def test_user_in_url_resource(self, has_user_in_resource): user = factories.UserFactory(username='******') request = self._create_request( user, username_in_resource=user.username if has_user_in_resource else 'another_user', ) self.assertEqual(permissions.IsUserInUrl().has_permission(request, None), has_user_in_resource)
def setUp(self): super(SessionAuthenticationAllowInactiveUserTests, self).setUp() self.user = factories.UserFactory(email='inactive', username='******', password='******', is_active=False) self.request = RequestFactory().get('/')
def test_authenticate_credentials_user_attributes_new_mergeable_attributes( self): """ Test whether the user model is being assigned all custom fields from the payload. """ username = '******' email = '*****@*****.**' new_tags = {'browser': 'Chrome'} user = factories.UserFactory(email=email, username=username, is_staff=False) self.assertEqual(user.email, email) self.assertFalse(user.is_staff) payload = { 'username': username, 'email': email, 'is_staff': True, 'tags': new_tags } # Patch get_or_create so that our tags attribute is on the user object with mock.patch( 'edx_rest_framework_extensions.auth.jwt.authentication.get_user_model' ) as mock_get_user_model: mock_get_user_model().objects.get_or_create.return_value = (user, False) user = JwtAuthentication().authenticate_credentials(payload) self.assertEqual(user.tags, new_tags) self.assertEqual(user.email, email) self.assertTrue(user.is_staff)
def test_has_permission(self, has_permission): """ Verify the method only returns True if the user is a superuser. """ request = RequestFactory().get('/') request.user = factories.UserFactory(is_superuser=has_permission) permission = IsSuperuser() self.assertEqual(permission.has_permission(request, None), has_permission)
def assert_user_authenticated(self): """ Assert a user can be authenticated with a bearer token. """ user = factories.UserFactory() self.mock_user_info_response(username=user.username) request = self.create_authenticated_request() self.assertEqual(self.auth.authenticate(request), (user, self.DEFAULT_TOKEN))
def test_authenticate_user_creation_with_existing_user(self): """ Verify an existing user is returned, if the user already exists. """ user = factories.UserFactory(username=USER_INFO['username']) self.mock_user_info_response() request = self.create_authenticated_request() actual_user, actual_token = self.auth.authenticate(request) self.assertEqual(actual_token, self.DEFAULT_TOKEN) self.assertEqual(actual_user, user)
def test_has_permission(self, permission_class, authentication_class, is_restricted): request = RequestFactory().get('/') request.successful_authenticator = authentication_class() if authentication_class else None request.user = factories.UserFactory() request.auth = generate_jwt(request.user, is_restricted=is_restricted) is_jwt_auth_subclass = issubclass(type(request.successful_authenticator), JSONWebTokenAuthentication) has_permission = permission_class().has_permission(request, view=None) expected_restricted_permission = is_restricted and is_jwt_auth_subclass if permission_class == permissions.JwtRestrictedApplication: self.assertEqual(has_permission, expected_restricted_permission) else: self.assertEqual(has_permission, not expected_restricted_permission)
def test_resource_takes_precedence_over_param(self): user = factories.UserFactory(username='******') request = self._create_request( user, username_in_resource='another_user', username_in_param='this_user', ) self.assertFalse(permissions.IsUserInUrl().has_permission(request, None)) request = self._create_request( user, username_in_resource='this_user', username_in_param='another_user', ) self.assertTrue(permissions.IsUserInUrl().has_permission(request, None))
def test_authenticate_credentials_user_attributes_custom_attributes(self): """ Test whether the user model is being assigned all custom fields from the payload. """ username = '******' old_email = '*****@*****.**' new_email = '*****@*****.**' user = factories.UserFactory(email=old_email, username=username, is_staff=False) self.assertEqual(user.email, old_email) self.assertFalse(user.is_staff) payload = {'username': username, 'email': new_email, 'is_staff': True} user = JwtAuthentication().authenticate_credentials(payload) self.assertEqual(user.email, new_email) self.assertTrue(user.is_staff)
