def test_request_with_fake_token_should_return_403(self):
csrf_token = 'dummy_csrf_token'
request = testing.DummyRequest(headers={'X-CSRF-Token': csrf_token}, post={'google_token': 'invalid_token'})
request.session['_csrft_'] = csrf_token
request.context = testing.DummyRequest()
response = sign_in(request)
self.assertEqual(response.status_code, 403)
self.assertEqual(json.loads(response.body), {'error': 'Authentication token is invalid'})
self.assertNotIn('email', request.session)
def test_request_with_no_token_should_return_403(self):
csrf_token = 'dummy_csrf_token'
request = testing.DummyRequest(headers={'X-CSRF-Token': csrf_token})
request.session['_csrft_'] = csrf_token
request.context = testing.DummyRequest()
response = sign_in(request)
self.assertEqual(response.status_code, 403)
self.assertEqual(json.loads(response.body), {'error': 'Expected authentication token not found'})
self.assertNotIn('email', request.session)
def test_request_with_valid_token_but_no_email_should_return_403(self, token_validator):
csrf_token = 'dummy_csrf_token'
request = testing.DummyRequest(headers={'X-CSRF-Token': csrf_token}, post={'google_token': 'valid_token'})
request.session['_csrft_'] = csrf_token
request.context = testing.DummyRequest()
token_validator.return_value = {'iss': 'accounts.google.com'}
response = sign_in(request)
self.assertEqual(response.status_code, 403)
self.assertEqual(json.loads(response.body), {'error': 'Authentication token has no email'})
self.assertNotIn('email', request.session)
def test_request_with_valid_token_but_not_a_curator_should_return_403(self, token_validator, curator_or_none, log):
csrf_token = 'dummy_csrf_token'
request = testing.DummyRequest(headers={'X-CSRF-Token': csrf_token}, post={'google_token': 'valid_token'})
request.session['_csrft_'] = csrf_token
request.context = testing.DummyRequest()
request.remote_addr = '127.0.0.1'
token_validator.return_value = {'iss': 'accounts.google.com', 'email': '*****@*****.**'}
curator_or_none.return_value = None
response = sign_in(request)
self.assertEqual(response.status_code, 403)
self.assertEqual(json.loads(response.body), {'error': 'User [email protected] is not authorized on SGD'})
self.assertNotIn('email', request.session)
log.assert_called_with('User [email protected] trying to authenticate from 127.0.0.1')
def test_request_with_valid_token_and_user_should_return_a_logged_session(self, token_validator, curator_or_none, log):
csrf_token = 'dummy_csrf_token'
request = testing.DummyRequest(headers={'X-CSRF-Token': csrf_token}, post={'google_token': 'valid_token'})
request.session['_csrft_'] = csrf_token
request.context = testing.DummyRequest()
request.remote_addr = '127.0.0.1'
token_validator.return_value = {'iss': 'accounts.google.com', 'email': '*****@*****.**'}
curator_or_none.return_value = factory.DbuserFactory.build()
response = sign_in(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(request.session.get('email'), '*****@*****.**')
log.assert_called_with('User [email protected] was successfuly authenticated.')
def test_request_with_no_csrf_should_return_400(self):
request = testing.DummyRequest(post={})
request.context = testing.DummyRequest()
response = sign_in(request)
self.assertEqual(response.status_code, 400)
self.assertEqual(json.loads(response.body), {'error': 'Bad CSRF Token'})