def browserid_authenticate(request, assertion): """ Verify a BrowserID login attempt. If the BrowserID assertion is good, but no account exists on AMO, create one. Request is only needed for logging. :( """ backend = BrowserIDBackend() result = backend.verify(assertion, settings.SITE_URL) if not result: return (None, "BrowserID authentication failure.") email = result['email'] users = UserProfile.objects.filter(email=email) if len(users) == 1: users[0].user.backend = 'django_browserid.auth.BrowserIDBackend' return (users[0], None) username = autocreate_username(email.partition('@')[0]) source = (amo.LOGIN_SOURCE_MMO_BROWSERID if settings.MARKETPLACE else amo.LOGIN_SOURCE_AMO_BROWSERID) profile = UserProfile.objects.create(username=username, email=email, source=source, display_name=username) profile.create_django_user() profile.user.backend = 'django_browserid.auth.BrowserIDBackend' profile.user.save() profile.save() log_cef('New Account', 5, request, username=username, signature='AUTHNOTICE', msg='User created a new account (from BrowserID)') return (profile, None)
def browserid_authenticate(request, assertion): """ Verify a BrowserID login attempt. If the BrowserID assertion is good, but no account exists on AMO, create one. Request is only needed for logging. :( """ backend = BrowserIDBackend() result = backend.verify(assertion, settings.SITE_URL) if not result: return (None, "BrowserID authentication failure.") email = result['email'] users = UserProfile.objects.filter(email=email) if len(users) == 1: users[0].user.backend = 'django_browserid.auth.BrowserIDBackend' return (users[0], None) username = autocreate_username(email.partition('@')[0]) if (settings.REGISTER_USER_LIMIT and UserProfile.objects.count() > settings.REGISTER_USER_LIMIT and not can_override_reg_limit(request)): _m = ('Sorry, no more registrations are allowed. ' '<a href="https://developer.mozilla.org/en-US/apps">' 'Learn more</a>') return (None, _m) profile = UserProfile.objects.create(username=username, email=email) profile.create_django_user() profile.user.backend = 'django_browserid.auth.BrowserIDBackend' if settings.APP_PREVIEW: profile.notes = '__market__' profile.user.save() profile.save() log_cef('New Account', 5, request, username=username, signature='AUTHNOTICE', msg='User created a new account (from BrowserID)') return (profile, None)
def browserid_authenticate(request, assertion): """ Verify a BrowserID login attempt. If the BrowserID assertion is good, but no account exists on AMO, create one. Request is only needed for logging. :( """ backend = BrowserIDBackend() result = backend.verify(assertion, settings.SITE_URL) if not result: return (None, None) email = result['email'] users = UserProfile.objects.filter(email=email) if len(users) == 1: users[0].user.backend = 'django_browserid.auth.BrowserIDBackend' return (users[0], None) username = autocreate_username(email.partition('@')[0]) if (settings.REGISTER_USER_LIMIT and UserProfile.objects.count() > settings.REGISTER_USER_LIMIT and not can_override_reg_limit(request)): _m = ('Sorry, no more registrations are allowed. ' '<a href="https://developer.mozilla.org/en-US/apps">' 'Learn more</a>') return (None, _m) profile = UserProfile.objects.create(username=username, email=email) profile.create_django_user() profile.user.backend = 'django_browserid.auth.BrowserIDBackend' profile.user.save() profile.save() log_cef('New Account', 5, request, username=username, signature='AUTHNOTICE', msg='User created a new account (from BrowserID)') return (profile, None)
