class OpenIDBackendTests(TestCase):
def setUp(self):
super(OpenIDBackendTests, self).setUp()
self.backend = OpenIDBackend()
self.old_openid_use_email_for_username = getattr(settings,
'OPENID_USE_EMAIL_FOR_USERNAME', False)
def tearDown(self):
settings.OPENID_USE_EMAIL_FOR_USERNAME = \
self.old_openid_use_email_for_username
def test_extract_user_details_sreg(self):
endpoint = OpenIDServiceEndpoint()
message = Message(OPENID2_NS)
message.setArg(SREG_NS, "nickname", "someuser")
message.setArg(SREG_NS, "fullname", "Some User")
message.setArg(SREG_NS, "email", "*****@*****.**")
response = SuccessResponse(
endpoint, message, signed_fields=message.toPostArgs().keys())
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"})
def make_response_ax(self, schema="http://axschema.org/",
fullname="Some User", nickname="someuser", email="*****@*****.**",
first=None, last=None):
endpoint = OpenIDServiceEndpoint()
message = Message(OPENID2_NS)
attributes = [
("nickname", schema + "namePerson/friendly", nickname),
("fullname", schema + "namePerson", fullname),
("email", schema + "contact/email", email),
]
if first:
attributes.append(
("first", "http://axschema.org/namePerson/first", first))
if last:
attributes.append(
("last", "http://axschema.org/namePerson/last", last))
message.setArg(AX_NS, "mode", "fetch_response")
for (alias, uri, value) in attributes:
message.setArg(AX_NS, "type.%s" % alias, uri)
message.setArg(AX_NS, "value.%s" % alias, value)
return SuccessResponse(
endpoint, message, signed_fields=message.toPostArgs().keys())
def test_extract_user_details_ax(self):
response = self.make_response_ax(fullname="Some User",
nickname="someuser", email="*****@*****.**")
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"})
def test_extract_user_details_ax_split_name(self):
# Include fullname too to show that the split data takes
# precedence.
response = self.make_response_ax(
fullname="Bad Data", first="Some", last="User")
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"})
def test_extract_user_details_ax_broken_myopenid(self):
response = self.make_response_ax(
schema="http://schema.openid.net/", fullname="Some User",
nickname="someuser", email="*****@*****.**")
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"})
def test_update_user_details_long_names(self):
response = self.make_response_ax()
user = User.objects.create_user('someuser', '*****@*****.**',
password=None)
data = dict(first_name=u"Some56789012345678901234567890123",
last_name=u"User56789012345678901234567890123",
email=u"*****@*****.**")
self.backend.update_user_details(user, data, response)
self.assertEqual("Some56789012345678901234567890", user.first_name)
self.assertEqual("User56789012345678901234567890", user.last_name)
def test_extract_user_details_name_with_trailing_space(self):
response = self.make_response_ax(fullname="SomeUser ")
data = self.backend._extract_user_details(response)
self.assertEqual("", data['first_name'])
self.assertEqual("SomeUser", data['last_name'])
def test_extract_user_details_name_with_thin_space(self):
response = self.make_response_ax(fullname=u"Some\u2009User")
data = self.backend._extract_user_details(response)
self.assertEqual("Some", data['first_name'])
self.assertEqual("User", data['last_name'])
def test_preferred_username_email_munging(self):
settings.OPENID_USE_EMAIL_FOR_USERNAME = True
for nick, email, expected in [
('nickcomesfirst', '*****@*****.**', 'nickcomesfirst'),
('', '*****@*****.**', 'fooexamplecom'),
('noemail', '', 'noemail'),
('', '@%.-', 'openiduser'),
('', '', 'openiduser'),
(None, None, 'openiduser')]:
self.assertEqual(expected,
self.backend._get_preferred_username(nick, email))
def test_preferred_username_no_email_munging(self):
for nick, email, expected in [
('nickcomesfirst', '*****@*****.**', 'nickcomesfirst'),
('', '*****@*****.**', 'openiduser'),
('noemail', '', 'noemail'),
('', '@%.-', 'openiduser'),
('', '', 'openiduser'),
(None, None, 'openiduser')]:
self.assertEqual(expected,
self.backend._get_preferred_username(nick, email))
class OpenIDKeystoneBackend(KeystoneBackend):
def __init__(self):
self.openid_backend = OpenIDBackend()
def authenticate(self, **kwargs):
"""Authenticate the user based on an OpenID response."""
# Require that the OpenID response be passed in as a keyword
# argument, to make sure we don't match the username/password
# calling conventions of authenticate.
openid_response = kwargs.get('openid_response')
if openid_response is None:
return None
if openid_response.status != SUCCESS:
return None
user = None
try:
user_openid = UserOpenID.objects.get(
claimed_id__exact=openid_response.identity_url)
except UserOpenID.DoesNotExist:
if getattr(settings, 'OPENID_CREATE_USERS', False):
user = self.openid_backend.create_user_from_openid(
openid_response)
else:
user = user_openid.user
if user is None:
return None
#if getattr(settings, 'OPENID_UPDATE_DETAILS_FROM_SREG', False):
details = self.openid_backend._extract_user_details(openid_response)
self.openid_backend.update_user_details(user, details, openid_response)
if getattr(settings, 'OPENID_PHYSICAL_MULTIFACTOR_REQUIRED', False):
pape_response = pape.Response.fromSuccessResponse(openid_response)
if pape_response is None or \
pape.AUTH_MULTI_FACTOR_PHYSICAL not in pape_response.auth_policies:
raise MissingPhysicalMultiFactor()
teams_response = teams.TeamsResponse.fromSuccessResponse(
openid_response)
if teams_response:
self.openid_backend.update_groups_from_teams(user, teams_response)
self.openid_backend.update_staff_status_from_teams(
user, teams_response)
LOG.debug("email %s:", details['email'])
try:
user = super(OpenIDKeystoneBackend, self).authenticate(
password=settings.TUKEY_PASSWORD,
username='******' % details['email'],
auth_url=settings.OPENSTACK_KEYSTONE_URL,
request=kwargs.get('request'))
user.identifier = details['email']
except KeystoneAuthException:
return UnregisteredUser('OpenID', details['email'])
return user
class OpenIDBackendTests(TestCase):
def setUp(self):
super(OpenIDBackendTests, self).setUp()
self.backend = OpenIDBackend()
def make_openid_response(self, sreg_args=None, teams_args=None):
endpoint = OpenIDServiceEndpoint()
endpoint.claimed_id = 'some-id'
message = Message(OPENID2_NS)
if sreg_args is not None:
for key, value in sreg_args.items():
message.setArg(SREG_NS, key, value)
if teams_args is not None:
for key, value in teams_args.items():
message.setArg(TEAMS_NS, key, value)
response = SuccessResponse(
endpoint, message, signed_fields=message.toPostArgs().keys())
return response
def make_response_ax(
self, schema="http://axschema.org/",
fullname="Some User", nickname="someuser", email="*****@*****.**",
first=None, last=None, verified=False):
endpoint = OpenIDServiceEndpoint()
message = Message(OPENID2_NS)
attributes = [
("nickname", schema + "namePerson/friendly", nickname),
("fullname", schema + "namePerson", fullname),
("email", schema + "contact/email", email),
("account_verified",
"http://ns.login.ubuntu.com/2013/validation/account",
"token_via_email" if verified else "no")
]
if first:
attributes.append(
("first", "http://axschema.org/namePerson/first", first))
if last:
attributes.append(
("last", "http://axschema.org/namePerson/last", last))
message.setArg(AX_NS, "mode", "fetch_response")
for (alias, uri, value) in attributes:
message.setArg(AX_NS, "type.%s" % alias, uri)
message.setArg(AX_NS, "value.%s" % alias, value)
return SuccessResponse(
endpoint, message, signed_fields=message.toPostArgs().keys())
def make_user_openid(self, user=None,
claimed_id='http://example.com/existing_identity',
display_id='http://example.com/existing_identity'):
if user is None:
user = User.objects.create_user(
username='******', email='*****@*****.**',
password='******')
user_openid, created = UserOpenID.objects.get_or_create(
user=user, claimed_id=claimed_id, display_id=display_id)
return user_openid
def assert_account_verified(self, user, initially_verified, verified):
# set user's verification status
permission = Permission.objects.get(codename='account_verified')
if initially_verified:
user.user_permissions.add(permission)
else:
user.user_permissions.remove(permission)
user = User.objects.get(pk=user.pk)
has_perm = user.has_perm('django_openid_auth.account_verified')
assert has_perm == initially_verified
if hasattr(user, '_perm_cache'):
del user._perm_cache
# get a response including verification status
response = self.make_response_ax()
data = dict(first_name=u"Some56789012345678901234567890123",
last_name=u"User56789012345678901234567890123",
email=u"*****@*****.**",
account_verified=verified)
self.backend.update_user_details(user, data, response)
# refresh object from the database
user = User.objects.get(pk=user.pk)
# check the verification status
self.assertEqual(
user.has_perm('django_openid_auth.account_verified'), verified)
def test_extract_user_details_sreg(self):
expected = {
'nickname': 'someuser',
'first_name': 'Some',
'last_name': 'User',
'email': '*****@*****.**',
'account_verified': False,
}
data = {
'nickname': expected['nickname'],
'fullname': "%s %s" % (expected['first_name'],
expected['last_name']),
'email': expected['email'],
}
response = self.make_openid_response(sreg_args=data)
details = self.backend._extract_user_details(response)
self.assertEqual(details, expected)
def test_extract_user_details_ax(self):
response = self.make_response_ax(
fullname="Some User", nickname="someuser", email="*****@*****.**")
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**",
"account_verified": False})
def test_extract_user_details_ax_split_name(self):
