ENV == "PROD":
     autorization = {"Authorization": headers["Authorization"]}
     r = requests.get("https://cas.minet.net/oidc/profile", headers=autorization)
-    print("return =", r.json())
     return r.status_code, r.json()
     
 
 
 
-def get_adh6_account(headers, userId):
-    response = requests.get("https://adh6.minet.net/api/member/"+str(userId), headers=headers) # memership info
-    return response.json()
+def get_adh6_account(username):
+    headers = {"X-API-KEY": config.ADH6_API_KEY}
+    #print("https://adh6.minet.net/api/member/?limit=25&filter%5Busername%5D="+str(username)+"&only=id,username")
+    userInfoJson = adh6_search_user(username, headers)
+    print(userInfoJson)
+    if userInfoJson is None or userInfoJson  == []: # not found
+        if "-" in username:
+            print("ERROR : the user " + username + " is not found in ADH6. Try with", end='')
+            new_username = username.replace("-","_") # hosting replace by default _ with -. So we try if not found
+            print("'"+new_username+"'")
+            return get_adh6_account(new_username)
+            
+        elif "_" in username: # same
+            print("ERROR : the user " + username + " is not found in ADH6. Try with", end='')
+            new_username = username.replace("_",".").strip() # hosting replace by default _ with -. So we try if not found
+            print("'"+new_username+"'")
+            return get_adh6_account(new_username)
+        else :
+            print("ERROR : the user " , username , " failed to be retrieved :" , userInfoJson)
+            return {"error" : "the user " + username + " failed to be retrieved"}, 404
+    else : 
+        account = None
+        for id in userInfoJson:
+            accountJson = requests.get("https://adh6.minet.net/api/member/"+str(id), headers=headers) # memership info
+            tmp_account = accountJson.json()
+            if tmp_account["username"] == username:
+                account = tmp_account
+        print("account : ", account)
+        return account, 200
 
 def adh6_search_user(username, headers):
     response = requests.get("https://adh6.minet.net/api/member/?limit=25&terms="+str(username), headers=headers) # [id], from ADH6 

From 0532c5ec035d9505e5a14e4ca4395c273abf2508 Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Wed, 18 Jan 2023 21:41:12 +0100
Subject: [PATCH 18/29] add frontend code to handle a vm ownership transfert

---
 frontend/src/app/vm/vm.component.html | 30 +++++++++++++++++++++++++++
 frontend/src/app/vm/vm.component.ts   | 19 +++++++++++++++++
 2 files changed, 49 insertions(+)

diff --git a/frontend/src/app/vm/vm.component.html b/frontend/src/app/vm/vm.component.html
index 48b483c..2df889a 100644
--- a/frontend/src/app/vm/vm.component.html
+++ b/frontend/src/app/vm/vm.component.html
@@ -242,6 +242,36 @@ <h4>{{'vm.systemInformation' | translate}}</h4>
             </div>
         </div>
     </div>
+    <div class="row" style="margin-top: 20px;" *ngIf="this.user.admin">
+      <div class="col-12">
+          <div class="card">
+              <div class="card-body">
+                <form class="row g-3" (ngSubmit)="transfer_vm_ownership()">
+                  <div>
+                    <div>
+                      <span><strong>Compte actuel :</strong> {{user.vms[0].user}}</span><br>
+                    </div>     
+                    <div class="d-flex justify-content-center" style="margin-top:20px">
+                        <div style="width:25%">
+                          <input type="text" class="form-control" id="username" placeholder="Login adhérent" [(ngModel)]="this.new_user_to_transfer">
+                        </div>
+                        <div style="width:25%">
+                            <button type="submit" class="btn btn-primary mb-3" [disabled]="transfering_ownership">  
+                              <span [hidden]="!transfering_ownership"><span class="spinner-border spinner-border-sm" role="status" aria-hidden="true"></span> Loading ...</span>
+                              <span [hidden]="transfering_ownership">Transférer la propriété</span></button>
+                        </div>
+                    </div>     
+                  </div>
+                </form>
+                <div class="alert alert-danger" role="alert" *ngIf="!transfering_ownership && transfering_error_message != ''">
+                  <div>
+                    {{transfering_error_message}}
+                  </div>
+                </div>        
+              </div>
+          </div>
+      </div>
+  </div>
     <div class="modal fade" id="deleteVMModal" tabindex="-1" role="dialog" aria-labelledby="deleteVMModalTitle" aria-hidden="true">
         <div class="modal-dialog modal-dialog-centered" role="document">
           <div class="modal-content">
diff --git a/frontend/src/app/vm/vm.component.ts b/frontend/src/app/vm/vm.component.ts
index deafb54..06ee61f 100644
--- a/frontend/src/app/vm/vm.component.ts
+++ b/frontend/src/app/vm/vm.component.ts
@@ -40,6 +40,9 @@ export class VmComponent implements OnInit, OnDestroy {
     popUpSSHkey = "";
     popUpLoading = false;
     renew_vm_status = "";
+    new_user_to_transfer="";
+    transfering_ownership=false;
+    transfering_error_message="";
 
 
     constructor(
@@ -163,6 +166,22 @@ export class VmComponent implements OnInit, OnDestroy {
             });
     }
 
+    transfer_vm_ownership():void{
+        const data = {
+            "status" : "transfering_ownership",
+            "user": this.new_user_to_transfer
+        };
+        this.transfering_ownership = true;
+        this.http.patch(this.authService.SERVER_URL + '/vm/' + this.vmid, data).subscribe(rep => {
+            this.transfering_ownership = false;
+            this.transfering_error_message = "";
+            this.router.navigate(['#']);
+        }, error => {
+            this.transfering_ownership = false;
+            this.transfering_error_message = error.error["error"];
+        });
+    }
+
 
     get_vm(vmid): void {
         const vm = new Vm();

From 695799940bda62b648cbc2ea7340b7a314205913 Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Thu, 19 Jan 2023 20:20:52 +0100
Subject: [PATCH 19/29] Changee adh6 mocked func to stick with the new func

