def test_token_authentication(self): self.client.logout() self.client.cookies[settings.REALM_COOKIE] = TEST_REALM username = '******' email = '*****@*****.**' password = '******' user = get_user_model().objects.create_user( f'{TEST_REALM}__{username}', email, password) token_key = 'token-123456' Token.objects.create(user=user, key=token_key) token_headers = {'HTTP_AUTHORIZATION': f'Token {token_key}'} token_headers_wrong = {'HTTP_AUTHORIZATION': 'Token 123'} url = reverse('http-200') response = self.client.get(url) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) self.assertEqual( response.json(), {'detail': 'Authentication credentials were not provided.'}) response = self.client.get(url, **token_headers) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) self.assertEqual(response.json(), {'detail': 'Invalid user in this realm.'}) response = self.client.get(url, **token_headers_wrong) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) self.assertEqual(response.json(), {'detail': 'Invalid token.'}) utils.add_user_to_realm(self.request, user) response = self.client.get(url, **token_headers) self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_basic_authentication(self): self.client.logout() self.client.cookies[settings.REALM_COOKIE] = TEST_REALM username = '******' email = '*****@*****.**' password = '******' user = get_user_model().objects.create_user( f'{TEST_REALM}__{username}', email, password) auth_str = f'{username}:{password}' basic = base64.b64encode(bytearray(auth_str, 'utf-8')).decode('ascii') basic_headers = {'HTTP_AUTHORIZATION': f'Basic {basic}'} auth_str = f'{TEST_REALM}__{username}:{password}' basic = base64.b64encode(bytearray(auth_str, 'utf-8')).decode('ascii') basic_realm_headers = {'HTTP_AUTHORIZATION': f'Basic {basic}'} auth_str = f'{TEST_REALM_2}__{username}:{password}' basic = base64.b64encode(bytearray(auth_str, 'utf-8')).decode('ascii') basic_realm_2_headers = {'HTTP_AUTHORIZATION': f'Basic {basic}'} url = reverse('http-200') response = self.client.get(url) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) self.assertEqual( response.json(), {'detail': 'Authentication credentials were not provided.'}) response = self.client.get(url, **basic_headers) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) self.assertEqual(response.json(), {'detail': 'Invalid user in this realm.'}) response = self.client.get(url, **basic_realm_headers) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) self.assertEqual(response.json(), {'detail': 'Invalid user in this realm.'}) response = self.client.get(url, **basic_realm_2_headers) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) self.assertEqual(response.json(), {'detail': 'Invalid username/password.'}) utils.add_user_to_realm(self.request, user) response = self.client.get(url, **basic_headers) self.assertEqual(response.status_code, status.HTTP_200_OK) response = self.client.get(url, **basic_realm_headers) self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_auth(self): realm_group = utils.get_auth_group(self.request) self.assertIsNotNone(realm_group) self.assertEqual(realm_group.name, utils.get_current_realm(self.request)) self.assertEqual(self.request.user.groups.count(), 0) # it does not complain if the user does not belong to the realm utils.remove_user_from_realm(self.request, self.request.user) utils.add_user_to_realm(self.request, self.request.user) self.assertEqual(self.request.user.groups.count(), 1) self.assertIn(realm_group, self.request.user.groups.all()) utils.remove_user_from_realm(self.request, self.request.user) self.assertEqual(self.request.user.groups.count(), 0) self.assertNotIn(realm_group, self.request.user.groups.all())
def get_or_create_user(request, username): # gets the existing user or creates a new one _username = parse_username(request, username) try: user = user_objects.get(username=_username) except UserModel.DoesNotExist: realm = get_current_realm(request) user = user_objects.create_user( username=_username, first_name=username, last_name=realm or '', password=user_objects.make_random_password(length=100), ) # only add user if it doesn't exist. add_user_to_realm(request, user) return user
