def test_random_source(self, authenticate_mock):
backend = MozilliansAuthBackend()
request_mock = Mock()
request_mock.META = {'HTTP_REFERER': settings.SITE_URL + '/?source=foobar'}
backend.request = request_mock
backend.authenticate(request=request_mock)
eq_(backend.referral_source, None)
def test_filter_users_by_secondary_email(self):
backend = MozilliansAuthBackend()
user = UserFactory.create(email='*****@*****.**')
kwargs = {'type': ExternalAccount.TYPE_EMAIL, 'identifier': '*****@*****.**'}
user.userprofile.externalaccount_set.create(**kwargs)
result = backend.filter_users_by_email('*****@*****.**')
eq_(result[0], user)
def setUp(self):
"""Setup class."""
# Avoid circular dependencies
from mozillians.common.authbackend import MozilliansAuthBackend
self.backend = MozilliansAuthBackend()
def test_get_involved_source(self, authenticate_mock):
backend = MozilliansAuthBackend()
request_mock = Mock()
request_mock.META = {'HTTP_REFERER': settings.SITE_URL + '/?source=contribute'}
backend.request = request_mock
backend.authenticate(request=request_mock)
eq_(backend.referral_source, 'contribute')
def test_random_source(self, authenticate_mock):
backend = MozilliansAuthBackend()
request_mock = Mock()
request_mock.META = {
'HTTP_REFERER': settings.SITE_URL + '/?source=foobar'
}
backend.request = request_mock
backend.authenticate(request=request_mock)
eq_(backend.referral_source, None)
def test_get_involved_source(self, authenticate_mock):
backend = MozilliansAuthBackend()
request_mock = Mock()
request_mock.META = {
'HTTP_REFERER': settings.SITE_URL + '/?source=contribute'
}
backend.request = request_mock
backend.authenticate(request=request_mock)
eq_(backend.referral_source, 'contribute')
def test_filter_users_by_secondary_email(self):
backend = MozilliansAuthBackend()
user = UserFactory.create(email='*****@*****.**')
kwargs = {
'type': ExternalAccount.TYPE_EMAIL,
'identifier': '*****@*****.**'
}
user.userprofile.externalaccount_set.create(**kwargs)
result = backend.filter_users_by_email('*****@*****.**')
eq_(result[0], user)
def test_create_user_integrity_error(self):
backend = MozilliansAuthBackend()
backend.User = Mock()
error = IntegrityError()
user = UserFactory.create()
backend.User.objects.create_user.side_effect = error
backend.User.objects.get.return_value = user
eq_(backend.create_user('*****@*****.**'), user)
backend.User.DoesNotExist = Exception
backend.User.objects.get.side_effect = backend.User.DoesNotExist
with self.assertRaises(IntegrityError) as e:
backend.create_user('*****@*****.**')
eq_(e.exception, error)
def test_create_user_integrity_error(self):
backend = MozilliansAuthBackend()
backend.User = Mock()
error = IntegrityError()
user = UserFactory.create()
backend.User.objects.create_user.side_effect = error
backend.User.objects.get.return_value = user
eq_(backend.create_user('*****@*****.**'), user)
backend.User.DoesNotExist = Exception
backend.User.objects.get.side_effect = backend.User.DoesNotExist
with self.assertRaises(IntegrityError) as e:
backend.create_user('*****@*****.**')
eq_(e.exception, error)
def setUp(self):
"""Setup class."""
# Avoid circular dependencies
from mozillians.common.authbackend import MozilliansAuthBackend
self.backend = MozilliansAuthBackend()
class MozilliansAuthBackendTests(TestCase):
"""Test Mozillian's Authentication Backend."""
@override_settings(OIDC_OP_TOKEN_ENDPOINT='https://server.example.com/token')
@override_settings(OIDC_OP_USER_ENDPOINT='https://server.example.com/user')
@override_settings(OIDC_RP_CLIENT_ID='example_id')
@override_settings(OIDC_RP_CLIENT_SECRET='client_secret')
def setUp(self):
"""Setup class."""
