def test_token_authentication(self):
self.client.logout()
self.client.cookies[settings.REALM_COOKIE] = TEST_REALM
username = '******'
email = '*****@*****.**'
password = '******'
user = get_user_model().objects.create_user(
f'{TEST_REALM}__{username}', email, password)
token_key = 'token-123456'
Token.objects.create(user=user, key=token_key)
token_headers = {'HTTP_AUTHORIZATION': f'Token {token_key}'}
token_headers_wrong = {'HTTP_AUTHORIZATION': 'Token 123'}
url = reverse('http-200')
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(
response.json(),
{'detail': 'Authentication credentials were not provided.'})
response = self.client.get(url, **token_headers)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.json(),
{'detail': 'Invalid user in this realm.'})
response = self.client.get(url, **token_headers_wrong)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.json(), {'detail': 'Invalid token.'})
utils.add_user_to_realm(self.request, user)
response = self.client.get(url, **token_headers)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_basic_authentication(self):
self.client.logout()
self.client.cookies[settings.REALM_COOKIE] = TEST_REALM
username = '******'
email = '*****@*****.**'
password = '******'
user = get_user_model().objects.create_user(
f'{TEST_REALM}__{username}', email, password)
auth_str = f'{username}:{password}'
basic = base64.b64encode(bytearray(auth_str, 'utf-8')).decode('ascii')
basic_headers = {'HTTP_AUTHORIZATION': f'Basic {basic}'}
auth_str = f'{TEST_REALM}__{username}:{password}'
basic = base64.b64encode(bytearray(auth_str, 'utf-8')).decode('ascii')
basic_realm_headers = {'HTTP_AUTHORIZATION': f'Basic {basic}'}
auth_str = f'{TEST_REALM_2}__{username}:{password}'
basic = base64.b64encode(bytearray(auth_str, 'utf-8')).decode('ascii')
basic_realm_2_headers = {'HTTP_AUTHORIZATION': f'Basic {basic}'}
url = reverse('http-200')
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(
response.json(),
{'detail': 'Authentication credentials were not provided.'})
response = self.client.get(url, **basic_headers)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.json(),
{'detail': 'Invalid user in this realm.'})
response = self.client.get(url, **basic_realm_headers)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.json(),
{'detail': 'Invalid user in this realm.'})
response = self.client.get(url, **basic_realm_2_headers)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.json(),
{'detail': 'Invalid username/password.'})
utils.add_user_to_realm(self.request, user)
response = self.client.get(url, **basic_headers)
self.assertEqual(response.status_code, status.HTTP_200_OK)
response = self.client.get(url, **basic_realm_headers)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_auth(self):
realm_group = utils.get_auth_group(self.request)
self.assertIsNotNone(realm_group)
self.assertEqual(realm_group.name,
utils.get_current_realm(self.request))
self.assertEqual(self.request.user.groups.count(), 0)
# it does not complain if the user does not belong to the realm
utils.remove_user_from_realm(self.request, self.request.user)
utils.add_user_to_realm(self.request, self.request.user)
self.assertEqual(self.request.user.groups.count(), 1)
self.assertIn(realm_group, self.request.user.groups.all())
utils.remove_user_from_realm(self.request, self.request.user)
self.assertEqual(self.request.user.groups.count(), 0)
self.assertNotIn(realm_group, self.request.user.groups.all())
def get_or_create_user(request, username):
# gets the existing user or creates a new one
_username = parse_username(request, username)
try:
user = user_objects.get(username=_username)
except UserModel.DoesNotExist:
realm = get_current_realm(request)
user = user_objects.create_user(
username=_username,
first_name=username,
last_name=realm or '',
password=user_objects.make_random_password(length=100),
)
