def test_keep_keys_on_failure(self):
cert_exp_time = datetime.now() - timedelta(hours=25)
with patch("django_auth_adfs.backend.AdfsBackend._key_age", cert_exp_time):
with patch("django_auth_adfs.backend.settings.SIGNING_CERT", True):
backend = AdfsBackend()
user = backend.authenticate(authorization_code="dummycode")
self.assertIsInstance(user, User)
def test_keep_keys_on_failure(self):
cert_exp_time = datetime.now() - timedelta(hours=25)
with patch("django_auth_adfs.backend.AdfsBackend._key_age",
cert_exp_time):
with patch("django_auth_adfs.backend.settings.SIGNING_CERT", True):
backend = AdfsBackend()
user = backend.authenticate(authorization_code="dummycode")
self.assertIsInstance(user, User)
def test_group_claim(self):
backend = AdfsBackend()
with patch("django_auth_adfs.backend.settings.GROUPS_CLAIM", "nonexisting"):
user = backend.authenticate(self.request, authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 0)
def test_group_claim(self):
backend = AdfsBackend()
with patch("django_auth_adfs.backend.settings.GROUP_CLAIM", "nonexisting"):
user = backend.authenticate(authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 0)
def test_single_group_token(self):
backend = AdfsBackend()
user = backend.authenticate(authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 1)
self.assertEqual(user.groups.all()[0].name, "group1")
def test_single_group_token(self):
backend = AdfsBackend()
user = backend.authenticate(authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 1)
self.assertEqual(user.groups.all()[0].name, "group1")
def test_with_auth_code_2016(self):
backend = AdfsBackend()
user = backend.authenticate(self.request, authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 2)
self.assertEqual(user.groups.all()[0].name, "group1")
self.assertEqual(user.groups.all()[1].name, "group2")
def test_with_auth_code_azure(self):
with patch("django_auth_adfs.config.settings.TENANT_ID", "dummy_tenant_id"):
with patch("django_auth_adfs.backend.provider_config", ProviderConfig()):
backend = AdfsBackend()
user = backend.authenticate(self.request, authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 2)
self.assertEqual(user.groups.all()[0].name, "group1")
self.assertEqual(user.groups.all()[1].name, "group2")
def test_with_auth_code_azure(self):
from django_auth_adfs.config import django_settings
settings = deepcopy(django_settings)
del settings.AUTH_ADFS["SERVER"]
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
with patch("django_auth_adfs.config.django_settings", settings):
with patch("django_auth_adfs.config.settings", Settings()):
with patch("django_auth_adfs.backend.provider_config", ProviderConfig()):
backend = AdfsBackend()
user = backend.authenticate(self.request, authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 2)
self.assertEqual(user.groups.all()[0].name, "group1")
self.assertEqual(user.groups.all()[1].name, "group2")
def test_group_removal(self):
user, created = User.objects.get_or_create(
**{User.USERNAME_FIELD: "testuser"})
group = Group.objects.get(name="group3")
user.groups.add(group)
user.save()
self.assertEqual(user.groups.all()[0].name, "group3")
backend = AdfsBackend()
user = backend.authenticate(authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 2)
self.assertEqual(user.groups.all()[0].name, "group1")
self.assertEqual(user.groups.all()[1].name, "group2")
def test_bool_claim_mapping_non_existing_model_field(self):
backend = AdfsBackend()
mock_claim_mapping = {
"is_staffffffffff": "user_is_staff",
}
with patch("django_auth_adfs.backend.settings.BOOLEAN_CLAIM_MAPPING",
mock_claim_mapping):
self.assertRaises(ImproperlyConfigured,
backend.authenticate,
authorization_code="dummycode")
def test_group_removal(self):
user, created = User.objects.get_or_create(**{
User.USERNAME_FIELD: "testuser"
})
group = Group.objects.get(name="group3")
user.groups.add(group)
user.save()
self.assertEqual(user.groups.all()[0].name, "group3")
backend = AdfsBackend()
user = backend.authenticate(authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 2)
self.assertEqual(user.groups.all()[0].name, "group1")
self.assertEqual(user.groups.all()[1].name, "group2")
def test_signing_cert_file(self):
cert_content = settings.AUTH_ADFS["SIGNING_CERT"]
mock_file_path = "/path/to/cert.pem"
with patch("django_auth_adfs.backend.AdfsBackend._public_keys", []):
with patch("django_auth_adfs.backend.settings.SIGNING_CERT",
mock_file_path):
with patch("django_auth_adfs.backend.isfile") as mock_isfile:
mock_isfile.return_value = True
with patch("django_auth_adfs.backend.open",
mock_open(read_data=cert_content)) as mock_file:
AdfsBackend()
mock_file.assert_called_once_with(mock_file_path, 'r')
def test_claim_mapping_non_existing_model_field(self):
backend = AdfsBackend()
mock_claim_mapping = {
"nonexisting": "given_name",
"last_name": "family_name",
"email": "email"
}
with patch("django_auth_adfs.backend.settings.CLAIM_MAPPING",
mock_claim_mapping):
self.assertRaises(ImproperlyConfigured,
backend.authenticate,
authorization_code="dummycode")
def test_invalid_token(self):
backend = AdfsBackend()
self.assertRaises(PermissionDenied,
backend.authenticate,
authorization_code='testcode')
def test_empty_keys(self):
backend = AdfsBackend()
with patch("django_auth_adfs.backend.AdfsBackend._public_keys", []):
self.assertRaises(PermissionDenied,
backend.authenticate,
authorization_code='testcode')
def test_empty(self):
backend = AdfsBackend()
self.assertIsNone(backend.authenticate())
def test_empty_keys(self):
backend = AdfsBackend()
with patch("django_auth_adfs.config.provider_config.signing_keys", []):
self.assertRaises(PermissionDenied, backend.authenticate, self.request, authorization_code='testcode')
def test_invalid_redir_uri(self):
backend = AdfsBackend()
with patch("django_auth_adfs.backend.settings.REDIR_URI", None):
self.assertRaises(ImproperlyConfigured,
backend.authenticate,
authorization_code='testcode')
def test_empty(self):
backend = AdfsBackend()
self.assertIsNone(backend.authenticate(self.request))
def test_post_authenticate_signal_send(self):
backend = AdfsBackend()
backend.authenticate(self.request, authorization_code="dummycode")
self.assertEqual(self.signal_handler.call_count, 1)