---
 backend/test/test_account_state.py | 47 +++++++++++-------------------
 1 file changed, 17 insertions(+), 30 deletions(-)

diff --git a/backend/test/test_account_state.py b/backend/test/test_account_state.py
index ed3e5c6..bb348a5 100644
--- a/backend/test/test_account_state.py
+++ b/backend/test/test_account_state.py
@@ -60,17 +60,15 @@ def test_expired_account_freezed_1(monkeypatch, init_user_database):
     freeze state of 1
     """
     username = "expired-user-1"
-    def fake_adh6_check(headers, userId):
-        return {'username' : username}
-    def fake_adh6_search_user(username, headers):
-        return [0]
+    def fake_get_adh6_account(username):
+        return {'username' : username},200
+
 
     app = util.create_app()
     db = SQLAlchemy()
     db.init_app(app.app)
     with app.app.app_context():
-        monkeypatch.setattr(util, 'get_adh6_account', fake_adh6_check)
-        monkeypatch.setattr(util, 'adh6_search_user', fake_adh6_search_user)
+        monkeypatch.setattr(util, 'get_adh6_account', fake_get_adh6_account)
         r = proxmox.get_freeze_state(username)
         dict,status_code = r
         assert status_code == 200
@@ -83,17 +81,14 @@ def test_expired_account_freezed_2(monkeypatch, init_user_database):
     """
 
     username = "expired-user-2"
-    def fake_adh6_check(headers, userId):
-        return {"username":username}
-    def fake_adh6_search_user(username, headers):
-        return [0]
+    def fake_get_adh6_account(username):
+        return {"username":username},200
 
     app = util.create_app()
     db = SQLAlchemy()
     db.init_app(app.app)
     with app.app.app_context():
-        monkeypatch.setattr(util, 'get_adh6_account', fake_adh6_check)
-        monkeypatch.setattr(util, 'adh6_search_user', fake_adh6_search_user)
+        monkeypatch.setattr(util, 'get_adh6_account', fake_get_adh6_account)
         r = proxmox.get_freeze_state(username)
         dict,status_code = r
         assert status_code == 200
@@ -106,17 +101,15 @@ def test_expired_account_freezed_3(monkeypatch, init_user_database):
     """
 
     username = "expired-user-3"
-    def fake_adh6_check(headers, userId):
-        return {'username' : username}
-    def fake_adh6_search_user(username, headers):
-        return [0]
+    def fake_get_adh6_account(username):
+        return {'username' : username},200
 
     app = util.create_app()
     db = SQLAlchemy()
     db.init_app(app.app)
     with app.app.app_context():
-        monkeypatch.setattr(util, 'get_adh6_account', fake_adh6_check)
-        monkeypatch.setattr(util, 'adh6_search_user', fake_adh6_search_user)
+        monkeypatch.setattr(util, 'get_adh6_account', fake_get_adh6_account)
+
         r = proxmox.get_freeze_state(username)
         dict,status_code = r
         assert status_code == 200
@@ -129,17 +122,14 @@ def test_expired_account_freezed_4(monkeypatch,init_user_database):
     """
 
     username = "expired-user-4"
-    def fake_adh6_check(headers, userId):
-        return {'username' : username}
-    def fake_adh6_search_user(username, headers):
-        return [0]
+    def fake_get_adh6_account(username):
+        return {'username' : username}, 200
 
     app = util.create_app()
     db = SQLAlchemy()
     db.init_app(app.app)
     with app.app.app_context():
-        monkeypatch.setattr(util, 'get_adh6_account', fake_adh6_check)
-        monkeypatch.setattr(util, 'adh6_search_user', fake_adh6_search_user)
+        monkeypatch.setattr(util, 'get_adh6_account', fake_get_adh6_account)
         r = proxmox.get_freeze_state(username)
         dict,status_code = r
         assert status_code == 200 
@@ -153,10 +143,8 @@ def test_new_account_to_be_checked(monkeypatch, init_user_database):
     """
 
     username = "new-user-to-be-checked"
-    def fake_adh6_check(headers, userId):
-        return {'ip': "127.0.0.1", "departureDate" : "2199-01-01", 'username' : username}
-    def fake_adh6_search_user(username, headers):
-        return [0]
+    def fake_get_adh6_account(username):
+        return {'ip': "127.0.0.1", "departureDate" : "2199-01-01", 'username' : username}, 200
 
     
     
@@ -164,8 +152,7 @@ def fake_adh6_search_user(username, headers):
     db = SQLAlchemy()
     db.init_app(app.app)
     with app.app.app_context():
-        monkeypatch.setattr(util, 'get_adh6_account', fake_adh6_check)
-        monkeypatch.setattr(util, 'adh6_search_user', fake_adh6_search_user)
+        monkeypatch.setattr(util, 'get_adh6_account', fake_get_adh6_account)
         r = proxmox.get_freeze_state(username)
         dict,status_code = r
         assert status_code == 200

From 57cc2a84df915b810d6363530a4263325b1fc21b Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Thu, 19 Jan 2023 22:52:02 +0100
Subject: [PATCH 20/29] correct front style

---
 frontend/src/app/vm/vm.component.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/frontend/src/app/vm/vm.component.html b/frontend/src/app/vm/vm.component.html
index 2df889a..1744e6e 100644
--- a/frontend/src/app/vm/vm.component.html
+++ b/frontend/src/app/vm/vm.component.html
@@ -246,9 +246,9 @@ <h4>{{'vm.systemInformation' | translate}}</h4>
       <div class="col-12">
           <div class="card">
               <div class="card-body">
-                <form class="row g-3" (ngSubmit)="transfer_vm_ownership()">
+                <form (ngSubmit)="transfer_vm_ownership()">
                   <div>
-                    <div>
+                    <div class="d-flex justify-content-center">
                       <span><strong>Compte actuel :</strong> {{user.vms[0].user}}</span><br>
                     </div>     
                     <div class="d-flex justify-content-center" style="margin-top:20px">

From 6fa63d2c0120cea17efc60633a272cf6988b131b Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Fri, 20 Jan 2023 00:27:41 +0100
Subject: [PATCH 21/29] Add success visual when transferring proprety Auto
 update all data in the page without reloading it

