def test_provision_is_superuser(settings, django_user_model, caplog):
settings.MELLON_IDENTITY_PROVIDERS = [idp]
settings.MELLON_SUPERUSER_MAPPING = {
'is_superuser': '******',
}
user = SAMLBackend().authenticate(saml_attributes=saml_attributes)
assert user.is_superuser is True
assert user.is_staff is True
assert 'flag is_staff and is_superuser added' in caplog.text
user = SAMLBackend().authenticate(saml_attributes=saml_attributes)
assert user.is_superuser is True
assert user.is_staff is True
assert not 'flag is_staff and is_superuser removed' in caplog.text
def test_provision_user_groups(settings, django_user_model, caplog):
settings.MELLON_IDENTITY_PROVIDERS = [idp]
settings.MELLON_GROUP_ATTRIBUTE = 'group'
user = SAMLBackend().authenticate(saml_attributes=saml_attributes)
assert user.groups.count() == 3
assert set(user.groups.values_list('name', flat=True)) == set(
saml_attributes['group'])
assert len(caplog.records) == 4
assert 'created new user' in caplog.text
assert 'adding group GroupA' in caplog.text
assert 'adding group GroupB' in caplog.text
assert 'adding group GroupC' in caplog.text
saml_attributes2 = saml_attributes.copy()
saml_attributes2['group'] = ['GroupB', 'GroupC']
user = SAMLBackend().authenticate(saml_attributes=saml_attributes2)
assert user.groups.count() == 2
assert set(user.groups.values_list('name', flat=True)) == set(
saml_attributes2['group'])
assert len(caplog.records) == 5
assert 'removing group GroupA' in caplog.records[-1].message
def test_provision_absent_attribute(settings, django_user_model, caplog):
settings.MELLON_IDENTITY_PROVIDERS = [idp]
settings.MELLON_ATTRIBUTE_MAPPING = {
'email': '{attributes[email][0]}',
'first_name': '{attributes[first_name][0]}',
'last_name': '{attributes[last_name][0]}',
}
local_saml_attributes = saml_attributes.copy()
del local_saml_attributes['email']
user = SAMLBackend().authenticate(saml_attributes=local_saml_attributes)
assert not user.email
assert len(caplog.records) == 4
assert 'created new user' in caplog.text
assert re.search(r'invalid reference.*email', caplog.text)
assert 'set field first_name' in caplog.text
assert 'set field last_name' in caplog.text
def test_provision_long_attribute(settings, django_user_model, caplog):
settings.MELLON_IDENTITY_PROVIDERS = [idp]
settings.MELLON_ATTRIBUTE_MAPPING = {
'email': '{attributes[email][0]}',
'first_name': '{attributes[first_name][0]}',
'last_name': '{attributes[last_name][0]}',
}
local_saml_attributes = saml_attributes.copy()
local_saml_attributes['first_name'] = [('y' * 32)]
user = SAMLBackend().authenticate(saml_attributes=local_saml_attributes)
assert user.first_name == 'y' * 30
assert len(caplog.records) == 4
assert 'created new user' in caplog.text
assert 'set field first_name' in caplog.text
assert 'to value %r ' % (u'y' * 30) in caplog.text
assert 'set field last_name' in caplog.text
assert 'set field email' in caplog.text
def test_provision_user_attributes(settings, django_user_model, caplog):
settings.MELLON_IDENTITY_PROVIDERS = [idp]
settings.MELLON_ATTRIBUTE_MAPPING = {
'email': '{attributes[email][0]}',
'first_name': '{attributes[first_name][0]}',
'last_name': '{attributes[last_name][0]}',
}
user = SAMLBackend().authenticate(saml_attributes=saml_attributes)
assert user.username == 'x' * 30
assert user.first_name == 'Foo'
assert user.last_name == 'Bar'
assert user.email == '*****@*****.**'
assert user.is_superuser is False
assert user.is_staff is False
assert len(caplog.records) == 4
assert 'created new user' in caplog.text
assert 'set field first_name' in caplog.text
assert 'set field last_name' in caplog.text
assert 'set field email' in caplog.text