# Include fullname too to show that the split data takes
# precedence.
response = self.make_response_ax(
fullname="Bad Data", first="Some", last="User")
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**",
"account_verified": False})
def test_extract_user_details_ax_broken_myopenid(self):
response = self.make_response_ax(
schema="http://schema.openid.net/", fullname="Some User",
nickname="someuser", email="*****@*****.**")
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**",
"account_verified": False})
def test_update_user_details_long_names(self):
response = self.make_response_ax()
user = User.objects.create_user(
'someuser', '*****@*****.**', password=None)
user_openid, created = UserOpenID.objects.get_or_create(
user=user,
claimed_id='http://example.com/existing_identity',
display_id='http://example.com/existing_identity')
data = dict(
first_name=u"Some56789012345678901234567890123",
last_name=u"User56789012345678901234567890123",
email=u"*****@*****.**", account_verified=False)
self.backend.update_user_details(user, data, response)
self.assertEqual("Some56789012345678901234567890", user.first_name)
self.assertEqual("User56789012345678901234567890", user.last_name)
def test_update_user_perms_initially_verified_then_verified(self):
self.assert_account_verified(
self.make_user_openid().user,
initially_verified=True, verified=True)
def test_update_user_perms_initially_verified_then_unverified(self):
self.assert_account_verified(
self.make_user_openid().user,
initially_verified=True, verified=False)
def test_update_user_perms_initially_not_verified_then_verified(self):
self.assert_account_verified(
self.make_user_openid().user,
initially_verified=False, verified=True)
def test_update_user_perms_initially_not_verified_then_unverified(self):
self.assert_account_verified(
self.make_user_openid().user,
initially_verified=False, verified=False)
def test_extract_user_details_name_with_trailing_space(self):
response = self.make_response_ax(fullname="SomeUser ")
data = self.backend._extract_user_details(response)
self.assertEqual("", data['first_name'])
self.assertEqual("SomeUser", data['last_name'])
def test_extract_user_details_name_with_thin_space(self):
response = self.make_response_ax(fullname=u"Some\u2009User")
data = self.backend._extract_user_details(response)
self.assertEqual("Some", data['first_name'])
self.assertEqual("User", data['last_name'])
@override_settings(OPENID_USE_EMAIL_FOR_USERNAME=True)
def test_preferred_username_email_munging(self):
for nick, email, expected in [
('nickcomesfirst', '*****@*****.**', 'nickcomesfirst'),
('', '*****@*****.**', 'fooexamplecom'),
('noemail', '', 'noemail'),
('', '@%.-', 'openiduser'),
('', '', 'openiduser'),
(None, None, 'openiduser')]:
self.assertEqual(
expected,
self.backend._get_preferred_username(nick, email))
def test_preferred_username_no_email_munging(self):
for nick, email, expected in [
('nickcomesfirst', '*****@*****.**', 'nickcomesfirst'),
('', '*****@*****.**', 'openiduser'),
('noemail', '', 'noemail'),
('', '@%.-', 'openiduser'),
('', '', 'openiduser'),
(None, None, 'openiduser')]:
self.assertEqual(
expected,
self.backend._get_preferred_username(nick, email))
@override_settings(
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'])
def test_authenticate_when_not_member_of_teams_required(self):
Group.objects.create(name='team')
response = self.make_openid_response(
sreg_args=dict(nickname='someuser'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNone(user)
@override_settings(
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'])
def test_authenticate_when_no_group_mapping_to_required_team(self):
assert Group.objects.filter(name='team').count() == 0
response = self.make_openid_response(
sreg_args=dict(nickname='someuser'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNone(user)
@override_settings(
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'])
def test_authenticate_when_member_of_teams_required(self):
Group.objects.create(name='team')
response = self.make_openid_response(
sreg_args=dict(nickname='someuser'),
teams_args=dict(is_member='foo,team'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
@override_settings(OPENID_LAUNCHPAD_TEAMS_REQUIRED=[])
def test_authenticate_when_no_teams_required(self):
response = self.make_openid_response(
sreg_args=dict(nickname='someuser'),
teams_args=dict(is_member='team'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
@override_settings(
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team1', 'team2'])
def test_authenticate_when_member_of_at_least_one_team(self):
Group.objects.create(name='team1')
response = self.make_openid_response(
sreg_args=dict(nickname='someuser'),
teams_args=dict(is_member='foo,team1'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
@override_settings(
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'],
OPENID_EMAIL_WHITELIST_REGEXP_LIST=['foo(\+[^@]*)[email protected]'])
def test_authenticate_when_not_in_required_team_but_email_whitelisted(
self):
assert Group.objects.filter(name='team').count() == 0
response = self.make_openid_response(
sreg_args=dict(nickname='someuser', email='*****@*****.**'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
response = self.make_openid_response(
sreg_args=dict(nickname='someuser', email='*****@*****.**'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
@override_settings(
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'],
OPENID_EMAIL_WHITELIST_REGEXP_LIST=['*****@*****.**', '*****@*****.**'])
def test_authenticate_whitelisted_email_multiple_patterns(self):
assert Group.objects.filter(name='team').count() == 0
response = self.make_openid_response(
sreg_args=dict(nickname='someuser', email='*****@*****.**'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
@override_settings(
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'],
OPENID_EMAIL_WHITELIST_REGEXP_LIST=['*****@*****.**'])
def test_authenticate_whitelisted_email_not_match(self):
assert Group.objects.filter(name='team').count() == 0
response = self.make_openid_response(
sreg_args=dict(nickname='someuser', email='*****@*****.**'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNone(user)
class OpenIDKeystoneBackend(KeystoneBackend):
def __init__(self):
self.openid_backend = OpenIDBackend()
def authenticate(self, **kwargs):
"""Authenticate the user based on an OpenID response."""