# Avoid circular dependencies
from mozillians.common.authbackend import MozilliansAuthBackend
self.backend = MozilliansAuthBackend()
def test_add_a_new_email(self):
"""Test to add a new email in an authenticated user."""
user = UserFactory.create(email='*****@*****.**')
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
request_mock.user.is_authenticated = Mock()
request_mock.user.is_authenticated.return_value = True
self.backend.request = request_mock
claims = {
'email': '*****@*****.**'
}
email_q = ExternalAccount.objects.filter(type=ExternalAccount.TYPE_EMAIL,
user=user.userprofile,
identifier='*****@*****.**')
ok_(not email_q.exists())
returned_user = self.backend.filter_users_by_claims(claims)
email_q = ExternalAccount.objects.filter(type=ExternalAccount.TYPE_EMAIL,
user=user.userprofile,
identifier='*****@*****.**')
ok_(email_q.exists())
eq_(len(returned_user), 1)
eq_(returned_user[0], user)
@patch('mozillians.common.authbackend.messages.error')
def test_alternate_email_already_exists(self, mocked_message):
"""Test to add an email that already exists."""
user = UserFactory.create(email='*****@*****.**')
ExternalAccount.objects.create(type=ExternalAccount.TYPE_EMAIL,
user=user.userprofile,
identifier='*****@*****.**')
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
request_mock.user.is_authenticated = Mock()
request_mock.user.is_authenticated.return_value = True
self.backend.request = request_mock
claims = {
'email': '*****@*****.**'
}
returned_user = self.backend.filter_users_by_claims(claims)
email_q = ExternalAccount.objects.filter(type=ExternalAccount.TYPE_EMAIL,
user=user.userprofile,
identifier='*****@*****.**')
ok_(email_q.exists())
eq_(len(returned_user), 1)
eq_(returned_user[0], user)
ok_(not mocked_message.called)
@patch('mozillians.common.authbackend.messages.error')
def test_add_primary_email_as_alternate(self, mocked_message):
"""Test to add the primary email as alternate."""
user = UserFactory.create(email='*****@*****.**')
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
request_mock.user.is_authenticated = Mock()
request_mock.user.is_authenticated.return_value = True
self.backend.request = request_mock
claims = {
'email': '*****@*****.**'
}
self.backend.filter_users_by_claims(claims)
email_q = ExternalAccount.objects.filter(type=ExternalAccount.TYPE_EMAIL,
user=user.userprofile,
identifier='*****@*****.**')
ok_(not mocked_message.called)
ok_(not email_q.exists())
@patch('mozillians.common.authbackend.messages.error')
def test_add_email_belonging_to_other_user(self, mocked_message):
"""Test to add an email belonging to another user."""
user1 = UserFactory.create(email='*****@*****.**')
UserFactory.create(email='*****@*****.**')
request_mock = Mock(spec=HttpRequest)
request_mock.user = user1
request_mock.user.is_authenticated = Mock()
request_mock.user.is_authenticated.return_value = True
self.backend.request = request_mock
claims = {
'email': '*****@*****.**'
}
returned_user = self.backend.filter_users_by_claims(claims)
email_q = ExternalAccount.objects.filter(type=ExternalAccount.TYPE_EMAIL,
user=user1.userprofile,
identifier='*****@*****.**')
mocked_message.assert_called_once_with(request_mock, u'Email [email protected] already '
'exists in the database.')
ok_(not email_q.exists())
eq_(len(returned_user), 1)
eq_(returned_user[0], user1)
class MozilliansAuthBackendTests(TestCase):
"""Test Mozillian's Authentication Backend."""
@override_settings(OIDC_OP_TOKEN_ENDPOINT='https://server.example.com/token')
@override_settings(OIDC_OP_USER_ENDPOINT='https://server.example.com/user')
@override_settings(OIDC_RP_CLIENT_ID='example_id')
@override_settings(OIDC_RP_CLIENT_SECRET='client_secret')
def setUp(self):
"""Setup class."""
