def test_add_samlaccount_to_existing_user_with_varying_email(self): email = '*****@*****.**' t_user = self.setup_user( email=email, token_scope='rw:profile rw:issuer rw:backpack') preflight_response = self.client.get( reverse('v2_api_user_socialaccount_connect') + '?provider={}'.format(self.config.slug)) self.assertEqual(preflight_response.status_code, 200) location = urlparse(preflight_response.data['result']['url']) authcode = parse_qs(location.query)['authCode'][0] location = '?'.join([location.path, location.query]) # the location now includes an auth code self.client.logout() response = self.client.get(location) self.assertEqual(response.status_code, 302) location = response._headers['location'][1] response = self.client.get(location) self.assertEqual(response.status_code, 302) # Can auto provision again rf = RequestFactory() fake_request = rf.post( reverse('assertion_consumer_service', kwargs={'idp_name': self.config.slug}), {'saml_assertion': 'very fake'}) email2 = '*****@*****.**' resp = auto_provision(fake_request, [email2], t_user.first_name, t_user.last_name, self.config) self.assertEqual(resp.status_code, 302) fake_request.session = dict() set_session_authcode(fake_request, authcode) set_session_badgr_app(fake_request, self.badgr_app) fake_request.session['idp_name'] = self.config.slug resp = self.client.get(resp.url) self.assertEqual(resp.status_code, 302) self.assertIn("authToken", resp.url) self.assertIn(self.badgr_app.ui_login_redirect, resp.url) Saml2Account.objects.get( user=t_user) # There is a Saml account associated with the user. CachedEmailAddress.objects.get(email=email2, user=t_user, verified=True, primary=False) # User has the email. email3 = '*****@*****.**' resp = auto_provision(fake_request, [email2, email3], t_user.first_name, t_user.last_name, self.config) CachedEmailAddress.objects.get(email=email3, user=t_user, verified=True, primary=False) # User has new email.
def test_saml2_login_with_conflicts(self): email = "*****@*****.**" email2 = "*****@*****.**" first_name = "firsty" last_name = "lastington" idp_name = self.config.slug badgr_app = self.badgr_app # email does not exist resp = auto_provision(None, "*****@*****.**", first_name, last_name, badgr_app, self.config, self.config.slug) self.assertEqual(resp.status_code, 302) self.assertIn("authToken", resp.url) self.assertEqual(Saml2Account.objects.all().count(), 1) email_address = CachedEmailAddress.objects.get( email='*****@*****.**') self.assertTrue(email_address.verified) self.assertTrue(email_address.primary) # email exists, but is unverified BadgeUser.objects.create(email=email, first_name=first_name, last_name=last_name, send_confirmation=False) resp = auto_provision(None, email, first_name, last_name, badgr_app, self.config, self.config.slug) self.assertEqual(resp.status_code, 302) self.assertIn("authToken", resp.url) email_address = CachedEmailAddress.objects.get(email=email) self.assertTrue(email_address.verified) self.assertTrue(email_address.primary) # Can auto provision again resp = auto_provision(None, email, first_name, last_name, badgr_app, self.config, self.config.slug) self.assertEqual(resp.status_code, 302) self.assertIn("authToken", resp.url) # email exists, but is verified BadgeUser.objects.create(email=email2, first_name=first_name, last_name=last_name, send_confirmation=False) cachedemail = CachedEmailAddress.objects.get(email=email2) cachedemail.verified = True cachedemail.save() saml_account_count = Saml2Account.objects.count() resp = auto_provision(None, email2, first_name, last_name, badgr_app, self.config, self.config.slug) self.assertEqual(resp.status_code, 302) self.assertIn("authError", resp.url) self.assertIn(self.config.slug, resp.url) self.assertEqual(saml_account_count, Saml2Account.objects.count(), "A Saml2Account must not have been created.")