# Require that the OpenID response be passed in as a keyword
# argument, to make sure we don't match the username/password
# calling conventions of authenticate.
openid_response = kwargs.get('openid_response')
if openid_response is None:
return None
if openid_response.status != SUCCESS:
return None
user = None
try:
user_openid = UserOpenID.objects.get(
claimed_id__exact=openid_response.identity_url)
except UserOpenID.DoesNotExist:
if getattr(settings, 'OPENID_CREATE_USERS', False):
user = self.openid_backend.create_user_from_openid(
openid_response)
else:
user = user_openid.user
if user is None:
return None
#if getattr(settings, 'OPENID_UPDATE_DETAILS_FROM_SREG', False):
details = self.openid_backend._extract_user_details(openid_response)
self.openid_backend.update_user_details(user, details, openid_response)
if getattr(settings, 'OPENID_PHYSICAL_MULTIFACTOR_REQUIRED', False):
pape_response = pape.Response.fromSuccessResponse(openid_response)
if pape_response is None or \
pape.AUTH_MULTI_FACTOR_PHYSICAL not in pape_response.auth_policies:
raise MissingPhysicalMultiFactor()
teams_response = teams.TeamsResponse.fromSuccessResponse(
openid_response)
if teams_response:
self.openid_backend.update_groups_from_teams(user, teams_response)
self.openid_backend.update_staff_status_from_teams(user,
teams_response)
LOG.debug("email %s:", details['email'])
try:
user = super(OpenIDKeystoneBackend, self).authenticate(
password=settings.TUKEY_PASSWORD,
username='******' % details['email'],
auth_url=settings.OPENSTACK_KEYSTONE_URL,
request=kwargs.get('request'))
user.identifier = details['email']
except KeystoneAuthException:
return UnregisteredUser('OpenID', details['email'])
return user
class OpenIDBackendTests(TestCase):
def setUp(self):
super(OpenIDBackendTests, self).setUp()
self.backend = OpenIDBackend()
def make_openid_response(self, sreg_args=None, teams_args=None):
endpoint = OpenIDServiceEndpoint()
endpoint.claimed_id = 'some-id'
message = Message(OPENID2_NS)
if sreg_args is not None:
for key, value in sreg_args.items():
message.setArg(SREG_NS, key, value)
if teams_args is not None:
for key, value in teams_args.items():
message.setArg(TEAMS_NS, key, value)
response = SuccessResponse(endpoint,
message,
signed_fields=message.toPostArgs().keys())
return response
def make_response_ax(self,
schema="http://axschema.org/",
fullname="Some User",
nickname="someuser",
email="*****@*****.**",
first=None,
last=None,
verified=False):
endpoint = OpenIDServiceEndpoint()
message = Message(OPENID2_NS)
attributes = [("nickname", schema + "namePerson/friendly", nickname),
("fullname", schema + "namePerson", fullname),
("email", schema + "contact/email", email),
("account_verified",
"http://ns.login.ubuntu.com/2013/validation/account",
"token_via_email" if verified else "no")]
if first:
attributes.append(
("first", "http://axschema.org/namePerson/first", first))
if last:
attributes.append(
("last", "http://axschema.org/namePerson/last", last))
message.setArg(AX_NS, "mode", "fetch_response")
for (alias, uri, value) in attributes:
message.setArg(AX_NS, "type.%s" % alias, uri)
message.setArg(AX_NS, "value.%s" % alias, value)
return SuccessResponse(endpoint,
message,
signed_fields=message.toPostArgs().keys())
def make_user_openid(self,
user=None,
claimed_id='http://example.com/existing_identity',
display_id='http://example.com/existing_identity'):
if user is None:
user = User.objects.create_user(username='******',
email='*****@*****.**',
password='******')
user_openid, created = UserOpenID.objects.get_or_create(
user=user, claimed_id=claimed_id, display_id=display_id)
return user_openid
def assert_account_verified(self, user, initially_verified, verified):
# set user's verification status
permission = Permission.objects.get(codename='account_verified')
if initially_verified:
user.user_permissions.add(permission)
else:
user.user_permissions.remove(permission)
user = User.objects.get(pk=user.pk)
has_perm = user.has_perm('django_openid_auth.account_verified')
assert has_perm == initially_verified
if hasattr(user, '_perm_cache'):
del user._perm_cache
# get a response including verification status
response = self.make_response_ax()
data = dict(first_name=u"Some56789012345678901234567890123",
last_name=u"User56789012345678901234567890123",
email=u"*****@*****.**",
account_verified=verified)
self.backend.update_user_details(user, data, response)
# refresh object from the database
user = User.objects.get(pk=user.pk)
# check the verification status
self.assertEqual(user.has_perm('django_openid_auth.account_verified'),
verified)
def test_extract_user_details_sreg(self):
expected = {
'nickname': 'someuser',
'first_name': 'Some',
'last_name': 'User',
'email': '*****@*****.**',
'account_verified': False,
}
data = {
'nickname': expected['nickname'],
'fullname':
"%s %s" % (expected['first_name'], expected['last_name']),
'email': expected['email'],
}
response = self.make_openid_response(sreg_args=data)
details = self.backend._extract_user_details(response)
self.assertEqual(details, expected)
def test_extract_user_details_ax(self):
response = self.make_response_ax(fullname="Some User",
nickname="someuser",
email="*****@*****.**")
data = self.backend._extract_user_details(response)
self.assertEqual(
data, {
"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**",
"account_verified": False
})
def test_extract_user_details_ax_split_name(self):
# Include fullname too to show that the split data takes
# precedence.
response = self.make_response_ax(fullname="Bad Data",
first="Some",
last="User")
data = self.backend._extract_user_details(response)
self.assertEqual(
data, {
"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**",
"account_verified": False
})
def test_extract_user_details_ax_broken_myopenid(self):
response = self.make_response_ax(schema="http://schema.openid.net/",
fullname="Some User",
nickname="someuser",
email="*****@*****.**")
data = self.backend._extract_user_details(response)
self.assertEqual(
data, {
"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**",
"account_verified": False
})
def test_update_user_details_long_names(self):
response = self.make_response_ax()
user = User.objects.create_user('someuser',
'*****@*****.**',
password=None)
user_openid, created = UserOpenID.objects.get_or_create(
user=user,
claimed_id='http://example.com/existing_identity',
display_id='http://example.com/existing_identity')
data = dict(first_name=u"Some56789012345678901234567890123",
last_name=u"User56789012345678901234567890123",
email=u"*****@*****.**",
account_verified=False)
self.backend.update_user_details(user, data, response)
self.assertEqual("Some56789012345678901234567890", user.first_name)
self.assertEqual("User56789012345678901234567890", user.last_name)
def test_update_user_perms_initially_verified_then_verified(self):
self.assert_account_verified(self.make_user_openid().user,
initially_verified=True,
verified=True)
def test_update_user_perms_initially_verified_then_unverified(self):
self.assert_account_verified(self.make_user_openid().user,
initially_verified=True,
verified=False)
def test_update_user_perms_initially_not_verified_then_verified(self):
self.assert_account_verified(self.make_user_openid().user,
initially_verified=False,
verified=True)
def test_update_user_perms_initially_not_verified_then_unverified(self):
self.assert_account_verified(self.make_user_openid().user,
initially_verified=False,
verified=False)
def test_extract_user_details_name_with_trailing_space(self):
response = self.make_response_ax(fullname="SomeUser ")
data = self.backend._extract_user_details(response)
self.assertEqual("", data['first_name'])
self.assertEqual("SomeUser", data['last_name'])
def test_extract_user_details_name_with_thin_space(self):
response = self.make_response_ax(fullname=u"Some\u2009User")
data = self.backend._extract_user_details(response)
self.assertEqual("Some", data['first_name'])
self.assertEqual("User", data['last_name'])
@override_settings(OPENID_USE_EMAIL_FOR_USERNAME=True)
def test_preferred_username_email_munging(self):
for nick, email, expected in [('nickcomesfirst', '*****@*****.**',
'nickcomesfirst'),
('', '*****@*****.**', 'fooexamplecom'),
('noemail', '', 'noemail'),
('', '@%.-', 'openiduser'),
('', '', 'openiduser'),
(None, None, 'openiduser')]:
self.assertEqual(expected,
self.backend._get_preferred_username(nick, email))
def test_preferred_username_no_email_munging(self):
for nick, email, expected in [('nickcomesfirst', '*****@*****.**',
'nickcomesfirst'),
('', '*****@*****.**', 'openiduser'),
('noemail', '', 'noemail'),
('', '@%.-', 'openiduser'),
('', '', 'openiduser'),
(None, None, 'openiduser')]:
self.assertEqual(expected,
self.backend._get_preferred_username(nick, email))
@override_settings(OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'])
def test_authenticate_when_not_member_of_teams_required(self):
Group.objects.create(name='team')
response = self.make_openid_response(
sreg_args=dict(nickname='someuser'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNone(user)
@override_settings(OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'])
def test_authenticate_when_no_group_mapping_to_required_team(self):
assert Group.objects.filter(name='team').count() == 0
response = self.make_openid_response(
sreg_args=dict(nickname='someuser'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNone(user)
@override_settings(OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'])
def test_authenticate_when_member_of_teams_required(self):
Group.objects.create(name='team')
response = self.make_openid_response(
sreg_args=dict(nickname='someuser'),
teams_args=dict(is_member='foo,team'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
@override_settings(OPENID_LAUNCHPAD_TEAMS_REQUIRED=[])
def test_authenticate_when_no_teams_required(self):
response = self.make_openid_response(
sreg_args=dict(nickname='someuser'),
teams_args=dict(is_member='team'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
@override_settings(OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team1', 'team2'])
def test_authenticate_when_member_of_at_least_one_team(self):
Group.objects.create(name='team1')
response = self.make_openid_response(
sreg_args=dict(nickname='someuser'),
teams_args=dict(is_member='foo,team1'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
@override_settings(
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'],
OPENID_EMAIL_WHITELIST_REGEXP_LIST=['foo(\+[^@]*)[email protected]'])
def test_authenticate_when_not_in_required_team_but_email_whitelisted(
self):
assert Group.objects.filter(name='team').count() == 0
response = self.make_openid_response(sreg_args=dict(
nickname='someuser', email='*****@*****.**'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