# Avoid circular dependencies
from mozillians.common.authbackend import MozilliansAuthBackend
self.backend = MozilliansAuthBackend()
@patch('mozillians.common.authbackend.messages')
def test_add_a_new_email_identity(self, mocked_message):
"""Test to add a new email in an authenticated user."""
user = UserFactory.create(email='*****@*****.**')
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id='email|',
email=user.email,
primary=True
)
claims = {
'email': '*****@*****.**',
'user_id': 'ad|ldap'
}
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
email_q = IdpProfile.objects.filter(profile=user.userprofile,
email='*****@*****.**')
ok_(not email_q.exists())
returned_user = self.backend.check_authentication_method(user)
email_q = IdpProfile.objects.filter(profile=user.userprofile,
email='*****@*****.**')
ok_(email_q.exists())
eq_(returned_user, user)
ok_(not mocked_message.called)
@patch('mozillians.common.authbackend.messages')
def test_identity_already_exists(self, mocked_message):
"""Test to add an email that already exists."""
user = UserFactory.create(email='*****@*****.**')
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id='email|',
email=user.email,
primary=True
)
claims = {
'email': '*****@*****.**',
'user_id': 'email|'
}
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
self.backend.check_authentication_method(user)
idp_q = IdpProfile.objects.filter(auth0_user_id='email|',
email=user.email,
profile=user.userprofile)
eq_(idp_q.count(), 1)
ok_(not mocked_message.called)
@patch('mozillians.common.authbackend.messages')
def test_identity_single_auth0_id_multiple_emails(self, mocked_message):
"""Test to add an email that already exists."""
user = UserFactory.create(email='*****@*****.**')
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id='github|12345',
email='*****@*****.**',
primary=True
)
claims = {
'email': '*****@*****.**',
'user_id': 'github|12345'
}
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
self.backend.check_authentication_method(user)
eq_(IdpProfile.objects.filter(
profile=user.userprofile, primary=True, email='*****@*****.**').count(), 1)
eq_(IdpProfile.objects.filter(
profile=user.userprofile, primary=False, email='*****@*****.**').count(), 1)
@patch('mozillians.common.authbackend.messages')
def test_add_idp_wrong_flow(self, mocked_message):
"""Test logging in with a weaker provider compared to the current one"""
user = UserFactory.create(email='*****@*****.**')
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id='ad|foobar',
primary=True
)
claims = {
'email': '*****@*****.**',
'user_id': 'foobar'
}
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
returned_user = self.backend.check_authentication_method(user)
msg = 'Please use one of the following authentication methods: LDAP Provider'
mocked_message.error.assert_called_once_with(request_mock, msg)
eq_(returned_user, None)
def test_filter_users_with_email_belonging_to_non_primary_identity(self):
"""Test filter users with a non primary identity."""
user = UserFactory.create(email='*****@*****.**')
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id='email|1',
email='*****@*****.**',
primary=False
)
claims = {
'email': '*****@*****.**',
'user_id': 'email|1'
}
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
users = self.backend.filter_users_by_claims(claims)
idp_q = IdpProfile.objects.filter(auth0_user_id='email|1',
email='*****@*****.**',
profile=user.userprofile)
eq_(idp_q.count(), 1)
eq_(users[0], user)
def test_filter_users_with_a_non_existing_identity(self):
"""Test filter users with a non primary identity."""
user = UserFactory.create(email='*****@*****.**')
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id='email|1',
email='*****@*****.**',
primary=True
)
claims = {
'email': '*****@*****.**',
'user_id': 'email|2'
}
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
users = self.backend.filter_users_by_claims(claims)
idp_q = IdpProfile.objects.filter(auth0_user_id='email|1',
email='*****@*****.**',
profile=user.userprofile)
eq_(idp_q.count(), 1)
eq_(list(users), [])
class MozilliansAuthBackendTests(TestCase):
"""Test Mozillian's Authentication Backend."""
@override_settings(
OIDC_OP_TOKEN_ENDPOINT='https://server.example.com/token')
@override_settings(OIDC_OP_USER_ENDPOINT='https://server.example.com/user')
@override_settings(OIDC_RP_CLIENT_ID='example_id')
@override_settings(OIDC_RP_CLIENT_SECRET='client_secret')
def setUp(self):
"""Setup class."""
