def test_oauth_redir_azure(self): from django_auth_adfs.config import django_settings settings = deepcopy(django_settings) del settings.AUTH_ADFS["SERVER"] settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id" with patch("django_auth_adfs.config.django_settings", settings), \ patch("django_auth_adfs.config.settings", Settings()), \ patch("django_auth_adfs.views.provider_config", ProviderConfig()): response = self.client.get("/oauth2/login?next=/test/") self.assertEqual(response.status_code, 302) redir = urlparse(response["Location"]) qs = parse_qs(redir.query) sq_expected = { 'scope': ['openid'], 'client_id': ['your-configured-client-id'], 'state': ['L3Rlc3Qv'], 'response_type': ['code'], 'resource': ['your-adfs-RPT-name'], 'redirect_uri': ['http://testserver/oauth2/callback'] } self.assertEqual(redir.scheme, 'https') self.assertEqual(redir.hostname, 'login.microsoftonline.com') self.assertEqual( redir.path.rstrip("/"), '/01234567-89ab-cdef-0123-456789abcdef/oauth2/authorize') self.assertEqual(qs, sq_expected)
def test_access_token_azure(self): access_token_header = "Bearer {}".format(self.access_token_azure) request = RequestFactory().get('/api', HTTP_AUTHORIZATION=access_token_header) with patch("django_auth_adfs.config.settings", Settings()): provider_config = ProviderConfig() with patch("django_auth_adfs.adfs.provider_config", provider_config),\ patch("django_auth_adfs.backend.provider_config", provider_config): user, token = self.drf_auth_class.authenticate(request) self.assertEqual(user.username, "testuser")
def test_with_auth_code_azure(self): with patch("django_auth_adfs.config.settings.TENANT_ID", "dummy_tenant_id"): with patch("django_auth_adfs.backend.provider_config", ProviderConfig()): backend = AdfsBackend() user = backend.authenticate(self.request, authorization_code="dummycode") self.assertIsInstance(user, User) self.assertEqual(user.first_name, "John") self.assertEqual(user.last_name, "Doe") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(len(user.groups.all()), 2) self.assertEqual(user.groups.all()[0].name, "group1") self.assertEqual(user.groups.all()[1].name, "group2")
def test_access_callback_azure(self): request = APIRequestFactory().get( '/api/oauth2/callback?code=%3Ccode%3E') with patch("django_auth_adfs.config.settings", Settings()): provider_config = ProviderConfig() with patch("django_auth_adfs.adfs.provider_config", provider_config),\ patch("django_auth_adfs.backend.provider_config", provider_config): response = views.OAuth2CallbackAPIView().dispatch(request) self.assertEqual(response.status_code, 200) self.assertEqual(response.data['access_token'], self.access_token_azure) self.assertEqual(response.data['refresh_token'], 'random_refresh_token')
def test_access_token_azure(self): access_token_header = "Bearer {}".format(self.access_token_azure) request = RequestFactory().get('/api', HTTP_AUTHORIZATION=access_token_header) from django_auth_adfs.config import django_settings settings = deepcopy(django_settings) del settings.AUTH_ADFS["SERVER"] settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id" with patch("django_auth_adfs.config.django_settings", settings): with patch("django_auth_adfs.config.settings", Settings()): with patch("django_auth_adfs.backend.provider_config", ProviderConfig()): user, token = self.drf_auth_class.authenticate(request) self.assertEqual(user.username, "testuser")
def test_with_auth_code_azure_guest_block(self): from django_auth_adfs.config import django_settings settings = deepcopy(django_settings) del settings.AUTH_ADFS["SERVER"] settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id" settings.AUTH_ADFS["BLOCK_GUEST_USERS"] = True # Patch audience since we're patching django_auth_adfs.backend.settings to load Settings() as well settings.AUTH_ADFS["AUDIENCE"] = 'microsoft:identityserver:your-RelyingPartyTrust-identifier' with patch("django_auth_adfs.config.django_settings", settings): with patch('django_auth_adfs.backend.settings', Settings()): with patch("django_auth_adfs.config.settings", Settings()): with patch("django_auth_adfs.backend.provider_config", ProviderConfig()): with self.assertRaises(PermissionDenied, msg=''): backend = AdfsAuthCodeBackend() _ = backend.authenticate(self.request, authorization_code="dummycode")
def test_refresh_token_azure(self): access_token_header = "Bearer {}".format(self.access_token_azure) request = APIRequestFactory().get( '/api/oauth2/refresh?token=%3Crefresh_token%3E', HTTP_AUTHORIZATION=access_token_header) with patch("django_auth_adfs.config.settings", Settings()): provider_config = ProviderConfig() with patch("django_auth_adfs.adfs.provider_config", provider_config),\ patch("django_auth_adfs.backend.provider_config", provider_config): response = views.OAuth2RefreshTokenAPIView().dispatch(request) self.assertEqual(response.status_code, 200) self.assertEqual(response.data['access_token'], self.access_token_azure) self.assertEqual(response.data['refresh_token'], 'random_refresh_token')