response = self.make_openid_response(sreg_args=dict(
nickname='someuser', email='*****@*****.**'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
@override_settings(
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'],
OPENID_EMAIL_WHITELIST_REGEXP_LIST=['*****@*****.**', '*****@*****.**'])
def test_authenticate_whitelisted_email_multiple_patterns(self):
assert Group.objects.filter(name='team').count() == 0
response = self.make_openid_response(sreg_args=dict(
nickname='someuser', email='*****@*****.**'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
@override_settings(OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'],
OPENID_EMAIL_WHITELIST_REGEXP_LIST=['*****@*****.**'])
def test_authenticate_whitelisted_email_not_match(self):
assert Group.objects.filter(name='team').count() == 0
response = self.make_openid_response(sreg_args=dict(
nickname='someuser', email='*****@*****.**'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNone(user)
class OpenIDBackendTests(TestCase):
def setUp(self):
super(OpenIDBackendTests, self).setUp()
self.backend = OpenIDBackend()
self.message = TestMessage()
def make_user_openid(
self, user=None, claimed_id=make_claimed_id('existing_identity')):
if user is None:
user = User.objects.create_user(
username='******', email='*****@*****.**',
password='******')
user_openid, created = UserOpenID.objects.get_or_create(
user=user, claimed_id=claimed_id, display_id=claimed_id)
return user_openid
def _assert_account_verified(self, user, expected):
permission = Permission.objects.get(codename='account_verified')
perm_label = '%s.%s' % (permission.content_type.app_label,
permission.codename)
# Always invalidate the per-request perm cache
attrs = list(user.__dict__.keys())
for attr in attrs:
if attr.endswith('_perm_cache'):
delattr(user, attr)
self.assertEqual(user.has_perm(perm_label), expected)
def assert_account_not_verified(self, user):
self._assert_account_verified(user, False)
def assert_account_verified(self, user):
self._assert_account_verified(user, True)
def assert_no_users_created(self, expected_count=0):
current_count = User.objects.count()
msg = 'New users found (expected: %i, current: %i)' % (
expected_count, current_count)
self.assertEqual(current_count, expected_count, msg)
def test_extract_user_details_sreg(self):
expected = {
'nickname': 'someuser',
'first_name': 'Some',
'last_name': 'User',
'email': '*****@*****.**',
'account_verified': False,
}
data = {
'nickname': expected['nickname'],
'fullname': "%s %s" % (expected['first_name'],
expected['last_name']),
'email': expected['email'],
}
self.message.set_sreg_args(**data)
details = self.backend._extract_user_details(
self.message.to_response())
self.assertEqual(details, expected)
def test_extract_user_details_ax(self):
self.message.set_ax_args(
email="*****@*****.**",
fullname="Some User",
nickname="someuser",
)
data = self.backend._extract_user_details(self.message.to_response())
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**",
"account_verified": False})
def test_extract_user_details_ax_split_name(self):
# Include fullname too to show that the split data takes
# precedence.
self.message.set_ax_args(
fullname="Bad Data", first="Some", last="User")
data = self.backend._extract_user_details(self.message.to_response())
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**",
"account_verified": False})
def test_extract_user_details_ax_broken_myopenid(self):
self.message.set_ax_args(
schema="http://schema.openid.net/", fullname="Some User",
nickname="someuser", email="*****@*****.**")
data = self.backend._extract_user_details(self.message.to_response())
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**",
"account_verified": False})
def test_update_user_details_long_names(self):
self.message.set_ax_args()
user = User.objects.create_user(
'someuser', '*****@*****.**', password=None)
user_openid, created = UserOpenID.objects.get_or_create(
user=user,
claimed_id='http://example.com/existing_identity',
display_id='http://example.com/existing_identity')
data = dict(
first_name=u"Some56789012345678901234567890123",
last_name=u"User56789012345678901234567890123",
email=u"*****@*****.**", account_verified=False)
self.backend.update_user_details(
user, data, self.message.to_response())
self.assertEqual("Some56789012345678901234567890", user.first_name)
self.assertEqual("User56789012345678901234567890", user.last_name)
def _test_update_user_perms_account_verified(
self, user, initially_verified, verified):
# set user's verification status
permission = Permission.objects.get(codename='account_verified')
if initially_verified:
user.user_permissions.add(permission)
else:
user.user_permissions.remove(permission)
if initially_verified:
self.assert_account_verified(user)
else:
self.assert_account_not_verified(user)
# get a response including verification status
self.message.set_ax_args()
data = dict(first_name=u"Some56789012345678901234567890123",
last_name=u"User56789012345678901234567890123",
email=u"*****@*****.**",
account_verified=verified)
self.backend.update_user_details(
user, data, self.message.to_response())
# refresh object from the database
user = User.objects.get(pk=user.pk)
if verified:
self.assert_account_verified(user)
else:
self.assert_account_not_verified(user)
def test_update_user_perms_initially_verified_then_verified(self):
self._test_update_user_perms_account_verified(
self.make_user_openid().user,
initially_verified=True, verified=True)
def test_update_user_perms_initially_verified_then_unverified(self):
self._test_update_user_perms_account_verified(
self.make_user_openid().user,
initially_verified=True, verified=False)
def test_update_user_perms_initially_not_verified_then_verified(self):
self._test_update_user_perms_account_verified(
self.make_user_openid().user,
initially_verified=False, verified=True)
def test_update_user_perms_initially_not_verified_then_unverified(self):
self._test_update_user_perms_account_verified(
self.make_user_openid().user,
initially_verified=False, verified=False)
def test_extract_user_details_name_with_trailing_space(self):
self.message.set_ax_args(fullname="SomeUser ")
data = self.backend._extract_user_details(self.message.to_response())
self.assertEqual("", data['first_name'])
self.assertEqual("SomeUser", data['last_name'])
def test_extract_user_details_name_with_thin_space(self):
self.message.set_ax_args(fullname=u"Some\u2009User")
data = self.backend._extract_user_details(self.message.to_response())
self.assertEqual("Some", data['first_name'])
self.assertEqual("User", data['last_name'])
@override_settings(OPENID_CREATE_USERS=True)
def test_auth_username_when_no_nickname(self):
self.message.set_sreg_args(nickname='')
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNotNone(user)
self.assertEqual(
user.username, 'openiduser',
"username must default to 'openiduser'")
@override_settings(OPENID_USE_EMAIL_FOR_USERNAME=True)
def test_auth_username_email_munging(self):
for nick, email, expected in [
('nickcomesfirst', '*****@*****.**', 'nickcomesfirst'),
('', '*****@*****.**', 'fooexamplecom'),
('noemail', '', 'noemail'),
('', '@%.-', 'openiduser'),
('', '', 'openiduser'),
(None, None, 'openiduser')]:
self.message.set_sreg_args(nickname=nick, email=email)
user = self.backend.authenticate(
openid_response=self.message.to_response())
# Cleanup user for further tests
user.delete()
self.assertIsNotNone(user)
self.assertEqual(user.username, expected)
@override_settings(OPENID_USE_EMAIL_FOR_USERNAME=False)
def test_auth_username_no_email_munging(self):
for nick, email, expected in [
('nickcomesfirst', '*****@*****.**', 'nickcomesfirst'),
('', '*****@*****.**', 'openiduser'),
('noemail', '', 'noemail'),
('', '@%.-', 'openiduser'),
('', '', 'openiduser'),
(None, None, 'openiduser')]:
self.message.set_sreg_args(nickname=nick, email=email)
user = self.backend.authenticate(
openid_response=self.message.to_response())
# Cleanup user for further tests
user.delete()
self.assertIsNotNone(user)
self.assertEqual(user.username, expected)
@override_settings(
OPENID_CREATE_USERS=True,
OPENID_FOLLOW_RENAMES=False,
OPENID_UPDATE_DETAILS_FROM_SREG=True)
def test_auth_username_duplicate_numbering(self):
# Setup existing user to conflict with
User.objects.create_user('testuser')
self.message.set_sreg_args(nickname='testuser')
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNotNone(user)
self.assertEqual(
user.username, 'testuser2',
'Username must contain numeric suffix to avoid collisions.')
def test_auth_username_duplicate_numbering_with_conflicts(self):
# Setup existing users to conflict with
User.objects.create_user('testuser')
User.objects.create_user('testuser3')
self.message.set_sreg_args(nickname='testuser')
user = self.backend.authenticate(
openid_response=self.message.to_response())
# Since this username is already taken by someone else, we go through
# the process of adding +i to it starting with the count of users with
# username starting with 'testuser', of which there are 2. i should
# start at 3, which already exists, so it should skip to 4.
self.assertIsNotNone(user)
self.assertEqual(
user.username, 'testuser4',
'Username must contain numeric suffix to avoid collisions.')
def test_auth_username_duplicate_numbering_with_holes(self):
# Setup existing users to conflict with
User.objects.create_user('testuser')
User.objects.create_user('testuser1')
User.objects.create_user('testuser6')
User.objects.create_user('testuser7')
User.objects.create_user('testuser8')
self.message.set_sreg_args(nickname='testuser')
user = self.backend.authenticate(
openid_response=self.message.to_response())
# Since this username is already taken by someone else, we go through
# the process of adding +i to it starting with the count of users with
# username starting with 'testuser', of which there are 5. i should
# start at 6, and increment until it reaches 9.
self.assertIsNotNone(user)
self.assertEqual(
user.username, 'testuser9',
'Username must contain numeric suffix to avoid collisions.')
def test_auth_username_duplicate_numbering_with_nonsequential_matches(
self):
# Setup existing users to conflict with
User.objects.create_user('testuser')
User.objects.create_user('testuserfoo')
self.message.set_sreg_args(nickname='testuser')
user = self.backend.authenticate(
openid_response=self.message.to_response())
# Since this username is already taken by someone else, we go through
# the process of adding +i to it starting with the count of users with
# username starting with 'testuser', of which there are 2. i should
# start at 3, which will be available.
self.assertIsNotNone(user)
self.assertEqual(
user.username, 'testuser3',
'Username must contain numeric suffix to avoid collisions.')
