def test_user_in_url_resource(self, has_user_in_resource):
     user = factories.UserFactory(username='******')
     request = self._create_request(
         user,
         username_in_resource=user.username if has_user_in_resource else 'another_user',
     )
     self.assertEqual(permissions.IsUserInUrl().has_permission(request, None), has_user_in_resource)
Beispiel #2
0
 def setUp(self):
     super(SessionAuthenticationAllowInactiveUserTests, self).setUp()
     self.user = factories.UserFactory(email='inactive',
                                       username='******',
                                       password='******',
                                       is_active=False)
     self.request = RequestFactory().get('/')
Beispiel #3
0
    def test_authenticate_credentials_user_attributes_new_mergeable_attributes(
            self):
        """ Test whether the user model is being assigned all custom fields from the payload. """

        username = '******'
        email = '*****@*****.**'
        new_tags = {'browser': 'Chrome'}

        user = factories.UserFactory(email=email,
                                     username=username,
                                     is_staff=False)
        self.assertEqual(user.email, email)
        self.assertFalse(user.is_staff)

        payload = {
            'username': username,
            'email': email,
            'is_staff': True,
            'tags': new_tags
        }

        # Patch get_or_create so that our tags attribute is on the user object
        with mock.patch(
                'edx_rest_framework_extensions.auth.jwt.authentication.get_user_model'
        ) as mock_get_user_model:
            mock_get_user_model().objects.get_or_create.return_value = (user,
                                                                        False)

            user = JwtAuthentication().authenticate_credentials(payload)
        self.assertEqual(user.tags, new_tags)
        self.assertEqual(user.email, email)
        self.assertTrue(user.is_staff)
Beispiel #4
0
 def test_has_permission(self, has_permission):
     """ Verify the method only returns True if the user is a superuser. """
     request = RequestFactory().get('/')
     request.user = factories.UserFactory(is_superuser=has_permission)
     permission = IsSuperuser()
     self.assertEqual(permission.has_permission(request, None),
                      has_permission)
Beispiel #5
0
    def assert_user_authenticated(self):
        """ Assert a user can be authenticated with a bearer token. """
        user = factories.UserFactory()
        self.mock_user_info_response(username=user.username)

        request = self.create_authenticated_request()
        self.assertEqual(self.auth.authenticate(request),
                         (user, self.DEFAULT_TOKEN))
Beispiel #6
0
    def test_authenticate_user_creation_with_existing_user(self):
        """ Verify an existing user is returned, if the user already exists. """
        user = factories.UserFactory(username=USER_INFO['username'])
        self.mock_user_info_response()
        request = self.create_authenticated_request()
        actual_user, actual_token = self.auth.authenticate(request)

        self.assertEqual(actual_token, self.DEFAULT_TOKEN)
        self.assertEqual(actual_user, user)
    def test_has_permission(self, permission_class, authentication_class, is_restricted):
        request = RequestFactory().get('/')
        request.successful_authenticator = authentication_class() if authentication_class else None
        request.user = factories.UserFactory()
        request.auth = generate_jwt(request.user, is_restricted=is_restricted)

        is_jwt_auth_subclass = issubclass(type(request.successful_authenticator), JSONWebTokenAuthentication)

        has_permission = permission_class().has_permission(request, view=None)
        expected_restricted_permission = is_restricted and is_jwt_auth_subclass
        if permission_class == permissions.JwtRestrictedApplication:
            self.assertEqual(has_permission, expected_restricted_permission)
        else:
            self.assertEqual(has_permission, not expected_restricted_permission)
    def test_resource_takes_precedence_over_param(self):
        user = factories.UserFactory(username='******')
        request = self._create_request(
            user,
            username_in_resource='another_user',
            username_in_param='this_user',
        )
        self.assertFalse(permissions.IsUserInUrl().has_permission(request, None))

        request = self._create_request(
            user,
            username_in_resource='this_user',
            username_in_param='another_user',
        )
        self.assertTrue(permissions.IsUserInUrl().has_permission(request, None))
Beispiel #9
0
    def test_authenticate_credentials_user_attributes_custom_attributes(self):
        """ Test whether the user model is being assigned all custom fields from the payload. """

        username = '******'
        old_email = '*****@*****.**'
        new_email = '*****@*****.**'

        user = factories.UserFactory(email=old_email, username=username, is_staff=False)
        self.assertEqual(user.email, old_email)
        self.assertFalse(user.is_staff)