def test_authenticate_credentials_user_updates_default_attributes(self): """ Test whether the user model is being assigned default fields from the payload. """ username = '******' old_email = '*****@*****.**' new_email = '*****@*****.**' user = factories.UserFactory(email=old_email, username=username, is_staff=False) self.assertEqual(user.email, old_email) self.assertFalse(user.is_staff) payload = {'username': username, 'email': new_email, 'is_staff': True} user = JwtAuthentication().authenticate_credentials(payload) self.assertEqual(user.email, new_email) self.assertFalse(user.is_staff)
def test_get_decoded_jwt_from_auth(self, is_jwt_authentication): """ Verify get_decoded_jwt_from_auth returns the appropriate value. """ # Mock out the `is_jwt_authenticated` method authentication.is_jwt_authenticated = lambda request: is_jwt_authentication user = factories.UserFactory() payload = generate_latest_version_payload(user) jwt = generate_jwt_token(payload) mock_request_with_cookie = mock.Mock(COOKIES={}, auth=jwt) expected_decoded_jwt = jwt_decode_handler( jwt) if is_jwt_authentication else None decoded_jwt = authentication.get_decoded_jwt_from_auth( mock_request_with_cookie) self.assertEqual(expected_decoded_jwt, decoded_jwt)
def test_authenticate_credentials_user_attributes_merge_attributes(self): """ Test whether the user model is being assigned all custom fields from the payload. """ username = '******' email = '*****@*****.**' old_tags = {'country': 'USA', 'browser': 'Firefox'} new_tags = {'browser': 'Chrome', 'new_attr': 'here!'} new_fun_attr = {'shiny': 'object'} expected_tags = { 'country': 'USA', 'browser': 'Chrome', 'new_attr': 'here!' } old_fruit = {'fruit': 'apple'} user = factories.UserFactory(email=email, username=username, is_staff=False) setattr(user, 'tags', old_tags) setattr(user, 'fruit', old_fruit) self.assertEqual(user.email, email) self.assertFalse(user.is_staff) self.assertEqual(user.tags, old_tags) self.assertEqual(user.fruit, old_fruit) payload = { 'username': username, 'email': email, 'is_staff': True, 'tags': new_tags, 'fun_attr': new_fun_attr } # Patch get_or_create so that our tags attribute is on the user object with mock.patch( 'edx_rest_framework_extensions.auth.jwt.authentication.get_user_model' ) as mock_get_user_model: mock_get_user_model().objects.get_or_create.return_value = (user, False) user = JwtAuthentication().authenticate_credentials(payload) self.assertEqual(user.tags, expected_tags) self.assertEqual(user.email, email) self.assertTrue(user.is_staff) self.assertEqual(user.fun_attr, new_fun_attr) self.assertEqual(user.fruit, old_fruit)
def _get_test_jwt_token(self): """ Returns a user and jwt token """ user = factories.UserFactory() payload = generate_latest_version_payload(user) jwt_token = generate_jwt_token(payload) return jwt_token
def test_authenticate_inactive_user(self): """ If the user matching the access token is inactive, the method should raise an exception. """ user = factories.UserFactory(is_active=False) self.mock_user_info_response(username=user.username) self.assert_authentication_failed()
def test_superuser_has_permission(self, has_permission): request = RequestFactory().get('/') request.user = factories.UserFactory(is_superuser=has_permission) permission = permissions.IsSuperuser() self.assertEqual(permission.has_permission(request, None), has_permission)
def test_has_permission(self, is_staff): request = RequestFactory().get('/') request.user = factories.UserFactory(is_staff=is_staff) self.assertEqual(permissions.IsStaff().has_permission(request, None), is_staff)
def setUp(self): super().setUp() self.user = factories.UserFactory( email='inactive', username='******', password='******', is_active=False ) self.request = RequestFactory().get('/')