def test_login_success_created_user_4(self):
print(
'- Test: login success with a created user - change student number and employee number'
)
created_user = userApi.create_user({
'first_name': 'User600',
'last_name': 'Test',
'email': '*****@*****.**',
'username': '******',
'student_number': None,
'employee_number': None,
#'puid': 'TEST00000600'
})
self.assertIsNotNone(created_user)
self.assertIsNotNone(userApi.has_user_profile_created(created_user))
self.assertIsNotNone(
userApi.has_user_confidentiality_created(created_user))
saml_data = {
'auth': True,
'attrs': {
'first_name': created_user.first_name,
'last_name': created_user.last_name,
'email': created_user.email,
'username': created_user.username,
'student_number': '58684500',
'employee_number': '8456300',
#'puid': 'TEST00000600'
}
}
user = self.saml_authenticate(saml_data)
self.assertIsNotNone(user)
self.assertEqual(user.username, saml_data['attrs']['username'])
self.assertEqual(user.email, saml_data['attrs']['email'])
self.assertEqual(user.first_name, saml_data['attrs']['first_name'])
self.assertEqual(user.last_name, saml_data['attrs']['last_name'])
self.assertIsNotNone(user.profile)
self.assertEqual(user.profile.student_number,
saml_data['attrs']['student_number'])
#self.assertEqual(user.profile.puid, saml_data['attrs']['puid'])
roles = userApi.get_user_roles(user)
self.assertEqual(roles, ['Student'])
self.assertIsNotNone(user.confidentiality)
self.assertEqual(user.confidentiality.employee_number,
saml_data['attrs']['employee_number'])
self.assertFalse(user.confidentiality.is_new_employee)
def local_login(request):
''' Local login '''
if request.method == 'POST':
form = LocalLoginForm(request.POST)
if form.is_valid():
user = authenticate(username=request.POST['username'],
password=request.POST['password'])
if user is not None:
AuthLogin(request, user)
roles = userApi.get_user_roles(user)
if roles == None:
messages.error(
request,
'An error occurred. Users must have at least one role.'
)
else:
request.session['loggedin_user'] = {
'id': user.id,
'username': user.username,
'roles': roles
}
redirect_to = redirect_to_index_page(roles)
return HttpResponseRedirect(redirect_to)
else:
messages.error(
request,
'An error occurred. Please check your username and password, then try again.'
)
else:
messages.error(
request,
'An error occurred. Form is invalid. Please check your inputs.'
)
return redirect('accounts:local_login')
else:
if 'loggedin_user' in request.session.keys():
roles = request.session['loggedin_user']['roles']
redirect_to = redirect_to_index_page(roles)
return HttpResponseRedirect(redirect_to)
return render(request, 'accounts/local_login.html',
{'form': LocalLoginForm()})
def test_login_duplicated_employee_number(self):
print('- Test: login - duplicated employee number')
# login - success
saml_data = {
'auth': True,
'attrs': {
'first_name': 'Test',
'last_name': 'User600',
'email': '*****@*****.**',
'username': '******',
'student_number': None,
'employee_number': '5544332',
#'puid': 'TEST00000600'
}
}
user = self.saml_authenticate(saml_data)
self.assertIsNotNone(user)
self.assertEqual(user.username, saml_data['attrs']['username'])
self.assertEqual(user.email, saml_data['attrs']['email'])
self.assertEqual(user.first_name, saml_data['attrs']['first_name'])
self.assertEqual(user.last_name, saml_data['attrs']['last_name'])
self.assertIsNotNone(user.profile)
self.assertIsNone(user.profile.student_number)
#self.assertEqual(user.profile.puid, saml_data['attrs']['puid'])
roles = userApi.get_user_roles(user)
self.assertEqual(roles, ['Student'])
self.assertIsNotNone(user.confidentiality)
self.assertEqual(user.confidentiality.employee_number,
