def test_failed_verification_returns_none(self):
        request = set_request(uri='/login')
        request.META['SSL_CLIENT_VERIFY'] = 'FAILURE'
        request.META['SSL_CLIENT_RAW_CERT'] = vars.TEST_CERTIFICATE

        u = authenticate(request=request)
        self.assertIs(u, None)
Beispiel #2
0
 def test_get_bound_ldapuser_invalid_password_cleans_up_settings(self):
     request = set_request('/', user=vars.USER_ALICE)
     self.assertRaises(ldap.INVALID_CREDENTIALS, get_bound_ldapuser,
                       request, 'test')
     db_alias = 'ldap_%s' % request.session.cache_key
     self.assertNotIn('USER', settings.DATABASES.get(db_alias, {}))
     self.assertNotIn('PASSWORD', settings.DATABASES.get(db_alias, {}))
Beispiel #3
0
 def test_secondary_password_gets_added_in_ldap(self):
     request = set_request(uri='/', user=vars.USER_ALICE)
     self.assertEqual(len(ldap_users('alice')[1]['userPassword']), 1)
     set_secondary_password(request, 'ldaptest')
     self.assertEqual(len(ldap_users(
         'alice',
         directory=self.ldapobj.directory)[1]['userPassword']), 2)
    def test_unmatched_email_returns_none(self):
        request = set_request(uri='/login')
        request.META['SSL_CLIENT_VERIFY'] = 'SUCCESS'
        request.META['SSL_CLIENT_RAW_CERT'] = vars.TEST_CERTIFICATE_WRONG_EMAIL

        u = authenticate(request=request)
        self.assertIs(u, None)
 def test_incorrect_user_raises_login_failed(self):
     request = set_request(uri='/login',
                           post=vars.LOGIN_WRONG,
                           messages=True)
     response = login(request)
     response.context = RequestContext(request)
     self.assertMessage(response, 'Login failed', 40)
 def test_passwords_dont_match(self):
     _form = vars.SIGNUP_TESTUSER.copy()
     _form["password_verify"] = "wrong"
     request = set_request(uri="/signup", post=_form)
     response = signup(request)
     response.context = RequestContext(request, {"signup_form": SignupForm(request.POST)})
     self.assertFormError(response, "signup_form", "password_verify", "Passwords don't match")
    def test_unmatched_email_returns_none(self):
        request = set_request(uri='/login')
        request.META['SSL_CLIENT_VERIFY'] = 'SUCCESS'
        request.META['SSL_CLIENT_RAW_CERT'] = vars.TEST_CERTIFICATE_WRONG_EMAIL

        u = authenticate(request=request)
        self.assertIs(u, None)
 def test_add_queued_account_to_ldap_prints_success_message(self):
     vars.QUEUEDUSER.save()
     activate_url = "/activate/%s/" % vars.QUEUEDUSER.encrypted_id
     request = set_request(uri=activate_url, messages=True)
     response = activate(request, vars.QUEUEDUSER.encrypted_id)
     response.context = RequestContext(request)
     self.assertMessage(response, "Your account has been activated successfully", 25)
 def test_get_bound_ldapuser_invalid_secondary_password(self):
     secondary_password = Random.get_random_bytes(48)
     request = set_request('/', user=vars.USER_ALICE)
     request.session['secondary_password'] = cipher.encrypt(
         secondary_password)
     self.assertRaises(ldap.INVALID_CREDENTIALS, get_bound_ldapuser,
                       request)
 def test_email_already_exists_in_ldap(self):
     _form = vars.SIGNUP_TESTUSER.copy()
     _form["email"] = "*****@*****.**"
     request = set_request(uri="/signup", post=_form, messages=True)
     response = signup(request)
     response.context = RequestContext(request)
     self.assertMessage(response, "Email already exists", 40)
 def test_no_ldap_connection_raises_error_in_activation(self):
     vars.QUEUEDUSER.save()
