def test_duplicate_userorganisationroles(self): client.synchronize_roles(self.user, self.role_data) client.synchronize_roles(self.user, self.role_data) actual = models.UserOrganisationRole.objects.filter( user=self.user, organisation__unique_id='abc', role__unique_id='123' ).count() expected = 1 self.assertEqual(expected, actual)
def test_revoked_userorganisationroles(self): client.synchronize_roles(self.user, self.role_data) client.synchronize_roles(self.user, { 'organisations': [], 'roles': [], 'organisation_roles': [], }) actual = models.UserOrganisationRole.objects.filter( user=self.user, organisation__unique_id='abc', role__unique_id='123' ).count() expected = 0 self.assertEqual(expected, actual)
def verify_auth_token(untrusted_message): """ Verifies a Auth Token. Returns a django.contrib.auth.models.User instance if successful or False. """ # decrypt the message untrusted = URLSafeTimedSerializer(settings.SSO_SECRET).loads( untrusted_message, max_age=300) # do some extra validation if 'auth_token' not in untrusted: return False if 'request_token' not in untrusted: return False # call the SSO server to verify the token params = { 'auth_token': untrusted['auth_token'], 'key': settings.SSO_KEY } message = URLSafeTimedSerializer(settings.SSO_SECRET).dumps(params) url = urljoin(settings.SSO_SERVER_PRIVATE_URL, 'sso/api/verify') + '/' response = requests.get( url, params={ 'key': settings.SSO_KEY, 'message': message }, timeout=10 ) # ensure the response is sane if response.status_code != 200: return False # build a User object from the message data = URLSafeTimedSerializer(settings.SSO_SECRET).loads( response.content, max_age=300) user_data = json.loads(data['user']) user = client.construct_user(user_data) if 'roles' in data: role_data = json.loads(data['roles']) client.synchronize_roles(user, role_data) return user
def test_client_calls_signal_correctly_neither(self): with self.settings(SSO_CLIENT_SUPERUSER_ROLES=('testrole',)): client.synchronize_roles(self.user, { 'organisations': [{ 'unique_id': 'WHEEEEE', 'name': 'Testorganisatie', }], 'roles': [{ 'unique_id': 'HMMMMMMM', 'code': 'testrole', 'name': "Testrol", 'external_description': 'Gewoon een testrol', 'internal_description': 'Gewoon een testrol', }], 'organisation_roles': [ ['WHEEEEE', 'HMMMMMMM'] ] }) self.assertFalse(self.user.is_staff) self.assertTrue(self.user.is_superuser)