def test_user_in_url_resource(self, has_user_in_resource):
user = factories.UserFactory(username='******')
request = self._create_request(
user,
username_in_resource=user.username if has_user_in_resource else 'another_user',
)
self.assertEqual(permissions.IsUserInUrl().has_permission(request, None), has_user_in_resource)
def setUp(self):
super(SessionAuthenticationAllowInactiveUserTests, self).setUp()
self.user = factories.UserFactory(email='inactive',
username='******',
password='******',
is_active=False)
self.request = RequestFactory().get('/')
def test_authenticate_credentials_user_attributes_new_mergeable_attributes(
self):
""" Test whether the user model is being assigned all custom fields from the payload. """
username = '******'
email = '*****@*****.**'
new_tags = {'browser': 'Chrome'}
user = factories.UserFactory(email=email,
username=username,
is_staff=False)
self.assertEqual(user.email, email)
self.assertFalse(user.is_staff)
payload = {
'username': username,
'email': email,
'is_staff': True,
'tags': new_tags
}
# Patch get_or_create so that our tags attribute is on the user object
with mock.patch(
'edx_rest_framework_extensions.auth.jwt.authentication.get_user_model'
) as mock_get_user_model:
mock_get_user_model().objects.get_or_create.return_value = (user,
False)
user = JwtAuthentication().authenticate_credentials(payload)
self.assertEqual(user.tags, new_tags)
self.assertEqual(user.email, email)
self.assertTrue(user.is_staff)
def test_has_permission(self, has_permission):
""" Verify the method only returns True if the user is a superuser. """
request = RequestFactory().get('/')
request.user = factories.UserFactory(is_superuser=has_permission)
permission = IsSuperuser()
self.assertEqual(permission.has_permission(request, None),
has_permission)
def assert_user_authenticated(self):
""" Assert a user can be authenticated with a bearer token. """
user = factories.UserFactory()
self.mock_user_info_response(username=user.username)
request = self.create_authenticated_request()
self.assertEqual(self.auth.authenticate(request),
(user, self.DEFAULT_TOKEN))
def test_authenticate_user_creation_with_existing_user(self):
""" Verify an existing user is returned, if the user already exists. """
user = factories.UserFactory(username=USER_INFO['username'])
self.mock_user_info_response()
request = self.create_authenticated_request()
actual_user, actual_token = self.auth.authenticate(request)
self.assertEqual(actual_token, self.DEFAULT_TOKEN)
self.assertEqual(actual_user, user)
def test_has_permission(self, permission_class, authentication_class, is_restricted):
request = RequestFactory().get('/')
request.successful_authenticator = authentication_class() if authentication_class else None
request.user = factories.UserFactory()
request.auth = generate_jwt(request.user, is_restricted=is_restricted)
is_jwt_auth_subclass = issubclass(type(request.successful_authenticator), JSONWebTokenAuthentication)
has_permission = permission_class().has_permission(request, view=None)
expected_restricted_permission = is_restricted and is_jwt_auth_subclass
if permission_class == permissions.JwtRestrictedApplication:
self.assertEqual(has_permission, expected_restricted_permission)
else:
self.assertEqual(has_permission, not expected_restricted_permission)
def test_resource_takes_precedence_over_param(self):
user = factories.UserFactory(username='******')
request = self._create_request(
user,
username_in_resource='another_user',
username_in_param='this_user',
)
self.assertFalse(permissions.IsUserInUrl().has_permission(request, None))
request = self._create_request(
user,
username_in_resource='this_user',
username_in_param='another_user',
)
self.assertTrue(permissions.IsUserInUrl().has_permission(request, None))
def test_authenticate_credentials_user_attributes_custom_attributes(self):
""" Test whether the user model is being assigned all custom fields from the payload. """
username = '******'
old_email = '*****@*****.**'
new_email = '*****@*****.**'
user = factories.UserFactory(email=old_email, username=username, is_staff=False)
