Beispiel #1
0
    def setUp(self):
        self.factory = django.test.RequestFactory()
        try:
            self.alice = self.create_user('alice', 'password')
            self.bob = self.create_user('bob', 'password')
        except IntegrityError:
            self.skipTest("Unable to create a test user.")
        else:
            for user in [self.alice, self.bob]:
                device = user.staticdevice_set.create()
                device.token_set.create(token=user.get_username())

        self.middleware = OTPMiddleware()
Beispiel #2
0
    def __init__(self,
                 user=None,
                 session_id=None,
                 has_otp=False,
                 has_sudo=False):
        super(MockRequest, self).__init__()
        self.method = "GET"

        if user is None:
            self.user = AnonymousUser()
        else:
            self.user = user

        session = SessionMiddleware()
        self.session = session.SessionStore(session_id)
        self._messages = SessionStorage(self)
        self.META = {"REMOTE_ADDR": "127.0.0.1"}

        # sudo
        ElevateMiddleware(lambda x: x)(self)
        if has_sudo:
            grant_sudo(self)

        # otp
        if has_otp:
            grant_otp(self, self.user)
        OTPMiddleware(lambda x: x)(self)
Beispiel #3
0
    def get_xform_ids(self, request):
        if 'select_all' in self.request.POST:
            # Altough evaluating form_ids and sending to task would be cleaner,
            # heavier calls should be in an async task instead
            import six.moves.urllib.request, six.moves.urllib.parse, six.moves.urllib.error
            form_query_string = six.moves.urllib.parse.unquote(self.request.POST.get('select_all'))
            from django.http import HttpRequest, QueryDict
            from django_otp.middleware import OTPMiddleware

            _request = HttpRequest()
            _request.couch_user = request.couch_user
            _request.user = request.couch_user.get_django_user()
            _request.domain = self.domain
            _request.couch_user.current_domain = self.domain
            _request.can_access_all_locations = request.couch_user.has_permission(self.domain,
                                                                                  'access_all_locations')
            _request.always_allow_project_access = True
            _request.session = request.session

            _request.GET = QueryDict(form_query_string)
            OTPMiddleware().process_request(_request)

            dispatcher = EditDataInterfaceDispatcher()
            xform_ids = dispatcher.dispatch(
                _request,
                render_as='form_ids',
                domain=self.domain,
                report_slug=BulkFormManagementInterface.slug,
                skip_permissions_check=True,
            )
        else:
            xform_ids = self.request.POST.getlist('xform_ids')

        return xform_ids
Beispiel #4
0
def init_otp(request):
    """
    Initialize OTP after login. This sets up OTP devices
    for django_otp and calls the middleware to fill
    request.user.is_verified().
    """

    tdev = TOTPDevice(user=request.user, name='TOTP device with LDAP secret')
    try:
        tdev.save()
    except IntegrityError:
        tdev = TOTPDevice.objects.get(user=request.user)

    sdev = SOTPDevice(user=request.user, name='SOTP device with LDAP secret')
    try:
        sdev.save()
    except IntegrityError:
        pass

    # if OTP is disabled, it will match already
    if tdev.verify_token():
        otp_login(request, tdev)

    # add .is_verified()
    OTPMiddleware().process_request(request)
Beispiel #5
0
 def create_request(cls, request_url, username, password):
     # Initialize request
     request = Client().get(request_url).wsgi_request
     # Create user
     request.user = get_user_model().objects.create_user(username=username,
                                                         email=username,
                                                         password=password)
     # Create couch user
     request.couch_user = CouchUser()
     # Login
     assert Client().login(username=username, password=password)
     # Activate middleware
     OTPMiddleware().process_request(request)
     return request
Beispiel #6
0
class OTPMiddlewareTestCase(TestCase):
    def setUp(self):
        self.factory = django.test.RequestFactory()
        try:
            self.alice = self.create_user('alice', 'password')
            self.bob = self.create_user('bob', 'password')
        except IntegrityError:
            self.skipTest("Unable to create a test user.")
        else:
            for user in [self.alice, self.bob]:
                device = user.staticdevice_set.create()
                device.token_set.create(token=user.get_username())

        self.middleware = OTPMiddleware()

    def test_verified(self):
        request = self.factory.get('/')
        request.user = self.alice
        device = self.alice.staticdevice_set.get()
        request.session = {
            DEVICE_ID_SESSION_KEY: device.persistent_id
        }

        self.middleware.process_request(request)

        self.assertTrue(request.user.is_verified())

    def test_verified_legacy_device_id(self):
        request = self.factory.get('/')
        request.user = self.alice
        device = self.alice.staticdevice_set.get()
        request.session = {
            DEVICE_ID_SESSION_KEY: '{}.{}/{}'.format(
                device.__module__, device.__class__.__name__, device.id
            )
        }

        self.middleware.process_request(request)

        self.assertTrue(request.user.is_verified())

    def test_unverified(self):
        request = self.factory.get('/')
        request.user = self.alice
        request.session = {}

        self.middleware.process_request(request)

        self.assertFalse(request.user.is_verified())

    def test_no_device(self):
        request = self.factory.get('/')
        request.user = self.alice
        request.session = {
            DEVICE_ID_SESSION_KEY: 'otp_static.staticdevice/0',
        }

        self.middleware.process_request(request)

        self.assertFalse(request.user.is_verified())

    def test_no_model(self):
        request = self.factory.get('/')
        request.user = self.alice
        request.session = {
            DEVICE_ID_SESSION_KEY: 'otp_bogus.bogusdevice/0',
        }

        self.middleware.process_request(request)

        self.assertFalse(request.user.is_verified())

    def test_wrong_user(self):
        request = self.factory.get('/')
        request.user = self.alice
        device = self.bob.staticdevice_set.get()
        request.session = {
            DEVICE_ID_SESSION_KEY: device.persistent_id
        }

        self.middleware.process_request(request)

        self.assertFalse(request.user.is_verified())

    def test_pickling(self):
        request = self.factory.get('/')
        request.user = self.alice
        device = self.alice.staticdevice_set.get()
        request.session = {
            DEVICE_ID_SESSION_KEY: device.persistent_id
        }

        self.middleware.process_request(request)

        # Should not raise an exception.
        pickle.dumps(request.user)