---
 frontend/src/app/vm/vm.component.html | 12 ++++++------
 frontend/src/app/vm/vm.component.ts   | 10 +++++-----
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/frontend/src/app/vm/vm.component.html b/frontend/src/app/vm/vm.component.html
index 1744e6e..0122eef 100644
--- a/frontend/src/app/vm/vm.component.html
+++ b/frontend/src/app/vm/vm.component.html
@@ -256,16 +256,19 @@ <h4>{{'vm.systemInformation' | translate}}</h4>
                           <input type="text" class="form-control" id="username" placeholder="Login adhérent" [(ngModel)]="this.new_user_to_transfer">
                         </div>
                         <div style="width:25%">
-                            <button type="submit" class="btn btn-primary mb-3" [disabled]="transfering_ownership">  
+                            <button type="submit" class="btn mb-3" [disabled]="transfering_ownership" [ngClass]="{
+                              'btn-success': transfering_request_message == 'success',
+                              'btn-primary': transfering_request_message != 'success'
+                                }">  
                               <span [hidden]="!transfering_ownership"><span class="spinner-border spinner-border-sm" role="status" aria-hidden="true"></span> Loading ...</span>
                               <span [hidden]="transfering_ownership">Transférer la propriété</span></button>
                         </div>
                     </div>     
                   </div>
                 </form>
-                <div class="alert alert-danger" role="alert" *ngIf="!transfering_ownership && transfering_error_message != ''">
+                <div class="alert alert-danger" role="alert" *ngIf="!transfering_ownership && transfering_request_message != '' && transfering_request_message != 'success'">
                   <div>
-                    {{transfering_error_message}}
+                    {{transfering_request_message}}
                   </div>
                 </div>        
               </div>
@@ -328,6 +331,3 @@ <h4>{{'vm.ipHistory' | translate}}</h4>
     <p>{{'vm.charter.notsigned_2' | translate}} <a href="https://chartes.minet.net/">{{'vm.charter.notsigned_3' | translate}}</a> {{'vm.charter.notsigned_4' | translate}}</p>
 </div>
 
-
-
-
diff --git a/frontend/src/app/vm/vm.component.ts b/frontend/src/app/vm/vm.component.ts
index 06ee61f..fd30d9c 100644
--- a/frontend/src/app/vm/vm.component.ts
+++ b/frontend/src/app/vm/vm.component.ts
@@ -42,7 +42,7 @@ export class VmComponent implements OnInit, OnDestroy {
     renew_vm_status = "";
     new_user_to_transfer="";
     transfering_ownership=false;
-    transfering_error_message="";
+    transfering_request_message="";
 
 
     constructor(
@@ -173,12 +173,12 @@ export class VmComponent implements OnInit, OnDestroy {
         };
         this.transfering_ownership = true;
         this.http.patch(this.authService.SERVER_URL + '/vm/' + this.vmid, data).subscribe(rep => {
-            this.transfering_ownership = false;
-            this.transfering_error_message = "";
-            this.router.navigate(['#']);
+            this.transfering_request_message = "success";
+            setTimeout(() => {this.transfering_ownership = false;
+            this.transfering_request_message = ""}, 1000);
         }, error => {
             this.transfering_ownership = false;
-            this.transfering_error_message = error.error["error"];
+            this.transfering_request_message = error.error["error"];
         });
     }
 

From bc078db503d260974ae5bfdff194df910737f992 Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Fri, 20 Jan 2023 00:28:36 +0100
Subject: [PATCH 22/29] Patch security vuln in transferring vm endpoint Add
 admin check role

---
 backend/proxmox_api/controllers/default_controller.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/backend/proxmox_api/controllers/default_controller.py b/backend/proxmox_api/controllers/default_controller.py
index 497894d..16fccac 100644
--- a/backend/proxmox_api/controllers/default_controller.py
+++ b/backend/proxmox_api/controllers/default_controller.py
@@ -733,8 +733,7 @@ def patch_vm(vmid, body=None):  # noqa: E501
             return proxmox.stop_vm(vmid, node)
         elif requetsBody.status == "switch_autoreboot":
             return proxmox.switch_autoreboot(vmid, node)
-        elif requetsBody.status == "transfering_ownership":
-            print(requetsBody)
+        elif requetsBody.status == "transfering_ownership" and admin:
             new_owner = slugify(requetsBody.user.replace('_', '-'))
             return proxmox.transfer_ownership(vmid, node, newowner=new_owner)
         else:

From db040bdaeb723b254b15b842c980608966d9f7d9 Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Fri, 20 Jan 2023 00:28:52 +0100
Subject: [PATCH 23/29] Modify the history tab when a vm is transferred

---
 backend/proxmox_api/proxmox.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/backend/proxmox_api/proxmox.py b/backend/proxmox_api/proxmox.py
index 05ee131..b8b2f2e 100644
--- a/backend/proxmox_api/proxmox.py
+++ b/backend/proxmox_api/proxmox.py
@@ -911,6 +911,8 @@ def transfer_ownership(vmid, node, newowner):
         if len(userVms) >= 3:
             return {"error": "User already has 3 VMs"}, 400
     database.update_vm_userid(vmid, userid)
+    ip  = database.get_vm_ip(vmid)
+    database.add_ip_to_history(ip, vmid, userid)
     return {"status": "ok"}, 201
 
     
\ No newline at end of file

From 2fcec255374b569adb7106799a710353017bdbce Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Fri, 20 Jan 2023 01:38:08 +0100
Subject: [PATCH 24/29] Fix #46 Harmonize the return type fo get_vm_node
 function, to return a status even when the node is found

---
 .../controllers/default_controller.py         | 20 +++++++++-------
 backend/proxmox_api/proxmox.py                | 21 +++++++++++-----
 backend/test/integration/test_vm_life.py      | 24 ++++++++++---------
 backend/test/test_default_api.py              |  2 +-
 backend/test/test_stop_expired_vm.py          |  2 +-
 5 files changed, 41 insertions(+), 28 deletions(-)

diff --git a/backend/proxmox_api/controllers/default_controller.py b/backend/proxmox_api/controllers/default_controller.py
index 16fccac..5e0c0ff 100644
--- a/backend/proxmox_api/controllers/default_controller.py
+++ b/backend/proxmox_api/controllers/default_controller.py
@@ -204,8 +204,8 @@ def delete_vm_id(vmid):  # noqa: E501
     if freezeAccountState >= 3 and not admin: # if freeze state 1 or 2 user still have access to proxmox
         return {"status": "cotisation expired"}, 403
     