# Avoid circular dependencies
from mozillians.common.authbackend import MozilliansAuthBackend
self.backend = MozilliansAuthBackend()
def test_add_a_new_email(self):
"""Test to add a new email in an authenticated user."""
user = UserFactory.create(email='*****@*****.**')
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
request_mock.user.is_authenticated = Mock()
request_mock.user.is_authenticated.return_value = True
self.backend.request = request_mock
claims = {'email': '*****@*****.**'}
email_q = ExternalAccount.objects.filter(
type=ExternalAccount.TYPE_EMAIL,
user=user.userprofile,
identifier='*****@*****.**')
ok_(not email_q.exists())
returned_user = self.backend.filter_users_by_claims(claims)
email_q = ExternalAccount.objects.filter(
type=ExternalAccount.TYPE_EMAIL,
user=user.userprofile,
identifier='*****@*****.**')
ok_(email_q.exists())
eq_(len(returned_user), 1)
eq_(returned_user[0], user)
@patch('mozillians.common.authbackend.messages.error')
def test_alternate_email_already_exists(self, mocked_message):
"""Test to add an email that already exists."""
user = UserFactory.create(email='*****@*****.**')
ExternalAccount.objects.create(type=ExternalAccount.TYPE_EMAIL,
user=user.userprofile,
identifier='*****@*****.**')
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
request_mock.user.is_authenticated = Mock()
request_mock.user.is_authenticated.return_value = True
self.backend.request = request_mock
claims = {'email': '*****@*****.**'}
returned_user = self.backend.filter_users_by_claims(claims)
email_q = ExternalAccount.objects.filter(
type=ExternalAccount.TYPE_EMAIL,
user=user.userprofile,
identifier='*****@*****.**')
ok_(email_q.exists())
eq_(len(returned_user), 1)
eq_(returned_user[0], user)
mocked_message.assert_called_once_with(
request_mock, u'Email [email protected] already '
'exists in the database.')
@patch('mozillians.common.authbackend.messages.error')
def test_add_primary_email_as_alternate(self, mocked_message):
"""Test to add the primary email as alternate."""
user = UserFactory.create(email='*****@*****.**')
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
request_mock.user.is_authenticated = Mock()
request_mock.user.is_authenticated.return_value = True
self.backend.request = request_mock
claims = {'email': '*****@*****.**'}
self.backend.filter_users_by_claims(claims)
email_q = ExternalAccount.objects.filter(
type=ExternalAccount.TYPE_EMAIL,
user=user.userprofile,
identifier='*****@*****.**')
mocked_message.assert_called_once_with(
request_mock, u'Email [email protected] already '
'exists in the database.')
ok_(not email_q.exists())
@patch('mozillians.common.authbackend.messages.error')
def test_add_email_belonging_to_other_user(self, mocked_message):
"""Test to add an email belonging to another user."""
user1 = UserFactory.create(email='*****@*****.**')
UserFactory.create(email='*****@*****.**')
request_mock = Mock(spec=HttpRequest)
request_mock.user = user1
request_mock.user.is_authenticated = Mock()
request_mock.user.is_authenticated.return_value = True
self.backend.request = request_mock
claims = {'email': '*****@*****.**'}
returned_user = self.backend.filter_users_by_claims(claims)
email_q = ExternalAccount.objects.filter(
type=ExternalAccount.TYPE_EMAIL,
user=user1.userprofile,
identifier='*****@*****.**')
mocked_message.assert_called_once_with(
request_mock, u'Email [email protected] already '
'exists in the database.')
ok_(not email_q.exists())
eq_(len(returned_user), 1)
eq_(returned_user[0], user1)
class MozilliansAuthBackendTests(TestCase):
"""Test Mozillian's Authentication Backend."""
@override_settings(OIDC_OP_TOKEN_ENDPOINT='https://server.example.com/token')
@override_settings(OIDC_OP_USER_ENDPOINT='https://server.example.com/user')
@override_settings(OIDC_RP_CLIENT_ID='example_id')
@override_settings(OIDC_RP_CLIENT_SECRET='client_secret')
def setUp(self):
"""Setup class."""