@override_settings(
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'])
def test_authenticate_when_not_member_of_teams_required(self):
Group.objects.create(name='team')
self.message.set_sreg_args(nickname='someuser')
self.message.set_team_args(is_member='foo')
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNone(user)
@override_settings(
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'])
def test_authenticate_when_no_group_mapping_to_required_team(self):
assert Group.objects.filter(name='team').count() == 0
self.message.set_sreg_args(nickname='someuser')
self.message.set_team_args(is_member='foo')
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNone(user)
@override_settings(
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'])
def test_authenticate_when_member_of_teams_required(self):
Group.objects.create(name='team')
self.message.set_sreg_args(nickname='someuser')
self.message.set_team_args(is_member='foo,team')
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNotNone(user)
@override_settings(OPENID_LAUNCHPAD_TEAMS_REQUIRED=[])
def test_authenticate_when_no_teams_required(self):
self.message.set_sreg_args(nickname='someuser')
self.message.set_team_args(is_member='team')
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNotNone(user)
@override_settings(
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team1', 'team2'])
def test_authenticate_when_member_of_at_least_one_team(self):
Group.objects.create(name='team1')
self.message.set_sreg_args(nickname='someuser')
self.message.set_team_args(is_member='foo,team1')
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNotNone(user)
@override_settings(
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'],
OPENID_EMAIL_WHITELIST_REGEXP_LIST=['foo(\+[^@]*)[email protected]'])
def test_authenticate_when_not_in_required_team_but_email_whitelisted(
self):
assert Group.objects.filter(name='team').count() == 0
self.message.set_sreg_args(
nickname='someuser', email='*****@*****.**')
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNotNone(user)
self.message.set_sreg_args(
nickname='someuser', email='*****@*****.**')
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNotNone(user)
@override_settings(
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'],
OPENID_EMAIL_WHITELIST_REGEXP_LIST=['*****@*****.**', '*****@*****.**'])
def test_authenticate_whitelisted_email_multiple_patterns(self):
assert Group.objects.filter(name='team').count() == 0
self.message.set_sreg_args(nickname='someuser', email='*****@*****.**')
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNotNone(user)
@override_settings(
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,
OPENID_LAUNCHPAD_TEAMS_REQUIRED=['team'],
OPENID_EMAIL_WHITELIST_REGEXP_LIST=['*****@*****.**'])
def test_authenticate_whitelisted_email_not_match(self):
assert Group.objects.filter(name='team').count() == 0
self.message.set_sreg_args(nickname='someuser', email='*****@*****.**')
self.message.set_team_args(is_member='foo')
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNone(user)
def test_auth_no_response(self):
self.assertIsNone(self.backend.authenticate())
self.assert_no_users_created()
def test_auth_cancel_response(self):
response = CancelResponse(OpenIDServiceEndpoint())
self.assertIsNone(self.backend.authenticate(openid_response=response))
self.assert_no_users_created()
def test_auth_failure_response(self):
response = FailureResponse(OpenIDServiceEndpoint())
self.assertIsNone(self.backend.authenticate(openid_response=response))
self.assert_no_users_created()
def test_auth_setup_needed_response(self):
response = SetupNeededResponse(OpenIDServiceEndpoint())
self.assertIsNone(self.backend.authenticate(openid_response=response))
self.assert_no_users_created()
@override_settings(OPENID_CREATE_USERS=False)
def test_auth_no_create_users(self):
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNone(user)
self.assert_no_users_created()
@override_settings(OPENID_CREATE_USERS=False)
def test_auth_no_create_users_existing_user(self):
existing_openid = self.make_user_openid(
claimed_id=self.message.endpoint.claimed_id)
expected_user_count = User.objects.count()
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNotNone(user)
self.assertEqual(user, existing_openid.user)
self.assert_no_users_created(expected_count=expected_user_count)
@override_settings(
OPENID_UPDATE_DETAILS_FROM_SREG=True,
OPENID_VALID_VERIFICATION_SCHEMES={
SERVER_URL: {'token_via_email'}})
def test_auth_update_details_from_sreg(self):
first_name = 'a' * 31
last_name = 'b' * 31
email = '*****@*****.**'
self.message.set_ax_args(
fullname=first_name + ' ' + last_name,
nickname='newnickname',
email=email,
first=first_name,
last=last_name,
verified=True,
)
existing_openid = self.make_user_openid(
claimed_id=self.message.endpoint.claimed_id)
original_username = existing_openid.user.username
expected_user_count = User.objects.count()
self.assert_account_not_verified(existing_openid.user)
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertEqual(user, existing_openid.user)
self.assertEqual(
user.username, original_username,
'Username must not be updated unless OPENID_FOLLOW_RENAMES=True.')
self.assertEqual(user.email, email)
self.assertEqual(user.first_name, first_name[:30])
self.assertEqual(user.last_name, last_name[:30])
self.assert_account_verified(user)
self.assert_no_users_created(expected_count=expected_user_count)
@override_settings(
OPENID_UPDATE_DETAILS_FROM_SREG=True,
OPENID_VALID_VERIFICATION_SCHEMES={
SERVER_URL: {'token_via_email'}})
def test_auth_update_details_from_sreg_unverifies_account(self):
first_name = 'a' * 31
last_name = 'b' * 31
email = '*****@*****.**'
kwargs = dict(
fullname=first_name + ' ' + last_name,
nickname='newnickname',
email=email,
first=first_name,
last=last_name,
verified=True,
)
self.message.set_ax_args(**kwargs)
verified_user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assert_account_verified(verified_user)
expected_user_count = User.objects.count()
kwargs['verified'] = False
self.message.set_ax_args(**kwargs)
unverified_user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertEqual(verified_user, unverified_user)
self.assert_account_not_verified(unverified_user)
self.assert_no_users_created(expected_count=expected_user_count)
@override_settings(OPENID_PHYSICAL_MULTIFACTOR_REQUIRED=True)
def test_physical_multifactor_required_not_given(self):
response = self.message.to_response()
with self.assertRaises(MissingPhysicalMultiFactor):
self.backend.authenticate(openid_response=response)
self.assertTrue(
UserOpenID.objects.filter(
claimed_id=self.message.endpoint.claimed_id).exists(),
'User must be created anyways.')
@override_settings(OPENID_PHYSICAL_MULTIFACTOR_REQUIRED=True)
def test_physical_multifactor_required_invalid_auth_policy(self):
self.message.set_pape_args(
pape.AUTH_MULTI_FACTOR, pape.AUTH_PHISHING_RESISTANT)
with self.assertRaises(MissingPhysicalMultiFactor):
self.backend.authenticate(
openid_response=self.message.to_response())
self.assertTrue(
UserOpenID.objects.filter(
claimed_id=self.message.endpoint.claimed_id).exists(),
'User must be created anyways.')