-    node = proxmox.get_node_from_vm(vmid)
-    if not node : #doesn't exist
+    node,status = proxmox.get_node_from_vm(vmid)
+    if status != 200 : #doesn't exist
         return {"error": "VM doesn't exist"}, 404
     
     Thread(target=delete_vm_in_thread, args=(vmid, user_id, node,False,)).start()
@@ -251,8 +251,8 @@ def delete_vm_in_thread(vmid, user_id, node="", dueToError=False):
     #if freezeAccountState >= 3 and not admin: # if freeze state 1 or 2 user still have access to proxmox
     #    return {"status": "cotisation expired"}, 403
 
-    node = proxmox.get_node_from_vm(vmid)
-    if not node:
+    node,status = proxmox.get_node_from_vm(vmid)
+    if status != 200: 
         return {"status": "vm not exists"}, 404
     if vmid in map(int, proxmox.get_vm(user_id)[0]):
         return proxmox.delete_vm(vmid, node)
@@ -420,12 +420,14 @@ def get_vm_id(vmid):  # noqa: E501
             return {"error": "Unknown vm status"}, 400
 
 
-    node = proxmox.get_node_from_vm(vmid)
+    node,status = proxmox.get_node_from_vm(vmid)
+    
+
     if not admin and dbfct.get_vm_userid(vmid) != user_id : # if not admin, we check if the user is the owner of the vm
         return {'error' : "Forbidden"} , 403
-    elif node == None and not admin: # exist in the db but not in proxmox. It's a error
+    elif status != 200 and not admin: # exist in the db but not in proxmox. It's a error
         return {"error": "VM not found in proxmox"}, 500
-    elif node == None and  admin:
+    elif status != 200 and  admin:
         return {'error' : "VM no found"} , 404
 
 
@@ -722,8 +724,8 @@ def patch_vm(vmid, body=None):  # noqa: E501
     user_id = slugify(cas['sub'].replace('_', '-'))
 
     if admin or dbfct.get_vm_userid(vmid) == user_id : # if not admin, we check if the user is the owner of the vm
-        node = proxmox.get_node_from_vm(vmid)
-        if not node:
+        node,status = proxmox.get_node_from_vm(vmid)
+        if status != 200:
             return {"status": "vm not exists"}, 404
         if requetsBody.status == "start":
             return proxmox.start_vm(vmid, node)
diff --git a/backend/proxmox_api/proxmox.py b/backend/proxmox_api/proxmox.py
index b8b2f2e..6b835ae 100644
--- a/backend/proxmox_api/proxmox.py
+++ b/backend/proxmox_api/proxmox.py
@@ -398,7 +398,9 @@ def reboot_vm(vmid, node):
         return {"status": "An error occur while rebooting the vm"}, 500
 
 def renew_ip(vmid):
-    node = get_node_from_vm(vmid)
+    node, status = get_node_from_vm(vmid)
+    if status != 200:
+        return node, status
     try:
         ip = database.get_vm_ip(vmid)
         proxmox.nodes(node).qemu(vmid).config.post(
@@ -412,7 +414,9 @@ def renew_ip(vmid):
         return {"status": "error updating your ip address."}, 500
 
 def update_vm_credentials(vmid,username, password, sshKey):
-    node = get_node_from_vm(vmid)
+    node,status = get_node_from_vm(vmid)
+    if status != 200:
+        return node, status
     try :
         ip = database.get_vm_ip(vmid)
         proxmox.nodes(node).qemu(vmid).config.post(
@@ -496,7 +500,10 @@ def get_vm(user_id = 0, search=None):
             start = time.time()
             vm_list = database.get_vm_list() # get all vm vut only id
             for vmid in vm_list:
-                node = get_node_from_vm(vmid)
+                node, status = get_node_from_vm(vmid)
+                if status == 200:
+                    if status != 200:
+                        return node, status
                 if vmid not in vm_filtered_list :
                     infos,_ = get_vm_name(vmid, node)
                     name = infos["name"]
@@ -538,7 +545,7 @@ def get_node_from_vm(vmid):
         for vm in proxmox.cluster.resources.get(type="vm"):
             if vm["vmid"] == vmid:
                 try:
-                    node = vm['node']
+                    node = vm['node'], 200
                 except Exception as e:
                     logging.error("Problem in get_node_from_vm(" + str(vmid) + ") when getting VM node: " + str(e))
                     return {"cpu": "error"}, 500
@@ -745,7 +752,9 @@ def get_user_ip_list(user_id) :
         vm_id_list = database.get_vm_list(user_id)
         ip_list = [] # ip of the user
         for vmid in vm_id_list:
-            node = get_node_from_vm(vmid)
+            node,status = get_node_from_vm(vmid)
+            if status != 200:
+                return None
             vm_ip, status = get_vm_ip(vmid, node)
             if status == 200:
                 ip_list += vm_ip["vm_ip"]
@@ -881,7 +890,7 @@ def stop_expired_vm(app):
             print("Checking vm for user : ", user)
             userVms = database.get_vm_list(user_id=user)
             for vmid in userVms:
-                node = get_node_from_vm(vmid)
+                node, _ = get_node_from_vm(vmid)
                 status,_ = get_proxmox_vm_status(vmid, node)
                 if status["status"] == "running":
                     print("Stopping vm", vmid , "which was running")
diff --git a/backend/test/integration/test_vm_life.py b/backend/test/integration/test_vm_life.py
index 2100229..4e5bffb 100644
--- a/backend/test/integration/test_vm_life.py
+++ b/backend/test/integration/test_vm_life.py
@@ -12,16 +12,15 @@
 def test_old_vm_deletion(init_vm_database):
     """Test in charge of destroying all vm test created in the past.
     """
-    node = proxmox.get_node_from_vm(VMID)
+    node,status = proxmox.get_node_from_vm(VMID)
     print(node)
     app = util.create_app()
     db = SQLAlchemy()
     db.init_app(app.app)
     doesVMexist = False
     with app.app.app_context():
-        if len(node) >= 2:
-            if node[1] != 404:
-                doesVMexist = True
+        if status != 200:
+            doesVMexist = True
         if doesVMexist:
             assert node == "kars" or node == "wammu"
             r = proxmox.delete_from_proxmox(VMID, node)
@@ -69,9 +68,10 @@ def test_vm_start():
     db = SQLAlchemy()
     db.init_app(app.app)
     with app.app.app_context():
-        node = proxmox.get_node_from_vm(VMID)
-        body, status = proxmox.start_vm(VMID, node)
-        assert status == 201
+        node,status_node = proxmox.get_node_from_vm(VMID)
+        body, status_start = proxmox.start_vm(VMID, node)
+        assert status_node == 200
+        assert status_start == 201
 