     activate_url = "/activate/%s/" % vars.QUEUEDUSER.encrypted_id
     request = set_request(activate_url, messages=True)
     response = activate(request, vars.QUEUEDUSER.encrypted_id)
     response.context = RequestContext(request)
     self.assertMessage(response, "Can't contact LDAP server", 40)
 def test_get_bound_ldapuser_invalid_password_cleans_up_settings(self):
     request = set_request('/', user=vars.USER_ALICE)
     self.assertRaises(ldap.INVALID_CREDENTIALS, get_bound_ldapuser,
                       request, 'test')
     db_alias = 'ldap_%s' % request.session.cache_key
     self.assertNotIn('USER', settings.DATABASES.get(db_alias, {}))
     self.assertNotIn('PASSWORD', settings.DATABASES.get(db_alias, {}))
    def test_failed_verification_returns_none(self):
        request = set_request(uri='/login')
        request.META['SSL_CLIENT_VERIFY'] = 'FAILURE'
        request.META['SSL_CLIENT_RAW_CERT'] = vars.TEST_CERTIFICATE

        u = authenticate(request=request)
        self.assertIs(u, None)
Beispiel #14
0
 def test_queued_account_gets_added_to_ldap(self):
     vars.QUEUEDUSER.save()
     activate_url = '/activate/%s/' % vars.QUEUEDUSER.encrypted_id
     request = set_request(activate_url, messages=True)
     activate(request, vars.QUEUEDUSER.encrypted_id)
     self.assertTrue(
         ldap_users(vars.QUEUEDUSER.username,
                    directory=self.ldapobj.directory))
     ldap_account = ldap_users(vars.QUEUEDUSER.username,
                               directory=self.ldapobj.directory)[1]
     self.assertEqual(ldap_account['objectClass'],
                      settings.AUTH_LDAP_USER_OBJECTCLASS)
     self.assertEqual(ldap_account['sn'][0], vars.QUEUEDUSER.last_name)
     self.assertEqual(
         ldap_account['cn'][0],
         '%s %s' % (vars.QUEUEDUSER.first_name, vars.QUEUEDUSER.last_name))
     self.assertTrue(
         ldap_md5_crypt.verify(vars.QUEUEDUSER.password,
                               ldap_account['userPassword'][0]))
     self.assertEqual(ldap_account['givenName'][0],
                      vars.QUEUEDUSER.first_name)
     self.assertEqual(ldap_account['mail'][0], vars.QUEUEDUSER.email)
     self.assertEqual(ldap_account['uid'][0], vars.QUEUEDUSER.username)
     self.assertEqual(ldap_account['uidNumber'][0], '1002')
     self.assertEqual(ldap_account['gidNumber'][0], '100')
     self.assertEqual(
         ldap_account['gecos'][0],
         '%s %s' % (vars.QUEUEDUSER.first_name, vars.QUEUEDUSER.last_name))
     self.assertEqual(ldap_account['homeDirectory'][0],
                      '/home/%s' % vars.QUEUEDUSER.username)
     self.assertEqual(ldap_account['gentooACL'][0], 'user.group')
Beispiel #15
0
 def test_no_ldap_connection_raises_error_in_signup(self):
     request = set_request(uri='/signup',
                           post=vars.SIGNUP_TESTUSER,
                           messages=True)
     response = signup(request)
     response.context = RequestContext(request)
     self.assertMessage(response, "Can't contact LDAP server", 40)
Beispiel #16
0
 def test_get_bound_ldapuser_invalid_secondary_password(self):
     secondary_password = Random.get_random_bytes(48)
     request = set_request('/', user=vars.USER_ALICE)
     request.session['secondary_password'] = cipher.encrypt(
         secondary_password)
     self.assertRaises(ldap.INVALID_CREDENTIALS, get_bound_ldapuser,
                       request)
Beispiel #17
0
 def test_no_ldap_connection_raises_error_in_activation(self):
     vars.QUEUEDUSER.save()
     activate_url = '/activate/%s/' % vars.QUEUEDUSER.encrypted_id
     request = set_request(activate_url, messages=True)
