def test_obeys_token_with_proxied_auth(self):
user = data_setup.create_user()
proxy = data_setup.create_user()
cookie = self.acquire_cookie(user, proxy)
with app.test_request_context(headers={'Cookie': cookie}):
identity.check_authentication()
self.assertEqual(identity.current.user, user)
self.assertEqual(identity.current.proxied_by_user, proxy)
def test_obeys_token_with_proxied_auth(self):
user = data_setup.create_user()
proxy = data_setup.create_user()
cookie = self.acquire_cookie(user, proxy)
with app.test_request_context(headers={'Cookie': cookie}):
identity.check_authentication()
self.assertEqual(identity.current.user, user)
self.assertEqual(identity.current.proxied_by_user, proxy)
def test_token_is_ignored_if_proxy_does_not_exist(self):
# As above, this should never actually happen.
user = data_setup.create_user()
proxy = data_setup.create_user()
cookie = self.acquire_cookie(user, proxy)
session.delete(proxy)
session.flush()
with app.test_request_context(headers={'Cookie': cookie}):
identity.check_authentication()
self.assertIsNone(identity.current.user)
self.assertIsNone(identity.current.proxied_by_user)
def test_token_is_ignored_if_proxy_does_not_exist(self):
# As above, this should never actually happen.
user = data_setup.create_user()
proxy = data_setup.create_user()
cookie = self.acquire_cookie(user, proxy)
session.delete(proxy)
session.flush()
with app.test_request_context(headers={'Cookie': cookie}):
identity.check_authentication()
self.assertIsNone(identity.current.user)
self.assertIsNone(identity.current.proxied_by_user)
def test_REMOTE_USER_takes_precedence_over_cookie(self):
# This could happen if the user somehow reauthenticates to Apache as
# a different user but an existing session cookie is left behind
# because they didn't log out of Beaker.
old_user = data_setup.create_user()
new_user = data_setup.create_user()
cookie = self.acquire_cookie(old_user)
environ = {'REMOTE_USER': new_user.user_name}
with app.test_request_context(environ_overrides=environ,
headers={'Cookie': cookie}):
identity.check_authentication()
self.assertEqual(identity.current.user, new_user)
def test_REMOTE_USER_takes_precedence_over_cookie(self):
# This could happen if the user somehow reauthenticates to Apache as
# a different user but an existing session cookie is left behind
# because they didn't log out of Beaker.
old_user = data_setup.create_user()
new_user = data_setup.create_user()
cookie = self.acquire_cookie(old_user)
environ = {'REMOTE_USER': new_user.user_name}
with app.test_request_context(environ_overrides=environ,
headers={'Cookie': cookie}):
identity.check_authentication()
self.assertEqual(identity.current.user, new_user)
def test_obeys_REMOTE_USER(self):
# REMOTE_USER will be set if Apache is configured to do external
# authentication and the authentication was successful for this
# request.
user = data_setup.create_user()
environ = {'REMOTE_USER': user.user_name}
with app.test_request_context(environ_overrides=environ):
identity.check_authentication()
self.assertEqual(identity.current.user, user)
self.assertIsNone(identity.current.proxied_by_user)
def test_authentication_is_ignored_if_user_is_disabled(self):
user = data_setup.create_user()
cookie = self.acquire_cookie(user)
environ = {'REMOTE_USER': user.user_name}
user.disabled = True
with app.test_request_context(environ_overrides=environ,
headers={'Cookie': cookie}):
identity.check_authentication()
self.assertIsNone(identity.current.user)
self.assertIsNone(identity.current.proxied_by_user)
def test_obeys_REMOTE_USER(self):
# REMOTE_USER will be set if Apache is configured to do external
# authentication and the authentication was successful for this
# request.
user = data_setup.create_user()
environ = {'REMOTE_USER': user.user_name}
with app.test_request_context(environ_overrides=environ):
identity.check_authentication()
self.assertEqual(identity.current.user, user)
self.assertIsNone(identity.current.proxied_by_user)
def test_authentication_is_ignored_if_user_is_disabled(self):
user = data_setup.create_user()
cookie = self.acquire_cookie(user)
environ = {'REMOTE_USER': user.user_name}
user.disabled = True
with app.test_request_context(environ_overrides=environ,
headers={'Cookie': cookie}):
identity.check_authentication()
self.assertIsNone(identity.current.user)
self.assertIsNone(identity.current.proxied_by_user)
def test_token_is_ignored_if_user_does_not_exist(self):
# This should be impossible since we don't allow deleting User objects.
# But let's test it for completeness' sake.
user = data_setup.create_user()
cookie = self.acquire_cookie(user)
session.delete(user)
session.flush()
with app.test_request_context(headers={'Cookie': cookie}):
identity.check_authentication()
self.assertIsNone(identity.current.user)
self.assertIsNone(identity.current.proxied_by_user)
def test_token_is_ignored_if_user_does_not_exist(self):
# This should be impossible since we don't allow deleting User objects.
# But let's test it for completeness' sake.
user = data_setup.create_user()
cookie = self.acquire_cookie(user)
session.delete(user)
session.flush()
with app.test_request_context(headers={'Cookie': cookie}):
identity.check_authentication()
self.assertIsNone(identity.current.user)
self.assertIsNone(identity.current.proxied_by_user)