 # If previous test fail, we do not try to start it
 @pytest.mark.dependency(name="stop", depends=["clean", "creation", "start"])
@@ -82,9 +82,10 @@ def test_vm_stop():
     db = SQLAlchemy()
     db.init_app(app.app)
     with app.app.app_context():
-        node = proxmox.get_node_from_vm(VMID)
-        body, status = proxmox.stop_vm(VMID, node)
-        assert status == 201
+        node,status_node = proxmox.get_node_from_vm(VMID)
+        body, status_stop = proxmox.stop_vm(VMID, node)
+        assert status_node == 200
+        assert status_stop == 201
 
 # If previous test fail, we do not try to start it
 @pytest.mark.dependency(name="delete", depends=["clean", "creation", "start", "stop"])
@@ -95,9 +96,10 @@ def test_vm_deletion():
     db = SQLAlchemy()
     db.init_app(app.app)
     with app.app.app_context():
-        node = proxmox.get_node_from_vm(VMID)
+        node,status_node = proxmox.get_node_from_vm(VMID)
         isProxmoxDeleted = proxmox.delete_from_proxmox(VMID, node)
         isDbDeleted = proxmox.delete_from_db(VMID)
+        assert status_node == 200
         assert isProxmoxDeleted
         assert isDbDeleted
 
diff --git a/backend/test/test_default_api.py b/backend/test/test_default_api.py
index 9b329e8..bb4611b 100644
--- a/backend/test/test_default_api.py
+++ b/backend/test/test_default_api.py
@@ -15,7 +15,7 @@ def fake_check_cas_token_fail(headers):
 def fake_check_cas_admin(headers):
     return 200, {"sub": "admin", "attributes" : {"memberOf" : 'cn=cluster-hosting,ou=groups,dc=minet,dc=net'}}
 def fake_get_node_from_vm(vmid):
-    return "wammu"
+    return "wammu",200
 def fake_get_proxmox_vm_status(vmid, node):
     return "running"
 def fake_get_vm_config(vmid, node):
diff --git a/backend/test/test_stop_expired_vm.py b/backend/test/test_stop_expired_vm.py
index 86f6490..d94eef3 100644
--- a/backend/test/test_stop_expired_vm.py
+++ b/backend/test/test_stop_expired_vm.py
@@ -10,7 +10,7 @@ def mock_stop_vm(vm_id, node):
     return True
 
 def mock_get_node_from_vm(vmid):
-    return "node1"
+    return "node1",200
 
 def mock_get_proxmox_vm_status(vmid, node):
     if vmid == 5 :

From 95da12a3b8d16267de6d568d2b8f0fc8c185ce0d Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Fri, 20 Jan 2023 02:22:32 +0100
Subject: [PATCH 25/29] Fix return type in get_vm_node

---
 backend/proxmox_api/proxmox.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/proxmox_api/proxmox.py b/backend/proxmox_api/proxmox.py
index 6b835ae..f13eadb 100644
--- a/backend/proxmox_api/proxmox.py
+++ b/backend/proxmox_api/proxmox.py
@@ -545,7 +545,7 @@ def get_node_from_vm(vmid):
         for vm in proxmox.cluster.resources.get(type="vm"):
             if vm["vmid"] == vmid:
                 try:
-                    node = vm['node'], 200
+                    node = vm['node']
                 except Exception as e:
                     logging.error("Problem in get_node_from_vm(" + str(vmid) + ") when getting VM node: " + str(e))
                     return {"cpu": "error"}, 500
@@ -553,7 +553,7 @@ def get_node_from_vm(vmid):
         if node == "":
             return {"get_node": "Vm not found"}, 404 
         else : 
-            return node
+            return node, 200
     else:
         return {"get_node": "Vmid incorrect"}, 404
 

From 191d30d1ad317ce7eb24c94823cc6123e7c30724 Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Fri, 20 Jan 2023 02:49:23 +0100
Subject: [PATCH 26/29] Fix tests typo

---
 backend/test/integration/test_vm_life.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/test/integration/test_vm_life.py b/backend/test/integration/test_vm_life.py
index 4e5bffb..5a28840 100644
--- a/backend/test/integration/test_vm_life.py
+++ b/backend/test/integration/test_vm_life.py
@@ -19,7 +19,7 @@ def test_old_vm_deletion(init_vm_database):
     db.init_app(app.app)
     doesVMexist = False
     with app.app.app_context():
-        if status != 200:
+        if status == 200:
             doesVMexist = True
         if doesVMexist:
             assert node == "kars" or node == "wammu"

From 0f88b2cc67b61cc7472cc8388717b7bb205e99aa Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Fri, 20 Jan 2023 11:35:07 +0100
Subject: [PATCH 27/29] Add tests for ownership transfer

---
 .../controllers/default_controller.py         |  9 +-
 backend/proxmox_api/proxmox.py                |  2 +-
 backend/test/test_default_api.py              | 28 ++++++-
 backend/test/test_vm_ownership_transfer.py    | 82 +++++++++++++++++++
 4 files changed, 115 insertions(+), 6 deletions(-)
 create mode 100644 backend/test/test_vm_ownership_transfer.py

diff --git a/backend/proxmox_api/controllers/default_controller.py b/backend/proxmox_api/controllers/default_controller.py
index 5e0c0ff..4e808ba 100644
--- a/backend/proxmox_api/controllers/default_controller.py
+++ b/backend/proxmox_api/controllers/default_controller.py
@@ -735,9 +735,12 @@ def patch_vm(vmid, body=None):  # noqa: E501
             return proxmox.stop_vm(vmid, node)
         elif requetsBody.status == "switch_autoreboot":
             return proxmox.switch_autoreboot(vmid, node)
-        elif requetsBody.status == "transfering_ownership" and admin:
-            new_owner = slugify(requetsBody.user.replace('_', '-'))
-            return proxmox.transfer_ownership(vmid, node, newowner=new_owner)
+        elif requetsBody.status == "transfering_ownership":
+            if admin : 
+                new_owner = slugify(requetsBody.user.replace('_', '-'))
+                return proxmox.transfer_ownership(vmid, new_owner)
+            else: 
+                return {"status": "Permission denied"}, 403
         else:
             return {"status": "uknown status"}, 500
     else:
diff --git a/backend/proxmox_api/proxmox.py b/backend/proxmox_api/proxmox.py
index f13eadb..c3ff53f 100644
--- a/backend/proxmox_api/proxmox.py
+++ b/backend/proxmox_api/proxmox.py
@@ -898,7 +898,7 @@ def stop_expired_vm(app):
             print("VMs stopped for user", user)
 
