def test_check_proxies_to_verify_auth_client(self, pyramid_request,
verify_auth_client):
AuthClientPolicy.check("someusername", "somepassword", pyramid_request)
verify_auth_client.assert_called_once_with("someusername",
"somepassword",
pyramid_request.db)
def test_check_proxies_to_verify_auth_client(
self, pyramid_request, verify_auth_client
):
AuthClientPolicy.check("someusername", "somepassword", pyramid_request)
verify_auth_client.assert_called_once_with(
"someusername", "somepassword", pyramid_request.db
)
def test_check_doesnt_proxy_to_principals_for_auth_client_if_forwarded_user(
self, user_service, pyramid_request, verify_auth_client,
principals_for_auth_client):
pyramid_request.headers['X-Forwarded-User'] = '******'
AuthClientPolicy.check('someusername', 'somepassword', pyramid_request)
assert principals_for_auth_client.call_count == 0
def test_check_fetches_user_if_forwarded_user(self, pyramid_request,
verify_auth_client,
user_service):
pyramid_request.headers["X-Forwarded-User"] = "******"
AuthClientPolicy.check("someusername", "somepassword", pyramid_request)
user_service.fetch.assert_called_once_with("acct:[email protected]")
def test_check_fetches_user_if_forwarded_user(self, pyramid_request,
verify_auth_client,
user_service):
pyramid_request.headers['X-Forwarded-User'] = '******'
AuthClientPolicy.check('someusername', 'somepassword', pyramid_request)
user_service.fetch.assert_called_once_with('acct:[email protected]')
def test_check_fetches_user_if_forwarded_user(
self, pyramid_request, verify_auth_client, user_service
):
pyramid_request.headers["X-Forwarded-User"] = "******"
AuthClientPolicy.check("someusername", "somepassword", pyramid_request)
user_service.fetch.assert_called_once_with("acct:[email protected]")
def test_check_doesnt_proxy_to_principals_for_auth_client_if_forwarded_user(
self,
user_service,
pyramid_request,
verify_auth_client,
principals_for_auth_client,
):
pyramid_request.headers["X-Forwarded-User"] = "******"
AuthClientPolicy.check("someusername", "somepassword", pyramid_request)
assert principals_for_auth_client.call_count == 0
def test_check_returns_None_if_verify_auth_client_fails(
self, pyramid_request, verify_auth_client):
verify_auth_client.return_value = None
principals = AuthClientPolicy.check("someusername", "somepassword",
pyramid_request)
assert principals is None
def test_check_returns_None_if_fetch_forwarded_user_fails(
self, pyramid_request, verify_auth_client, user_service):
user_service.fetch.return_value = None
pyramid_request.headers["X-Forwarded-User"] = "******"
principals = AuthClientPolicy.check("someusername", "somepassword",
pyramid_request)
assert principals is None
def test_check_returns_None_if_user_fetch_raises_valueError(
self, pyramid_request, verify_auth_client, user_service):
pyramid_request.headers["X-Forwarded-User"] = "******"
user_service.fetch.side_effect = ValueError("whoops")
principals = AuthClientPolicy.check("someusername", "somepassword",
pyramid_request)
assert principals is None
def test_check_returns_None_if_verify_auth_client_fails(
self, pyramid_request, verify_auth_client
):
verify_auth_client.return_value = None
principals = AuthClientPolicy.check(
"someusername", "somepassword", pyramid_request
)
assert principals is None
def test_check_returns_None_if_user_fetch_raises_valueError(
self, pyramid_request, verify_auth_client, user_service):
pyramid_request.headers['X-Forwarded-User'] = '******'
user_service.fetch.side_effect = ValueError('whoops')
principals = AuthClientPolicy.check('someusername', 'somepassword',
pyramid_request)
assert principals is None
def test_check_proxies_to_principals_for_auth_client_if_no_forwarded_user(
self, pyramid_request, verify_auth_client,
principals_for_auth_client):
principals = AuthClientPolicy.check("someusername", "somepassword",
pyramid_request)
assert principals == principals_for_auth_client.return_value