# Avoid circular dependencies
from mozillians.common.authbackend import MozilliansAuthBackend
self.backend = MozilliansAuthBackend()
def test_add_a_new_email_identity(self):
"""Test to add a new email in an authenticated user."""
user = UserFactory.create(email='*****@*****.**')
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id='email|',
email=user.email,
primary=True
)
claims = {
'email': '*****@*****.**',
'user_id': 'ad|ldap'
}
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
email_q = IdpProfile.objects.filter(profile=user.userprofile,
email='*****@*****.**')
ok_(not email_q.exists())
returned_user = self.backend.check_authentication_method(user)
email_q = IdpProfile.objects.filter(profile=user.userprofile,
email='*****@*****.**')
ok_(email_q.exists())
eq_(returned_user, user)
def test_identity_already_exists(self):
"""Test to add an email that already exists."""
user = UserFactory.create(email='*****@*****.**')
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id='email|',
email=user.email,
primary=True
)
claims = {
'email': '*****@*****.**',
'user_id': 'email|'
}
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
self.backend.check_authentication_method(user)
idp_q = IdpProfile.objects.filter(auth0_user_id='email|',
email=user.email,
profile=user.userprofile)
eq_(idp_q.count(), 1)
def test_identity_single_auth0_id_multiple_emails(self):
"""Test to add an email that already exists."""
user = UserFactory.create(email='*****@*****.**')
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id='github|12345',
email='*****@*****.**',
primary=True
)
claims = {
'email': '*****@*****.**',
'user_id': 'github|12345',
'nickname': 'foo'
}
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
self.backend.check_authentication_method(user)
eq_(IdpProfile.objects.filter(
profile=user.userprofile, primary=True,
username='******', email='*****@*****.**').count(), 1)
eq_(IdpProfile.objects.filter(
profile=user.userprofile, primary=False,
email='*****@*****.**').count(), 1)
def test_filter_users_with_email_belonging_to_non_primary_identity(self):
"""Test filter users with a non primary identity."""
user = UserFactory.create(email='*****@*****.**')
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id='email|1',
email='*****@*****.**',
primary=True
)
claims = {
'email': '*****@*****.**',
'user_id': 'email|1'
}
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
users = self.backend.filter_users_by_claims(claims)
idp_q = IdpProfile.objects.filter(auth0_user_id='email|1',
email='*****@*****.**',
profile=user.userprofile)
eq_(idp_q.count(), 1)
eq_(users[0], user)
def test_filter_users_with_a_non_existing_identity(self):
"""Test filter users with a non primary identity."""
user = UserFactory.create(email='*****@*****.**')
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id='email|1',
email='*****@*****.**',
primary=True
)
claims = {
'email': '*****@*****.**',
'user_id': 'email|2'
}
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
users = self.backend.filter_users_by_claims(claims)
idp_q = IdpProfile.objects.filter(auth0_user_id='email|1',
email='*****@*****.**',
profile=user.userprofile)
eq_(idp_q.count(), 1)
eq_(list(users), [])
@override_settings(CAN_VOUCH_THRESHOLD=1)
def test_auto_vouching(self):
claims = {
'email': '*****@*****.**',
'user_id': 'ad|[email protected]',
'https://sso.mozilla.com/claim/groups': ['hris_is_staff']
}
user = UserFactory.create(vouched=False, email='*****@*****.**')
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id='ad|[email protected]',
email='*****@*****.**',
primary=True
)
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
returned_user = self.backend.check_authentication_method(user)
ok_(returned_user.userprofile.is_vouched)
eq_(returned_user.userprofile.vouches_received.all()[0].autovouch, True)
def test_auto_vouching_missing_is_staff_attribute(self):
claims = {
'email': '*****@*****.**',
'user_id': 'ad|[email protected]',
'https://sso.mozilla.com/claim/groups': ['hello world']
}
user = UserFactory.create(vouched=False, email='*****@*****.**')
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id='ad|[email protected]',
email='*****@*****.**',
primary=True
)
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
returned_user = self.backend.check_authentication_method(user)
ok_(not returned_user.userprofile.is_vouched)
class MozilliansAuthBackendTests(TestCase):
"""Test Mozillian's Authentication Backend."""
@override_settings(
OIDC_OP_TOKEN_ENDPOINT="https://server.example.com/token")
@override_settings(OIDC_OP_USER_ENDPOINT="https://server.example.com/user")
@override_settings(OIDC_RP_CLIENT_ID="example_id")
@override_settings(OIDC_RP_CLIENT_SECRET="client_secret")
def setUp(self):
"""Setup class."""