# only add user if it doesn't exist.
add_user_to_realm(request, user)
return user
def test_no_multitenancy(self, *args):
self.assertIsNone(utils.get_multitenancy_model())
self.assertIsNone(utils.get_current_realm(None))
obj1 = TestModel.objects.create(name='two')
self.assertFalse(obj1.is_accessible(TEST_REALM))
self.assertFalse(obj1.is_accessible(settings.DEFAULT_REALM))
self.assertIsNone(obj1.get_realm())
self.assertTrue(MtInstance.objects.count() == 0)
self.assertTrue(utils.is_accessible_by_realm(self.request, obj1))
self.assertEqual(utils.add_instance_realm_in_headers(obj1, {}), {})
self.assertEqual(utils.add_current_realm_in_headers(self.request, {}),
{})
initial_data = TestModel.objects.all()
self.assertEqual(utils.filter_by_realm(self.request, initial_data),
initial_data)
initial_users = get_user_model().objects.all()
self.assertEqual(
utils.filter_users_by_realm(self.request, initial_users),
initial_users)
obj1.add_to_realm(self.request)
self.assertTrue(MtInstance.objects.count() == 0)
self.assertIsNone(utils.get_auth_group(self.request))
self.assertEqual(self.request.user.groups.count(), 0)
self.assertTrue(
utils.check_user_in_realm(self.request, self.request.user))
utils.add_user_to_realm(self.request, self.request.user)
self.assertEqual(self.request.user.groups.count(), 0)
self.assertTrue(
utils.check_user_in_realm(self.request, self.request.user))
utils.remove_user_from_realm(self.request, self.request.user)
self.assertEqual(self.request.user.groups.count(), 0)
self.assertTrue(
utils.check_user_in_realm(self.request, self.request.user))
self.client.logout()
username = '******'
email = '*****@*****.**'
password = '******'
user = get_user_model().objects.create_user(
f'{TEST_REALM}__{username}', email, password)
token_key = 'token-123456'
Token.objects.create(user=user, key=token_key)
token_headers = {'HTTP_AUTHORIZATION': f'Token {token_key}'}
auth_str = f'{username}:{password}'
basic = base64.b64encode(bytearray(auth_str, 'utf-8')).decode('ascii')
basic_headers = {'HTTP_AUTHORIZATION': f'Basic {basic}'}
auth_str = f'{TEST_REALM}__{username}:{password}'
basic = base64.b64encode(bytearray(auth_str, 'utf-8')).decode('ascii')
basic_realm_headers = {'HTTP_AUTHORIZATION': f'Basic {basic}'}
url = reverse('http-200')
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(
response.json(),
{'detail': 'Authentication credentials were not provided.'})
response = self.client.get(url, **basic_headers)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response.json(),
{'detail': 'Invalid username/password.'})
response = self.client.get(url, **basic_realm_headers)
self.assertEqual(response.status_code, status.HTTP_200_OK)
response = self.client.get(url, **token_headers)
self.assertEqual(response.status_code, status.HTTP_200_OK)
username = '******'
email = '*****@*****.**'
password = '******'
get_user_model().objects.create_superuser(username, email, password)
self.assertTrue(self.client.login(username=username,
password=password))
response = self.client.get(reverse('get-realms'))
self.assertEqual(response.json(),
{'realms': [settings.NO_MULTITENANCY_REALM]})
def test_views(self):
# create data assigned to different realms
realm1_group = utils.get_auth_group(self.request)
obj1 = TestModel.objects.create(name='one')
child1 = TestChildModel.objects.create(name='child1', parent=obj1)
obj1.add_to_realm(self.request)
self.assertEqual(obj1.mt.realm, TEST_REALM)
user1 = get_user_model().objects.create(username='******')
utils.add_user_to_realm(self.request, user1)
# change realm
self.request.COOKIES[settings.REALM_COOKIE] = TEST_REALM_2
realm2_group = utils.get_auth_group(self.request)
self.assertNotEqual(realm1_group, realm2_group)
obj2 = TestModel.objects.create(name='two')
child2 = TestChildModel.objects.create(name='child2', parent=obj2)
obj2.add_to_realm(self.request)
self.assertEqual(obj2.mt.realm, TEST_REALM_2)
user2 = get_user_model().objects.create(username='******')
utils.add_user_to_realm(self.request, user2)
# check users realm groups
self.assertIn(realm1_group, user1.groups.all())
self.assertIn(realm2_group, user2.groups.all())
self.assertEqual(self.request.user.groups.count(), 0)
self.assertNotIn(realm2_group, user1.groups.all())
self.assertNotIn(realm1_group, user2.groups.all())
self.assertEqual(TestModel.objects.count(), 2)
self.assertEqual(TestChildModel.objects.count(), 2)
self.assertEqual(get_user_model().objects.count(), 3)
# check that views only return instances linked to "realm1"
url = reverse('testmodel-list')
response = self.client.get(url)
self.assertEqual(response.client.cookies[settings.REALM_COOKIE].value,
TEST_REALM)
self.assertEqual(response.status_code, status.HTTP_200_OK,
response.content)
data = response.json()
self.assertEqual(data['count'], 1)