principals_for_auth_client.assert_called_once_with(
verify_auth_client.return_value)
def test_check_returns_None_if_fetch_forwarded_user_fails(
self, pyramid_request, verify_auth_client, user_service
):
user_service.fetch.return_value = None
pyramid_request.headers["X-Forwarded-User"] = "******"
principals = AuthClientPolicy.check(
"someusername", "somepassword", pyramid_request
)
assert principals is None
def test_check_returns_None_if_userid_is_invalid(self, pyramid_request,
verify_auth_client,
user_service):
pyramid_request.headers["X-Forwarded-User"] = "******"
user_service.fetch.side_effect = InvalidUserId("badly_formatted")
principals = AuthClientPolicy.check(mock.sentinel.username,
mock.sentinel.password,
pyramid_request)
assert principals is None
def test_check_proxies_to_principals_for_auth_client_if_no_forwarded_user(
self, pyramid_request, verify_auth_client, principals_for_auth_client
):
principals = AuthClientPolicy.check(
"someusername", "somepassword", pyramid_request
)
assert principals == principals_for_auth_client.return_value
principals_for_auth_client.assert_called_once_with(
verify_auth_client.return_value
)
def test_check_returns_None_if_user_fetch_raises_valueError(
self, pyramid_request, verify_auth_client, user_service
):
pyramid_request.headers["X-Forwarded-User"] = "******"
user_service.fetch.side_effect = ValueError("whoops")
principals = AuthClientPolicy.check(
"someusername", "somepassword", pyramid_request
)
assert principals is None
def test_check_returns_None_if_forwarded_user_authority_mismatch(
self, pyramid_request, verify_auth_client, user_service,
factories):
mismatched_user = factories.User(authority="two.com")
verify_auth_client.return_value = factories.ConfidentialAuthClient(
authority="one.com")
user_service.fetch.return_value = mismatched_user
pyramid_request.headers["X-Forwarded-User"] = mismatched_user.userid
principals = AuthClientPolicy.check("someusername", "somepassword",
pyramid_request)
assert principals is None
def test_check_returns_None_if_forwarded_user_authority_mismatch(
self, pyramid_request, verify_auth_client, user_service, factories
):
mismatched_user = factories.User(authority="two.com")
verify_auth_client.return_value = factories.ConfidentialAuthClient(
authority="one.com"
)
user_service.fetch.return_value = mismatched_user
pyramid_request.headers["X-Forwarded-User"] = mismatched_user.userid
principals = AuthClientPolicy.check(
"someusername", "somepassword", pyramid_request
)
assert principals is None
def test_it_proxies_to_principals_for_user_if_fetch_forwarded_user_ok(
self, pyramid_request, verify_auth_client, user_service, factories,
principals_for_auth_client_user):
matched_user = factories.User(authority="one.com")
verify_auth_client.return_value = factories.ConfidentialAuthClient(
authority="one.com")
user_service.fetch.return_value = matched_user
pyramid_request.headers['X-Forwarded-User'] = matched_user.userid
principals = AuthClientPolicy.check('someusername', 'somepassword',
pyramid_request)
principals_for_auth_client_user.assert_called_once_with(
matched_user, verify_auth_client.return_value)
assert principals == principals_for_auth_client_user.return_value
def test_it_proxies_to_principals_for_user_if_fetch_forwarded_user_ok(
self,
pyramid_request,
verify_auth_client,
user_service,
factories,
principals_for_auth_client_user,
):
matched_user = factories.User(authority="one.com")
verify_auth_client.return_value = factories.ConfidentialAuthClient(
authority="one.com"
)
user_service.fetch.return_value = matched_user
pyramid_request.headers["X-Forwarded-User"] = matched_user.userid
principals = AuthClientPolicy.check(
"someusername", "somepassword", pyramid_request
)
principals_for_auth_client_user.assert_called_once_with(
matched_user, verify_auth_client.return_value
)
assert principals == principals_for_auth_client_user.return_value