def test_missing_scope(self):
jwt_auth_backend = backend.JWTAuthBackend()
mocked_request = mock.Mock()
mocked_request.is_authorized_for.return_value = False
with self.assertRaises(exceptions.AuthenticationFailed):
jwt_auth_backend.authenticate(mocked_request)
def test_with_scope_correct_user(self, mocked_cache):
jwt_auth_backend = backend.JWTAuthBackend()
mocked_request = mock.Mock()
mocked_request.is_authorized_for.return_value = True
mocked_request.get_token_subject = '*****@*****.**'
user, scope = jwt_auth_backend.authenticate(mocked_request)
self.assertEqual(user, self.normal_user)
self.assertEqual(scope, 'SIG/ALL')
def test_with_scope_correct_user(self, mocked_cache, mock_token_data):
jwt_auth_backend = backend.JWTAuthBackend()
mocked_request = mock.Mock()
mocked_request.is_authorized_for.return_value = True
settings = get_settings()
claims = {settings['USER_ID_FIELD']: '*****@*****.**'}
mock_token_data.return_value = claims, '*****@*****.**'
user, scope = jwt_auth_backend.authenticate(mocked_request)
self.assertEqual(user, self.normal_user)
def test_no_test_login_user(self, mocked_cache):
jwt_auth_backend = backend.JWTAuthBackend()
mocked_request = mock.Mock()
mocked_request.is_authorized_for.return_value = True
mocked_request.get_token_subject = 'always_ok'
mocked_cache.get.return_value = None # Force database lookup
with self.assertRaises(exceptions.AuthenticationFailed):
jwt_auth_backend.authenticate(mocked_request)
def test_get_token_subject_is_none(self, mocked_cache):
# In case the subject is not set on the JWT token (as the `sub claim`).
# This test demonstrates the problem. See SIG-889 for next steps.
jwt_auth_backend = backend.JWTAuthBackend()
mocked_request = mock.Mock()
mocked_request.is_authorized_for.return_value = True
mocked_request.get_token_subject = None
mocked_cache.get.return_value = None # Force database lookup
with self.assertRaises(AttributeError):
jwt_auth_backend.authenticate(mocked_request)
def test_with_scope_wrong_user_cache_hit(self, mocked_user_model,
mocked_cache):
jwt_auth_backend = backend.JWTAuthBackend()
mocked_request = mock.Mock()
mocked_request.is_authorized_for.return_value = True
mocked_request.get_token_subject = '*****@*****.**' # is string not function
mocked_cache.get.return_value = backend.USER_DOES_NOT_EXIST
with self.assertRaises(exceptions.AuthenticationFailed):
jwt_auth_backend.authenticate(mocked_request)
mocked_cache.get.assert_called_once_with('*****@*****.**')
mocked_user_model.objects.get.assert_not_called()
def test_with_test_login_user(self, mocked_cache):
test_user = SuperUserFactory.create(
username=settings.TEST_LOGIN,
email=settings.TEST_LOGIN,
)
jwt_auth_backend = backend.JWTAuthBackend()
mocked_request = mock.Mock()
mocked_request.is_authorized_for.return_value = True
mocked_request.get_token_subject = 'always_ok'
mocked_cache.get.return_value = None # Force database lookup
user, scope = jwt_auth_backend.authenticate(mocked_request)
self.assertEqual(user, test_user)
def test_with_scope_wrong_user_cache_hit(self, mocked_user_model, mocked_cache, mock_token_data):
jwt_auth_backend = backend.JWTAuthBackend()
mocked_request = mock.Mock()
mocked_request.is_authorized_for.return_value = True
settings = get_settings()
claims = {settings['USER_ID_FIELD']: '*****@*****.**'}
mock_token_data.return_value = claims, '*****@*****.**'
mocked_cache.get.return_value = backend.USER_DOES_NOT_EXIST
with self.assertRaises(exceptions.AuthenticationFailed):
jwt_auth_backend.authenticate(mocked_request)
mocked_cache.get.assert_called_once_with('*****@*****.**')
mocked_user_model.objects.get.assert_not_called()
def test_with_scope_wrong_user_cache_miss(self, mocked_cache, mock_token_data):
jwt_auth_backend = backend.JWTAuthBackend()
mocked_request = mock.Mock()
mocked_request.is_authorized_for.return_value = True
settings = get_settings()
for user_id_fields in settings['USER_ID_FIELDS']:
claims = {user_id_fields: '*****@*****.**'}
mock_token_data.return_value = claims, '*****@*****.**'
mocked_cache.get.return_value = None
with self.assertRaises(exceptions.AuthenticationFailed):
jwt_auth_backend.authenticate(mocked_request)
mocked_cache.get.assert_called_once_with('*****@*****.**')
mocked_cache.set.assert_called_once_with(
'*****@*****.**',
backend.USER_DOES_NOT_EXIST,
5 * 60
)
mocked_cache.reset_mock()
