Ejemplo n.º 1
0
def test_superuser_force_mfa_auth(rf, superuser):
    request = rf.get('/admin/')
    request.user = superuser
    TOTPDevice.objects.create(user=superuser, confirmed=True)

    middleware = VerifyUserMiddleware()
    response = middleware.process_request(request)
    assert response.url == '%s?next=/admin/' % reverse('wagtail_2fa_auth')
Ejemplo n.º 2
0
def test_specifiying_wagtail_mount_point_does_prepend_allowed_paths_with_wagtail_mount_path(
        settings):
    settings.WAGTAIL_MOUNT_PATH = '/wagtail'
    route_names = VerifyUserMiddleware()._allowed_url_names
    allowed_paths = VerifyUserMiddleware()._get_paths(route_names)

    for allowed_path in allowed_paths:
        assert allowed_path.startswith(settings.WAGTAIL_MOUNT_PATH)
Ejemplo n.º 3
0
def test_superuser_dont_require_register_device(rf, superuser, settings):
    settings.WAGTAIL_2FA_REQUIRED = False

    request = rf.get("/admin/")
    request.user = superuser

    middleware = VerifyUserMiddleware(lambda x: x)
    response = middleware.process_request(request)
    assert response is None
Ejemplo n.º 4
0
def test_verified_request(rf, superuser):
    request = rf.get("/admin/")
    request.user = superuser
    device = TOTPDevice.objects.create(user=superuser, confirmed=True)
    otp_login(request, device)

    middleware = VerifyUserMiddleware()
    response = middleware.process_request(request)
    assert response is None
Ejemplo n.º 5
0
def test_superuser_require_register_device(rf, superuser, settings):
    settings.WAGTAIL_2FA_REQUIRED = True

    request = rf.get('/admin/')
    request.user = superuser

    middleware = VerifyUserMiddleware()
    response = middleware.process_request(request)
    assert response.url == '%s?next=/admin/' % reverse(
        'wagtail_2fa_device_new')
Ejemplo n.º 6
0
def test_not_specifiying_wagtail_mount_point_does_not_prepend_allowed_paths_with_wagtail_mount_path(
        settings):
    settings.WAGTAIL_MOUNT_PATH = ''
    allowed_paths = VerifyUserMiddleware()._allowed_paths

    for allowed_path in allowed_paths:
        assert allowed_path.startswith('/cms')
Ejemplo n.º 7
0
def test_superuser_require_register_device(rf, superuser):
    request = rf.get("/admin/")
    request.user = superuser
    middleware = VerifyUserMiddleware(lambda x: x)
    with override_settings(WAGTAIL_2FA_REQUIRED=True):
        response = middleware(request)
    assert response.url == "%s?next=/admin/" % reverse(
        "wagtail_2fa_device_new")
Ejemplo n.º 8
0
def test_get_paths(settings):
    middleware = VerifyUserMiddleware(lambda x: x)
    route_names = middleware._allowed_url_names_no_device

    expected_paths = []
    for route_name in route_names:
        try:
            expected_paths.append(settings.WAGTAIL_MOUNT_PATH +
                                  reverse(route_name))
        except NoReverseMatch:
            pass

    # Make sure non-existing paths don't get added
    route_names.append("/non/existing/path/")
    paths = middleware._get_paths(route_names)

    assert paths == expected_paths
Ejemplo n.º 9
0
def test_superuser_force_mfa_auth(rf, superuser):
    request = rf.get("/admin/")
    request.user = superuser
    TOTPDevice.objects.create(user=superuser, confirmed=True)

    middleware = VerifyUserMiddleware(lambda x: x)
    with override_settings(WAGTAIL_2FA_REQUIRED=True):
        response = middleware(request)
    assert response.url == "%s?next=/admin/" % reverse("wagtail_2fa_auth")
Ejemplo n.º 10
0
def test_always_require_verification_when_user_has_device(rf, user, settings):
    TOTPDevice.objects.create(user=user, confirmed=True)

    url_auth = reverse("wagtail_2fa_auth")
    request = rf.get("/admin/")
    request.user = user

    middleware = VerifyUserMiddleware(lambda x: x)
    with override_settings(WAGTAIL_2FA_REQUIRED=True):
        response = middleware(request)

    assert response.url == f"{url_auth}?next=/admin/"
Ejemplo n.º 11
0
def test_adding_new_device_does_not_require_verification_when_user_has_no_device(
        rf, superuser, settings, django_assert_num_queries):
    with django_assert_num_queries(1):
        url_new_device = reverse("wagtail_2fa_device_new")
        reverse("wagtail_2fa_auth")
        request = rf.get(url_new_device)
        request.user = superuser

        middleware = VerifyUserMiddleware(lambda x: x)
        with override_settings(WAGTAIL_2FA_REQUIRED=True):
            response = middleware(request)

        assert response is request
Ejemplo n.º 12
0
def test_adding_new_device_requires_verification_when_user_has_device(
        rf, superuser, settings, django_assert_num_queries):
    TOTPDevice.objects.create(user=superuser, confirmed=True)

    with django_assert_num_queries(2):
        url_new_device = reverse("wagtail_2fa_device_new")
        url_auth = reverse("wagtail_2fa_auth")
        request = rf.get(url_new_device)
        request.user = superuser

        middleware = VerifyUserMiddleware(lambda x: x)
        with override_settings(WAGTAIL_2FA_REQUIRED=True):
            response = middleware(request)

        assert response.url == f"{url_auth}?next={url_new_device}"