def setUp(self): self.factory = django.test.RequestFactory() try: self.alice = self.create_user('alice', 'password') self.bob = self.create_user('bob', 'password') except IntegrityError: self.skipTest("Unable to create a test user.") else: for user in [self.alice, self.bob]: device = user.staticdevice_set.create() device.token_set.create(token=user.get_username()) self.middleware = OTPMiddleware()
def __init__(self, user=None, session_id=None, has_otp=False, has_sudo=False): super(MockRequest, self).__init__() self.method = "GET" if user is None: self.user = AnonymousUser() else: self.user = user session = SessionMiddleware() self.session = session.SessionStore(session_id) self._messages = SessionStorage(self) self.META = {"REMOTE_ADDR": "127.0.0.1"} # sudo ElevateMiddleware(lambda x: x)(self) if has_sudo: grant_sudo(self) # otp if has_otp: grant_otp(self, self.user) OTPMiddleware(lambda x: x)(self)
def get_xform_ids(self, request): if 'select_all' in self.request.POST: # Altough evaluating form_ids and sending to task would be cleaner, # heavier calls should be in an async task instead import six.moves.urllib.request, six.moves.urllib.parse, six.moves.urllib.error form_query_string = six.moves.urllib.parse.unquote(self.request.POST.get('select_all')) from django.http import HttpRequest, QueryDict from django_otp.middleware import OTPMiddleware _request = HttpRequest() _request.couch_user = request.couch_user _request.user = request.couch_user.get_django_user() _request.domain = self.domain _request.couch_user.current_domain = self.domain _request.can_access_all_locations = request.couch_user.has_permission(self.domain, 'access_all_locations') _request.always_allow_project_access = True _request.session = request.session _request.GET = QueryDict(form_query_string) OTPMiddleware().process_request(_request) dispatcher = EditDataInterfaceDispatcher() xform_ids = dispatcher.dispatch( _request, render_as='form_ids', domain=self.domain, report_slug=BulkFormManagementInterface.slug, skip_permissions_check=True, ) else: xform_ids = self.request.POST.getlist('xform_ids') return xform_ids
def init_otp(request): """ Initialize OTP after login. This sets up OTP devices for django_otp and calls the middleware to fill request.user.is_verified(). """ tdev = TOTPDevice(user=request.user, name='TOTP device with LDAP secret') try: tdev.save() except IntegrityError: tdev = TOTPDevice.objects.get(user=request.user) sdev = SOTPDevice(user=request.user, name='SOTP device with LDAP secret') try: sdev.save() except IntegrityError: pass # if OTP is disabled, it will match already if tdev.verify_token(): otp_login(request, tdev) # add .is_verified() OTPMiddleware().process_request(request)
def create_request(cls, request_url, username, password): # Initialize request request = Client().get(request_url).wsgi_request # Create user request.user = get_user_model().objects.create_user(username=username, email=username, password=password) # Create couch user request.couch_user = CouchUser() # Login assert Client().login(username=username, password=password) # Activate middleware OTPMiddleware().process_request(request) return request
class OTPMiddlewareTestCase(TestCase): def setUp(self): self.factory = django.test.RequestFactory() try: self.alice = self.create_user('alice', 'password') self.bob = self.create_user('bob', 'password') except IntegrityError: self.skipTest("Unable to create a test user.") else: for user in [self.alice, self.bob]: device = user.staticdevice_set.create() device.token_set.create(token=user.get_username()) self.middleware = OTPMiddleware() def test_verified(self): request = self.factory.get('/') request.user = self.alice device = self.alice.staticdevice_set.get() request.session = { DEVICE_ID_SESSION_KEY: device.persistent_id } self.middleware.process_request(request) self.assertTrue(request.user.is_verified()) def test_verified_legacy_device_id(self): request = self.factory.get('/') request.user = self.alice device = self.alice.staticdevice_set.get() request.session = { DEVICE_ID_SESSION_KEY: '{}.{}/{}'.format( device.__module__, device.__class__.__name__, device.id ) } self.middleware.process_request(request) self.assertTrue(request.user.is_verified()) def test_unverified(self): request = self.factory.get('/') request.user = self.alice request.session = {} self.middleware.process_request(request) self.assertFalse(request.user.is_verified()) def test_no_device(self): request = self.factory.get('/') request.user = self.alice request.session = { DEVICE_ID_SESSION_KEY: 'otp_static.staticdevice/0', } self.middleware.process_request(request) self.assertFalse(request.user.is_verified()) def test_no_model(self): request = self.factory.get('/') request.user = self.alice request.session = { DEVICE_ID_SESSION_KEY: 'otp_bogus.bogusdevice/0', } self.middleware.process_request(request) self.assertFalse(request.user.is_verified()) def test_wrong_user(self): request = self.factory.get('/') request.user = self.alice device = self.bob.staticdevice_set.get() request.session = { DEVICE_ID_SESSION_KEY: device.persistent_id } self.middleware.process_request(request) self.assertFalse(request.user.is_verified()) def test_pickling(self): request = self.factory.get('/') request.user = self.alice device = self.alice.staticdevice_set.get() request.session = { DEVICE_ID_SESSION_KEY: device.persistent_id } self.middleware.process_request(request) # Should not raise an exception. pickle.dumps(request.user)