@override_settings(OPENID_PHYSICAL_MULTIFACTOR_REQUIRED=True)
def test_physical_multifactor_required_valid_auth_policy(self):
self.message.set_pape_args(
pape.AUTH_MULTI_FACTOR, pape.AUTH_MULTI_FACTOR_PHYSICAL,
pape.AUTH_PHISHING_RESISTANT)
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNotNone(user)
@override_settings(OPENID_STRICT_USERNAMES=True)
def test_auth_strict_usernames(self):
username = '******'
self.message.set_sreg_args(nickname=username)
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNotNone(user, 'User must be created')
self.assertEqual(user.username, username)
@override_settings(OPENID_STRICT_USERNAMES=True)
def test_auth_strict_usernames_no_nickname(self):
self.message.set_sreg_args(nickname='')
msg = re.escape(
"An attribute required for logging in was not returned (nickname)")
with self.assertRaisesRegexp(RequiredAttributeNotReturned, msg):
self.backend.authenticate(
openid_response=self.message.to_response())
self.assert_no_users_created()
@override_settings(
OPENID_STRICT_USERNAMES=True,
OPENID_UPDATE_DETAILS_FROM_SREG=True)
def test_auth_strict_usernames_conflict(self):
existing_openid = self.make_user_openid()
expected_user_count = User.objects.count()
self.message.set_sreg_args(
nickname=existing_openid.user.username)
with self.assertRaises(DuplicateUsernameViolation):
self.backend.authenticate(
openid_response=self.message.to_response())
self.assert_no_users_created(expected_count=expected_user_count)
@override_settings(
OPENID_FOLLOW_RENAMES=True,
OPENID_UPDATE_DETAILS_FROM_SREG=True)
def test_auth_follow_renames(self):
new_username = '******'
self.message.set_sreg_args(nickname='username')
user = self.backend.authenticate(
openid_response=self.message.to_response())
expected_user_count = User.objects.count()
self.assertIsNotNone(user, 'User must be created')
self.message.set_sreg_args(nickname=new_username)
renamed_user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertEqual(user.pk, renamed_user.pk)
self.assertEqual(renamed_user.username, new_username)
self.assert_no_users_created(expected_count=expected_user_count)
@override_settings(
OPENID_FOLLOW_RENAMES=True,
OPENID_STRICT_USERNAMES=True,
OPENID_UPDATE_DETAILS_FROM_SREG=True)
def test_auth_follow_renames_strict_usernames_no_nickname(self):
self.message.set_sreg_args(nickname='nickame')
user = self.backend.authenticate(
openid_response=self.message.to_response())
expected_user_count = User.objects.count()
self.assertIsNotNone(user, 'User must be created')
self.message.set_sreg_args(nickname='')
# XXX: Check possibilities to normalize this error into a
# `RequiredAttributeNotReturned`.
with self.assertRaises(MissingUsernameViolation):
self.backend.authenticate(
openid_response=self.message.to_response())
self.assert_no_users_created(expected_count=expected_user_count)
@override_settings(
OPENID_FOLLOW_RENAMES=True,
OPENID_STRICT_USERNAMES=True,
OPENID_UPDATE_DETAILS_FROM_SREG=True)
def test_auth_follow_renames_strict_usernames_rename_conflict(self):
# Setup existing user to conflict with
User.objects.create_user('testuser')
self.message.set_sreg_args(nickname='nickname')
user = self.backend.authenticate(
openid_response=self.message.to_response())
expected_user_count = User.objects.count()
self.assertIsNotNone(user, 'First request should succeed')
self.message.set_sreg_args(nickname='testuser')
with self.assertRaises(DuplicateUsernameViolation):
self.backend.authenticate(
openid_response=self.message.to_response())
db_user = User.objects.get(pk=user.pk)
self.assertEqual(db_user.username, 'nickname')
self.assert_no_users_created(expected_count=expected_user_count)
@override_settings(
OPENID_FOLLOW_RENAMES=True,
OPENID_STRICT_USERNAMES=False,
OPENID_UPDATE_DETAILS_FROM_SREG=True)
def test_auth_follow_renames_to_conflict(self):
# Setup existing user to conflict with
User.objects.create_user('testuser')
# Setup user to rename
user = User.objects.create_user('nickname')
self.make_user_openid(
user=user, claimed_id=self.message.endpoint.claimed_id)
# Trigger rename
self.message.set_sreg_args(nickname='testuser')
renamed_user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertEqual(renamed_user.pk, user.pk)
self.assertEqual(
renamed_user.username, 'testuser2',
'Username must have a numbered suffix to avoid conflict.')
@override_settings(
OPENID_FOLLOW_RENAMES=True,
OPENID_UPDATE_DETAILS_FROM_SREG=True)
def test_auth_follow_renames_no_change(self):
# Setup user to rename
user = User.objects.create_user('username')
self.make_user_openid(
user=user, claimed_id=self.message.endpoint.claimed_id)
expected_user_count = User.objects.count()
# Trigger rename
self.message.set_sreg_args(nickname=user.username)
renamed_user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertEqual(renamed_user.pk, user.pk)
self.assertEqual(
renamed_user.username, user.username,
'No numeric suffix should be appended for username owner.')
self.assert_no_users_created(expected_count=expected_user_count)
@override_settings(
OPENID_FOLLOW_RENAMES=True,
OPENID_UPDATE_DETAILS_FROM_SREG=True)
def test_auth_follow_renames_to_numbered_suffix(self):
# Setup user to rename to numbered suffix pattern
user = User.objects.create_user('testuser2000eight')
self.make_user_openid(
user=user, claimed_id=self.message.endpoint.claimed_id)
# Trigger rename
self.message.set_sreg_args(nickname='testuser2')
renamed_user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertEqual(renamed_user.pk, user.pk)
self.assertEqual(
renamed_user.username, 'testuser2',
'The numbered suffix must be kept.')
@override_settings(
OPENID_FOLLOW_RENAMES=True,
OPENID_UPDATE_DETAILS_FROM_SREG=True)
def test_auth_follow_renames_to_numbered_suffix_with_existing(self):
# Setup existing user to conflict with
User.objects.create_user('testuser')
# Setup user to rename to numbered suffix pattern
user = User.objects.create_user('testuser2000eight')
self.make_user_openid(
user=user, claimed_id=self.message.endpoint.claimed_id)
# Trigger rename
self.message.set_sreg_args(nickname='testuser3')
renamed_user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertEqual(renamed_user.pk, user.pk)
self.assertEqual(
renamed_user.username, 'testuser3',
'Username must be kept as there are no conflicts.')
@override_settings(
OPENID_FOLLOW_RENAMES=True,
OPENID_UPDATE_DETAILS_FROM_SREG=True)
def test_auth_follow_renames_from_numbered_suffix_to_conflict(self):
# Setup existing user to conflict with
User.objects.create_user('testuser')
# Setup user with numbered suffix pattern
user = User.objects.create_user('testuser2000')
self.make_user_openid(
user=user, claimed_id=self.message.endpoint.claimed_id)
# Trigger rename
self.message.set_sreg_args(nickname='testuser')
renamed_user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertEqual(renamed_user.pk, user.pk)
self.assertEqual(
user.username, 'testuser2000',
'Since testuser conflicts, username must remain unchanged as it '
'maches the number suffix pattern.')
@override_settings(
OPENID_FOLLOW_RENAMES=True,
OPENID_UPDATE_DETAILS_FROM_SREG=True)
def test_auth_follow_renames_from_numbered_suffix_no_conflict(self):
# Setup user with numbered suffix pattern
user = User.objects.create_user('testuser2')
self.make_user_openid(
user=user, claimed_id=self.message.endpoint.claimed_id)
# Trigger rename
self.message.set_sreg_args(nickname='testuser')
renamed_user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertEqual(renamed_user.pk, user.pk)
self.assertEqual(
renamed_user.username, 'testuser',
'Username must be updated as there are no conflicts.')
@override_settings(OPENID_STRICT_USERNAMES=True)
def test_auth_duplicate_username_signal_is_sent(self):
existing_openid = self.make_user_openid()
expected_user_count = User.objects.count()
signal_kwargs = {}
def duplicate_username_handler(sender, **kwargs):
signal_kwargs.update(kwargs)
self.addCleanup(
openid_duplicate_username.disconnect,
duplicate_username_handler, sender=User, dispatch_uid='testing')
openid_duplicate_username.connect(
duplicate_username_handler, sender=User, weak=False,
dispatch_uid='testing')
self.message.set_sreg_args(
nickname=existing_openid.user.username)
with self.assertRaises(DuplicateUsernameViolation):
self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIn('username', signal_kwargs)
self.assertEqual(
signal_kwargs['username'], existing_openid.user.username)
self.assert_no_users_created(expected_count=expected_user_count)
@override_settings(OPENID_STRICT_USERNAMES=True)
def test_auth_duplicate_username_signal_can_prevent_duplicate_error(self):
existing_openid = self.make_user_openid()
def duplicate_username_handler(sender, **kwargs):
existing_user = existing_openid.user
existing_user.username += '_other'
existing_user.save()
self.addCleanup(
openid_duplicate_username.disconnect,
duplicate_username_handler, sender=User, dispatch_uid='testing')
openid_duplicate_username.connect(
duplicate_username_handler, sender=User, weak=False,
dispatch_uid='testing')
self.message.set_sreg_args(
nickname=existing_openid.user.username)
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNotNone(user)
self.assertNotEqual(user, existing_openid.user)
@override_settings(OPENID_STRICT_USERNAMES=True)
def test_auth_duplicate_username_is_not_called_if_no_conflict(self):
def duplicate_username_handler(sender, **kwargs):
assert False, 'This should never have been called.'
