def test_authorize_with_invitation_existing_user( id_token_generator, auth_req_generator, users_m, login_m, invitation_getter ): # Attach an invitation that is associated to a user. That user should be # logged in and associated to the remote. id_token, claims = id_token_generator() request = auth_req_generator(id_token, user=None) user = User(username="******") invitation_getter.return_value = models.Invitation( slug="foo", user=user, created_at=timezone.now(), email=claims["email"] ) request.session[views.INVITATION_KEY] = "foo" response = views.authorize(request) assert response.status_code == 302 # 302 redirect to success url: all checks passed assert response.url == "http://testserver/success" # check if the invitation was looked up invitation_getter.assert_called_with(slug="foo") # check if create_remote_user was called users_m.create_remote_user.assert_called_with(user, claims) # check if login was called login_m.assert_called_with(request, user) assert user.backend == "nens_auth_client.backends.RemoteUserBackend" # check if update_user was called users_m.update_user.assert_called_with(user, claims) args, kwargs = users_m.update_remote_user.call_args assert args[0] == claims assert args[1].keys() == {"id_token"}
def test_authorize_with_invitation_email_unverified( id_token_generator, auth_req_generator, users_m, login_m, invitation_getter ): # It does not matter whether email is verified for checking invite email id_token, claims = id_token_generator() claims["email_verified"] = False request = auth_req_generator(id_token, user=None) request.session[views.INVITATION_KEY] = "foo" invitation_getter.return_value = models.Invitation( created_at=timezone.now(), email=claims["email"] ) response = views.authorize(request) assert response.status_code == 302 assert response.url == "http://testserver/success"
def test_authorize_with_expired_invitation( id_token_generator, auth_req_generator, users_m, login_m, invitation_getter ): id_token, claims = id_token_generator() request = auth_req_generator(id_token, user=None) request.session[views.INVITATION_KEY] = "foo" invitation_getter.return_value = models.Invitation( created_at=timezone.now() - timedelta(days=14) ) with pytest.raises(PermissionDenied, match=".*has expired.*"): views.authorize(request) invitation_getter.assert_called_with(slug="foo") assert not login_m.called assert not users_m.create_user.called assert not users_m.create_remote_user.called assert not users_m.update_user.called
def test_authorize_with_nonacceptable_invitation( id_token_generator, auth_req_generator, users_m, login_m, invitation_getter ): id_token, claims = id_token_generator() request = auth_req_generator(id_token, user=None) request.session[views.INVITATION_KEY] = "foo" invitation_getter.return_value = models.Invitation( status=models.Invitation.ACCEPTED ) with pytest.raises(PermissionDenied, match=".*has been used already.*"): views.authorize(request) invitation_getter.assert_called_with(slug="foo") assert not login_m.called assert not users_m.create_user.called assert not users_m.create_remote_user.called assert not users_m.update_user.called
def test_authorize_with_mismatching_invitation( id_token_generator, auth_req_generator, users_m, login_m, invitation_getter ): id_token, claims = id_token_generator() request = auth_req_generator(id_token, user=None) request.session[views.INVITATION_KEY] = "foo" invitation_getter.return_value = models.Invitation( created_at=timezone.now(), email="*****@*****.**" ) with pytest.raises( PermissionDenied, match=".*intended for a user with email '*****@*****.**'.*" ): views.authorize(request) invitation_getter.assert_called_with(slug="foo") assert not login_m.called assert not users_m.create_user.called assert not users_m.create_remote_user.called assert not users_m.update_user.called