def test_user_removed_from_groups(self): """ Test that a user is removed from a group when their role is updated """ roles = [ADMIN_ROLE, REGISTRIES_AUTHORITY_ROLE] roles_to_groups(self.test_user, roles) self.assertEquals(self.test_user.groups.filter( name=ADMIN_ROLE).exists(), True) self.assertEquals(self.test_user.groups.filter( name=REGISTRIES_AUTHORITY_ROLE).exists(), True) self.assertEquals(self.test_user.groups.filter( name=REGISTRIES_ADJUDICATOR_ROLE).exists(), False) self.assertEquals(self.test_user.groups.filter( name=REGISTRIES_VIEWER_ROLE).exists(), False) roles = [REGISTRIES_ADJUDICATOR_ROLE, REGISTRIES_VIEWER_ROLE] roles_to_groups(self.test_user, roles) self.assertEquals(self.test_user.groups.filter( name=ADMIN_ROLE).exists(), False) self.assertEquals(self.test_user.groups.filter( name=REGISTRIES_AUTHORITY_ROLE).exists(), False) self.assertEquals(self.test_user.groups.filter( name=REGISTRIES_ADJUDICATOR_ROLE).exists(), True) self.assertEquals(self.test_user.groups.filter( name=REGISTRIES_VIEWER_ROLE).exists(), True)
def setUp(self): roles = [WELLS_VIEWER_ROLE, WELLS_EDIT_ROLE] for role in roles: Group.objects.get_or_create(name=role) user, _created = User.objects.get_or_create(username='******') user.profile.username = user.username user.save() roles_to_groups(user, roles) self.client.force_authenticate(user)
def test_groups_created(self): roles = [REGISTRIES_EDIT_ROLE, REGISTRIES_VIEWER_ROLE] roles_to_groups(self.test_user, roles) self.assertEquals( self.test_user.groups.filter(name=REGISTRIES_EDIT_ROLE).exists(), True) self.assertEquals( self.test_user.groups.filter(name=REGISTRIES_VIEWER_ROLE).exists(), True)
def setUp(self): roles = [ WELLS_SUBMISSION_VIEWER_ROLE, ] for role in roles: group = Group(name=role) group.save() user, created = User.objects.get_or_create(username='******') roles_to_groups(user, roles) self.client.force_authenticate(user)
def setUp(self): roles = [AQUIFERS_EDIT_ROLE] for role in roles: group = Group(name=role) group.save() user, _created = User.objects.get_or_create(username='******') user.profile.username = user.username user.save() roles_to_groups(user, roles) self.client.force_authenticate(user) Aquifer(aquifer_id=1).save()
def setUp(self): roles = [WELLS_SUBMISSION_ROLE] for role in roles: group = Group(name=role) group.save() self.user, created = User.objects.get_or_create(username='******') self.user.profile.username = self.user.username self.user.save() roles_to_groups(self.user, roles) self.client.force_authenticate(self.user)
def setUp(self): self.user, created = User.objects.get_or_create(username='******') if created: Profile.objects.get_or_create(user=self.user) self.user.is_staff = True self.user.profile.is_gwells_admin = True self.user.save() self.user.profile.save() roles_to_groups(self.user, ['gwells_admin']) self.client.force_authenticate(self.user)
def setUp(self): # Prepare roles in DB ahead of test, to reduce amount of logging during tests. roles = [REGISTRIES_EDIT_ROLE, REGISTRIES_VIEWER_ROLE] for role in roles: group = Group(name=role) group.save() self.user, created = User.objects.get_or_create(username='******') self.user.profile.username = self.user.username self.user.save() roles_to_groups(self.user, roles) self.client.force_authenticate(self.user)
def authenticate_credentials(self, payload): User = get_user_model() # get keycloak ID from JWT token username = payload.get('sub') if username is None: raise exceptions.AuthenticationFailed( 'JWT did not contain a "sub" attribute') # get or create a user with the keycloak ID try: user, user_created = User.objects.get_or_create(username=username) except: raise exceptions.AuthenticationFailed( 'Failed to retrieve or create user') if user_created: # User created, set the email for the 1st time. user.set_password(User.objects.make_random_password(length=36)) user.email = payload.get('email') user.save() elif user.email != payload.get('email'): # The email has changed, do an update. user.email = payload.get('email') user.save() # load the user's GWELLS profile try: profile, profile_created = Profile.objects.get_or_create( user=user.id) except: raise exceptions.AuthenticationFailed( 'Failed to create user profile') # get the name from the token and store it in the profile. If name not supplied, use the username. name = payload.get('name') or payload.get('preferred_username') if profile.name != name: # Update the profile name if it's changed. profile.name = name profile.save() # get the roles supplied by Keycloak for this user try: roles = payload.get('realm_access').get('roles') except: raise exceptions.AuthenticationFailed('Failed to retrieve roles') # put user in groups based on role roles_to_groups(user, roles) return user
def setUp(self): roles = [ WELLS_SUBMISSION_ROLE, ] for role in roles: group = Group(name=role) group.save() user, created = User.objects.get_or_create( username='******') user.profile.username = user.username user.save() roles_to_groups(user, roles) self.client.force_authenticate(user)