 # Transfer the ownership of a vm to another user.
-def transfer_ownership(vmid, node, newowner):
+def transfer_ownership(vmid, newowner):
     if newowner == "" or newowner == None :
         return {"error": "No login given"}, 400
     
diff --git a/backend/test/test_default_api.py b/backend/test/test_default_api.py
index bb4611b..01a8887 100644
--- a/backend/test/test_default_api.py
+++ b/backend/test/test_default_api.py
@@ -150,6 +150,11 @@ def fake_stop_vm(vmide, node):
 def fake_switch_autoreboot(vmide, node):
     return {"status": "switch autoreboot OK"},200
 
+def fake_transfer_ownership(vmid, new_owner):
+    if new_owner == "" or new_owner == None :
+        return {"error": "No login given"}, 400
+    return {"status": "OK"},200
+
 def  test_valid_patch_vm_start(client, init_user_database, init_vm_database, monkeypatch):
     monkeypatch.setattr(util, "check_cas_token", fake_check_cas_token)
     monkeypatch.setattr(proxmox, "get_node_from_vm", fake_get_node_from_vm)
@@ -223,6 +228,26 @@ def test_admin_patch_vm(client, init_user_database, init_vm_database, monkeypatc
     assert vm2.status_code == 200
     assert vm2.json == {"status": "start OK"}
 
+# Try to transfert the VM as an admin
+def test_admin_transfer_ownership(client, init_user_database, init_vm_database, monkeypatch):
+    monkeypatch.setattr(util, "check_cas_token", fake_check_cas_admin)
+    monkeypatch.setattr(proxmox, "get_node_from_vm", fake_get_node_from_vm)
+    monkeypatch.setattr(proxmox, "transfer_ownership", fake_transfer_ownership)
+    
+    vm1 = client.patch('/api/1.0.0/vm/3', headers={'Content-Type': 'application/json', "Authorization" : "Bearer AT-TEST"}, json={"status": "transfering_ownership", "user" : "user-1"})
+    assert vm1.status_code == 200
+    assert vm1.json == {"status": "OK"}
+
+# Try to transfert the VM as an a non admin
+def test_non_admin_transfer_ownership(client, init_user_database, init_vm_database, monkeypatch):
+    monkeypatch.setattr(util, "check_cas_token", fake_check_cas_token)
+    monkeypatch.setattr(proxmox, "get_node_from_vm", fake_get_node_from_vm)
+    monkeypatch.setattr(proxmox, "transfer_ownership", fake_transfer_ownership)
+    
+    vm1 = client.patch('/api/1.0.0/vm/1', headers={'Content-Type': 'application/json', "Authorization" : "Bearer AT-TEST"}, json={"status": "transfering_ownership", "user" : "user-1"})
+    assert vm1.status_code == 403
+    assert vm1.json == {"status": "Permission denied"}
+
 # Try to patch with an invalid token
 def test_invalid_patch_vm(client, init_user_database, init_vm_database, monkeypatch):
     monkeypatch.setattr(util, "check_cas_token", fake_check_cas_token_fail)
@@ -290,5 +315,4 @@ def test_admin_get_other_account_state(client, init_user_database, monkeypatch):
     assert user1.status_code == 200
     assert user1.json == {"freeze_state": "state"}
     assert user2.status_code == 200
-    assert user2.json == {"freeze_state": "state"}
-    
\ No newline at end of file
+    assert user2.json == {"freeze_state": "state"}
\ No newline at end of file
diff --git a/backend/test/test_vm_ownership_transfer.py b/backend/test/test_vm_ownership_transfer.py
new file mode 100644
index 0000000..e4596a1
--- /dev/null
+++ b/backend/test/test_vm_ownership_transfer.py
@@ -0,0 +1,82 @@
+import pytest
+from test.conftest import *
+from proxmox_api import proxmox
+from proxmox_api import util
+from proxmox_api.db import db_functions as database
+
+
+def fake_get_adh6_account(newowner):
+    return {"username": newowner}, 200
+
+
+# Transfer a vm to another user, who exists in hosting and has less than 3 vms
+def test_vm_ownership_transfer(monkeypatch, init_user_database, init_vm_database):
+    username = "user-2"
+    monkeypatch.setattr(util, 'get_adh6_account', fake_get_adh6_account)
+    vmid = 1
+    body, status = proxmox.transfer_ownership(vmid, username)
+    
+    #return status
+    assert status == 201
+    assert body == {"status": "ok"}
+    
+    # Check that the vm is now owned by user-2
+    userid = database.get_vm_userid(vmid)
+    assert userid == username
+
+    # Check that the history is updated
+    history = database.get_historyip_fromdb(vmid)
+    assert history[-1][2] == username
+
+# Transfer a vm to another user, who doesn't exist in hosting but exist in adh6
+def test_vm_ownership_transfer_to_new_user(monkeypatch, init_user_database, init_vm_database):
+    username = "new-user"
+    monkeypatch.setattr(util, 'get_adh6_account', fake_get_adh6_account)
+    vmid = 1
+    body, status = proxmox.transfer_ownership(vmid, username)
+    
+    #return status
+    assert status == 201
+    assert body == {"status": "ok"}
+
+    # Check that the user is created in the database 
+    assert database.get_user_list(user_id=username) is not None
+    
+    # Check that the vm is now owned by user-2
+    userid = database.get_vm_userid(vmid)
+    assert userid == username
+
+    # Check that the history is updated
+    history = database.get_historyip_fromdb(vmid)
+    assert history[-1][2] == username
+
+# Transfer a vm to another user, who doesn't exist in hosting not in adh6
+def test_vm_ownership_to_nonexistent_user(monkeypatch,init_user_database, init_vm_database):
+    username = "nonexistent-user"
+    def fake_get_adh6_account_None(newowner):
+        return None, 200
+
+    monkeypatch.setattr(util, 'get_adh6_account', fake_get_adh6_account_None)
+    vmid = 1
+    body, status = proxmox.transfer_ownership(vmid, username)
+    
+    #return status
+    assert status == 404
+    assert body == {"error": "User not found"}
+
+# Transfer a vm to another user, who has already 3 vms
+def test_vm_ownership_to_full_user(monkeypatch, init_user_database, init_vm_database):
+    username = "user-1" # User-1 has 3 vms
+    monkeypatch.setattr(util, 'get_adh6_account', fake_get_adh6_account)
+    vmid = 3 # vmid 3 is owned by user-2
+    body, status = proxmox.transfer_ownership(vmid, username)
+
+    #return status
+    assert status == 400
+    assert body == {"error": "User already has 3 VMs"}
+
+    # We check that the vm is still owned by user-2
+     # Check that the vm is now owned by user-2
+    userid = database.get_vm_userid(vmid)
+    assert userid == "user-2"
+