def test_login_with_email_variant(self): email = "*****@*****.**" first_name = "firsty" last_name = "lastington" resp = auto_provision(None, [email], first_name, last_name, self.config) self.assertEqual(resp.status_code, 302) resp = self.client.get(resp.url) self.assertEqual(resp.status_code, 302) resp = self.client.get(resp.url) self.assertEqual(resp.status_code, 302) self.assertIn("authToken", resp.url) email = "*****@*****.**" resp = auto_provision(None, [email], first_name, last_name, self.config) self.assertIn("authcode", resp.url)
def test_saml2_login_with_conflicts(self): email = "*****@*****.**" email2 = "*****@*****.**" first_name = "firsty" last_name = "lastington" idp_name = self.config.slug badgr_app = BadgrApp.objects.create( ui_login_redirect="https://example.com", ui_signup_failure_redirect='https://example.com/fail') # email does not exist resp = auto_provision(None, "*****@*****.**", first_name, last_name, badgr_app, self.config, self.config.slug) self.assertEqual(resp.status_code, 302) self.assertIn("authToken", resp.url) # email exists, but is unverified BadgeUser.objects.create(email=email, first_name=first_name, last_name=last_name, send_confirmation=False) resp = auto_provision(None, email, first_name, last_name, badgr_app, self.config, self.config.slug) self.assertEqual(resp.status_code, 302) self.assertIn("authToken", resp.url) # Can auto provision again resp = auto_provision(None, email, first_name, last_name, badgr_app, self.config, self.config.slug) self.assertEqual(resp.status_code, 302) self.assertIn("authToken", resp.url) # email exists, but is verified BadgeUser.objects.create(email=email2, first_name=first_name, last_name=last_name, send_confirmation=False) cachedemail = CachedEmailAddress.objects.get(email=email2) cachedemail.verified = True cachedemail.save() resp = auto_provision(None, email2, first_name, last_name, badgr_app, self.config, self.config.slug) self.assertEqual(resp.status_code, 302) self.assertIn("authError", resp.url) self.assertIn(self.config.slug, resp.url)
def test_login_with_unregistered_saml2_account(self): email = "*****@*****.**" first_name = "firsty" last_name = "lastington" badgr_app = self.badgr_app resp = auto_provision(None, email, first_name, last_name, badgr_app, self.config, self.config.slug) self.assertEqual(resp.status_code, 302) self.assertIn("authToken", resp.url)
def test_add_samlaccount_to_existing_user(self): # email exists, but is verified email = '*****@*****.**' test_user = self.setup_user( email=email, token_scope='rw:profile rw:issuer rw:backpack') preflight_response = self.client.get( reverse('v2_api_user_socialaccount_connect') + '?provider={}'.format(self.config.slug)) self.assertEqual(preflight_response.status_code, 200) location = urlparse(preflight_response.data['result']['url']) authcode = parse_qs(location.query)['authCode'][0] location = '?'.join([location.path, location.query]) # the location now includes an auth code self.client.logout() response = self.client.get(location) self.assertEqual(response.status_code, 302) location = response._headers['location'][1] response = self.client.get(location) self.assertEqual(response.status_code, 302) # Can auto provision again rf = RequestFactory() fake_request = rf.post( reverse('assertion_consumer_service', kwargs={'idp_name': self.config.slug}), {'saml_assertion': 'very fake'}) fake_request.session = dict() set_session_authcode(fake_request, authcode) resp = auto_provision(fake_request, [email], test_user.first_name, test_user.last_name, self.config) self.assertEqual(resp.status_code, 302) resp = self.client.get(resp.url) self.assertEqual(resp.status_code, 302) resp = self.client.get(resp.url) self.assertEqual(resp.status_code, 302) self.assertIn("authToken", resp.url) account = Saml2Account.objects.get(user=test_user)
def test_login_with_registered_saml2_account(self): email = "*****@*****.**" first_name = "firsty" last_name = "lastington" new_user = BadgeUser.objects.create( email=email, first_name=first_name, last_name=last_name, ) # Auto verify emails email = CachedEmailAddress.objects.get(email=email) email.verified = True email.save() Saml2Account.objects.create(config=self.config, user=new_user, uuid=email) badgr_app = BadgrApp.objects.create(ui_login_redirect="example.com") resp = auto_provision(None, email, first_name, last_name, badgr_app, self.config, self.config.slug) self.assertEqual(resp.status_code, 302) self.assertIn("authToken", resp.url)