Example #1
0
 def test_authenticate_root(self):
     with mock.patch('lizard_auth_client.client._do_post', return_value={
             'success': True,
             'user': {'username': '******',
                      'first_name': 'Willie',
                      'last_name': 'Wortel',
                      'email': '*****@*****.**',
                      'is_active': True,
                      'is_staff': False,
                      'is_superuser': False}}):
         result = client.sso_authenticate_django_v1('root', 'a')
         self.assertEqual(result['username'], 'root')
Example #2
0
    def authenticate(self, username=None, password=None):
        try:
            if username and password:
                user_data = None
                cache_key = 'SSOBackend.authenticate.{0}'.format(username)
                # Try getting the user_data from cache first.
                cached_credentials = cache.get(cache_key)
                if cached_credentials is not None:
                    logger.debug(
                        'Found user "%s" in the credential cache.', username)
                    # Found in cache, check the (hashed) password.
                    (cached_user_data,
                     cached_hashed_password) = cached_credentials
                    if check_password(password, cached_hashed_password):
                        logger.debug('Cached hashed password is OK.')
                        user_data = cached_user_data
                    else:
                        logger.debug(
                            'Failed cached password check for user "%s".',
                            username)
                else:
                    logger.debug(
                        'Could not find user "%s" in the credential cache.',
                        username)
                    # Not found in cache, call the SSO server.
                    if settings.SSO_USE_V2_LOGIN:
                        if settings.SSO_ALLOW_ONLY_KNOWN_USERS:
                            # First check if the user is known.
                            if not User.objects.filter(
                                    username=username,
                                    is_active=True).exists():
                                logger.debug(
                                    "Username %s isn't known/active locally",
                                    username)
                                return None

                        user_data = client.sso_authenticate_django_v2(
                            username, password)
                    else:
                        user_data = client.sso_authenticate_django_v1(
                            username, password)

                    # Store user_data in cache.
                    hashed_password = make_password(password)
                    if not is_password_usable(hashed_password):
                        return None
                    else:
                        cache.set(
                            cache_key,
                            (user_data, hashed_password),
                            settings.SSO_CREDENTIAL_CACHE_TIMEOUT_SECONDS)
                # Use either the cached user profile data, or fresh data from
                # the SSO server to construct a Django User instance. If
                # fresh data is used, also synchronize roles.
                if user_data:
                    user = client.construct_user(user_data)
                    if not cached_credentials:
                        if not settings.SSO_USE_V2_LOGIN:
                            client.sso_sync_user_organisation_roles(user)
                    return user
        except client.AuthenticationFailed as e:
            logger.info(e)
            return None
        except:
            logger.exception('Error while authenticating user "%s".', username)
            return None
Example #3
0
 def wrong_pw():
     return client.sso_authenticate_django_v1(
         'root', 'wrong_password')