     response = activate(request, vars.QUEUEDUSER.encrypted_id)
     response.context = RequestContext(request)
     self.assertMessage(response, "Can't contact LDAP server", 40)
Beispiel #18
0
 def test_email_already_exists_in_ldap(self):
     _form = vars.SIGNUP_TESTUSER.copy()
     _form['email'] = '*****@*****.**'
     request = set_request(uri='/signup', post=_form, messages=True)
     response = signup(request)
     response.context = RequestContext(request)
     self.assertMessage(response, 'Email already exists', 40)
    def test_valid_certificate_authenticates_alice(self):
        request = set_request(uri='/login')
        request.META['SSL_CLIENT_VERIFY'] = 'SUCCESS'
        request.META['SSL_CLIENT_RAW_CERT'] = vars.TEST_CERTIFICATE

        u = authenticate(request=request)
        self.assertEqual(u.username, vars.LOGIN_ALICE['username'])
    def test_valid_certificate_authenticates_alice(self):
        request = set_request(uri='/login')
        request.META['SSL_CLIENT_VERIFY'] = 'SUCCESS'
        request.META['SSL_CLIENT_RAW_CERT'] = vars.TEST_CERTIFICATE

        u = authenticate(request=request)
        self.assertEqual(u.username, vars.LOGIN_ALICE['username'])
 def test_email_already_pending_activation(self):
     _form = vars.SIGNUP_TESTUSER.copy()
     _form["email"] = "*****@*****.**"
     vars.QUEUEDUSER.save()
     request = set_request(uri="/signup", post=_form, messages=True)
     response = signup(request)
     response.context = RequestContext(request)
     self.assertMessage(response, "Account is already pending activation", 40)
 def test_add_first_user_in_empty_ldap_directory(self):
     vars.QUEUEDUSER.save()
     activate_url = "/activate/%s/" % vars.QUEUEDUSER.encrypted_id
     self.ldapobj.directory = ldap_users(clean=True)
     request = set_request(activate_url, messages=True)
     activate(request, vars.QUEUEDUSER.encrypted_id)
     self.assertTrue(ldap_users(vars.QUEUEDUSER.username, directory=self.ldapobj.directory))
     self.assertEqual(ldap_users(vars.QUEUEDUSER.username, directory=self.ldapobj.directory)[1]["uidNumber"][0], "1")
    def test_second_email_authenticates_alice(self):
        request = set_request(uri='/login')
        request.META['SSL_CLIENT_VERIFY'] = 'SUCCESS'
        request.META['SSL_CLIENT_RAW_CERT'] = (
            vars.TEST_CERTIFICATE_WITH_TWO_EMAIL_ADDRESSES)

        u = authenticate(request=request)
        self.assertEqual(u.username, vars.LOGIN_ALICE['username'])
 def test_no_database_raises_critical(self):
     request = set_request(uri='/login',
                           post=vars.LOGIN_ALICE,
                           messages=True)
     response = login(request)
     response.context = RequestContext(request)
     self.assertMessage(response,
                        "Can't contact the LDAP server or the database", 40)
 def test_no_ldap_connection_sends_notification_mail_in_signup(self):
     request = set_request(uri="/signup", post=vars.SIGNUP_TESTUSER, messages=True)
     response = signup(request)
     response.context = RequestContext(request)
     self.assertEqual(len(mail.outbox), 1)
     self.assertEqual(
         mail.outbox[0].subject, "%sERROR: {'desc': \"Can't contact LDAP server\"}" % settings.EMAIL_SUBJECT_PREFIX
     )
 def test_no_ldap_connection_raises_ldaperror_in_login(self):
     request = set_request(uri='/login',
                           post=vars.LOGIN_WRONG,
                           messages=True)
     response = login(request)
     response.context = RequestContext(request)
     self.assertMessage(response,
                        "Can't contact the LDAP server or the database", 40)
