def test_success(self): username = "******" # mock the response, return token expected_token = generate_tokens() expected_user_data = {"pk": 1, "first_name": "My First Name", "last_name": "My last name"} responses.add( responses.POST, urljoin(settings.API_URL, "oauth2/token"), body=json.dumps(expected_token), status=200, content_type="application/json", ) responses.add( responses.GET, urljoin(settings.API_URL, "users/", username), body=json.dumps(expected_user_data), status=200, content_type="application/json", ) # authenticate, should return authentication data data = api_client.authenticate(username, "my-password") self.assertEqual(data["pk"], expected_user_data.get("pk")) self.assertDictEqual(data["token"], expected_token) self.assertDictEqual(data["user_data"], expected_user_data)
def _default_login_data(self): user_pk = 100 credentials = {'username': '******', 'password': '******'} token = generate_tokens() permissions = [ 'credit.view_credit', 'credit.lock_credit', 'credit.unlock_credit', 'credit.patch_credited_credit' ] user_data = { 'first_name': 'My First Name', 'last_name': 'My Last Name', 'email': '*****@*****.**' % credentials['username'], 'username': credentials['username'], 'permissions': permissions, 'roles': ['prison-clerk'], 'prisons': [{ 'nomis_id': 'BXI', 'name': 'HMP Brixton', 'pre_approval_required': False }], 'flags': [READ_ML_BRIEFING_FLAG], } return { 'user_pk': user_pk, 'token': token, 'credentials': credentials, 'user_data': user_data, }
def test_base_api_url_allows_trailing_slash(self): actual_api_url = settings.API_URL # set API_URL and then reload the client to generate # a new REQUEST_TOKEN_URL settings.API_URL = actual_api_url + "/" reload(api_client) username = "******" # mock the response, return token expected_token = generate_tokens() expected_user_data = {"pk": 1, "first_name": "My First Name", "last_name": "My last name"} responses.add( responses.POST, urljoin(actual_api_url, "oauth2/token/"), body=json.dumps(expected_token), status=200, content_type="application/json", ) responses.add( responses.GET, urljoin(actual_api_url, "users/", username), body=json.dumps(expected_user_data), status=200, content_type="application/json", ) # authenticate, should complete without error api_client.authenticate(username, "my-password") # revert changes settings.API_URL = actual_api_url reload(api_client)
def test_success(self, mocked_api_client): """ Successful authentication. """ user_pk = 100 credentials = {'username': '******', 'password': '******'} token = generate_tokens() user_data = { 'first_name': 'My First Name', 'last_name': 'My Last Name', 'username': credentials['username'], } mocked_api_client.authenticate.return_value = { 'pk': user_pk, 'token': token, 'user_data': user_data } # login response = self.client.post(self.login_url, data=credentials) self.assertEqual(response.status_code, 302) self.assertEqual(self.client.session[SESSION_KEY], user_pk) self.assertEqual(self.client.session[BACKEND_SESSION_KEY], settings.AUTHENTICATION_BACKENDS[0]) self.assertDictEqual(self.client.session[AUTH_TOKEN_SESSION_KEY], token) self.assertDictEqual(self.client.session[USER_DATA_SESSION_KEY], user_data)
def _default_login_data(self): user_pk = 100 credentials = { 'username': '******', 'password': '******' } token = generate_tokens() permissions = ['credit.view_credit', 'credit.lock_credit', 'credit.unlock_credit', 'credit.patch_credited_credit'] user_data = { 'first_name': 'My First Name', 'last_name': 'My Last Name', 'email': '*****@*****.**' % credentials['username'], 'username': credentials['username'], 'permissions': permissions, 'roles': ['prison-clerk'], 'prisons': [{ 'nomis_id': 'BXI', 'name': 'HMP Brixton', 'pre_approval_required': False }], } return { 'user_pk': user_pk, 'token': token, 'credentials': credentials, 'user_data': user_data, }