# Avoid circular dependencies
from mozillians.common.authbackend import MozilliansAuthBackend
self.backend = MozilliansAuthBackend()
def test_add_a_new_email_identity(self):
"""Test to add a new email in an authenticated user."""
user = UserFactory.create(email="*****@*****.**")
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id="email|",
email=user.email,
primary=True,
)
claims = {"email": "*****@*****.**", "user_id": "ad|ldap"}
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
email_q = IdpProfile.objects.filter(profile=user.userprofile,
email="*****@*****.**")
ok_(not email_q.exists())
returned_user = self.backend.check_authentication_method(user)
email_q = IdpProfile.objects.filter(profile=user.userprofile,
email="*****@*****.**")
ok_(email_q.exists())
eq_(returned_user, user)
def test_identity_already_exists(self):
"""Test to add an email that already exists."""
user = UserFactory.create(email="*****@*****.**")
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id="email|",
email=user.email,
primary=True,
)
claims = {"email": "*****@*****.**", "user_id": "email|"}
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
self.backend.check_authentication_method(user)
idp_q = IdpProfile.objects.filter(auth0_user_id="email|",
email=user.email,
profile=user.userprofile)
eq_(idp_q.count(), 1)
def test_identity_single_auth0_id_multiple_emails(self):
"""Test to add an email that already exists."""
user = UserFactory.create(email="*****@*****.**")
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id="github|12345",
email="*****@*****.**",
primary=True,
)
claims = {
"email": "*****@*****.**",
"user_id": "github|12345",
"nickname": "foo",
}
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
self.backend.check_authentication_method(user)
eq_(
IdpProfile.objects.filter(
profile=user.userprofile,
primary=True,
username="******",
email="*****@*****.**",
).count(),
1,
)
eq_(
IdpProfile.objects.filter(profile=user.userprofile,
primary=False,
email="*****@*****.**").count(),
1,
)
def test_filter_users_with_email_belonging_to_non_primary_identity(self):
"""Test filter users with a non primary identity."""
user = UserFactory.create(email="*****@*****.**")
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id="email|1",
email="*****@*****.**",
primary=True,
)
claims = {"email": "*****@*****.**", "user_id": "email|1"}
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
users = self.backend.filter_users_by_claims(claims)
idp_q = IdpProfile.objects.filter(auth0_user_id="email|1",
email="*****@*****.**",
profile=user.userprofile)
eq_(idp_q.count(), 1)
eq_(users[0], user)
def test_filter_users_with_a_non_existing_identity(self):
"""Test filter users with a non primary identity."""
user = UserFactory.create(email="*****@*****.**")
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id="email|1",
email="*****@*****.**",
primary=True,
)
claims = {"email": "*****@*****.**", "user_id": "email|2"}
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
users = self.backend.filter_users_by_claims(claims)
idp_q = IdpProfile.objects.filter(auth0_user_id="email|1",
email="*****@*****.**",
profile=user.userprofile)
eq_(idp_q.count(), 1)
eq_(list(users), [])
@override_settings(CAN_VOUCH_THRESHOLD=1)
def test_auto_vouching(self):
claims = {
"email": "*****@*****.**",
"user_id": "ad|[email protected]",
"https://sso.mozilla.com/claim/groups": ["hris_is_staff"],
}
user = UserFactory.create(vouched=False, email="*****@*****.**")
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id="ad|[email protected]",
email="*****@*****.**",
primary=True,
)
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
returned_user = self.backend.check_authentication_method(user)
ok_(returned_user.userprofile.is_vouched)
eq_(returned_user.userprofile.vouches_received.all()[0].autovouch,
True)
def test_auto_vouching_missing_is_staff_attribute(self):
claims = {
"email": "*****@*****.**",
"user_id": "ad|[email protected]",
"https://sso.mozilla.com/claim/groups": ["hello world"],
}
user = UserFactory.create(vouched=False, email="*****@*****.**")
IdpProfile.objects.create(
profile=user.userprofile,
auth0_user_id="ad|[email protected]",
email="*****@*****.**",
primary=True,
)
request_mock = Mock(spec=HttpRequest)
request_mock.user = user
self.backend.claims = claims
self.backend.request = request_mock
returned_user = self.backend.check_authentication_method(user)
ok_(not returned_user.userprofile.is_vouched)