        payload = {'username': username, 'email': new_email, 'is_staff': True}

        user = JwtAuthentication().authenticate_credentials(payload)
        self.assertEqual(user.email, new_email)
        self.assertTrue(user.is_staff)
Beispiel #10
0
    def test_authenticate_credentials_user_updates_default_attributes(self):
        """ Test whether the user model is being assigned default fields from the payload. """

        username = '******'
        old_email = '*****@*****.**'
        new_email = '*****@*****.**'

        user = factories.UserFactory(email=old_email, username=username, is_staff=False)
        self.assertEqual(user.email, old_email)
        self.assertFalse(user.is_staff)

        payload = {'username': username, 'email': new_email, 'is_staff': True}

        user = JwtAuthentication().authenticate_credentials(payload)
        self.assertEqual(user.email, new_email)
        self.assertFalse(user.is_staff)
Beispiel #11
0
    def test_get_decoded_jwt_from_auth(self, is_jwt_authentication):
        """ Verify get_decoded_jwt_from_auth returns the appropriate value. """

        # Mock out the `is_jwt_authenticated` method
        authentication.is_jwt_authenticated = lambda request: is_jwt_authentication

        user = factories.UserFactory()
        payload = generate_latest_version_payload(user)
        jwt = generate_jwt_token(payload)
        mock_request_with_cookie = mock.Mock(COOKIES={}, auth=jwt)

        expected_decoded_jwt = jwt_decode_handler(
            jwt) if is_jwt_authentication else None

        decoded_jwt = authentication.get_decoded_jwt_from_auth(
            mock_request_with_cookie)
        self.assertEqual(expected_decoded_jwt, decoded_jwt)
Beispiel #12
0
    def test_authenticate_credentials_user_attributes_merge_attributes(self):
        """ Test whether the user model is being assigned all custom fields from the payload. """

        username = '******'
        email = '*****@*****.**'
        old_tags = {'country': 'USA', 'browser': 'Firefox'}
        new_tags = {'browser': 'Chrome', 'new_attr': 'here!'}
        new_fun_attr = {'shiny': 'object'}
        expected_tags = {
            'country': 'USA',
            'browser': 'Chrome',
            'new_attr': 'here!'
        }
        old_fruit = {'fruit': 'apple'}

        user = factories.UserFactory(email=email,
                                     username=username,
                                     is_staff=False)
        setattr(user, 'tags', old_tags)
        setattr(user, 'fruit', old_fruit)
        self.assertEqual(user.email, email)
        self.assertFalse(user.is_staff)
        self.assertEqual(user.tags, old_tags)
        self.assertEqual(user.fruit, old_fruit)

        payload = {
            'username': username,
            'email': email,
            'is_staff': True,
            'tags': new_tags,
            'fun_attr': new_fun_attr
        }

        # Patch get_or_create so that our tags attribute is on the user object
        with mock.patch(
                'edx_rest_framework_extensions.auth.jwt.authentication.get_user_model'
        ) as mock_get_user_model:
            mock_get_user_model().objects.get_or_create.return_value = (user,
                                                                        False)

            user = JwtAuthentication().authenticate_credentials(payload)
        self.assertEqual(user.tags, expected_tags)
        self.assertEqual(user.email, email)
        self.assertTrue(user.is_staff)
        self.assertEqual(user.fun_attr, new_fun_attr)
        self.assertEqual(user.fruit, old_fruit)
Beispiel #13
0
 def _get_test_jwt_token(self):
     """ Returns a user and jwt token """
     user = factories.UserFactory()
     payload = generate_latest_version_payload(user)
     jwt_token = generate_jwt_token(payload)
     return jwt_token
Beispiel #14
0
 def test_authenticate_inactive_user(self):
     """ If the user matching the access token is inactive, the method should raise an exception. """
     user = factories.UserFactory(is_active=False)
     self.mock_user_info_response(username=user.username)
     self.assert_authentication_failed()
Beispiel #15
0
 def test_superuser_has_permission(self, has_permission):
     request = RequestFactory().get('/')
     request.user = factories.UserFactory(is_superuser=has_permission)
     permission = permissions.IsSuperuser()
     self.assertEqual(permission.has_permission(request, None),
                      has_permission)
Beispiel #16
0
 def test_has_permission(self, is_staff):
     request = RequestFactory().get('/')
     request.user = factories.UserFactory(is_staff=is_staff)
     self.assertEqual(permissions.IsStaff().has_permission(request, None),
                      is_staff)
Beispiel #17
0
 def setUp(self):
     super().setUp()
     self.user = factories.UserFactory(
         email='inactive', username='******', password='******', is_active=False
     )
     self.request = RequestFactory().get('/')