def test_add_samlaccount_to_existing_user_with_varying_email(self):
email = '*****@*****.**'
t_user = self.setup_user(
email=email, token_scope='rw:profile rw:issuer rw:backpack')
preflight_response = self.client.get(
reverse('v2_api_user_socialaccount_connect') +
'?provider={}'.format(self.config.slug))
self.assertEqual(preflight_response.status_code, 200)
location = urlparse(preflight_response.data['result']['url'])
authcode = parse_qs(location.query)['authCode'][0]
location = '?'.join([location.path, location.query])
# the location now includes an auth code
self.client.logout()
response = self.client.get(location)
self.assertEqual(response.status_code, 302)
location = response._headers['location'][1]
response = self.client.get(location)
self.assertEqual(response.status_code, 302)
# Can auto provision again
rf = RequestFactory()
fake_request = rf.post(
reverse('assertion_consumer_service',
kwargs={'idp_name': self.config.slug}),
{'saml_assertion': 'very fake'})
email2 = '*****@*****.**'
resp = auto_provision(fake_request, [email2], t_user.first_name,
t_user.last_name, self.config)
self.assertEqual(resp.status_code, 302)
fake_request.session = dict()
set_session_authcode(fake_request, authcode)
set_session_badgr_app(fake_request, self.badgr_app)
fake_request.session['idp_name'] = self.config.slug
resp = self.client.get(resp.url)
self.assertEqual(resp.status_code, 302)
self.assertIn("authToken", resp.url)
self.assertIn(self.badgr_app.ui_login_redirect, resp.url)
Saml2Account.objects.get(
user=t_user) # There is a Saml account associated with the user.
CachedEmailAddress.objects.get(email=email2,
user=t_user,
verified=True,
primary=False) # User has the email.
email3 = '*****@*****.**'
resp = auto_provision(fake_request, [email2, email3],
t_user.first_name, t_user.last_name, self.config)
CachedEmailAddress.objects.get(email=email3,
user=t_user,
verified=True,
primary=False) # User has new email.
def test_saml2_login_with_conflicts(self):
email = "*****@*****.**"
email2 = "*****@*****.**"
first_name = "firsty"
last_name = "lastington"
idp_name = self.config.slug
badgr_app = self.badgr_app
# email does not exist
resp = auto_provision(None, "*****@*****.**", first_name,
last_name, badgr_app, self.config,
self.config.slug)
self.assertEqual(resp.status_code, 302)
self.assertIn("authToken", resp.url)
self.assertEqual(Saml2Account.objects.all().count(), 1)
email_address = CachedEmailAddress.objects.get(
email='*****@*****.**')
self.assertTrue(email_address.verified)
self.assertTrue(email_address.primary)
# email exists, but is unverified
BadgeUser.objects.create(email=email,
first_name=first_name,
last_name=last_name,
send_confirmation=False)
resp = auto_provision(None, email, first_name, last_name, badgr_app,
self.config, self.config.slug)
self.assertEqual(resp.status_code, 302)
self.assertIn("authToken", resp.url)
email_address = CachedEmailAddress.objects.get(email=email)
self.assertTrue(email_address.verified)
self.assertTrue(email_address.primary)
# Can auto provision again
resp = auto_provision(None, email, first_name, last_name, badgr_app,
self.config, self.config.slug)
self.assertEqual(resp.status_code, 302)
self.assertIn("authToken", resp.url)
# email exists, but is verified
BadgeUser.objects.create(email=email2,
first_name=first_name,
last_name=last_name,
send_confirmation=False)
cachedemail = CachedEmailAddress.objects.get(email=email2)
cachedemail.verified = True
cachedemail.save()
saml_account_count = Saml2Account.objects.count()
resp = auto_provision(None, email2, first_name, last_name, badgr_app,
self.config, self.config.slug)
self.assertEqual(resp.status_code, 302)
self.assertIn("authError", resp.url)
self.assertIn(self.config.slug, resp.url)
self.assertEqual(saml_account_count, Saml2Account.objects.count(),
"A Saml2Account must not have been created.")
