def test_group_creation(self):
     with self.settings(SHIBAUTH_GROUP_ATTRIBUTES=["ritEduMemberOfUid"]):
         # Test for group creation
         self.client.get(reverse('shibauth_rit:shibauth_info'),
                         **settings.SAMPLE_HEADERS)
         user = User.objects.get(username='******')
         self.assertEqual(Group.objects.all().count(), 3)
         self.assertEqual(user.groups.all().count(), 3)
 def test_empty_group_attribute(self):
     # Test everthing is working even if the group attribute is missing in the shibboleth data
     with self.settings(
             SHIBAUTH_GROUP_ATTRIBUTES=['SomeNonExistingAttribute']):
         self.client.get(reverse('shibauth_rit:shibauth_info'),
                         **settings.SAMPLE_HEADERS)
         user = User.objects.get(username='******')
         self.assertEqual(Group.objects.all().count(), 0)
         self.assertEqual(user.groups.all().count(), 0)
 def test_create_unknown_user_true(self):
     self.assertFalse(User.objects.all())
     shib_meta = self._get_valid_shib_meta(
         location=reverse('shibauth_rit:shibauth_info'))
     user = auth.authenticate(remote_user='******',
                              shib_meta=shib_meta)
     self.assertEqual(user.username, '*****@*****.**')
     self.assertEqual(User.objects.all()[0].username,
                      '*****@*****.**')
 def test_change_required_attributes(self):
     shib_meta = self._get_valid_shib_meta(
         location=reverse('shibauth_rit:shibauth_info'))
     user = auth.authenticate(remote_user='******',
                              shib_meta=shib_meta)
     user.username = '******'
     user.save()
     user = auth.authenticate(remote_user='******',
                              shib_meta=shib_meta)
     self.assertEqual(user.email, '*****@*****.**')
 def test_decorator_authenticated(self):
     res = self.client.get(reverse('shibauth_rit:shibauth_info'),
                           **settings.SAMPLE_HEADERS)
     self.assertEqual(str(res.context['user']), 'rrcdis1')
     self.assertEqual(res.status_code, 200)
     user = res.context.get('user')
     self.assertEqual(user.email, '*****@*****.**')
     self.assertEqual(user.first_name, 'Sample')
     self.assertEqual(user.last_name, 'Developer')
     self.assertTrue(user.is_authenticated())
     self.assertFalse(user.is_anonymous())
 def test_logout(self):
     # Login
     login = self.client.get(reverse('shibauth_rit:shibauth_login'),
                             **settings.SAMPLE_HEADERS)
     self.assertEqual(login.status_code, 302)
     # Logout
     logout = self.client.get(reverse('shibauth_rit:shibauth_logout'),
                              **settings.SAMPLE_HEADERS)
     self.assertEqual(logout.status_code, 302)
     # Ensure redirect happened.
     self.assertEqual(logout['Location'],
                      'https://shibboleth.main.ad.rit.edu/logout.html')
     # Check to see if the session has the force logout key.
     self.assertTrue(
         self.client.session.get(settings.SHIBAUTH_LOGOUT_SESSION_KEY))
     # Load root url to see if user is in fact logged out.
     resp = self.client.get(reverse('shibauth_rit:shibauth_info'),
                            **settings.SAMPLE_HEADERS)
     self.assertEqual(resp.status_code, 302)
     # Make sure the context is empty.
     self.assertEqual(resp.context, None)
 def test_create_unknown_user_false(self):
     with self.settings(SHIBAUTH_CREATE_UNKNOWN_USER=False):
         # because attr is set on the class we need to reload the module
         reload(backends)
         shib_meta = self._get_valid_shib_meta(
             location=reverse('shibauth_rit:shibauth_info'))
         self.assertEqual(User.objects.all().count(), 0)
         user = auth.authenticate(remote_user='******',
                                  shib_meta=shib_meta)
         self.assertTrue(user is None)
         self.assertEqual(User.objects.all().count(), 0)
     # reload module again to remove the setting override
     reload(backends)
 def test_unconfigured_group(self):
     with self.settings(SHIBAUTH_GROUP_ATTRIBUTES=[]):
         # After login the user will be created
         self.client.get(reverse('shibauth_rit:shibauth_info'),
                         **settings.SAMPLE_HEADERS)
         query = User.objects.all()
         # Ensure the user was created
         self.assertEqual(query.count(), 1)
         user = User.objects.get(username='******')
         # The user should have no groups
         self.assertEqual(user.groups.all().count(), 0)
         # Create a group and add the user
         g = Group(name='Testgroup')
         g.save()
         # Now we should have exactly one group
         self.assertEqual(Group.objects.all().count(), 1)
         g.user_set.add(user)
         # Now the user should be in exactly one group
         self.assertEqual(user.groups.all().count(), 1)
         self.client.get(reverse('shibauth_rit:shibauth_info'),
                         **settings.SAMPLE_HEADERS)
         # After a request the user should still be in the group.
         self.assertEqual(user.groups.all().count(), 1)
 def test_group_removal(self):
     user, _ = User.objects.get_or_create(username='******')
     user.set_password('12345')
     user.is_active = True
     user.save()
     g, _ = Group.objects.get_or_create(name='should_be_removed')
     g2, _ = Group.objects.get_or_create(name='should_not_be_removed')
     g.user_set.add(user)
     g2.user_set.add(user)
     headers = settings.SAMPLE_HEADERS
     headers["ritEduAffiliation"] = "should_not_be_removed;Student"
     self.client.get(reverse('shibauth_rit:shibauth_info'),
                     **settings.SAMPLE_HEADERS)
     user = User.objects.get(username='******')
     self.assertTrue(g not in user.groups.all())
 def test_ensure_user_attributes(self):
     shib_meta = self._get_valid_shib_meta(
         location=reverse('shibauth_rit:shibauth_info'))
     # Create / authenticate the test user and store another mail address
     user = auth.authenticate(remote_user='******',
                              shib_meta=shib_meta)
     user.email = '*****@*****.**'
     user.save()
     # The user must contain the invalid mail address
     user = User.objects.get(username='******')
     self.assertEqual(user.email, '*****@*****.**')
     # After authenticate the user again, the mail address must be set back to the shibboleth data
     user2 = auth.authenticate(remote_user='******',
                               shib_meta=shib_meta)
     self.assertEqual(user2.email, '*****@*****.**')
 def test_auth_middleware_not_loaded(self):
     with self.assertRaises(ImproperlyConfigured):
         self.client.get(reverse('shibauth_rit:shibauth_info'),
                         **settings.SAMPLE_HEADERS)
 def test_missing_shib_attributes(self):
     self.client.get(reverse('shibauth_rit:shibauth_info'),
                     **settings.SAMPLE_HEADERS)
     self.assertEqual(User.objects.count(), 0)
 def test_shibauth_info_url_doesnt_exist_debug_false(self):
     self.assertEqual(settings.DEBUG, False)
     self.assertEqual(settings.SHIBAUTH_TESTING, False)
     with self.assertRaises(NoReverseMatch):
         reverse('shibauth_rit:shibauth_info')
 def test_no_non_required_kwargs(self):
     res = self.client.get(reverse('shibauth_rit:shibauth_info'),
                           **settings.SAMPLE_HEADERS)
     self.assertEqual(str(res.context['user']), 'rrcdis1')
     self.assertEqual(res.status_code, 200)
 def test_decorator_not_authenticated(self):
     res = self.client.get(reverse('shibauth_rit:shibauth_info'))
     self.assertEqual(res.status_code, 302)
     # Test the context - shouldn't exist
     self.assertEqual(res.context, None)