def browserid_authenticate(request, assertion): """ Verify a BrowserID login attempt. If the BrowserID assertion is good, but no account exists on AMO, create one. Request is only needed for logging. :( """ backend = BrowserIDBackend() result = backend.verify(assertion, settings.SITE_URL) if not result: return (None, "BrowserID authentication failure.") email = result["email"] users = UserProfile.objects.filter(email=email) if len(users) == 1: users[0].user.backend = "django_browserid.auth.BrowserIDBackend" return (users[0], None) username = autocreate_username(email.partition("@")[0]) if ( settings.REGISTER_USER_LIMIT and UserProfile.objects.count() > settings.REGISTER_USER_LIMIT and not can_override_reg_limit(request) ): _m = ( "Sorry, no more registrations are allowed. " '<a href="https://developer.mozilla.org/en-US/apps">' "Learn more</a>" ) return (None, _m) profile = UserProfile.objects.create( username=username, email=email, source=amo.LOGIN_SOURCE_BROWSERID, display_name=username ) profile.create_django_user() profile.user.backend = "django_browserid.auth.BrowserIDBackend" if settings.APP_PREVIEW: profile.notes = "__market__" profile.user.save() profile.save() log_cef( "New Account", 5, request, username=username, signature="AUTHNOTICE", msg="User created a new account (from BrowserID)", ) return (profile, None)
def browserid_verify(request): next = request.REQUEST.get('next') redirect_to = next or getattr(settings, 'LOGIN_REDIRECT_URL', '/') redirect_to_failure = getattr(settings, 'LOGIN_REDIRECT_URL_FAILURE', '/') form = BrowserIDForm(data=request.POST) if form.is_valid(): verifier = BrowserIDBackend().get_verifier() result = verifier.verify(form.cleaned_data['assertion'], get_audience(request)) if result: if (request.user.is_authenticated() and request.user.email != result.email): # User is already signed and wants to change their email. request.user.email = result.email request.user.save() return redirect(reverse('users.edit_profile')) else: # Verified so log in email = result.email user = User.objects.filter(email=email) contributor = 'contributor' in request.POST if len(user) == 0: # Add the email to the session and redirect to signup request.session['browserid-email'] = email signup_url = reverse('users.browserid_signup') return redirect('%s?%s' % (signup_url, urlencode({'next': next}))) else: user = user[0] user.backend = 'django_browserid.auth.BrowserIDBackend' if contributor: add_to_contributors(request, user) auth.login(request, user) return redirect(redirect_to) return redirect(redirect_to_failure)
class BrowserIDBackendTests(TestCase): def setUp(self): self.backend = BrowserIDBackend() self.verifier = Mock() self.backend.get_verifier = lambda: self.verifier def test_verify_failure(self): """If verification fails, return None.""" self.verifier.verify.return_value = False self.assertEqual(self.backend.verify('asdf', 'qwer'), None) self.verifier.verify.assert_called_with('asdf', 'qwer') def test_verify_success(self): """ If verification succeeds, return the email address from the verification result. """ self.verifier.verify.return_value = Mock(email='*****@*****.**') self.assertEqual(self.backend.verify('asdf', 'qwer'), '*****@*****.**') self.verifier.verify.assert_called_with('asdf', 'qwer') def test_verify_no_audience_request(self): """ If no audience is provided but a request is, retrieve the audience from the request using get_audience. """ request = Mock() with patch('django_browserid.auth.get_audience') as get_audience: self.backend.verify('asdf', request=request) get_audience.assert_called_with(request) self.verifier.verify.assert_called_with('asdf', get_audience.return_value) def test_verify_no_audience_no_assertion_no_service(self): """ If the assertion isn't provided, or the audience and request aren't provided, return None. """ self.assertEqual(self.backend.verify(audience='asdf'), None) self.assertEqual(self.backend.verify(assertion='asdf'), None) with patch('django_browserid.auth.get_audience') as get_audience: get_audience.return_value = None self.assertEqual(self.backend.verify('asdf', request=Mock()), None) def test_verify_kwargs(self): """Any extra kwargs should be passed to the verifier.""" self.backend.verify('asdf', 'asdf', request='blah', foo='bar', baz=1) self.verifier.verify.assert_called_with('asdf', 'asdf', foo='bar', baz=1) def auth(self, verified_email=None, **kwargs): """ Attempt to authenticate a user with BrowserIDBackend. If verified_email is None, verification will fail, otherwise it will pass and return the specified email. """ self.backend.verify = Mock(return_value=verified_email) return self.backend.authenticate(assertion='asdf', audience='asdf', **kwargs) def test_duplicate_emails(self): """ If there are two users with the same email address, return None. """ new_user('*****@*****.