Beispiel #27
0
 def test_get_bound_ldapuser_bind_as_is_properly_set_from_password(self):
     request = set_request('/', user=vars.USER_ALICE)
     with get_bound_ldapuser(request, password='******') as user:  # noqa
         db_alias = 'ldap_%s' % request.session.cache_key
         self.assertTrue(
             ldap_md5_crypt.verify(
                 settings.DATABASES[db_alias]['PASSWORD'],
                 ldap_users('alice')[1]['userPassword'][0]))
Beispiel #28
0
 def test_valid_data_to_signup_form_prints_info_message(self):
     request = set_request(uri='/signup',
                           post=vars.SIGNUP_TESTUSER,
                           messages=True)
     response = signup(request)
     response.context = RequestContext(request)
     self.assertMessage(response,
                        'You will shortly receive an activation mail', 20)
 def test_secondary_password_is_removed_in_logout(self):
     secondary_password = Random.get_random_bytes(48)
     secondary_password_crypt = ldap_md5_crypt.encrypt(b64encode(secondary_password))
     self.ldapobj.directory[ldap_users("alice")[0]]["userPassword"].append(secondary_password_crypt)
     request = set_request(uri="/login", post=vars.LOGIN_ALICE, user=vars.USER_ALICE)
     request.session["secondary_password"] = cipher.encrypt(secondary_password)
     logout(request)
     self.assertEqual(len(ldap_users("alice", directory=self.ldapobj.directory)[1]["userPassword"]), 1)
Beispiel #30
0
 def test_remove_leftovers_before_adding_secondary_password(self):
     leftover = ldap_md5_crypt.encrypt('leftover_password')
     self.ldapobj.directory[ldap_users('alice')[0]][
         'userPassword'].append(leftover)
     request = set_request(uri='/', user=vars.USER_ALICE)
     set_secondary_password(request, 'ldaptest')
     self.assertNotIn(leftover, ldap_users(
         'alice', directory=self.ldapobj.directory)[1]['userPassword'])
    def test_second_email_authenticates_alice(self):
        request = set_request(uri='/login')
        request.META['SSL_CLIENT_VERIFY'] = 'SUCCESS'
        request.META['SSL_CLIENT_RAW_CERT'] = (
            vars.TEST_CERTIFICATE_WITH_TWO_EMAIL_ADDRESSES)

        u = authenticate(request=request)
        self.assertEqual(u.username, vars.LOGIN_ALICE['username'])
Beispiel #32
0
 def test_add_queued_account_to_ldap_prints_success_message(self):
     vars.QUEUEDUSER.save()
     activate_url = '/activate/%s/' % vars.QUEUEDUSER.encrypted_id
     request = set_request(uri=activate_url, messages=True)
     response = activate(request, vars.QUEUEDUSER.encrypted_id)
     response.context = RequestContext(request)
     self.assertMessage(response,
                        'Your account has been activated successfully', 25)
Beispiel #33
0
 def test_session_and_ldap_secondary_passwords_match(self):
     request = set_request(uri='/', user=vars.USER_ALICE)
     set_secondary_password(request, 'ldaptest')
     self.assertTrue(ldap_md5_crypt.verify(b64encode(cipher.decrypt(
         request.session['secondary_password'], 48)),
         ldap_users(
             'alice',
             directory=self.ldapobj.directory)[1]['userPassword'][1]))
 def test_empty_user_raises_form_error_messages(self):
     request = set_request(uri='/login')
     response = login(request)
     response.context = RequestContext(
         request, {'login_form': LoginForm(request.POST)})
     self.assertFormError(response, 'login_form', 'username',
                          'This field is required.')
     self.assertFormError(response, 'login_form', 'password',
                          'This field is required.')