From 7307636d0ca28be4e6c6218e7e5006a8dfc417ab Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Sat, 21 Jan 2023 23:32:36 +0100
Subject: [PATCH 28/29] Fix #46 The function was not mocked because it was
 depending on a object, so on the context The only elegant solution found is
 to redefine the object (defined at the init of proxmox.py) and to recreate
 fake custom classes (without mock class) All ideas using mocking failed

---
 .../config/vm_creation_status.json            |  2 +-
 backend/proxmox_api/proxmox.py                | 15 ++-
 backend/test/test_vm_creation_form.py         | 94 +++++++++++++++----
 3 files changed, 86 insertions(+), 25 deletions(-)

diff --git a/backend/proxmox_api/config/vm_creation_status.json b/backend/proxmox_api/config/vm_creation_status.json
index 0967ef4..7841ea8 100644
--- a/backend/proxmox_api/config/vm_creation_status.json
+++ b/backend/proxmox_api/config/vm_creation_status.json
@@ -1 +1 @@
-{}
+{"999": {"status": "creating"}, "999": {"status": "creating"}}
\ No newline at end of file
diff --git a/backend/proxmox_api/proxmox.py b/backend/proxmox_api/proxmox.py
index c3ff53f..d9809d0 100644
--- a/backend/proxmox_api/proxmox.py
+++ b/backend/proxmox_api/proxmox.py
@@ -195,6 +195,7 @@ def create_vm(name, vm_type, user_id, password="no", vm_user="", main_ssh_key="n
 
     template_node = ""
     try:
+        print("oui")
         template_id = -1
         if vm_type == "bare_vm":
             template_id = 10003
@@ -214,9 +215,12 @@ def create_vm(name, vm_type, user_id, password="no", vm_user="", main_ssh_key="n
                 database.add_ip_to_history(ip, next_vmid, user_id)
             else:
                 return {"error": "error, can not create more VMs"}, 500
+        
         for vm in proxmox.cluster.resources.get(type="vm"):
             if vm["vmid"] == template_id:
                 template_node = vm["node"]
+        print("template_node", template_node)
+        print("template_id", template_id)
         proxmox.nodes(template_node).qemu(template_id).clone.create(
             name=name,
             newid=next_vmid,
@@ -228,10 +232,10 @@ def create_vm(name, vm_type, user_id, password="no", vm_user="", main_ssh_key="n
 
 
     except Exception as e:
-        delete_from_db(next_vmid)
-        delete_from_proxmox(next_vmid, node)
         logging.error("Problem in create_vm(" + str(next_vmid) + ") when cloning: " + str(e))
         print("Problem in create_vm(" + str(next_vmid) + ") when cloning: " + str(e))
+        delete_from_db(next_vmid)
+        delete_from_proxmox(next_vmid, node)
         return {"error": "Impossible to create the VM (cloning)"}, 500
 
 
@@ -239,6 +243,7 @@ def create_vm(name, vm_type, user_id, password="no", vm_user="", main_ssh_key="n
         print("Problem while updating the vm status")
         return {"error": "Impossible to update the VM status"}, 500
     Thread(target=config_vm, args=(next_vmid, node, password, vm_user, main_ssh_key,ip,  )).start()
+    
     return {"vmId": next_vmid}, 201
 
 
@@ -247,7 +252,7 @@ def create_vm(name, vm_type, user_id, password="no", vm_user="", main_ssh_key="n
 When the VM is up, the password, vm user name and ssh key are set up
 """
 def config_vm(vmid, node, password, vm_user,main_ssh_key, ip):
-    
+    print("configuring vm")
     sync = False
     vm = proxmox.nodes(node).qemu(vmid)
     while not sync:  # Synchronisation
@@ -268,11 +273,11 @@ def config_vm(vmid, node, password, vm_user,main_ssh_key, ip):
             cipassword=password
         )
     except Exception as e:
+        logging.error("Problem in create_vm(" + str(vmid) + ") when setting password: " + str(e))
+        print("Problem in create_vm(" + str(vmid) + ") when setting password: " + str(e))
         delete_from_db(vmid)
         delete_from_proxmox(vmid, node)
         util.update_vm_state(vmid,"An error occured while setting your password (vmid ="+str(vmid) +")", errorCode=500)
-        logging.error("Problem in create_vm(" + str(vmid) + ") when setting password: " + str(e))
-        print("Problem in create_vm(" + str(vmid) + ") when setting password: " + str(e))
 
 
     try:
diff --git a/backend/test/test_vm_creation_form.py b/backend/test/test_vm_creation_form.py
index 14410b8..b7c6a04 100644
--- a/backend/test/test_vm_creation_form.py
+++ b/backend/test/test_vm_creation_form.py
@@ -2,34 +2,81 @@
 from proxmox_api import proxmox
 from test.conftest import *
 from proxmox_api.db import db_functions
+from proxmoxer import ProxmoxAPI
 
+def fake_next_available_vmid():
+        return "999"
 
+def fake_set_new_vm_ip(next_vmid, node):
+    return "127.0.0.1"
 
