def test_is_authenticated_external_auth(self):
user = factory.make_User()
request = factory.make_fake_request('/')
request.external_auth_info = ExternalAuthInfo('macaroon',
'https://example.com')
request.user = user
auth = MAASAPIAuthentication()
self.assertTrue(auth.is_authenticated(request))
def make_request(self, user=None):
request = factory.make_fake_request('/')
request.user = user or AnonymousUser()
auth_url = Config.objects.get_config('external_auth_url')
if auth_url:
request.external_auth_info = ExternalAuthInfo(
'macaroon', 'https://example.com')
else:
request.external_auth_info = None
return request
def setUp(self):
super().setUp()
self.client = mock.Mock()
self.user = factory.make_User()
self.now = datetime.utcnow()
# by default, the user has to be checked again
self.default_last_check = (self.now - EXTERNAL_USER_CHECK_INTERVAL -
timedelta(minutes=10))
self.user.userprofile.auth_last_check = self.default_last_check
self.user.userprofile.save()
self.auth_info = ExternalAuthInfo(type='rbac',
url='http://example.com')
def test_authenticate_validate_fails(self):
self.mock_validate.return_value = False
user = factory.make_User()
identity = SimpleIdentity(user=user.username)
self.assertIsNone(
self.backend.authenticate(self.get_request(), identity=identity))
self.mock_validate.assert_called_with(
user,
ExternalAuthInfo(type='candid',
url='https://auth.example.com',
domain='',
admin_group='admins'))
def test_is_authenticated_with_auth_creates_user(self):
username = factory.make_string()
self.mock_auth_info(username=username)
self.assertTrue(self.auth.is_authenticated(self.get_request()))
user = User.objects.get(username=username)
self.assertIsNotNone(user.id)
self.assertFalse(user.is_superuser)
self.assertFalse(user.userprofile.is_local)
self.mock_validate.assert_called_with(
user,
ExternalAuthInfo(type='candid',
url='https://auth.example.com',
domain='',
admin_group='admins'))
def test_authenticate_create_user(self):
username = factory.make_string()
identity = SimpleIdentity(user=username)
user = self.backend.authenticate(self.get_request(), identity=identity)
self.assertIsNotNone(user.id)
self.assertEqual(user.username, username)
self.assertFalse(user.is_superuser)
self.assertFalse(user.userprofile.is_local)
self.mock_validate.assert_called_with(
user,
ExternalAuthInfo(type='candid',
url='https://auth.example.com',
domain='',
admin_group='admins'))
def make_request(self, user=None):
request = factory.make_fake_request('/')
request.user = user or AnonymousUser()
auth_url = Config.objects.get_config('external_auth_url')
if auth_url:
request.external_auth_info = ExternalAuthInfo(
type='candid',
url='https://example.com',
domain='domain',
admin_group='admins')
else:
request.external_auth_info = None
return request
def make_request(self, user=None):
request = factory.make_fake_request("/")
request.user = user or AnonymousUser()
auth_url = Config.objects.get_config("external_auth_url")
if auth_url:
request.external_auth_info = ExternalAuthInfo(
type="candid",
url="https://example.com",
domain="domain",
admin_group="admins",
)
else:
request.external_auth_info = None
return request
def test_is_authenticated_external_auth_validate_user(self, mock_validate):
mock_validate.return_value = True
auth = MAASAPIAuthentication()
user = factory.make_User()
user.userprofile.auth_last_check -= timedelta(days=1)
mock_token = mock.Mock(user=user)
request = factory.make_fake_request('/')
request.external_auth_info = ExternalAuthInfo('macaroon',
'https://example.com')
request.user = AnonymousUser()
auth.is_valid_request = lambda request: True
auth.validate_token = lambda request: (mock.Mock(), mock_token, None)
self.assertTrue(auth.is_authenticated(request))
mock_validate.assert_called()
def setUp(self):
super().setUp()
self.user = factory.make_User()
self.client = mock.Mock()
self.client.get_user_details.return_value = UserDetails(
username=self.user.username,
email='{}@example.com'.format(self.user.username),
fullname='User {}'.format(self.user.username))
self.now = datetime.utcnow()
# by default, the user has to be checked again
self.default_last_check = (self.now - EXTERNAL_USER_CHECK_INTERVAL -
timedelta(minutes=10))
self.user.userprofile.auth_last_check = self.default_last_check
self.user.userprofile.save()
self.auth_info = ExternalAuthInfo(type='rbac',
url='http://example.com')
def test_authenticate_validate_fails(self):
self.mock_validate.return_value = False
user = factory.make_User()
identity = SimpleIdentity(user=user.username)
self.assertIsNone(
self.backend.authenticate(self.get_request(), identity=identity))
self.mock_validate.assert_called_with(
user,
ExternalAuthInfo(
type="candid",
url="https://auth.example.com",
domain="",
admin_group="admins",
),
force_check=True,
)
def test_is_authenticated_external_auth_validate_user(self):
mock_validate = self.patch(api_auth, 'validate_user_external_auth')
mock_validate.return_value = True
auth = MAASAPIAuthentication()
user = factory.make_User()
user.userprofile.auth_last_check = (datetime.utcnow() -
timedelta(days=1))
mock_token = mock.Mock(user=user)
request = self.make_request()
auth.is_valid_request = lambda request: True
auth.validate_token = lambda request: (mock.Mock(), mock_token, None)
self.assertTrue(auth.is_authenticated(request))
mock_validate.assert_called_with(
user,
ExternalAuthInfo('candid', 'https://example.com', 'domain',
'admins'))
def test_is_authenticated_external_auth_validate_fail(self):
mock_validate = self.patch(api_auth, 'validate_user_external_auth')
mock_validate.return_value = False
auth = MAASAPIAuthentication()
user = factory.make_User()
user.userprofile.auth_last_check = (datetime.utcnow() -
timedelta(days=1))
mock_token = mock.Mock(user=user)
request = self.make_request()
auth.is_valid_request = lambda request: True
auth.validate_token = lambda request: (mock.Mock(), mock_token, None)
self.assertFalse(auth.is_authenticated(request))
# check interval not expired, the user isn't checked
mock_validate.assert_called_with(
user,
ExternalAuthInfo(type='candid',
url='https://example.com',
domain='domain',
admin_group='admins'))