def test_correct_jwt_message(self):
def mock_post(url, timeout, data):
result = mock.Mock()
self.data = data
result.status_code = 200
result.json.return_value = {'user': {'a': 'dict'}}
return result
with mock.patch('requests.post', mock_post):
with self.settings(SSO_KEY='pietje', SSO_SECRET='klaasje'):
client.sso_authenticate_django_v2('someone', 'pass')
key = 'pietje'
message = self.data['message']
decoded = jwt.decode(message, 'klaasje',
issuer=key)
self.assertEqual('someone', decoded['username'])
def test_auth_ok(self):
def mock_post(url, timeout, data):
result = mock.Mock()
result.status_code = 200
result.json.return_value = {'user': {'a': 'dict'}}
return result
with mock.patch('requests.post', mock_post):
self.assertEquals(
{'a': 'dict'},
client.sso_authenticate_django_v2('someone', 'pass'))
def authenticate(self, username=None, password=None):
try:
if username and password:
user_data = None
cache_key = 'SSOBackend.authenticate.{0}'.format(username)
# Try getting the user_data from cache first.
cached_credentials = cache.get(cache_key)
if cached_credentials is not None:
logger.debug(
'Found user "%s" in the credential cache.', username)
# Found in cache, check the (hashed) password.
(cached_user_data,
cached_hashed_password) = cached_credentials
if check_password(password, cached_hashed_password):
logger.debug('Cached hashed password is OK.')
user_data = cached_user_data
else:
logger.debug(
'Failed cached password check for user "%s".',
username)
else:
logger.debug(
'Could not find user "%s" in the credential cache.',
username)
# Not found in cache, call the SSO server.
if settings.SSO_USE_V2_LOGIN:
if settings.SSO_ALLOW_ONLY_KNOWN_USERS:
# First check if the user is known.
if not User.objects.filter(
username=username,
is_active=True).exists():
logger.debug(
"Username %s isn't known/active locally",
username)
return None
user_data = client.sso_authenticate_django_v2(
username, password)
else:
user_data = client.sso_authenticate_django_v1(
username, password)
# Store user_data in cache.
hashed_password = make_password(password)
if not is_password_usable(hashed_password):
return None
else:
cache.set(
cache_key,
(user_data, hashed_password),
settings.SSO_CREDENTIAL_CACHE_TIMEOUT_SECONDS)
# Use either the cached user profile data, or fresh data from
# the SSO server to construct a Django User instance. If
# fresh data is used, also synchronize roles.
if user_data:
user = client.construct_user(user_data)
if not cached_credentials:
if not settings.SSO_USE_V2_LOGIN:
client.sso_sync_user_organisation_roles(user)
return user
except client.AuthenticationFailed as e:
logger.info(e)
return None
except:
logger.exception('Error while authenticating user "%s".', username)
return None