def test_oauth_redir_azure(self):
from django_auth_adfs.config import django_settings
settings = deepcopy(django_settings)
del settings.AUTH_ADFS["SERVER"]
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
with patch("django_auth_adfs.config.django_settings", settings), \
patch("django_auth_adfs.config.settings", Settings()), \
patch("django_auth_adfs.views.provider_config", ProviderConfig()):
response = self.client.get("/oauth2/login?next=/test/")
self.assertEqual(response.status_code, 302)
redir = urlparse(response["Location"])
qs = parse_qs(redir.query)
sq_expected = {
'scope': ['openid'],
'client_id': ['your-configured-client-id'],
'state': ['L3Rlc3Qv'],
'response_type': ['code'],
'resource': ['your-adfs-RPT-name'],
'redirect_uri': ['http://testserver/oauth2/callback']
}
self.assertEqual(redir.scheme, 'https')
self.assertEqual(redir.hostname, 'login.microsoftonline.com')
self.assertEqual(
redir.path.rstrip("/"),
'/01234567-89ab-cdef-0123-456789abcdef/oauth2/authorize')
self.assertEqual(qs, sq_expected)
def test_access_token_azure(self):
access_token_header = "Bearer {}".format(self.access_token_azure)
request = RequestFactory().get('/api',
HTTP_AUTHORIZATION=access_token_header)
with patch("django_auth_adfs.config.settings", Settings()):
provider_config = ProviderConfig()
with patch("django_auth_adfs.adfs.provider_config", provider_config),\
patch("django_auth_adfs.backend.provider_config", provider_config):
user, token = self.drf_auth_class.authenticate(request)
self.assertEqual(user.username, "testuser")
def test_with_auth_code_azure(self):
with patch("django_auth_adfs.config.settings.TENANT_ID", "dummy_tenant_id"):
with patch("django_auth_adfs.backend.provider_config", ProviderConfig()):
backend = AdfsBackend()
user = backend.authenticate(self.request, authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 2)
self.assertEqual(user.groups.all()[0].name, "group1")
self.assertEqual(user.groups.all()[1].name, "group2")
def test_access_callback_azure(self):
request = APIRequestFactory().get(
'/api/oauth2/callback?code=%3Ccode%3E')
with patch("django_auth_adfs.config.settings", Settings()):
provider_config = ProviderConfig()
with patch("django_auth_adfs.adfs.provider_config", provider_config),\
patch("django_auth_adfs.backend.provider_config", provider_config):
response = views.OAuth2CallbackAPIView().dispatch(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data['access_token'],
self.access_token_azure)
self.assertEqual(response.data['refresh_token'],
'random_refresh_token')
def test_access_token_azure(self):
access_token_header = "Bearer {}".format(self.access_token_azure)
request = RequestFactory().get('/api',
HTTP_AUTHORIZATION=access_token_header)
from django_auth_adfs.config import django_settings
settings = deepcopy(django_settings)
del settings.AUTH_ADFS["SERVER"]
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
with patch("django_auth_adfs.config.django_settings", settings):
with patch("django_auth_adfs.config.settings", Settings()):
with patch("django_auth_adfs.backend.provider_config",
ProviderConfig()):
user, token = self.drf_auth_class.authenticate(request)
self.assertEqual(user.username, "testuser")
def test_with_auth_code_azure_guest_block(self):
from django_auth_adfs.config import django_settings
settings = deepcopy(django_settings)
del settings.AUTH_ADFS["SERVER"]
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
settings.AUTH_ADFS["BLOCK_GUEST_USERS"] = True
# Patch audience since we're patching django_auth_adfs.backend.settings to load Settings() as well
settings.AUTH_ADFS["AUDIENCE"] = 'microsoft:identityserver:your-RelyingPartyTrust-identifier'
with patch("django_auth_adfs.config.django_settings", settings):
with patch('django_auth_adfs.backend.settings', Settings()):
with patch("django_auth_adfs.config.settings", Settings()):
with patch("django_auth_adfs.backend.provider_config", ProviderConfig()):
with self.assertRaises(PermissionDenied, msg=''):
backend = AdfsAuthCodeBackend()
_ = backend.authenticate(self.request, authorization_code="dummycode")
def test_refresh_token_azure(self):
access_token_header = "Bearer {}".format(self.access_token_azure)
request = APIRequestFactory().get(
'/api/oauth2/refresh?token=%3Crefresh_token%3E',
HTTP_AUTHORIZATION=access_token_header)
with patch("django_auth_adfs.config.settings", Settings()):
provider_config = ProviderConfig()
with patch("django_auth_adfs.adfs.provider_config", provider_config),\
patch("django_auth_adfs.backend.provider_config", provider_config):
response = views.OAuth2RefreshTokenAPIView().dispatch(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data['access_token'],
self.access_token_azure)
self.assertEqual(response.data['refresh_token'],
'random_refresh_token')
def test_with_auth_code_azure(self):
from django_auth_adfs.config import django_settings
settings = deepcopy(django_settings)
del settings.AUTH_ADFS["SERVER"]