 def test_no_ldap_connection_in_logout_sends_notification_mail(self):
     request = set_request(uri='/login',
                           post=vars.LOGIN_ALICE,
                           user=vars.USER_ALICE)
     request.session['secondary_password'] = '******'
     logout(request)
     self.assertEqual(len(mail.outbox), 1)
     self.assertTrue(mail.outbox[0].subject.startswith(
         '%sERROR:' % settings.EMAIL_SUBJECT_PREFIX))
 def test_secondary_password_is_added_in_login(self):
     request = set_request(uri='/login', post=vars.LOGIN_ALICE)
     login(request)
     self.assertEqual(
         len(
             ldap_users(
                 'alice',
                 directory=self.ldapobj.directory)[1]['userPassword']), 2)
     self.assertEqual(len(request.session['secondary_password']), 48)
Beispiel #37
0
 def test_no_database_connection_sends_notification_mail_in_signup(self):
     request = set_request(uri='/signup',
                           post=vars.SIGNUP_TESTUSER,
                           messages=True)
     response = signup(request)
     response.context = RequestContext(request)
     self.assertEqual(len(mail.outbox), 1)
     self.assertTrue(mail.outbox[0].subject.startswith(
         '%sERROR:' % settings.EMAIL_SUBJECT_PREFIX))
Beispiel #38
0
 def test_passwords_dont_match(self):
     _form = vars.SIGNUP_TESTUSER.copy()
     _form['password_verify'] = 'wrong'
     request = set_request(uri='/signup', post=_form)
     response = signup(request)
     response.context = RequestContext(
         request, {'signup_form': SignupForm(request.POST)})
     self.assertFormError(response, 'signup_form', 'password_verify',
                          "Passwords don't match")
 def test_no_database_sends_notification_mail(self):
     request = set_request(uri='/login',
                           post=vars.LOGIN_ALICE,
                           messages=True)
     response = login(request)
     response.context = RequestContext(request)
     self.assertEqual(len(mail.outbox), 1)
     self.assertTrue(mail.outbox[0].subject.startswith(
         '%sERROR:' % settings.EMAIL_SUBJECT_PREFIX))
Beispiel #40
0
 def test_email_already_pending_activation(self):
     _form = vars.SIGNUP_TESTUSER.copy()
     _form['email'] = '*****@*****.**'
     vars.QUEUEDUSER.save()
     request = set_request(uri='/signup', post=_form, messages=True)
     response = signup(request)
     response.context = RequestContext(request)
     self.assertMessage(response, 'Account is already pending activation',
                        40)
 def test_no_ldap_connection_sends_notification_mail_in_activation(self):
     vars.QUEUEDUSER.save()
     activate_url = "/activate/%s/" % vars.QUEUEDUSER.encrypted_id
     request = set_request(activate_url, messages=True)
     response = activate(request, vars.QUEUEDUSER.encrypted_id)
     response.context = RequestContext(request)
     self.assertEqual(len(mail.outbox), 1)
     self.assertEqual(
         mail.outbox[0].subject, "%sERROR: {'desc': \"Can't contact LDAP server\"}" % settings.EMAIL_SUBJECT_PREFIX
     )
 def test_empty_signup_form_raises_form_error_messages(self):
     request = set_request(uri="/signup")
     response = signup(request)
     response.context = RequestContext(request, {"signup_form": SignupForm(request.POST)})
     self.assertFormError(response, "signup_form", "username", "This field is required.")
     self.assertFormError(response, "signup_form", "first_name", "This field is required.")
     self.assertFormError(response, "signup_form", "last_name", "This field is required.")
     self.assertFormError(response, "signup_form", "email", "This field is required.")
     self.assertFormError(response, "signup_form", "password_origin", "This field is required.")
     self.assertFormError(response, "signup_form", "password_verify", "This field is required.")
Beispiel #43
0
 def test_valid_data_to_signup_form_sends_activation_mail(self):
     request = set_request(uri='/signup',
                           post=vars.SIGNUP_TESTUSER,
                           messages=True)
     response = signup(request)
     response.context = RequestContext(request)
     self.assertEqual(len(mail.outbox), 1)
     self.assertEqual(
         mail.outbox[0].subject,