self.assertEqual(user.email, old_email)
self.assertFalse(user.is_staff)
payload = {'username': username, 'email': new_email, 'is_staff': True}
user = JwtAuthentication().authenticate_credentials(payload)
self.assertEqual(user.email, new_email)
self.assertTrue(user.is_staff)
def test_authenticate_credentials_user_updates_default_attributes(self):
""" Test whether the user model is being assigned default fields from the payload. """
username = '******'
old_email = '*****@*****.**'
new_email = '*****@*****.**'
user = factories.UserFactory(email=old_email, username=username, is_staff=False)
self.assertEqual(user.email, old_email)
self.assertFalse(user.is_staff)
payload = {'username': username, 'email': new_email, 'is_staff': True}
user = JwtAuthentication().authenticate_credentials(payload)
self.assertEqual(user.email, new_email)
self.assertFalse(user.is_staff)
def test_get_decoded_jwt_from_auth(self, is_jwt_authentication):
""" Verify get_decoded_jwt_from_auth returns the appropriate value. """
# Mock out the `is_jwt_authenticated` method
authentication.is_jwt_authenticated = lambda request: is_jwt_authentication
user = factories.UserFactory()
payload = generate_latest_version_payload(user)
jwt = generate_jwt_token(payload)
mock_request_with_cookie = mock.Mock(COOKIES={}, auth=jwt)
expected_decoded_jwt = jwt_decode_handler(
jwt) if is_jwt_authentication else None
decoded_jwt = authentication.get_decoded_jwt_from_auth(
mock_request_with_cookie)
self.assertEqual(expected_decoded_jwt, decoded_jwt)
def test_authenticate_credentials_user_attributes_merge_attributes(self):
""" Test whether the user model is being assigned all custom fields from the payload. """
username = '******'
email = '*****@*****.**'
old_tags = {'country': 'USA', 'browser': 'Firefox'}
new_tags = {'browser': 'Chrome', 'new_attr': 'here!'}
new_fun_attr = {'shiny': 'object'}
expected_tags = {
'country': 'USA',
'browser': 'Chrome',
'new_attr': 'here!'
}
old_fruit = {'fruit': 'apple'}
user = factories.UserFactory(email=email,
username=username,
is_staff=False)
setattr(user, 'tags', old_tags)
setattr(user, 'fruit', old_fruit)
self.assertEqual(user.email, email)
self.assertFalse(user.is_staff)
self.assertEqual(user.tags, old_tags)
self.assertEqual(user.fruit, old_fruit)
payload = {
'username': username,
'email': email,
'is_staff': True,
'tags': new_tags,
'fun_attr': new_fun_attr
}
# Patch get_or_create so that our tags attribute is on the user object
with mock.patch(
'edx_rest_framework_extensions.auth.jwt.authentication.get_user_model'
) as mock_get_user_model:
mock_get_user_model().objects.get_or_create.return_value = (user,
False)
user = JwtAuthentication().authenticate_credentials(payload)
self.assertEqual(user.tags, expected_tags)
self.assertEqual(user.email, email)
self.assertTrue(user.is_staff)
self.assertEqual(user.fun_attr, new_fun_attr)
self.assertEqual(user.fruit, old_fruit)
def _get_test_jwt_token(self):
""" Returns a user and jwt token """
user = factories.UserFactory()
payload = generate_latest_version_payload(user)
jwt_token = generate_jwt_token(payload)
return jwt_token
def test_authenticate_inactive_user(self):
""" If the user matching the access token is inactive, the method should raise an exception. """
user = factories.UserFactory(is_active=False)
self.mock_user_info_response(username=user.username)
self.assert_authentication_failed()
def test_superuser_has_permission(self, has_permission):
request = RequestFactory().get('/')
request.user = factories.UserFactory(is_superuser=has_permission)
permission = permissions.IsSuperuser()
self.assertEqual(permission.has_permission(request, None),
has_permission)
def test_has_permission(self, is_staff):
request = RequestFactory().get('/')
request.user = factories.UserFactory(is_staff=is_staff)
self.assertEqual(permissions.IsStaff().has_permission(request, None),
is_staff)
def setUp(self):
super().setUp()
self.user = factories.UserFactory(
email='inactive', username='******', password='******', is_active=False
)
self.request = RequestFactory().get('/')