# detail endpoint
url = reverse('testmodel-detail', kwargs={'pk': obj1.pk})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
url = reverse('testchildmodel-detail', kwargs={'pk': child1.pk})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# is-accessible endpoint
url = reverse('testmodel-is-accessible', kwargs={'pk': obj1.pk})
response = self.client.head(url)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
url = reverse('testchildmodel-is-accessible', kwargs={'pk': child1.pk})
response = self.client.head(url)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
url = reverse('testchildmodel-is-accessible', kwargs={'pk': 99})
response = self.client.head(url)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# custom endpoint
url = reverse('testmodel-custom-404', kwargs={'pk': obj1.pk})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
url = reverse('testchildmodel-custom-403', kwargs={'pk': child1.pk})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
url = reverse('testchildmodel-custom-403', kwargs={'pk': 99})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
# users
url = reverse('user-list')
response = self.client.get(url)
data = response.json()
# only user1 belongs to TEST_REALM,
# user2 belongs to TEST_REALM_2 and
# self.request.user belongs to none
self.assertEqual(data['count'], 1)
self.assertEqual(data['results'][0]['id'], user1.id,
data['results'][0])
url = reverse('user-detail', kwargs={'pk': user1.pk})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# linked to another realm "realm2" *************************************
# detail endpoint
url = reverse('testmodel-detail', kwargs={'pk': obj2.pk})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
url = reverse('testchildmodel-detail', kwargs={'pk': child2.pk})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# is-accessible endpoint
url = reverse('testmodel-is-accessible', kwargs={'pk': obj2.pk})
response = self.client.head(url)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
url = reverse('testchildmodel-is-accessible', kwargs={'pk': child2.pk})
response = self.client.head(url)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
url = reverse('testchildmodel-is-accessible', kwargs={'pk': 99})
response = self.client.head(url)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# custom endpoint
url = reverse('testmodel-custom-404', kwargs={'pk': obj2.pk})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
url = reverse('testchildmodel-custom-403', kwargs={'pk': child2.pk})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
url = reverse('user-detail', kwargs={'pk': user2.pk})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_serializers(self):
obj1 = TestModelSerializer(
data={'name': 'a name'},
context={'request': self.request},
)
self.assertTrue(obj1.is_valid(), obj1.errors)
# check the user queryset
self.assertFalse(
utils.check_user_in_realm(self.request, self.request.user))
self.assertEqual(obj1.fields['user'].get_queryset().count(), 0)
# we need to add the user to current realm
utils.add_user_to_realm(self.request, self.request.user)
self.assertTrue(
utils.check_user_in_realm(self.request, self.request.user))
self.assertEqual(obj1.fields['user'].get_queryset().count(), 1)
self.assertTrue(MtInstance.objects.count() == 0)
obj1.save()
self.assertTrue(MtInstance.objects.count() > 0)
realm1 = MtInstance.objects.first()
self.assertEqual(realm1.instance.pk, obj1.data['id'])
self.assertEqual(realm1.realm, TEST_REALM)
self.assertIn('/testtestmodel/' + str(obj1.data['id']),
obj1.data['url'])
self.assertIn('/testtestchildmodel/?parent=' + str(obj1.data['id']),
obj1.data['children_url'])
# update and check user name
obj1_upd = TestModelSerializer(
TestModel.objects.get(pk=obj1.data['id']),
data={'user': self.request.user.pk},
context={'request': self.request},
partial=True,
)
self.assertTrue(obj1_upd.is_valid(), obj1_upd.errors)
obj1_upd.save()
self.assertEqual(obj1_upd.data['uname'], 'John Doe')
# create another TestModel instance
obj2 = TestModel.objects.create(name='two')
self.assertFalse(obj2.is_accessible(TEST_REALM))
child1 = TestChildModelSerializer(context={'request': self.request})
# obj2 is not in the child1 parent queryset
self.assertEqual(child1.fields['parent'].get_queryset().count(), 1)
self.assertEqual(child1.fields['parent'].get_queryset().first().pk,
obj1.data['id'])
# try to save a child with the wrong parent
child2 = TestChildModelSerializer(
data={
'name': 'child',
'parent': str(obj2.pk)
},
context={'request': self.request},
)
self.assertFalse(child2.is_valid(), child2.errors)
# {
# 'parent': [
# ErrorDetail(
# string='Invalid pk "#" - object does not exist.',
# code='does_not_exist',
# )
# ]
# }
self.assertEqual(child2.errors['parent'][0].code, 'does_not_exist')
self.assertEqual(str(child2.errors['parent'][0]),
f'Invalid pk "{obj2.pk}" - object does not exist.')