         '%sAccount Activation' % settings.EMAIL_SUBJECT_PREFIX)
Beispiel #44
0
 def test_dont_remove_primary_password_while_cleaning_leftovers(self):
     leftover = ldap_md5_crypt.encrypt('leftover_password')
     self.ldapobj.directory[ldap_users('alice')[0]][
         'userPassword'].append(leftover)
     request = set_request(uri='/', user=vars.USER_ALICE)
     set_secondary_password(request, 'ldaptest')
     self.assertTrue(ldap_md5_crypt.verify(
         'ldaptest', ldap_users(
             'alice',
             directory=self.ldapobj.directory)[1]['userPassword'][0]))
Beispiel #45
0
 def test_no_ldap_connection_sends_notification_mail_in_activation(self):
     vars.QUEUEDUSER.save()
     activate_url = '/activate/%s/' % vars.QUEUEDUSER.encrypted_id
     request = set_request(activate_url, messages=True)
     response = activate(request, vars.QUEUEDUSER.encrypted_id)
     response.context = RequestContext(request)
     self.assertEqual(len(mail.outbox), 1)
     self.assertEqual(
         mail.outbox[0].subject,
         '%sERROR: {\'desc\': "Can\'t contact LDAP server"}' %
         settings.EMAIL_SUBJECT_PREFIX)
Beispiel #46
0
 def test_no_ldap_connection_sends_notification_mail_in_signup(self):
     request = set_request(uri='/signup',
                           post=vars.SIGNUP_TESTUSER,
                           messages=True)
     response = signup(request)
     response.context = RequestContext(request)
     self.assertEqual(len(mail.outbox), 1)
     self.assertEqual(
         mail.outbox[0].subject,
         '%sERROR: {\'desc\': "Can\'t contact LDAP server"}' %
         settings.EMAIL_SUBJECT_PREFIX)
 def test_dont_remove_unknown_hashes_while_cleaning_leftovers(self):
     leftover = ldap_md5_crypt.encrypt('leftover_password')
     self.ldapobj.directory[ldap_users('alice')[0]][
         'userPassword'].append(leftover)
     leftover2 = 'plain_leftover2'
     self.ldapobj.directory[ldap_users('alice')[0]][
         'userPassword'].append(leftover2)
     request = set_request(uri='/', user=vars.USER_ALICE)
     set_secondary_password(request, 'ldaptest')
     self.assertIn(leftover2, ldap_users(
         'alice', directory=self.ldapobj.directory)[1]['userPassword'])
 def test_get_bound_ldapuser_from_request(self):
     secondary_password = Random.get_random_bytes(48)
     secondary_password_crypt = ldap_md5_crypt.encrypt(b64encode(
         secondary_password))
     self.ldapobj.directory[ldap_users('alice')[0]][
         'userPassword'].append(secondary_password_crypt)
     request = set_request('/', user=vars.USER_ALICE)
     request.session['secondary_password'] = cipher.encrypt(
         secondary_password)
     with get_bound_ldapuser(request) as user:
         self.assertEqual(user.username, vars.USER_ALICE.username)
 def test_remove_secondary_password_from_ldap(self):
     secondary_password = Random.get_random_bytes(48)
     secondary_password_crypt = ldap_md5_crypt.encrypt(b64encode(
         secondary_password))
     self.ldapobj.directory[ldap_users('alice')[0]][
         'userPassword'].append(secondary_password_crypt)
     request = set_request(uri='/', user=vars.USER_ALICE)
     request.session['secondary_password'] = cipher.encrypt(
         secondary_password)
     remove_secondary_password(request)
     self.assertNotIn(secondary_password_crypt, ldap_users(
         'alice', directory=self.ldapobj.directory)[1]['userPassword'])
 def test_get_bound_ldapuser_bind_as_is_properly_set_from_request(self):
     secondary_password = Random.get_random_bytes(48)
     secondary_password_crypt = ldap_md5_crypt.encrypt(b64encode(
         secondary_password))
     self.ldapobj.directory[ldap_users('alice')[0]][
         'userPassword'].append(secondary_password_crypt)
     request = set_request('/', user=vars.USER_ALICE)
     request.session['secondary_password'] = cipher.encrypt(
         secondary_password)
     with get_bound_ldapuser(request) as user:  # noqa
         db_alias = 'ldap_%s' % request.session.cache_key
         self.assertEqual(settings.DATABASES[db_alias]['PASSWORD'],
                          b64encode(secondary_password))
 def test_dont_remove_primary_password_when_removing_secondary_passwd(self):
     secondary_password = Random.get_random_bytes(48)
