def test_authdata_token_credential_lookup_success(self):
# Create an authdata token Credential for Bob.
now = datetime.datetime.utcnow()
token, ignore = Credential.persistent_token_create(
self._db, self.data_source, self.model.AUTHDATA_TOKEN_TYPE,
self.bob_patron)
# The token is persistent.
eq_(None, token.expires)
# Use that token to perform a lookup of Bob's Adobe Vendor ID
# UUID.
urn, label = self.model.authdata_lookup(token.credential)
# There is now an anonymized identifier associated with Bob's
# patron account.
internal = DataSource.lookup(self._db, DataSource.INTERNAL_PROCESSING)
bob_anonymized_identifier = Credential.lookup(
self._db, internal,
AuthdataUtility.ADOBE_ACCOUNT_ID_PATRON_IDENTIFIER,
self.bob_patron, None)
# That anonymized identifier is associated with a
# DelegatedPatronIdentifier whose delegated_identifier is a
# UUID.
[bob_delegated_patron_identifier
] = self._db.query(DelegatedPatronIdentifier).filter(
DelegatedPatronIdentifier.patron_identifier ==
bob_anonymized_identifier.credential).all()
# That UUID is the one returned by authdata_lookup.
eq_(urn, bob_delegated_patron_identifier.delegated_identifier)
def test_authdata_lookup_failure_wrong_token(self):
# Bob has an authdata token.
token, ignore = Credential.persistent_token_create(
self._db, self.data_source, self.model.AUTHDATA_TOKEN_TYPE,
self.bob_patron)
# But we look up a different token and get nothing.
urn, label = self.model.authdata_lookup("nosuchauthdata")
eq_(None, urn)
eq_(None, label)
def test_smuggled_authdata_credential_success(self):
# Bob's client has created a persistent token to authenticate him.
now = datetime.datetime.utcnow()
token, ignore = Credential.persistent_token_create(
self._db, self.data_source, self.model.AUTHDATA_TOKEN_TYPE,
self.bob_patron
)
# But Bob's client can't trigger the operation that will cause
# Adobe to authenticate him via that token, so it passes in
# the token credential as the 'username' and leaves the
# password blank.
urn, label = self.model.standard_lookup(
dict(username=token.credential)
)
# There is now an anonymized identifier associated with Bob's
# patron account.
internal = DataSource.lookup(self._db, DataSource.INTERNAL_PROCESSING)
bob_anonymized_identifier = Credential.lookup(
self._db, internal,
AuthdataUtility.ADOBE_ACCOUNT_ID_PATRON_IDENTIFIER,
self.bob_patron, None
)
# That anonymized identifier is associated with a
# DelegatedPatronIdentifier whose delegated_identifier is a
# UUID.
[bob_delegated_patron_identifier] = self._db.query(
DelegatedPatronIdentifier).filter(
DelegatedPatronIdentifier.patron_identifier
==bob_anonymized_identifier.credential
).all()
# That UUID is the one returned by standard_lookup.
eq_(urn, bob_delegated_patron_identifier.delegated_identifier)
# A future attempt to authenticate with the token will succeed.
urn, label = self.model.standard_lookup(
dict(username=token.credential)
)
eq_(urn, bob_delegated_patron_identifier.delegated_identifier)
def create_authdata(self, patron):
credential, is_new = Credential.persistent_token_create(
self._db, self.data_source, self.AUTHDATA_TOKEN_TYPE, patron)
return credential