def test_success(self): username = '******' # mock the response, return token expected_token = generate_tokens() expected_user_data = { 'pk': 1, 'first_name': 'My First Name', 'last_name': 'My last name', } responses.add( responses.POST, urljoin(settings.API_URL, 'oauth2/token'), body=json.dumps(expected_token), status=200, content_type='application/json' ) responses.add( responses.GET, urljoin(settings.API_URL, 'users/', username), body=json.dumps(expected_user_data), status=200, content_type='application/json' ) # authenticate, should return authentication data data = api_client.authenticate(username, 'my-password') self.assertEqual(data['pk'], expected_user_data.get('pk')) self.assertDictEqual(data['token'], expected_token) self.assertDictEqual(data['user_data'], expected_user_data)
def login(self, mocked_api_client): user_pk = 100 credentials = { 'username': '******', 'password': '******', } token = generate_tokens() user_data = { 'first_name': 'My First Name', 'last_name': 'My Last Name', 'username': credentials['username'], } mocked_api_client.authenticate.return_value = { 'pk': user_pk, 'token': token, 'user_data': user_data, } # login response = self.client.post(self.login_url, data=credentials, follow=True) self.assertEqual(response.status_code, 200) return token
def setUp(self, *args, **kwargs): super(UserPermissionsTestCase, self).setUp(*args, **kwargs) self.user = MojUser(5, generate_tokens(), { 'first_name': 'Sam', 'last_name': 'Hall', 'permissions': [ 'allowed_permission_1', 'allowed_permission_2', 'allowed_permission_3' ] })
def test_no_permissions_fails_gracefully(self): user = MojUser(6, generate_tokens(), { 'first_name': 'Sam', 'last_name': 'Halle', }) user.get_all_permissions() self.assertFalse(user.has_perm('forbidden_permission')) self.assertFalse(user.has_perms([ 'allowed_permission_1', 'forbidden_permission' ]))
def test_token_refreshed_automatically(self): """ Test that if I call the /test/ endpoint with an expired access token, the module should automatically: - request a new access token - update request.user.token to the new token - finally request /test/ with the new valid token """ def build_expires_at(dt): return ( dt - datetime.datetime(1970, 1, 1) ).total_seconds() # dates now = datetime.datetime.now() one_day_delta = datetime.timedelta(days=1) expired_yesterday = build_expires_at(now - one_day_delta) expires_tomorrow = build_expires_at(now + one_day_delta) # set access_token.expires_at to yesterday self.request.user.token['expires_at'] = expired_yesterday expired_token = self.request.user.token # mock the refresh token endpoint, return a new token new_token = generate_tokens(expires_at=expires_tomorrow) responses.add( responses.POST, api_client.get_request_token_url(), body=json.dumps(new_token), status=200, content_type='application/json' ) # mock the /test/ endpoint, return valid body expected_response = {'success': True} responses.add( responses.GET, self.test_endpoint, body=json.dumps(expected_response), status=200, content_type='application/json' ) result = self._test_success() self.assertDictEqual(result, expected_response) self.assertDictEqual(self.request.user.token, new_token) self.assertNotEqual( expired_token['access_token'], new_token['access_token'] )
def setUp(self): """ Sets up a request mock object with request.user.token == generated token. It also defines the {base_url}/test/ endpoint which will be used by all the test methods. """ super(GetConnectionTestCase, self).setUp() self.request = mock.MagicMock(user=mock.MagicMock(token=generate_tokens())) self.test_endpoint = urljoin(settings.API_URL, "test")