**', 'test1') new_user('*****@*****.**', 'test2') self.assertTrue(self.auth('*****@*****.**') is None) def test_auth_success(self): """ If a single user is found with the verified email, return an instance of their user object. """ user = new_user('*****@*****.**') self.assertEqual(self.auth('*****@*****.**'), user) @patch.object(settings, 'BROWSERID_CREATE_USER', False) def test_no_create_user(self): """ If user creation is disabled and no user is found, return None. """ self.assertTrue(self.auth('*****@*****.**') is None) @patch.object(settings, 'BROWSERID_CREATE_USER', True) def test_create_user(self): """ If user creation is enabled and no user is found, return a new User. """ user = self.auth('*****@*****.**') self.assertTrue(user is not None) self.assertTrue(isinstance(user, User)) self.assertEqual(user.email, '*****@*****.**') @patch.object(settings, 'BROWSERID_CREATE_USER', 'django_browserid.tests.test_auth.new_user') @patch('django_browserid.tests.test_auth.new_user') def test_custom_create_user(self, create_user): """ If user creation is enabled with a custom create function and no user is found, return the new user created with the custom function. """ create_user.return_value = 'test' self.assertEqual(self.auth('*****@*****.**'), 'test') create_user.assert_called_with('*****@*****.**') @patch.object(settings, 'BROWSERID_USERNAME_ALGO') @patch.object(settings, 'BROWSERID_CREATE_USER', True) def test_custom_username_algorithm(self, username_algo): """If a custom username algorithm is specified, use it!""" username_algo.return_value = 'test' user = self.auth('*****@*****.**') self.assertEqual(user.username, 'test') @patch('django_browserid.auth.user_created') @patch.object(settings, 'BROWSERID_CREATE_USER', True) def test_user_created_signal(self, user_created): """ Test that the user_created signal is called when a new user is created. """ user = self.auth('*****@*****.**') user_created.send.assert_called_with(ANY, user=user) def test_get_user(self): """ Check if user returned by BrowserIDBackend.get_user is correct. """ user = new_user('*****@*****.**') backend = BrowserIDBackend() self.assertEqual(backend.get_user(user.pk), user) def test_overriding_valid_email(self): class PickyBackend(BrowserIDBackend): def is_valid_email(self, email): return email != '*****@*****.**' new_user('*****@*****.**', 'test1') new_user('*****@*****.**', 'test2') with mock_browserid('*****@*****.**'): backend = PickyBackend() result = backend.authenticate(assertion='asdf', audience='asdf') self.assertTrue(not result) with mock_browserid('*****@*****.**'): backend = PickyBackend() result = backend.authenticate(assertion='asdf', audience='asdf') self.assertTrue(result) @patch('django_browserid.auth.logger') def test_create_user_integrity_error(self, logger): """ If an IntegrityError is raised during user creation, attempt to re-fetch the user in case the user was created since we checked for the existing account. """ backend = BrowserIDBackend() backend.User = Mock() error = IntegrityError() backend.User.objects.create_user.side_effect = error backend.User.objects.get.return_value = 'asdf' self.assertEqual(backend.create_user('*****@*****.**'), 'asdf') # If get raises a DoesNotExist exception, re-raise the original exception. backend.User.DoesNotExist = Exception backend.User.objects.get.side_effect = backend.User.DoesNotExist with self.assertRaises(IntegrityError) as e: backend.create_user('*****@*****.**') self.assertEqual(e.exception, error) def test_authenticate_verify_exception(self): """ If the verifier raises an exception, log it as a warning and return None. """ backend = BrowserIDBackend() verifier = Mock() exception = Exception() backend.get_verifier = lambda: verifier verifier.verify.side_effect = exception with patch('django_browserid.auth.logger') as logger: self.assertEqual(backend.authenticate('asdf', 'asdf'), None) logger.warn.assert_called_with(exception)