def test_user_is_written_to_database_after_successful_auth(self):
settings.USE_DEVELOPMENT_USERS = False
with HTTMock(govuk_signon_mock()):
(user, has_permission) = check_permission('correct-token',
'signin')
assert_that(OAuthUser.objects.count(), equal_to(1))
(user, has_permission) = check_permission('correct-token', 'signin')
assert_that(has_permission, equal_to(True))
def test_user_is_written_to_database_after_successful_auth(self):
settings.USE_DEVELOPMENT_USERS = False
with HTTMock(govuk_signon_mock()):
(user, has_permission) = check_permission('correct-token',
set(['signin']))
assert_that(OAuthUser.objects.count(), equal_to(1))
(user, has_permission) = check_permission(
'correct-token', set(['signin']))
assert_that(has_permission, equal_to(True))
def test_user_with_permission_from_signon_returns_object_and_true(self):
settings.USE_DEVELOPMENT_USERS = False
with HTTMock(govuk_signon_mock()):
(user, has_permission) = check_permission(
'correct-token', set(['signin']))
assert_that(user['name'], equal_to('Foobar'))
assert_that(has_permission, equal_to(True))
def test_if_permission_is_none_and_no_user_then_fail(self):
settings.USE_DEVELOPMENT_USERS = False
with HTTMock(govuk_signon_mock()):
(user, has_permission) = check_permission('incorrect-token', set())
assert_that(has_permission, equal_to(False))
def test_no_user_if_no_token_and_anon_user_not_allowed(self):
settings.USE_DEVELOPMENT_USERS = False
(user, has_permission) = check_permission(None, set(), False)
assert_that(has_permission, equal_to(False))
assert_that(user, is_(None))
def test_anon_user_if_no_token(self):
settings.USE_DEVELOPMENT_USERS = False
(user, has_permission) = check_permission(None, set(['anon']), True)
assert_that(has_permission, equal_to(True))
assert_that(user.get('name'), equal_to('Anonymous'))
def test_anon_user_if_no_token(self):
settings.USE_DEVELOPMENT_USERS = False
(user, has_permission) = check_permission(None, set(['anon']), True)
assert_that(has_permission, equal_to(True))
assert_that(user.get('name'), equal_to('Anonymous'))
def test_no_user_if_no_token_and_anon_user_not_allowed(self):
settings.USE_DEVELOPMENT_USERS = False
(user, has_permission) = check_permission(None, set(), False)
assert_that(has_permission, equal_to(False))
assert_that(user, is_(None))
def test_user_with_permission_from_signon_returns_object_and_true(self):
settings.USE_DEVELOPMENT_USERS = False
with HTTMock(govuk_signon_mock()):
(user, has_permission) = check_permission('correct-token',
set(['signin']))
assert_that(user['name'], equal_to('Foobar'))
assert_that(has_permission, equal_to(True))
def test_user_without_permission_from_signon_returns_none_and_false(self):
settings.USE_DEVELOPMENT_USERS = False
with HTTMock(govuk_signon_mock()):
(user, has_permission) = check_permission('bad-auth',
set(['signin']))
assert_that(user, none())
assert_that(has_permission, equal_to(False))
def test_user_without_permission_from_signon_returns_none_and_false(self):
settings.USE_DEVELOPMENT_USERS = False
with HTTMock(govuk_signon_mock()):
(user, has_permission) = check_permission(
'bad-auth', set(['signin']))
assert_that(user, none())
assert_that(has_permission, equal_to(False))
def test_if_permission_is_anon_and_user_then_ok(self):
settings.USE_DEVELOPMENT_USERS = False
with HTTMock(govuk_signon_mock()):
(user, has_permission) = check_permission('correct-token',
set(['anon']))
assert_that(has_permission, equal_to(True))
def test_if_permission_is_none_and_no_user_then_fail(self):
settings.USE_DEVELOPMENT_USERS = False
with HTTMock(govuk_signon_mock()):
(user, has_permission) = check_permission('incorrect-token',
set())
assert_that(has_permission, equal_to(False))
def test_if_permission_is_anon_and_user_then_ok(self):
settings.USE_DEVELOPMENT_USERS = False
with HTTMock(govuk_signon_mock()):
(user, has_permission) = check_permission('correct-token',
set(['anon']))
assert_that(has_permission, equal_to(True))
def test_signon_with_client_id(self, get_patch):
settings.USE_DEVELOPMENT_USERS = False
with HTTMock(govuk_signon_mock()):
(user, has_permission) = check_permission(
