def test_mfa_required__admin_mfa_required_false__admin_user(
self, mock_settings, mock_has_mfa, mock_redirect):
mock_settings.MFA_REQUIRED = True
mock_settings.SSO_MFA_REQUIRED = True
mock_settings.ADMIN_MFA_REQUIRED = False
mock_get_response = mock.MagicMock()
mock_request = self.mock_request_with_user(is_staff=True)
mock_has_mfa.return_value = False
TethysMfaRequiredMiddleware(mock_get_response)(mock_request)
# not required for admin/staff user
mock_redirect.assert_not_called()
def test_mfa_required__admin_mfa_required_false__sso_user(
self, mock_settings, mock_has_mfa, mock_redirect):
mock_settings.MFA_REQUIRED = True
mock_settings.SSO_MFA_REQUIRED = True
mock_settings.ADMIN_MFA_REQUIRED = False
mock_get_response = mock.MagicMock()
mock_request = self.mock_request_with_user(with_sso=True)
mock_has_mfa.return_value = False
TethysMfaRequiredMiddleware(mock_get_response)(mock_request)
# required for sso users
mock_redirect.assert_called_once_with('mfa_home')
def test_mfa_required_all_true__valid_token__staff_user(
self, mock_settings, mock_has_mfa, mock_redirect, _):
mock_settings.MFA_REQUIRED = True
mock_settings.SSO_MFA_REQUIRED = True
mock_settings.ADMIN_MFA_REQUIRED = True
mock_get_response = mock.MagicMock()
mock_request = self.mock_request_with_user(is_staff=True)
mock_request.headers = {
'Authorization': 'Token abcdefghijklmnopqrstuvwxyz'
}
mock_has_mfa.return_value = False
TethysMfaRequiredMiddleware(mock_get_response)(mock_request)
# not required for valid token
mock_redirect.assert_not_called()
def test_mfa_required_all_true__invalid_token__staff_user(
self, mock_settings, mock_has_mfa, mock_redirect,
mock_authenticate):
mock_settings.MFA_REQUIRED = True
mock_settings.SSO_MFA_REQUIRED = True
mock_settings.ADMIN_MFA_REQUIRED = True
mock_get_response = mock.MagicMock()
mock_request = self.mock_request_with_user(is_staff=True)
mock_request.headers = {
'Authorization': 'Token abcdefghijklmnopqrstuvwxyz'
}
mock_authenticate.side_effect = AuthenticationFailed
mock_has_mfa.return_value = False
TethysMfaRequiredMiddleware(mock_get_response)(mock_request)
# required for all users
mock_redirect.assert_called_once_with('mfa_home')
def test_mfa_required_excluded_paths(self, mock_settings, mock_has_mfa,
mock_redirect):
mock_settings.MFA_REQUIRED = True
mock_settings.SSO_MFA_REQUIRED = True
mock_settings.ADMIN_MFA_REQUIRED = True
mock_has_mfa.return_value = False
mock_get_response = mock.MagicMock()
excluded_paths = [
'/', '/accounts/login/', '/accounts/logout/', '/oauth2/foo/',
'/user/bar/', '/captcha/jar/', '/devices/123/', '/mfa/add/'
]
for path in excluded_paths:
mock_request = self.mock_request_with_user(path=path)
TethysMfaRequiredMiddleware(mock_get_response)(mock_request)
# do not react on these paths
mock_redirect.assert_not_called()