def test_create_person_wrong_role(self): user, created = User.objects.get_or_create(username='******') if created: Profile.objects.get_or_create(user=user) roles_to_groups(user, [REGISTRIES_VIEWER_ROLE, ]) self.client.force_authenticate(user=user) url = reverse('person-list', kwargs={'version': 'v1'}) data = {'first_name': 'Bobby', 'surname': 'Driller'} response = self.client.post(url, data, format='json') self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_groups_created(self): roles = [ADMIN_ROLE, REGISTRIES_AUTHORITY_ROLE, REGISTRIES_ADJUDICATOR_ROLE, REGISTRIES_VIEWER_ROLE] roles_to_groups(self.test_user, roles) self.assertEquals(self.test_user.groups.filter( name=ADMIN_ROLE).exists(), True) self.assertEquals(self.test_user.groups.filter( name=REGISTRIES_AUTHORITY_ROLE).exists(), True) self.assertEquals(self.test_user.groups.filter( name=REGISTRIES_ADJUDICATOR_ROLE).exists(), True) self.assertEquals(self.test_user.groups.filter( name=REGISTRIES_VIEWER_ROLE).exists(), True)
def setUp(self): self.user, created = User.objects.get_or_create(username='******') if created: Profile.objects.get_or_create(user=self.user) self.user.is_staff = True self.user.profile.is_gwells_admin = True self.user.save() self.user.profile.save() roles_to_groups(self.user, [ REGISTRIES_ADJUDICATOR_ROLE, REGISTRIES_AUTHORITY_ROLE, REGISTRIES_VIEWER_ROLE ]) self.client.force_authenticate(self.user)
def setUp(self): roles = [ WELLS_EDIT_ROLE, WELLS_VIEWER_ROLE, WELLS_SUBMISSION_ROLE, WELLS_SUBMISSION_VIEWER_ROLE ] for role in roles: group = Group(name=role) group.save() user, created = User.objects.get_or_create(username='******') user.profile.username = '******' user.save() self.user = user roles_to_groups(user, roles) self.casing_code_surface = CasingCode.objects.get(code='SURFACE') self.casing_material_code_other = CasingMaterialCode.objects.get( code='OTHER') self.client.force_authenticate(user)
def authenticate_credentials(self, payload): User = get_user_model() # Get keycloak ID from JWT token username = payload.get('sub') if username is None: raise exceptions.AuthenticationFailed( 'JWT did not contain a "sub" attribute') # Make sure the preferred username contains either idir\ or bceid\ # so we know that the user is coming from a known sso authority if not self.known_sso_authority(payload): raise exceptions.AuthenticationFailed( 'Preferred username is invalid.') # There are various values we can get from the Token, we don't technically need most of them, # but they are useful to put in the user table for debugging purposes. payload_user_mapping = { 'email': 'email', 'family_name': 'last_name' } payload_profile_mapping = { 'preferred_username': '******', 'name': 'name' } # We map auth_time to user.last_login ; this is true depending on your point of view. It's the # last time the user logged into sso, which may not co-incide with the last time the user # logged into gwells. auth_time = payload.get('auth_time') if auth_time: auth_time = datetime.fromtimestamp(auth_time, tz=timezone.utc) # Get or create a user with the keycloak ID. try: user, update = User.objects.get_or_create(username=username) except: raise exceptions.AuthenticationFailed( 'Failed to retrieve or create user') if update: # User created, set various values for the 1'st time. user.set_password(User.objects.make_random_password(length=36)) # If one of these attributes has changed - do an update. for source, target in payload_user_mapping.items(): value = payload.get(source) if value and value != getattr(user, target): update = True setattr(user, target, value) if auth_time and user.last_login != auth_time: update = True user.last_login = auth_time if update: user.save() # Load the user's GWELLS profile. try: profile, update = Profile.objects.get_or_create(user=user.id) except: raise exceptions.AuthenticationFailed( 'Failed to create user profile') for source, target in payload_profile_mapping.items(): value = payload.get(source) if value and value != getattr(profile, target): update = True if source == 'preferred_username': value = value.upper() # Uppercase to match existing data setattr(profile, target, value) if not profile.name and profile.username: # When the name of the user isn't available, fallback to the username profile.name = profile.username update = True if update: profile.save() # Get the roles supplied by Keycloak for this user. try: roles = payload.get('realm_access').get('roles') except: raise exceptions.AuthenticationFailed('Failed to retrieve roles') # Put user in groups based on role. roles_to_groups(user, roles) return user
def setUp(self): user, created = User.objects.get_or_create(username='******') roles_to_groups(user, [ WELLS_EDIT_ROLE, ]) self.client.force_authenticate(user)
def setUp(self): user, _created = User.objects.get_or_create(username='******') roles_to_groups(user, [AQUIFERS_EDIT_ROLE]) self.client.force_authenticate(user) Aquifer(aquifer_id=1).save()
def setUp(self): user, created = User.objects.get_or_create(username='******') roles_to_groups(user, []) self.client.force_authenticate(user)