def test_token_refreshed_automatically(self): """ Test that if I call the /test/ endpoint with an expired access token, the module should automatically: - request a new access token - update request.user.token to the new token - finally request /test/ with the new valid token """ def build_expires_at(dt): return (dt - datetime.datetime(1970, 1, 1)).total_seconds() # dates now = datetime.datetime.now() one_day_delta = datetime.timedelta(days=1) expired_yesterday = build_expires_at(now - one_day_delta) expires_tomorrow = build_expires_at(now + one_day_delta) # set access_token.expires_at to yesterday self.request.user.token["expires_at"] = expired_yesterday expired_token = self.request.user.token # mock the refresh token endpoint, return a new token new_token = generate_tokens(expires_at=expires_tomorrow) responses.add( responses.POST, api_client.REQUEST_TOKEN_URL, body=json.dumps(new_token), status=200, content_type="application/json", ) # mock the /test/ endpoint, return valid body expected_response = {"success": True} responses.add( responses.GET, self.test_endpoint, body=json.dumps(expected_response), status=200, content_type="application/json", ) # test conn = api_client.get_connection(self.request) result = conn.test.get() self.assertDictEqual(result, expected_response) self.assertDictEqual(self.request.user.token, new_token) self.assertNotEqual(expired_token["access_token"], new_token["access_token"])
def setUp(self): """ Sets up a request mock object with request.user.token == generated token. It also defines the {base_url}/test/ endpoint which will be used by all the test methods. """ super(GetConnectionTestCase, self).setUp() self.request = mock.MagicMock( user=mock.MagicMock( token=generate_tokens() ) ) self.test_endpoint = urljoin(settings.API_URL, 'test')
def login(self, mock_api_client): mock_api_client.authenticate.return_value = { 'pk': 5, 'token': generate_tokens(), 'user_data': { 'first_name': 'Sam', 'last_name': 'Hall', 'username': '******', 'permissions': ['transaction.view_bank_details_transaction'] } } response = self.client.post( reverse('login'), data={'username': '******', 'password': '******'}, follow=False ) self.assertEqual(response.status_code, 302)
def login(self, mock_api_client): mock_api_client.authenticate.return_value = { 'pk': 5, 'token': generate_tokens(), 'user_data': { 'first_name': 'Sam', 'last_name': 'Hall', 'username': '******', 'applications': ['noms-ops'], 'permissions': required_permissions, } } response = self.client.post( reverse('login'), data={'username': '******', 'password': '******'}, follow=True ) self.assertEqual(response.status_code, 200) return mock_api_client.authenticate.return_value
def login(self, mock_api_client): mock_api_client.authenticate.return_value = { 'pk': 5, 'token': generate_tokens(), 'user_data': { 'first_name': 'Sam', 'last_name': 'Hall', 'username': '******', 'applications': ['bank-admin'], 'permissions': ['transaction.view_bank_details_transaction'] } } response = self.client.post( reverse('login'), data={'username': '******', 'password': '******'}, follow=True ) self.assertEqual(response.status_code, 200)
def test_cannot_see_refund_download_without_perm(self, mock_api_client): mock_api_client.authenticate.return_value = { 'pk': 5, 'token': generate_tokens(), 'user_data': { 'first_name': 'Sam', 'last_name': 'Hall', 'username': '******', 'permissions': [] } } response = self.client.post( reverse('login'), data={'username': '******', 'password': '******'}, follow=True ) self.assertEqual(response.status_code, 200) self.assertNotContains(response, reverse('bank_admin:download_refund_file'))
def test_success(self, mocked_api_client): """ Successful authentication. """ user_pk = 100 credentials = { 'username': '******', 'password': '******' } token = generate_tokens() user_data = { 'first_name': 'My First Name', 'last_name': 'My Last Name', 'username': credentials['username'], } mocked_api_client.authenticate.return_value = { 'pk': user_pk, 'token': token, 'user_data': user_data } # login response = self.client.post( self.login_url, data=credentials ) self.assertEqual(response.status_code, 302) self.assertEqual( self.client.session[SESSION_KEY], user_pk ) self.assertEqual( self.client.session[BACKEND_SESSION_KEY], settings.AUTHENTICATION_BACKENDS[0] ) self.assertDictEqual( self.client.session[AUTH_TOKEN_SESSION_KEY], token ) self.assertDictEqual( self.client.session[USER_DATA_SESSION_KEY], user_data )