self.addCleanup(
openid_duplicate_username.disconnect,
duplicate_username_handler, sender=User, dispatch_uid='testing')
openid_duplicate_username.connect(
duplicate_username_handler, sender=User, weak=False,
dispatch_uid='testing')
self.message.set_sreg_args(nickname='nickname')
self.backend.authenticate(openid_response=self.message.to_response())
@override_settings(OPENID_STRICT_USERNAMES=False)
def test_auth_duplicate_username_is_not_called_if_not_strict(self):
existing_openid = self.make_user_openid()
def duplicate_username_handler(sender, **kwargs):
assert False, 'This should never have been called.'
self.addCleanup(
openid_duplicate_username.disconnect,
duplicate_username_handler, sender=User, dispatch_uid='testing')
openid_duplicate_username.connect(
duplicate_username_handler, sender=User, weak=False,
dispatch_uid='testing')
self.message.set_sreg_args(nickname=existing_openid.user.username)
self.backend.authenticate(openid_response=self.message.to_response())
@override_settings(OPENID_STRICT_USERNAMES=True)
def test_auth_duplicate_username_handling_bypass_numbered_suffix(self):
nickname = 'nickname87'
existing_openid = self.make_user_openid(
user=User.objects.create_user(nickname))
def duplicate_username_handler(sender, **kwargs):
existing_user = existing_openid.user
existing_user.username += '00'
existing_user.save()
self.addCleanup(
openid_duplicate_username.disconnect,
duplicate_username_handler, sender=User, dispatch_uid='testing')
openid_duplicate_username.connect(
duplicate_username_handler, sender=User, weak=False,
dispatch_uid='testing')
self.message.set_sreg_args(nickname=existing_openid.user.username)
user = self.backend.authenticate(
openid_response=self.message.to_response())
self.assertIsNotNone(user)
self.assertNotEqual(user, existing_openid.user)
self.assertEqual(
user.username, nickname,
'In strict mode, when conflicts are handled, the username must '
'be kept unmodified without numbered suffixes.')
class OpenIDBackendTests(TestCase):
def setUp(self):
super(OpenIDBackendTests, self).setUp()
self.backend = OpenIDBackend()
def test_extract_user_details_sreg(self):
endpoint = OpenIDServiceEndpoint()
message = Message(OPENID2_NS)
message.setArg(SREG_NS, "nickname", "someuser")
message.setArg(SREG_NS, "fullname", "Some User")
message.setArg(SREG_NS, "email", "*****@*****.**")
response = SuccessResponse(endpoint,
message,
signed_fields=message.toPostArgs().keys())
data = self.backend._extract_user_details(response)
self.assertEqual(
data, {
"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"
})
def make_response_ax(self,
schema="http://axschema.org/",
fullname="Some User",
nickname="someuser",
email="*****@*****.**",
first=None,
last=None):
endpoint = OpenIDServiceEndpoint()
message = Message(OPENID2_NS)
attributes = [
("nickname", schema + "namePerson/friendly", nickname),
("fullname", schema + "namePerson", fullname),
("email", schema + "contact/email", email),
]
if first:
attributes.append(
("first", "http://axschema.org/namePerson/first", first))
if last:
attributes.append(
("last", "http://axschema.org/namePerson/last", last))
message.setArg(AX_NS, "mode", "fetch_response")
for (alias, uri, value) in attributes:
message.setArg(AX_NS, "type.%s" % alias, uri)
message.setArg(AX_NS, "value.%s" % alias, value)
return SuccessResponse(endpoint,
message,
signed_fields=message.toPostArgs().keys())
def test_extract_user_details_ax(self):
response = self.make_response_ax(fullname="Some User",
nickname="someuser",
email="*****@*****.**")
data = self.backend._extract_user_details(response)
self.assertEqual(
data, {
"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"
})
def test_extract_user_details_ax_split_name(self):
# Include fullname too to show that the split data takes
# precedence.
response = self.make_response_ax(fullname="Bad Data",
first="Some",
last="User")
data = self.backend._extract_user_details(response)
self.assertEqual(
data, {
"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"
})
def test_extract_user_details_ax_broken_myopenid(self):
response = self.make_response_ax(schema="http://schema.openid.net/",
fullname="Some User",
nickname="someuser",
email="*****@*****.**")
data = self.backend._extract_user_details(response)
self.assertEqual(
data, {
"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"
})
def test_update_user_details_long_names(self):
response = self.make_response_ax()
user = User.objects.create_user('someuser',
'*****@*****.**',
password=None)
data = dict(first_name=u"Some56789012345678901234567890123",
last_name=u"User56789012345678901234567890123",
email=u"*****@*****.**")
self.backend.update_user_details(user, data, response)
self.assertEqual("Some56789012345678901234567890", user.first_name)
self.assertEqual("User56789012345678901234567890", user.last_name)
def test_extract_user_details_name_with_trailing_space(self):
response = self.make_response_ax(fullname="SomeUser ")
data = self.backend._extract_user_details(response)
self.assertEqual("", data['first_name'])
self.assertEqual("SomeUser", data['last_name'])
def test_extract_user_details_name_with_thin_space(self):
response = self.make_response_ax(fullname=u"Some\u2009User")
data = self.backend._extract_user_details(response)
self.assertEqual("Some", data['first_name'])
self.assertEqual("User", data['last_name'])
class OpenIDBackendTests(TestCase):
def setUp(self):
super(OpenIDBackendTests, self).setUp()
self.backend = OpenIDBackend()
def test_extract_user_details_sreg(self):
endpoint = OpenIDServiceEndpoint()
message = Message(OPENID2_NS)
message.setArg(SREG_NS, "nickname", "someuser")
message.setArg(SREG_NS, "fullname", "Some User")
message.setArg(SREG_NS, "email", "*****@*****.**")
response = SuccessResponse(
endpoint, message, signed_fields=message.toPostArgs().keys())
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"})
def test_extract_user_details_ax(self):
endpoint = OpenIDServiceEndpoint()
message = Message(OPENID2_NS)
attributes = [
("nickname", "http://axschema.org/namePerson/friendly", "someuser"),
("fullname", "http://axschema.org/namePerson", "Some User"),
("email", "http://axschema.org/contact/email", "*****@*****.**"),
]
message.setArg(AX_NS, "mode", "fetch_response")
for (alias, uri, value) in attributes:
message.setArg(AX_NS, "type.%s" % alias, uri)
message.setArg(AX_NS, "value.%s" % alias, value)
response = SuccessResponse(
endpoint, message, signed_fields=message.toPostArgs().keys())
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"})
def test_extract_user_details_ax_split_name(self):
endpoint = OpenIDServiceEndpoint()
message = Message(OPENID2_NS)