def test_with_auth_code_azure(self): from django_auth_adfs.config import django_settings settings = deepcopy(django_settings) del settings.AUTH_ADFS["SERVER"] settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id" with patch("django_auth_adfs.config.django_settings", settings): with patch("django_auth_adfs.config.settings", Settings()): with patch("django_auth_adfs.backend.provider_config", ProviderConfig()): backend = AdfsBackend() user = backend.authenticate(self.request, authorization_code="dummycode") self.assertIsInstance(user, User) self.assertEqual(user.first_name, "John") self.assertEqual(user.last_name, "Doe") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(len(user.groups.all()), 2) self.assertEqual(user.groups.all()[0].name, "group1") self.assertEqual(user.groups.all()[1].name, "group2")
def test_access_token_azure_guest(self): access_token_header = "Bearer {}".format(self.access_token_azure_guest) request = RequestFactory().get('/api', HTTP_AUTHORIZATION=access_token_header) from django_auth_adfs.config import django_settings settings = deepcopy(django_settings) del settings.AUTH_ADFS["SERVER"] settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id" settings.AUTH_ADFS["BLOCK_GUEST_USERS"] = True with patch("django_auth_adfs.config.django_settings", settings): with patch('django_auth_adfs.backend.settings', Settings()): with patch("django_auth_adfs.config.settings", Settings()): with patch("django_auth_adfs.backend.provider_config", ProviderConfig()): with self.assertRaises(AuthenticationFailed): user, token = self.drf_auth_class.authenticate( request)
def test_access_token_azure_guest_but_no_upn(self): access_token_header = "Bearer {}".format( self.access_token_azure_guest_no_upn) request = RequestFactory().get('/api', HTTP_AUTHORIZATION=access_token_header) from django_auth_adfs.config import django_settings settings = deepcopy(django_settings) del settings.AUTH_ADFS["SERVER"] settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id" settings.AUTH_ADFS["GUEST_USERNAME_CLAIM"] = "email" settings.AUTH_ADFS["BLOCK_GUEST_USERS"] = False with patch("django_auth_adfs.config.django_settings", settings): with patch('django_auth_adfs.backend.settings', Settings()): with patch("django_auth_adfs.config.settings", Settings()): with patch("django_auth_adfs.backend.provider_config", ProviderConfig()): user, token = self.drf_auth_class.authenticate(request) self.assertEqual(user.username, "*****@*****.**")
def test_version_two_endpoint_calls_correct_url(self): from django_auth_adfs.config import django_settings settings = deepcopy(django_settings) del settings.AUTH_ADFS["SERVER"] settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id" settings.AUTH_ADFS["VERSION"] = 'v2.0' # Patch audience since we're patching django_auth_adfs.backend.settings to load Settings() as well with patch("django_auth_adfs.config.django_settings", settings): with patch('django_auth_adfs.backend.settings', Settings()): with patch("django_auth_adfs.config.settings", Settings()): with patch("django_auth_adfs.backend.provider_config", ProviderConfig()): backend = AdfsAuthCodeBackend() user = backend.authenticate(self.request, authorization_code="dummycode") self.assertIsInstance(user, User) self.assertEqual(user.first_name, "John") self.assertEqual(user.last_name, "Doe") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(len(user.groups.all()), 2) self.assertEqual(user.groups.all()[0].name, "group1") self.assertEqual(user.groups.all()[1].name, "group2")
def test_with_auth_code_azure_guest_no_block(self): from django_auth_adfs.config import django_settings settings = deepcopy(django_settings) del settings.AUTH_ADFS["SERVER"] settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id" settings.AUTH_ADFS["BLOCK_GUEST_USERS"] = False # Patch audience since we're patching django_auth_adfs.backend.settings to load Settings() as well settings.AUTH_ADFS["AUDIENCE"] = 'microsoft:identityserver:your-RelyingPartyTrust-identifier' with patch("django_auth_adfs.config.django_settings", settings): with patch('django_auth_adfs.backend.settings', Settings()): with patch("django_auth_adfs.config.settings", Settings()): with patch("django_auth_adfs.backend.provider_config", ProviderConfig()): backend = AdfsAuthCodeBackend() user = backend.authenticate(self.request, authorization_code="dummycode") self.assertIsInstance(user, User) self.assertEqual(user.first_name, "John") self.assertEqual(user.last_name, "Doe") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(len(user.groups.all()), 2) self.assertEqual(user.groups.all()[0].name, "group1") self.assertEqual(user.groups.all()[1].name, "group2")
def test_access_token_azure_guest_but_no_upn_but_no_guest_username_claim( self): access_token_header = "Bearer {}".format( self.access_token_azure_guest_no_upn) request = RequestFactory().get('/api', HTTP_AUTHORIZATION=access_token_header) from django_auth_adfs.config import django_settings settings = deepcopy(django_settings) del settings.AUTH_ADFS["SERVER"] settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id" settings.AUTH_ADFS[ "GUEST_USERNAME_CLAIM"] = None # <--- Set to None, should not be validated as OK settings.AUTH_ADFS["BLOCK_GUEST_USERS"] = False with patch("django_auth_adfs.config.django_settings", settings): with patch('django_auth_adfs.backend.settings', Settings()): with patch("django_auth_adfs.config.settings", Settings()): with patch("django_auth_adfs.backend.provider_config", ProviderConfig()): with self.assertRaises( exceptions.AuthenticationFailed): self.drf_auth_class.authenticate(request)