def test_login_with_email_variant(self):
email = "*****@*****.**"
first_name = "firsty"
last_name = "lastington"
resp = auto_provision(None, [email], first_name, last_name,
self.config)
self.assertEqual(resp.status_code, 302)
resp = self.client.get(resp.url)
self.assertEqual(resp.status_code, 302)
resp = self.client.get(resp.url)
self.assertEqual(resp.status_code, 302)
self.assertIn("authToken", resp.url)
email = "*****@*****.**"
resp = auto_provision(None, [email], first_name, last_name,
self.config)
self.assertIn("authcode", resp.url)
def test_saml2_login_with_conflicts(self):
email = "*****@*****.**"
email2 = "*****@*****.**"
first_name = "firsty"
last_name = "lastington"
idp_name = self.config.slug
badgr_app = BadgrApp.objects.create(
ui_login_redirect="https://example.com",
ui_signup_failure_redirect='https://example.com/fail')
# email does not exist
resp = auto_provision(None, "*****@*****.**", first_name,
last_name, badgr_app, self.config,
self.config.slug)
self.assertEqual(resp.status_code, 302)
self.assertIn("authToken", resp.url)
# email exists, but is unverified
BadgeUser.objects.create(email=email,
first_name=first_name,
last_name=last_name,
send_confirmation=False)
resp = auto_provision(None, email, first_name, last_name, badgr_app,
self.config, self.config.slug)
self.assertEqual(resp.status_code, 302)
self.assertIn("authToken", resp.url)
# Can auto provision again
resp = auto_provision(None, email, first_name, last_name, badgr_app,
self.config, self.config.slug)
self.assertEqual(resp.status_code, 302)
self.assertIn("authToken", resp.url)
# email exists, but is verified
BadgeUser.objects.create(email=email2,
first_name=first_name,
last_name=last_name,
send_confirmation=False)
cachedemail = CachedEmailAddress.objects.get(email=email2)
cachedemail.verified = True
cachedemail.save()
resp = auto_provision(None, email2, first_name, last_name, badgr_app,
self.config, self.config.slug)
self.assertEqual(resp.status_code, 302)
self.assertIn("authError", resp.url)
self.assertIn(self.config.slug, resp.url)
def test_login_with_unregistered_saml2_account(self):
email = "*****@*****.**"
first_name = "firsty"
last_name = "lastington"
badgr_app = self.badgr_app
resp = auto_provision(None, email, first_name, last_name, badgr_app,
self.config, self.config.slug)
self.assertEqual(resp.status_code, 302)
self.assertIn("authToken", resp.url)
def test_add_samlaccount_to_existing_user(self):
# email exists, but is verified
email = '*****@*****.**'
test_user = self.setup_user(
email=email, token_scope='rw:profile rw:issuer rw:backpack')
preflight_response = self.client.get(
reverse('v2_api_user_socialaccount_connect') +
'?provider={}'.format(self.config.slug))
self.assertEqual(preflight_response.status_code, 200)
location = urlparse(preflight_response.data['result']['url'])
authcode = parse_qs(location.query)['authCode'][0]
location = '?'.join([location.path, location.query])
# the location now includes an auth code
self.client.logout()
response = self.client.get(location)
self.assertEqual(response.status_code, 302)
location = response._headers['location'][1]
response = self.client.get(location)
self.assertEqual(response.status_code, 302)
# Can auto provision again
rf = RequestFactory()
fake_request = rf.post(
reverse('assertion_consumer_service',
kwargs={'idp_name': self.config.slug}),
{'saml_assertion': 'very fake'})
fake_request.session = dict()
set_session_authcode(fake_request, authcode)
resp = auto_provision(fake_request, [email], test_user.first_name,
test_user.last_name, self.config)
self.assertEqual(resp.status_code, 302)
resp = self.client.get(resp.url)
self.assertEqual(resp.status_code, 302)
resp = self.client.get(resp.url)
self.assertEqual(resp.status_code, 302)
self.assertIn("authToken", resp.url)
account = Saml2Account.objects.get(user=test_user)
def test_login_with_registered_saml2_account(self):
email = "*****@*****.**"
first_name = "firsty"
last_name = "lastington"
new_user = BadgeUser.objects.create(
email=email,
first_name=first_name,
last_name=last_name,
)
# Auto verify emails
email = CachedEmailAddress.objects.get(email=email)
email.verified = True
email.save()
Saml2Account.objects.create(config=self.config,
user=new_user,
uuid=email)
badgr_app = BadgrApp.objects.create(ui_login_redirect="example.com")
resp = auto_provision(None, email, first_name, last_name, badgr_app,
self.config, self.config.slug)
self.assertEqual(resp.status_code, 302)
self.assertIn("authToken", resp.url)