'correct-token', set(['signin']))
get_patch.assert_called_with(
'http://signon.dev.gov.uk/user.json?client_id=clientid',
headers={
'Authorization': 'Bearer correct-token',
})
def test_signon_with_client_id(self, get_patch):
settings.USE_DEVELOPMENT_USERS = False
with HTTMock(govuk_signon_mock()):
(user, has_permission) = check_permission('correct-token',
set(['signin']))
get_patch.assert_called_with(
'http://signon.dev.gov.uk/user.json?client_id=clientid',
headers={
'Authorization': 'Bearer correct-token',
})
def test_user_without_permission_from_database_returns_false(self):
settings.USE_DEVELOPMENT_USERS = False
OAuthUser.objects.create(access_token='correct-token',
uid='my-uid',
email='*****@*****.**',
permissions=['signin'],
expires_at=datetime.now() + timedelta(days=1))
(user, has_permission) = check_permission('correct-token', 'admin')
assert_that(has_permission, equal_to(False))
def test_user_without_permission_from_database_returns_false(self):
settings.USE_DEVELOPMENT_USERS = False
OAuthUser.objects.create(access_token='correct-token',
uid='my-uid',
email='*****@*****.**',
permissions=['signin'],
expires_at=datetime.now() + timedelta(days=1))
(user, has_permission) = check_permission(
'correct-token', set(['admin']))
assert_that(has_permission, equal_to(False))
def test_user_with_returns_object_and_true_when_permissions_is_list(self):
settings.USE_DEVELOPMENT_USERS = False
OAuthUser.objects.create(access_token='correct-token',
uid='my-uid',
email='*****@*****.**',
permissions=['signin'],
expires_at=datetime.now() + timedelta(days=1))
(user, has_permission) = check_permission(
'correct-token', set(['signin', 'bob']))
assert_that(user['email'], equal_to('*****@*****.**'))
assert_that(has_permission, equal_to(True))
def test_user_with_returns_object_and_true_when_permissions_is_list(self):
settings.USE_DEVELOPMENT_USERS = False
OAuthUser.objects.create(access_token='correct-token',
uid='my-uid',
email='*****@*****.**',
permissions=['signin'],
expires_at=datetime.now() + timedelta(days=1))
(user, has_permission) = check_permission('correct-token',
set(['signin', 'bob']))
assert_that(user['email'], equal_to('*****@*****.**'))
assert_that(has_permission, equal_to(True))
def test_user_from_database_should_not_be_returned_if_expired(self):
settings.USE_DEVELOPMENT_USERS = False
OAuthUser.objects.create(access_token='correct-token-2',
uid='my-uid',
email='*****@*****.**',
permissions=['signin'],
expires_at=datetime.now() - timedelta(days=1))
with HTTMock(govuk_signon_mock()):
(user, has_permission) = check_permission('correct-token-2',
set(['admin']))
assert_that(user, none())
assert_that(has_permission, equal_to(False))
assert_that(OAuthUser.objects.count(), equal_to(0))
def test_user_from_database_should_not_be_returned_if_expired(self):
settings.USE_DEVELOPMENT_USERS = False
OAuthUser.objects.create(access_token='correct-token-2',
uid='my-uid',
email='*****@*****.**',
permissions=['signin'],
expires_at=datetime.now() - timedelta(days=1))
with HTTMock(govuk_signon_mock()):
(user, has_permission) = check_permission('correct-token-2',
set(['admin']))
assert_that(user, none())
assert_that(has_permission, equal_to(False))
assert_that(OAuthUser.objects.count(), equal_to(0))
def test_use_development_users_gets_from_dictionary(self):
(user,
has_permission) = check_permission('development-oauth-access-token',
set(['signin']))
assert_that(user['name'], equal_to('Some User'))
assert_that(has_permission, equal_to(True))
def test_no_access_without_role(self):
settings.USE_DEVELOPMENT_USERS = False
(user, has_permission) = check_permission(None, set(), True)
assert_that(has_permission, equal_to(False))
def test_no_access_without_role(self):
settings.USE_DEVELOPMENT_USERS = False
(user, has_permission) = check_permission(None, set(), True)
assert_that(has_permission, equal_to(False))
def test_use_development_users_gets_from_dictionary(self):
(user, has_permission) = check_permission(
'development-oauth-access-token', set(['signin']))
assert_that(user['name'], equal_to('Some User'))
assert_that(has_permission, equal_to(True))