saml_data['attrs']['employee_number'])
self.assertFalse(user.confidentiality.is_new_employee)
# login - success
saml_data2 = {
'auth': True,
'attrs': {
'first_name': user.first_name,
'last_name': user.last_name,
'email': user.email,
'username': user.username,
'student_number': None,
'employee_number': '5544332',
#'puid': user.profile.puid
}
}
user2 = self.saml_authenticate(saml_data2)
self.assertIsNotNone(user2)
self.assertEqual(user2.username, saml_data2['attrs']['username'])
self.assertEqual(user2.email, saml_data2['attrs']['email'])
self.assertEqual(user2.first_name, saml_data2['attrs']['first_name'])
self.assertEqual(user2.last_name, saml_data2['attrs']['last_name'])
self.assertIsNotNone(user2.profile)
self.assertIsNone(user.profile.student_number)
#self.assertEqual(user.profile.puid, saml_data['attrs']['puid'])
roles2 = userApi.get_user_roles(user2)
self.assertEqual(roles2, ['Student'])
self.assertIsNotNone(user2.confidentiality)
self.assertEqual(user.confidentiality.employee_number,
saml_data['attrs']['employee_number'])
self.assertFalse(user2.confidentiality.is_new_employee)
# login - failure with same employee number
saml_data3 = {
'auth': True,
'attrs': {
'first_name': 'Test2',
'last_name': 'User6002',
'email': '*****@*****.**',
'username': '******',
'student_number': None,
'employee_number': '5544332',
#'puid': 'TEST00000602'
}
}
user3 = self.saml_authenticate(saml_data3)
self.assertEqual(user3, 'SuspiciousOperation')
# login - success with different employee number
saml_data4 = {
'auth': True,
'attrs': {
'first_name': 'Test2',
'last_name': 'User6002',
'email': '*****@*****.**',
'username': '******',
'student_number': None,
'employee_number': '1544331',
#'puid': 'TEST00000602'
}
}
user4 = self.saml_authenticate(saml_data4)
self.assertIsNotNone(user4)
self.assertEqual(user4.username, saml_data4['attrs']['username'])
self.assertEqual(user4.email, saml_data4['attrs']['email'])
self.assertEqual(user4.first_name, saml_data4['attrs']['first_name'])
self.assertEqual(user4.last_name, saml_data4['attrs']['last_name'])
self.assertIsNotNone(user4.profile)
self.assertIsNone(user4.profile.student_number)
#self.assertEqual(user4.profile.puid, saml_data4['attrs']['puid'])
roles4 = userApi.get_user_roles(user4)
self.assertEqual(roles4, ['Student'])
self.assertIsNotNone(user4.confidentiality)
self.assertEqual(user.confidentiality.employee_number,
saml_data['attrs']['employee_number'])
self.assertFalse(user4.confidentiality.is_new_employee)
def test_login_success_user_not_exists(self):
print('- Test: login success - a user does not exist')
# create and login
saml_data = {
'auth': True,
'attrs': {
'first_name': 'User700',
'last_name': 'Test',
'email': '*****@*****.**',
'username': '******',
'student_number': None,
'employee_number': None,
#'puid': 'TEST00000700'
}
}
user = self.saml_authenticate(saml_data)
self.assertIsNotNone(user)
self.assertEqual(user.username, saml_data['attrs']['username'])
self.assertEqual(user.email, saml_data['attrs']['email'])
self.assertEqual(user.first_name, saml_data['attrs']['first_name'])
self.assertEqual(user.last_name, saml_data['attrs']['last_name'])
self.assertIsNotNone(user.profile)
self.assertIsNone(user.profile.student_number)
#self.assertEqual(user.profile.puid, saml_data['attrs']['puid'])
roles = userApi.get_user_roles(user)
self.assertEqual(roles, ['Student'])
self.assertIsNotNone(user.confidentiality)
self.assertIsNone(user.confidentiality.employee_number)
self.assertTrue(user.confidentiality.is_new_employee)
# login with an employee number
saml_data2 = {
'auth': True,
'attrs': {
'first_name': user.first_name,
'last_name': user.last_name,
