def test_ssomigration_no_from_sso_claim(user_getter, create_remote_user):
claims = {"sub": "remote-uid", "cognito:username": "******"}
user_getter.return_value = User(username="******")
user = backends.SSOMigrationBackend().authenticate(request=None,
claims=claims)
assert user is None
def test_ssomigration_google_nens_not_ok(user_getter, create_remote_user,
claims):
claims = {"sub": "remote-uid", "cognito:username": "******", **claims}
user_getter.return_value = User(username="******")
user = backends.SSOMigrationBackend().authenticate(request=None,
claims=claims)
assert user is None
def test_ssomigration_multiple_exist(user_getter, create_remote_user):
claims = {
"sub": "remote-uid",
"cognito:username": "******",
"custom:from_sso": "1",
}
user_getter.side_effect = MultipleObjectsReturned
with pytest.raises(PermissionDenied):
backends.SSOMigrationBackend().authenticate(request=None,
claims=claims)
user_getter.assert_called_with(username__iexact="testuser", remote=None)
assert not create_remote_user.called
def test_ssomigration_not_exists(user_getter, create_remote_user):
claims = {
"sub": "remote-uid",
"cognito:username": "******",
"custom:from_sso": "1",
}
user_getter.side_effect = ObjectDoesNotExist
user = backends.SSOMigrationBackend().authenticate(request=None,
claims=claims)
assert user is None
user_getter.assert_called_with(username__iexact="testuser", remote=None)
assert not create_remote_user.called
def test_ssomigration_exists(user_getter, create_remote_user):
claims = {
"sub": "remote-uid",
"cognito:username": "******",
"custom:from_sso": "1",
}
user_getter.return_value = User(username="******")
user = backends.SSOMigrationBackend().authenticate(request=None,
claims=claims)
assert user.username == "testuser"
user_getter.assert_called_with(username__iexact="testuser", remote=None)
create_remote_user.assert_called_with(user, claims)
def test_ssomigration_inactive(user_getter, create_remote_user):
claims = {
"sub": "remote-uid",
"cognito:username": "******",
"custom:from_sso": "1",
}
user_getter.return_value = User(username="******", is_active=False)
with pytest.raises(PermissionDenied):
backends.SSOMigrationBackend().authenticate(request=None,
claims=claims)
user_getter.assert_called_with(username__iexact="testuser", remote=None)
assert not create_remote_user.called
def test_ssomigration_google_nens_ok(user_getter, create_remote_user):
claims = {
"sub": "remote-uid",
"cognito:username": "******",
"email": "*****@*****.**",
"email_verified": True,
"identities": [{
"providerName": "Google"
}],
}
user_getter.return_value = User(username="******")
user = backends.SSOMigrationBackend().authenticate(request=None,
claims=claims)
assert user.username == "testuser"
user_getter.assert_called_with(username__iexact="testuser", remote=None)
create_remote_user.assert_called_with(user, claims)