def test_request_auth_type_guess_session_attribute(
            self, mock_set_custom_attribute):
        self.request.user = UserFactory()

        self.middleware.process_response(self.request, None)
        mock_set_custom_attribute.assert_any_call('request_auth_type_guess',
                                                  'session-or-other')
    def test_authenticated_superuser(self, mock_set_custom_attribute):
        self.request.user = UserFactory(is_superuser=True)
        self.middleware.process_request(self.request)
        self.middleware.process_response(self.request, None)

        mock_set_custom_attribute.assert_any_call(
            'request_is_staff_or_superuser', 'superuser')
    def test_request_auth_type_guess_token_attribute(
            self, token, expected_token_type, mock_set_custom_attribute):
        self.request.user = UserFactory()
        self.request.META['HTTP_AUTHORIZATION'] = token

        self.middleware.process_response(self.request, None)
        mock_set_custom_attribute.assert_any_call('request_auth_type_guess',
                                                  expected_token_type)
    def test_authenticated_user_found_in_process_view(
            self, mock_set_custom_attribute):
        self.request.user = UserFactory()
        self.middleware.process_view(self.request, None, None, None)
        self.middleware.process_response(self.request, None)

        mock_set_custom_attribute.assert_any_call(
            'request_authenticated_user_found_in_middleware', 'process_view')
    def test_request_auth_type_guess_jwt_cookie_attribute(
            self, mock_set_custom_attribute):
        self.request.user = UserFactory()
        self.request.META[USE_JWT_COOKIE_HEADER] = True
        self.request.COOKIES[jwt_cookie_name()] = 'reconstituted-jwt-cookie'

        self.middleware.process_response(self.request, None)
        mock_set_custom_attribute.assert_any_call('request_auth_type_guess',
                                                  'jwt-cookie')
    def test_authenticated_standard_user(self, mock_set_custom_attribute):
        self.request.user = UserFactory()
        self.middleware.process_request(self.request)
        self.middleware.process_response(self.request, None)

        attributes_called_with = [
            c[0] for c in mock_set_custom_attribute.call_args_list
        ]
        assert 'request_is_staff_or_superuser' not in attributes_called_with
    def test_request_user_id_attribute_with_exception(
            self, mock_set_custom_attribute):
        self.request.user = UserFactory()

        self.middleware.process_exception(self.request, None)
        mock_set_custom_attribute.assert_any_call('request_user_id',
                                                  self.request.user.id)
        mock_set_custom_attribute.assert_any_call(
            'request_authenticated_user_found_in_middleware',
            'process_exception')
    def test_get_decoded_jwt_from_existing_cookie(self):
        user = UserFactory()
        payload = generate_latest_version_payload(user)
        jwt = generate_jwt_token(payload)
        expected_decoded_jwt = jwt_decode_handler(jwt)

        mock_request_with_cookie = mock.Mock(COOKIES={'edx-jwt-cookie': jwt})

        decoded_jwt = cookies.get_decoded_jwt(mock_request_with_cookie)
        self.assertEqual(expected_decoded_jwt, decoded_jwt)
Beispiel #9
0
 def test_get_token(self):
     """
     Ensure we can get a CSRF token.
     """
     url = reverse('csrf_token')
     user = UserFactory()
     jwt = generate_jwt(user)
     self.client.credentials(HTTP_AUTHORIZATION='JWT {}'.format(jwt))
     response = self.client.get(url, format='json')
     self.assertEqual(response.status_code, status.HTTP_200_OK)
     self.assertIn('csrfToken', response.data)
Beispiel #10
0
    def authenticate(self, request):
        if request.COOKIES.get(jwt_cookie_name(), None) != 'header.payload.signature':
            return None

        # authenticate was failing on POST calls because it previously wasn't passing the
        # supported parsers into the new Request object. This retrieval of POST data
        # simulates the CSRF POST data checks in the non-test authenticate method. This
        # line lets us verify that the parsers are being correctly passed to the request
        request.POST.get('csrfmiddlewaretoken', '')

        user = UserFactory()
        return (user, None)
    def test_authenticated_user_found_is_properly_reset(
            self, mock_set_custom_attribute):
        # set user before process_request
        self.request.user = UserFactory()
        self.middleware.process_request(self.request)
        self.middleware.process_response(self.request, None)

        mock_set_custom_attribute.assert_any_call(
            'request_authenticated_user_found_in_middleware',
            'process_request')

        # set up new request and set user before process_response
        mock_set_custom_attribute.reset_mock()
        RequestCache.clear_all_namespaces()
        self.request = RequestFactory().get('/')
        self.request.user = UserFactory()
        self.middleware.process_response(self.request, None)

        mock_set_custom_attribute.assert_any_call(
            'request_authenticated_user_found_in_middleware',
            'process_response')
 def setUp(self):
     super(JwtHasContentOrgFilterForRequestedCourseTests, self).setUp()
     self.user = UserFactory()
 def setUp(self):
     super(JwtHasScopeTests, self).setUp()
     self.user = UserFactory()
Beispiel #14
0
    def test_request_auth_type_session_metric(self, mock_set_custom_metric):
        self.request.user = UserFactory()

        self.middleware.process_response(self.request, None)
        mock_set_custom_metric.assert_called_once_with('request_auth_type',
                                                       'session-or-unknown')
 def setUp(self):
     super().setUp()
     self.user = UserFactory()
     self.payload = generate_latest_version_payload(self.user)
     self.jwt = generate_jwt_token(self.payload)
 def setUp(self):
     super(HasScopedTokenTests, self).setUp()
     self.user = UserFactory()
     self.payload = generate_jwt_payload(self.user)
     self.jwt = generate_jwt_token(self.payload)
     self.filters = {'content_org': ['edX', 'Microsoft'], 'user': ['me']}
Beispiel #17
0
 def _create_request(self, user_filters, requested_username):
     url = f'/?username={requested_username}'
     request = RequestFactory().get(url)
     request.user = UserFactory(username='******')
     request.auth = generate_jwt(request.user, filters=user_filters)
     return request
Beispiel #18
0
 def setUp(self):
     super(JWTDecodeHandlerTests, self).setUp()
     self.user = UserFactory()
     self.payload = generate_latest_version_payload(self.user)
     self.jwt = generate_jwt_token(self.payload)
Beispiel #19
0
 def setUp(self):
     super(IsTokenVersionIncompatibleTests, self).setUp()
     self.user = UserFactory()
     self.payload = generate_jwt_payload(self.user)
     self.jwt = generate_jwt_token(self.payload)
     self.decoded_token = utils.jwt_decode_handler(self.jwt)
Beispiel #20
0
 def setUp(self):
     super().setUp()
     self.user = UserFactory()
 def authenticate(self, request):
     if request.COOKIES.get(jwt_cookie_name(),
                            None) != 'header.payload.signature':
         return None
     user = UserFactory()
     return (user, None)
Beispiel #22
0
 def _create_user(self, is_staff=False):
     return UserFactory(username='******', is_staff=is_staff)
Beispiel #23
0
    def test_request_user_id_metric(self, mock_set_custom_metric):
        self.request.user = UserFactory()

        self.middleware.process_response(self.request, None)
        mock_set_custom_metric.assert_any_call('request_user_id', self.request.user.id)