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
with patch("django_auth_adfs.config.django_settings", settings):
with patch("django_auth_adfs.config.settings", Settings()):
with patch("django_auth_adfs.backend.provider_config", ProviderConfig()):
backend = AdfsBackend()
user = backend.authenticate(self.request, authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 2)
self.assertEqual(user.groups.all()[0].name, "group1")
self.assertEqual(user.groups.all()[1].name, "group2")
def test_access_token_azure_guest(self):
access_token_header = "Bearer {}".format(self.access_token_azure_guest)
request = RequestFactory().get('/api',
HTTP_AUTHORIZATION=access_token_header)
from django_auth_adfs.config import django_settings
settings = deepcopy(django_settings)
del settings.AUTH_ADFS["SERVER"]
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
settings.AUTH_ADFS["BLOCK_GUEST_USERS"] = True
with patch("django_auth_adfs.config.django_settings", settings):
with patch('django_auth_adfs.backend.settings', Settings()):
with patch("django_auth_adfs.config.settings", Settings()):
with patch("django_auth_adfs.backend.provider_config",
ProviderConfig()):
with self.assertRaises(AuthenticationFailed):
user, token = self.drf_auth_class.authenticate(
request)
def test_access_token_azure_guest_but_no_upn(self):
access_token_header = "Bearer {}".format(
self.access_token_azure_guest_no_upn)
request = RequestFactory().get('/api',
HTTP_AUTHORIZATION=access_token_header)
from django_auth_adfs.config import django_settings
settings = deepcopy(django_settings)
del settings.AUTH_ADFS["SERVER"]
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
settings.AUTH_ADFS["GUEST_USERNAME_CLAIM"] = "email"
settings.AUTH_ADFS["BLOCK_GUEST_USERS"] = False
with patch("django_auth_adfs.config.django_settings", settings):
with patch('django_auth_adfs.backend.settings', Settings()):
with patch("django_auth_adfs.config.settings", Settings()):
with patch("django_auth_adfs.backend.provider_config",
ProviderConfig()):
user, token = self.drf_auth_class.authenticate(request)
self.assertEqual(user.username, "*****@*****.**")
def test_version_two_endpoint_calls_correct_url(self):
from django_auth_adfs.config import django_settings
settings = deepcopy(django_settings)
del settings.AUTH_ADFS["SERVER"]
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
settings.AUTH_ADFS["VERSION"] = 'v2.0'
# Patch audience since we're patching django_auth_adfs.backend.settings to load Settings() as well
with patch("django_auth_adfs.config.django_settings", settings):
with patch('django_auth_adfs.backend.settings', Settings()):
with patch("django_auth_adfs.config.settings", Settings()):
with patch("django_auth_adfs.backend.provider_config", ProviderConfig()):
backend = AdfsAuthCodeBackend()
user = backend.authenticate(self.request, authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 2)
self.assertEqual(user.groups.all()[0].name, "group1")
self.assertEqual(user.groups.all()[1].name, "group2")
def test_with_auth_code_azure_guest_no_block(self):
from django_auth_adfs.config import django_settings
settings = deepcopy(django_settings)
del settings.AUTH_ADFS["SERVER"]
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
settings.AUTH_ADFS["BLOCK_GUEST_USERS"] = False
# Patch audience since we're patching django_auth_adfs.backend.settings to load Settings() as well
settings.AUTH_ADFS["AUDIENCE"] = 'microsoft:identityserver:your-RelyingPartyTrust-identifier'
with patch("django_auth_adfs.config.django_settings", settings):
with patch('django_auth_adfs.backend.settings', Settings()):
with patch("django_auth_adfs.config.settings", Settings()):
with patch("django_auth_adfs.backend.provider_config", ProviderConfig()):
backend = AdfsAuthCodeBackend()
user = backend.authenticate(self.request, authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 2)
self.assertEqual(user.groups.all()[0].name, "group1")
self.assertEqual(user.groups.all()[1].name, "group2")
def test_access_token_azure_guest_but_no_upn_but_no_guest_username_claim(
self):
access_token_header = "Bearer {}".format(
self.access_token_azure_guest_no_upn)
request = RequestFactory().get('/api',
HTTP_AUTHORIZATION=access_token_header)
from django_auth_adfs.config import django_settings
settings = deepcopy(django_settings)
del settings.AUTH_ADFS["SERVER"]
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
settings.AUTH_ADFS[
"GUEST_USERNAME_CLAIM"] = None # <--- Set to None, should not be validated as OK
settings.AUTH_ADFS["BLOCK_GUEST_USERS"] = False
with patch("django_auth_adfs.config.django_settings", settings):
with patch('django_auth_adfs.backend.settings', Settings()):
with patch("django_auth_adfs.config.settings", Settings()):
with patch("django_auth_adfs.backend.provider_config",
ProviderConfig()):
with self.assertRaises(
exceptions.AuthenticationFailed):
self.drf_auth_class.authenticate(request)