def test_cannot_see_refund_download_without_perm(self, mock_api_client): mock_api_client.authenticate.return_value = { 'pk': 5, 'token': generate_tokens(), 'user_data': { 'first_name': 'Sam', 'last_name': 'Hall', 'username': '******', 'applications': ['bank-admin'], 'permissions': [] } } response = self.client.post( reverse('login'), data={'username': '******', 'password': '******'}, follow=True ) self.assertEqual(response.status_code, 200) self.assertNotContains(response, reverse('bank_admin:download_refund_file'))
def test_base_api_url_allows_trailing_slash(self): actual_api_url = settings.API_URL # set API_URL and then reload the client to generate # a new REQUEST_TOKEN_URL settings.API_URL = actual_api_url + '/' reload(api_client) username = '******' # mock the response, return token expected_token = generate_tokens() expected_user_data = { 'pk': 1, 'first_name': 'My First Name', 'last_name': 'My last name', } responses.add( responses.POST, urljoin(actual_api_url, 'oauth2/token/'), body=json.dumps(expected_token), status=200, content_type='application/json' ) responses.add( responses.GET, urljoin(actual_api_url, 'users/', username), body=json.dumps(expected_user_data), status=200, content_type='application/json' ) # authenticate, should complete without error api_client.authenticate(username, 'my-password') # revert changes settings.API_URL = actual_api_url reload(api_client)
def test_refund_download_hidden_even_with_perm(self, mock_api_client): mock_api_client.authenticate.return_value = { 'pk': 5, 'token': generate_tokens(), 'user_data': { 'first_name': 'Sam', 'last_name': 'Hall', 'username': '******', 'permissions': ['transaction.view_bank_details_transaction'] } } mock_missing_download_check() response = self.client.post( reverse('login'), data={'username': '******', 'password': '******'}, follow=True ) self.assertEqual(response.status_code, 200) self.assertNotContains(response, reverse('bank_admin:download_refund_file')) self.assertContains(response, 'There are no refunds to process through Access Pay')
def mocked_login(self, **user_data_updates): with mock.patch('django.contrib.auth.login') as mock_login, \ mock.patch('mtp_common.auth.backends.api_client') as mock_api_client: mock_login.side_effect = lambda request, user, *args: login(request, user) user_data = { 'username': '******', 'first_name': 'Test', 'last_name': 'User', 'email': '*****@*****.**', 'permissions': [ 'auth.add_user', 'auth.change_user', 'auth.delete_user', ], 'prisons': [{'nomis_id': 'AAI', 'name': 'Prison 1', 'pre_approval_required': False}], 'roles': ['prison-clerk'], } user_data.update(user_data_updates) mock_api_client.authenticate.return_value = { 'pk': 1, 'token': generate_tokens(), 'user_data': user_data, } self.assertTrue(self.client.login(username='******', password='******'))
def login(self, mock_api_client): mock_api_client.authenticate.return_value = { 'pk': 5, 'token': generate_tokens(), 'user_data': { 'first_name': 'Sam', 'last_name': 'Hall', 'username': '******', 'email': '*****@*****.**', 'permissions': required_permissions, 'prisons': [], 'flags': [], 'roles': ['prisoner-location-upload'] } } response = self.client.post(reverse('login'), data={ 'username': '******', 'password': '******' }, follow=True) self.assertEqual(response.status_code, 200) return mock_api_client.authenticate.return_value
def authenticated_request(self): return mock.MagicMock(user=mock.MagicMock(token=generate_tokens()))
def setup_mock_get_authenticated_api_session(self, mock_api_client): mock_session = MoJOAuth2Session() mock_session.token = generate_tokens() mock_api_client.get_authenticated_api_session.return_value = mock_session
def setUp(self): self.api_session = get_api_session( mock.MagicMock(user=mock.MagicMock(token=generate_tokens())))
def mock_api_session(mocked_api_session): mock_session = MoJOAuth2Session() mock_session.token = generate_tokens() mocked_api_session.return_value = mock_session
def setUp(self): super().setUp() self.request = mock.MagicMock(user=mock.MagicMock( token=generate_tokens()))