     secondary_password_crypt = ldap_md5_crypt.encrypt(b64encode(
         secondary_password))
     self.ldapobj.directory[ldap_users('alice')[0]][
         'userPassword'].append(secondary_password_crypt)
     request = set_request(uri='/', user=vars.USER_ALICE)
     request.session['secondary_password'] = cipher.encrypt(
         secondary_password)
     remove_secondary_password(request)
     self.assertTrue(ldap_md5_crypt.verify('ldaptest', ldap_users(
         'alice',
         directory=self.ldapobj.directory)[1]['userPassword'][0]))
 def test_valid_data_to_signup_form_adds_user_to_queue(self):
     request = set_request(uri="/signup", post=vars.SIGNUP_TESTUSER, messages=True)
     response = signup(request)
     response.context = RequestContext(request)
     self.assertEqual(Queue.objects.count(), 1)
     vars.QUEUEDUSER = Queue.objects.get(pk=1)
     self.assertEqual(vars.QUEUEDUSER.username, vars.SIGNUP_TESTUSER["username"])
     self.assertEqual(vars.QUEUEDUSER.first_name, vars.SIGNUP_TESTUSER["first_name"])
     self.assertEqual(vars.QUEUEDUSER.last_name, vars.SIGNUP_TESTUSER["last_name"])
     self.assertEqual(vars.QUEUEDUSER.email, vars.SIGNUP_TESTUSER["email"])
     self.assertEqual(vars.QUEUEDUSER.password, vars.SIGNUP_TESTUSER["password_origin"])
     # note: this needs to be kept in line with used cipher
     self.assertRegexpMatches(vars.QUEUEDUSER.encrypted_id, "^[a-zA-Z0-9_-]{22}$")
 def test_get_bound_ldapuser_context_manager_cleans_up_settings(self):
     secondary_password = Random.get_random_bytes(48)
     secondary_password_crypt = ldap_md5_crypt.encrypt(b64encode(
         secondary_password))
     self.ldapobj.directory[ldap_users('alice')[0]][
         'userPassword'].append(secondary_password_crypt)
     request = set_request('/', user=vars.USER_ALICE)
     request.session['secondary_password'] = cipher.encrypt(
         secondary_password)
     with get_bound_ldapuser(request) as user:  # noqa
         pass
     db_alias = 'ldap_%s' % request.session.cache_key
     self.assertNotIn('USER', settings.DATABASES.get(db_alias, {}))
     self.assertNotIn('PASSWORD', settings.DATABASES.get(db_alias, {}))
Beispiel #54
0
def auth(session_id, key):
    try:
        session = sessionrefcipher.decrypt(session_id)
    except ValueError:
        return None

    request = set_request('/')

    user = authenticate(ssh_key=key)
    if user and user.is_active:
        login(request, user)
        init_otp(request)
        session.update(request.session)
        session.save()
        return 'Authenticated.'
    return None
 def test_queued_account_gets_added_to_ldap(self):
     vars.QUEUEDUSER.save()
     activate_url = "/activate/%s/" % vars.QUEUEDUSER.encrypted_id
     request = set_request(activate_url, messages=True)
     activate(request, vars.QUEUEDUSER.encrypted_id)
     self.assertTrue(ldap_users(vars.QUEUEDUSER.username, directory=self.ldapobj.directory))
     ldap_account = ldap_users(vars.QUEUEDUSER.username, directory=self.ldapobj.directory)[1]
     self.assertEqual(ldap_account["objectClass"], settings.AUTH_LDAP_USER_OBJECTCLASS)
     self.assertEqual(ldap_account["sn"][0], vars.QUEUEDUSER.last_name)
     self.assertEqual(ldap_account["cn"][0], "%s %s" % (vars.QUEUEDUSER.first_name, vars.QUEUEDUSER.last_name))
     self.assertTrue(ldap_md5_crypt.verify(vars.QUEUEDUSER.password, ldap_account["userPassword"][0]))
     self.assertEqual(ldap_account["givenName"][0], vars.QUEUEDUSER.first_name)
     self.assertEqual(ldap_account["mail"][0], vars.QUEUEDUSER.email)
     self.assertEqual(ldap_account["uid"][0], vars.QUEUEDUSER.username)
     self.assertEqual(ldap_account["uidNumber"][0], "1002")
     self.assertEqual(ldap_account["gidNumber"][0], "100")
     self.assertEqual(ldap_account["gecos"][0], "%s %s" % (vars.QUEUEDUSER.first_name, vars.QUEUEDUSER.last_name))
     self.assertEqual(ldap_account["homeDirectory"][0], "/home/%s" % vars.QUEUEDUSER.username)
     self.assertEqual(ldap_account["gentooACL"][0], "user.group")
    def test_no_certificate_returns_none(self):
        request = set_request(uri='/login')
        request.META['SSL_CLIENT_VERIFY'] = 'NONE'

        u = authenticate(request=request)
        self.assertIs(u, None)