+def fake_load_balance_server():
+    return {'server' :'wammu'},201
+def fake_proxmox_clone_vm(name, newid,target, full):
+    return True 
 
-def test_creation_for_new_user(monkeypatch,init_user_database, init_vm_database, proxmoxAPI):
-    """Test case for creation of VM by a new user
-    The creation does not concern proxmox
-    """
+def fake_vm_config(vmid, node, password, vm_usermain_ssh_key, ip):
+    return True
+def fake_check_update_cotisation(user_id):
+    return {"freezeState": "1"}, 200
 
-    node = "wammu"
 
-    def fake_next_available_vmid():
-        return "999"
 
-    def fake_set_new_vm_ip(next_vmid, node):
-        return "127.0.0.1"
+def fake_config_vm(next_vmid, node, password, vm_user, main_ssh_key,ip):
+    return True
+
+class _ProxmoxAPIRessources:
+    def __init__(self):
+        pass
+
+    def get(*args, **kwargs):
+        return [{"vmid": "10003", "node":"kars"}]
+
+class _ProxmoxAPIcluster:
+    def __init__(self):
+        pass
+
+    resources = _ProxmoxAPIRessources()
+
+
+class _ProxmoxAPIClone:
+    def __init__(self):
+        pass
+
+    def create(*args, **kwargs):
+        return True
+class _ProxmoxAPIQemu:
+    clone = _ProxmoxAPIClone()
+    def __init__(self):
+        pass
+
+
+class _ProxmoxAPINode:
+    def __init__(self):
+        pass
+
+    def qemu(self, vmid):
+        return _ProxmoxAPIQemu()
     
-    def fake_load_balance_server():
-        return {'server' :'wammu'},201
 
-    def fake_proxmox_clone_vm(name, newid,target, full):
-        return True 
+class _ProxmoxAPI:
+    def __init__(self, node, monkeypatch):
+        pass
+    cluster = _ProxmoxAPIcluster()
+
+    def nodes(self, node):
+        return _ProxmoxAPINode()
+
+
     
-    def fake_vm_config(vmid, node, password, vm_user,main_ssh_key, ip):
-        return True
 
-    def fake_check_update_cotisation(user_id):
-        return {"freezeState": "1"}, 200
+
+def test_creation_for_new_user(monkeypatch,init_user_database, init_vm_database):
+    """Test case for creation of VM by a new user
+    The creation does not concern proxmox
+    """
+
+    node = "wammu"
     
     
 
@@ -40,10 +87,20 @@ def fake_check_update_cotisation(user_id):
         # Mocking 
         monkeypatch.setattr(proxmox, 'next_available_vmid', fake_next_available_vmid)
         monkeypatch.setattr(proxmox, 'set_new_vm_ip', fake_set_new_vm_ip)
-        monkeypatch.setattr(proxmoxAPI.nodes("wammu").qemu(10003).clone, 'create', fake_proxmox_clone_vm)
+        
+        """proxmoxapi = ProxmoxAPI(host=configuration.PROXMOX_HOST, user=configuration.PROXMOX_USER
+                     , token_name=configuration.PROXMOX_API_KEY_NAME
+                     , token_value=configuration.PROXMOX_API_KEY, verify_ssl=False)
+"""
+        #monkeypatch.setattr(proxmox.proxmox.nodes("kars").qemu(10003).clone,'create', fake_proxmox_clone_vm)
+        node="kars"
+        proxmox.proxmox = _ProxmoxAPI(node, monkeypatch)
+        
+        #monkeypatch.setattr(proxmox.proxmox, "nodes", lambda self, node: _ProxmoxAPI(node, monkeypatch))
         monkeypatch.setattr(proxmox, 'load_balance_server', fake_load_balance_server)
         monkeypatch.setattr(proxmox, 'config_vm', fake_vm_config)
         monkeypatch.setattr(proxmox, 'check_update_cotisation', fake_check_update_cotisation)
+        monkeypatch.setattr(proxmox, 'config_vm', fake_config_vm)
 
         userId = "new-user6"
         body,status = proxmox.create_vm("INTEGRATION-TEST-VM",  "bare_vm", userId, password="1A#aaaaaaaaa",  vm_user="user", main_ssh_key="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWkpOTUuLKpZEQT2CmEsgZwZzegitYCx/8vHICvv261 fake@key")
@@ -55,7 +112,6 @@ def fake_check_update_cotisation(user_id):
 
     
 
-    
 
 
     

From 4ef4f3f8dcbf14ccba89ccbfbd68747f642b5b5d Mon Sep 17 00:00:00 2001
From: seaweedbrain <seaweedbrain@minet.net>
Date: Sat, 21 Jan 2023 23:50:34 +0100
Subject: [PATCH 29/29] Re-reference proxmox.proxmox when the test ends

---
 backend/test/test_vm_creation_form.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/backend/test/test_vm_creation_form.py b/backend/test/test_vm_creation_form.py
index b7c6a04..8fa22a3 100644
--- a/backend/test/test_vm_creation_form.py
+++ b/backend/test/test_vm_creation_form.py
@@ -94,6 +94,7 @@ def test_creation_for_new_user(monkeypatch,init_user_database, init_vm_database)
 """
         #monkeypatch.setattr(proxmox.proxmox.nodes("kars").qemu(10003).clone,'create', fake_proxmox_clone_vm)
         node="kars"
+        realProxmox = proxmox.proxmox
         proxmox.proxmox = _ProxmoxAPI(node, monkeypatch)
         
         #monkeypatch.setattr(proxmox.proxmox, "nodes", lambda self, node: _ProxmoxAPI(node, monkeypatch))
@@ -104,6 +105,7 @@ def test_creation_for_new_user(monkeypatch,init_user_database, init_vm_database)
 
         userId = "new-user6"
         body,status = proxmox.create_vm("INTEGRATION-TEST-VM",  "bare_vm", userId, password="1A#aaaaaaaaa",  vm_user="user", main_ssh_key="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWkpOTUuLKpZEQT2CmEsgZwZzegitYCx/8vHICvv261 fake@key")
+        proxmox.proxmox = realProxmox
         assert status == 201
         userVms = db_functions.get_vm_list(user_id=userId)
         assert len(userVms) == 1