attributes = [
("nickname", "http://axschema.org/namePerson/friendly", "someuser"),
# Include this key too to show that the split data takes
# precedence.
("fullname", "http://axschema.org/namePerson", "Bad Data"),
("first", "http://axschema.org/namePerson/first", "Some"),
("last", "http://axschema.org/namePerson/last", "User"),
("email", "http://axschema.org/contact/email", "*****@*****.**"),
]
message.setArg(AX_NS, "mode", "fetch_response")
for (alias, uri, value) in attributes:
message.setArg(AX_NS, "type.%s" % alias, uri)
message.setArg(AX_NS, "value.%s" % alias, value)
response = SuccessResponse(
endpoint, message, signed_fields=message.toPostArgs().keys())
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"})
def test_extract_user_details_ax_broken_myopenid(self):
endpoint = OpenIDServiceEndpoint()
message = Message(OPENID2_NS)
attributes = [
("nickname", "http://schema.openid.net/namePerson/friendly",
"someuser"),
("fullname", "http://schema.openid.net/namePerson", "Some User"),
("email", "http://schema.openid.net/contact/email",
"*****@*****.**"),
]
message.setArg(AX_NS, "mode", "fetch_response")
for (alias, uri, value) in attributes:
message.setArg(AX_NS, "type.%s" % alias, uri)
message.setArg(AX_NS, "value.%s" % alias, value)
response = SuccessResponse(
endpoint, message, signed_fields=message.toPostArgs().keys())
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"})
class OpenIDBackendTests(TestCase):
def setUp(self):
super(OpenIDBackendTests, self).setUp()
self.backend = OpenIDBackend()
self.old_openid_use_email_for_username = getattr(settings,
'OPENID_USE_EMAIL_FOR_USERNAME', False)
self.old_openid_launchpad_teams_required = getattr(settings,
'OPENID_LAUNCHPAD_TEAMS_REQUIRED', [])
self.old_openid_launchpad_teams_mapping_auto = getattr(settings,
'OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO', False)
self.old_openid_email_whitelist_regexp_list = getattr(settings,
'OPENID_EMAIL_WHITELIST_REGEXP_LIST', [])
def tearDown(self):
settings.OPENID_USE_EMAIL_FOR_USERNAME = \
self.old_openid_use_email_for_username
settings.OPENID_LAUNCHPAD_TEAMS_REQUIRED = (
self.old_openid_launchpad_teams_required)
settings.OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = (
self.old_openid_launchpad_teams_mapping_auto)
settings.OPENID_EMAIL_WHITELIST_REGEXP_LIST = (
self.old_openid_email_whitelist_regexp_list)
def test_extract_user_details_sreg(self):
expected = {
'nickname': 'someuser',
'first_name': 'Some',
'last_name': 'User',
'email': '*****@*****.**',
}
data = {
'nickname': expected['nickname'],
'fullname': "%s %s" % (expected['first_name'],
expected['last_name']),
'email': expected['email'],
}
response = self.make_response_sreg(**data)
details = self.backend._extract_user_details(response)
self.assertEqual(details, expected)
def make_fake_openid_endpoint(self, claimed_id=None):
endpoint = OpenIDServiceEndpoint()
endpoint.claimed_id = claimed_id
return endpoint
def make_openid_response(self, sreg_args=None, teams_args=None):
endpoint = self.make_fake_openid_endpoint(claimed_id='some-id')
message = Message(OPENID2_NS)
if sreg_args is not None:
for key, value in sreg_args.items():
message.setArg(SREG_NS, key, value)
if teams_args is not None:
for key, value in teams_args.items():
message.setArg(TEAMS_NS, key, value)
response = SuccessResponse(
endpoint, message, signed_fields=message.toPostArgs().keys())
return response
def make_response_sreg(self, **kwargs):
response = self.make_openid_response(sreg_args=kwargs)
return response
def make_response_ax(self, schema="http://axschema.org/",
fullname="Some User", nickname="someuser", email="*****@*****.**",
first=None, last=None):
endpoint = OpenIDServiceEndpoint()
message = Message(OPENID2_NS)
attributes = [
("nickname", schema + "namePerson/friendly", nickname),
("fullname", schema + "namePerson", fullname),
("email", schema + "contact/email", email),
]
if first:
attributes.append(
("first", "http://axschema.org/namePerson/first", first))
if last:
attributes.append(
("last", "http://axschema.org/namePerson/last", last))
message.setArg(AX_NS, "mode", "fetch_response")
for (alias, uri, value) in attributes:
message.setArg(AX_NS, "type.%s" % alias, uri)
message.setArg(AX_NS, "value.%s" % alias, value)
return SuccessResponse(
endpoint, message, signed_fields=message.toPostArgs().keys())
def test_extract_user_details_ax(self):
response = self.make_response_ax(fullname="Some User",
nickname="someuser", email="*****@*****.**")
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"})
def test_extract_user_details_ax_split_name(self):
# Include fullname too to show that the split data takes
# precedence.
response = self.make_response_ax(
fullname="Bad Data", first="Some", last="User")
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"})
def test_extract_user_details_ax_broken_myopenid(self):
response = self.make_response_ax(
schema="http://schema.openid.net/", fullname="Some User",
nickname="someuser", email="*****@*****.**")
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"})
def test_update_user_details_long_names(self):
response = self.make_response_ax()
user = User.objects.create_user('someuser', '*****@*****.**',
password=None)
data = dict(first_name=u"Some56789012345678901234567890123",
last_name=u"User56789012345678901234567890123",
email=u"*****@*****.**")
self.backend.update_user_details(user, data, response)
self.assertEqual("Some56789012345678901234567890", user.first_name)
self.assertEqual("User56789012345678901234567890", user.last_name)
def test_extract_user_details_name_with_trailing_space(self):
response = self.make_response_ax(fullname="SomeUser ")
data = self.backend._extract_user_details(response)
self.assertEqual("", data['first_name'])
self.assertEqual("SomeUser", data['last_name'])
def test_extract_user_details_name_with_thin_space(self):
response = self.make_response_ax(fullname=u"Some\u2009User")
data = self.backend._extract_user_details(response)
self.assertEqual("Some", data['first_name'])
self.assertEqual("User", data['last_name'])
def test_preferred_username_email_munging(self):
settings.OPENID_USE_EMAIL_FOR_USERNAME = True
for nick, email, expected in [
('nickcomesfirst', '*****@*****.**', 'nickcomesfirst'),
('', '*****@*****.**', 'fooexamplecom'),
('noemail', '', 'noemail'),
('', '@%.-', 'openiduser'),
('', '', 'openiduser'),
(None, None, 'openiduser')]:
self.assertEqual(expected,
self.backend._get_preferred_username(nick, email))
def test_preferred_username_no_email_munging(self):
for nick, email, expected in [
('nickcomesfirst', '*****@*****.**', 'nickcomesfirst'),
('', '*****@*****.**', 'openiduser'),
('noemail', '', 'noemail'),
('', '@%.-', 'openiduser'),
('', '', 'openiduser'),
(None, None, 'openiduser')]:
self.assertEqual(expected,
self.backend._get_preferred_username(nick, email))
def test_authenticate_when_not_member_of_teams_required(self):
settings.OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = True
settings.OPENID_LAUNCHPAD_TEAMS_REQUIRED = ['team']
Group.objects.create(name='team')
response = self.make_openid_response(
sreg_args=dict(nickname='someuser'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNone(user)
def test_authenticate_when_no_group_mapping_to_required_team(self):
settings.OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = True
settings.OPENID_LAUNCHPAD_TEAMS_REQUIRED = ['team']
assert Group.objects.filter(name='team').count() == 0
response = self.make_openid_response(
sreg_args=dict(nickname='someuser'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNone(user)
def test_authenticate_when_member_of_teams_required(self):
settings.OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = True
settings.OPENID_LAUNCHPAD_TEAMS_REQUIRED = ['team']
Group.objects.create(name='team')
response = self.make_openid_response(
sreg_args=dict(nickname='someuser'),
teams_args=dict(is_member='foo,team'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
def test_authenticate_when_no_teams_required(self):
settings.OPENID_LAUNCHPAD_TEAMS_REQUIRED = []
response = self.make_openid_response(
sreg_args=dict(nickname='someuser'),
teams_args=dict(is_member='team'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
def test_authenticate_when_member_of_at_least_one_team(self):
settings.OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = True
settings.OPENID_LAUNCHPAD_TEAMS_REQUIRED = ['team1', 'team2']
Group.objects.create(name='team1')
response = self.make_openid_response(
sreg_args=dict(nickname='someuser'),
teams_args=dict(is_member='foo,team1'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
def test_authenticate_when_not_in_required_team_but_email_whitelisted(self):
settings.OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = True
settings.OPENID_LAUNCHPAD_TEAMS_REQUIRED = ['team']
settings.OPENID_EMAIL_WHITELIST_REGEXP_LIST = [
'foo(\+[^@]*)[email protected]',
]
assert Group.objects.filter(name='team').count() == 0
response = self.make_openid_response(
sreg_args=dict(nickname='someuser', email='*****@*****.**'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
response = self.make_openid_response(
sreg_args=dict(nickname='someuser', email='*****@*****.**'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
def test_authenticate_whitelisted_email_multiple_patterns(self):
settings.OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = True
settings.OPENID_LAUNCHPAD_TEAMS_REQUIRED = ['team']
settings.OPENID_EMAIL_WHITELIST_REGEXP_LIST = [
'*****@*****.**', '*****@*****.**',
]
assert Group.objects.filter(name='team').count() == 0
response = self.make_openid_response(
sreg_args=dict(nickname='someuser', email='*****@*****.**'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNotNone(user)
def test_authenticate_whitelisted_email_not_match(self):
settings.OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = True
settings.OPENID_LAUNCHPAD_TEAMS_REQUIRED = ['team']
settings.OPENID_EMAIL_WHITELIST_REGEXP_LIST = [
'*****@*****.**',
]
assert Group.objects.filter(name='team').count() == 0
response = self.make_openid_response(
sreg_args=dict(nickname='someuser', email='*****@*****.**'),
teams_args=dict(is_member='foo'))
user = self.backend.authenticate(openid_response=response)
self.assertIsNone(user)