'email': user.email,
'username': user.username,
'student_number': None,
'employee_number': '6997879',
#'puid': user.profile.puid
}
}
user2 = self.saml_authenticate(saml_data2)
self.assertIsNotNone(user2)
self.assertEqual(user2.username, saml_data2['attrs']['username'])
self.assertEqual(user2.email, saml_data2['attrs']['email'])
self.assertEqual(user2.first_name, saml_data2['attrs']['first_name'])
self.assertEqual(user2.last_name, saml_data2['attrs']['last_name'])
self.assertIsNotNone(user2.profile)
self.assertIsNone(user2.profile.student_number)
#self.assertEqual(user2.profile.puid, saml_data2['attrs']['puid'])
roles2 = userApi.get_user_roles(user2)
self.assertEqual(roles2, ['Student'])
self.assertIsNotNone(user2.confidentiality)
self.assertEqual(user2.confidentiality.employee_number,
saml_data2['attrs']['employee_number'])
self.assertFalse(user2.confidentiality.is_new_employee)
def saml(request, action=None):
req = prepare_django_request(request)
auth = init_saml_auth(req)
errors = []
error_reason = None
not_auth_warn = False
success_slo = False
attributes = False
paint_logout = False
if 'SAMLResponse' in req['get_data']:
req['get_data']['sls'] = ''
# Redirect to idp
if 'sso' in req['get_data']:
return HttpResponseRedirect(auth.login())
if 'slo' in req['get_data']:
name_id = None
session_index = None
name_id_format = None
if 'samlNameId' in request.session:
name_id = request.session['samlNameId']
if 'samlSessionIndex' in request.session:
session_index = request.session['samlSessionIndex']
if 'samlNameIdFormat' in request.session:
name_id_format = request.session['samlNameIdFormat']
# Login was not done through saml
if not name_id and not session_index:
#return HttpResponseRedirect(settings.LOGIN_URL)
return redirect('accounts:login')
# Redirect to the saml logout
#return HttpResponseRedirect(auth.logout(name_id=name_id, session_index=session_index))
return HttpResponseRedirect(
auth.logout(name_id=name_id,
session_index=session_index,
name_id_format=name_id_format))
# Paths from idp
if 'acs' in req['get_data']:
auth.process_response()
errors = auth.get_errors()
if not errors:
if auth.is_authenticated():
request.session['samlUserdata'] = auth.get_attributes()
request.session['samlNameId'] = auth.get_nameid()
request.session['samlSessionIndex'] = auth.get_session_index()
request.session['samlNameIdFormat'] = auth.get_nameid_format()
user = authenticate(saml_authentication=auth)
login(request, user)
if 'RelayState' in req[
'post_data'] and OneLogin_Saml2_Utils.get_self_url(
req) != req['post_data']['RelayState']:
#return HttpResponseRedirect(auth.redirect_to(req['post_data']['RelayState']))
roles = userApi.get_user_roles(user)
request.session['loggedin_user'] = {
'id': user.id,
'username': user.username,
'roles': roles
}
redirect_to = accountView.redirect_to_index_page(roles)
return HttpResponseRedirect(redirect_to)
else:
for attr_name in request.session['samlUserdata'].keys():
print('%s ==> %s' % (attr_name, '|| '.join(
request.session['samlUserdata'][attr_name])))
else:
print('Not authenticated')
else:
print("Error when processing SAML Response: %s" %
(', '.join(errors)))
elif 'sls' in req['get_data']:
#dscb = lambda: request.session.flush()
#url = auth.process_slo(delete_session_cb=dscb)
errors = auth.get_errors()
request.session.flush()
logout(request)
if not errors:
return HttpResponseRedirect(settings.SAML_LOGOUT_URL)
else:
return HttpResponseRedirect(settings.LOGIN_URL)
return render(
request, 'accounts/login.html', {
'errors': errors,
'error_reason': error_reason,
'not_auth_warn': not_auth_warn,
'success_slo': success_slo,
'attributes': attributes,
'paint_logout': paint_logout
})