def test_no_multitenancy(self, *args): self.assertIsNone(utils.get_multitenancy_model()) self.assertIsNone(utils.get_current_realm(None)) obj1 = TestModel.objects.create(name='two') self.assertFalse(obj1.is_accessible(TEST_REALM)) self.assertFalse(obj1.is_accessible(settings.DEFAULT_REALM)) self.assertIsNone(obj1.get_realm()) self.assertTrue(MtInstance.objects.count() == 0) self.assertTrue(utils.is_accessible_by_realm(self.request, obj1)) self.assertEqual(utils.add_instance_realm_in_headers(obj1, {}), {}) self.assertEqual(utils.add_current_realm_in_headers(self.request, {}), {}) initial_data = TestModel.objects.all() self.assertEqual(utils.filter_by_realm(self.request, initial_data), initial_data) initial_users = get_user_model().objects.all() self.assertEqual( utils.filter_users_by_realm(self.request, initial_users), initial_users) obj1.add_to_realm(self.request) self.assertTrue(MtInstance.objects.count() == 0) self.assertIsNone(utils.get_auth_group(self.request)) self.assertEqual(self.request.user.groups.count(), 0) self.assertTrue( utils.check_user_in_realm(self.request, self.request.user)) utils.add_user_to_realm(self.request, self.request.user) self.assertEqual(self.request.user.groups.count(), 0) self.assertTrue( utils.check_user_in_realm(self.request, self.request.user)) utils.remove_user_from_realm(self.request, self.request.user) self.assertEqual(self.request.user.groups.count(), 0) self.assertTrue( utils.check_user_in_realm(self.request, self.request.user)) self.client.logout() username = '******' email = '*****@*****.**' password = '******' user = get_user_model().objects.create_user( f'{TEST_REALM}__{username}', email, password) token_key = 'token-123456' Token.objects.create(user=user, key=token_key) token_headers = {'HTTP_AUTHORIZATION': f'Token {token_key}'} auth_str = f'{username}:{password}' basic = base64.b64encode(bytearray(auth_str, 'utf-8')).decode('ascii') basic_headers = {'HTTP_AUTHORIZATION': f'Basic {basic}'} auth_str = f'{TEST_REALM}__{username}:{password}' basic = base64.b64encode(bytearray(auth_str, 'utf-8')).decode('ascii') basic_realm_headers = {'HTTP_AUTHORIZATION': f'Basic {basic}'} url = reverse('http-200') response = self.client.get(url) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) self.assertEqual( response.json(), {'detail': 'Authentication credentials were not provided.'}) response = self.client.get(url, **basic_headers) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) self.assertEqual(response.json(), {'detail': 'Invalid username/password.'}) response = self.client.get(url, **basic_realm_headers) self.assertEqual(response.status_code, status.HTTP_200_OK) response = self.client.get(url, **token_headers) self.assertEqual(response.status_code, status.HTTP_200_OK) username = '******' email = '*****@*****.**' password = '******' get_user_model().objects.create_superuser(username, email, password) self.assertTrue(self.client.login(username=username, password=password)) response = self.client.get(reverse('get-realms')) self.assertEqual(response.json(), {'realms': [settings.NO_MULTITENANCY_REALM]})
def test_views(self): # create data assigned to different realms realm1_group = utils.get_auth_group(self.request) obj1 = TestModel.objects.create(name='one') child1 = TestChildModel.objects.create(name='child1', parent=obj1) obj1.add_to_realm(self.request) self.assertEqual(obj1.mt.realm, TEST_REALM) user1 = get_user_model().objects.create(username='******') utils.add_user_to_realm(self.request, user1) # change realm self.request.COOKIES[settings.REALM_COOKIE] = TEST_REALM_2 realm2_group = utils.get_auth_group(self.request) self.assertNotEqual(realm1_group, realm2_group) obj2 = TestModel.objects.create(name='two') child2 = TestChildModel.objects.create(name='child2', parent=obj2) obj2.add_to_realm(self.request) self.assertEqual(obj2.mt.realm, TEST_REALM_2) user2 = get_user_model().objects.create(username='******') utils.add_user_to_realm(self.request, user2) # check users realm groups self.assertIn(realm1_group, user1.groups.all()) self.assertIn(realm2_group, user2.groups.all()) self.assertEqual(self.request.user.groups.count(), 0) self.assertNotIn(realm2_group, user1.groups.all()) self.assertNotIn(realm1_group, user2.groups.all()) self.assertEqual(TestModel.objects.count(), 2) self.assertEqual(TestChildModel.objects.count(), 2) self.assertEqual(get_user_model().objects.count(), 3) # check that views only return instances linked to "realm1" url = reverse('testmodel-list') response = self.client.get(url) self.assertEqual(response.client.cookies[settings.REALM_COOKIE].value, TEST_REALM) self.assertEqual(response.status_code, status.HTTP_200_OK, response.content) data = response.json() self.assertEqual(data['count'], 1) # detail endpoint url = reverse('testmodel-detail', kwargs={'pk': obj1.pk}) response = self.client.get(url) self.assertEqual(response.status_code, status.HTTP_200_OK) url = reverse('testchildmodel-detail', kwargs={'pk': child1.pk}) response = self.client.get(url) self.assertEqual(response.status_code, status.HTTP_200_OK) # is-accessible endpoint url = reverse('testmodel-is-accessible', kwargs={'pk': obj1.pk}) response = self.client.head(url) self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) url = reverse('testchildmodel-is-accessible', kwargs={'pk': child1.pk}) response = self.client.head(url) self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) url = reverse('testchildmodel-is-accessible', kwargs={'pk': 99}) response = self.client.head(url) self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) # custom endpoint url = reverse('testmodel-custom-404', kwargs={'pk': obj1.pk}) response = self.client.get(url) self.assertEqual(response.status_code, status.HTTP_200_OK) url = reverse('testchildmodel-custom-403', kwargs={'pk': child1.pk}) response = self.client.get(url) self.assertEqual(response.status_code, status.HTTP_200_OK) url = reverse('testchildmodel-custom-403', kwargs={'pk': 99}) response = self.client.get(url) self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) # users url = reverse('user-list') response = self.client.get(url) data = response.json() # only user1 belongs to TEST_REALM, # user2 belongs to TEST_REALM_2 and # self.request.user belongs to none self.assertEqual(data['count'], 1) self.assertEqual(data['results'][0]['id'], user1.id, data['results'][0]) url = reverse('user-detail', kwargs={'pk': user1.pk}) response = self.client.get(url) self.assertEqual(response.status_code, status.HTTP_200_OK) # linked to another realm "realm2" ************************************* # detail endpoint url = reverse('testmodel-detail', kwargs={'pk': obj2.pk}) response = self.client.get(url) self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) url = reverse('testchildmodel-detail', kwargs={'pk': child2.pk}) response = self.client.get(url) self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) # is-accessible endpoint url = reverse('testmodel-is-accessible', kwargs={'pk': obj2.pk}) response = self.client.head(url) self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) url = reverse('testchildmodel-is-accessible', kwargs={'pk': child2.pk}) response = self.client.head(url) self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) url = reverse('testchildmodel-is-accessible', kwargs={'pk': 99}) response = self.client.head(url) self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) # custom endpoint url = reverse('testmodel-custom-404', kwargs={'pk': obj2.pk}) response = self.client.get(url) self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) url = reverse('testchildmodel-custom-403', kwargs={'pk': child2.pk}) response = self.client.get(url) self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) url = reverse('user-detail', kwargs={'pk': user2.pk}) response = self.client.get(url) self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_serializers(self): obj1 = TestModelSerializer( data={'name': 'a name'}, context={'request': self.request}, ) self.assertTrue(obj1.is_valid(), obj1.errors) # check the user queryset self.assertFalse( utils.check_user_in_realm(self.request, self.request.user)) self.assertEqual(obj1.fields['user'].get_queryset().count(), 0) # we need to add the user to current realm utils.add_user_to_realm(self.request, self.request.user) self.assertTrue( utils.check_user_in_realm(self.request, self.request.user)) self.assertEqual(obj1.fields['user'].get_queryset().count(), 1) self.assertTrue(MtInstance.objects.count() == 0) obj1.save() self.assertTrue(MtInstance.objects.count() > 0) realm1 = MtInstance.objects.first() self.assertEqual(realm1.instance.pk, obj1.data['id']) self.assertEqual(realm1.realm, TEST_REALM) self.assertIn('/testtestmodel/' + str(obj1.data['id']), obj1.data['url']) self.assertIn('/testtestchildmodel/?parent=' + str(obj1.data['id']), obj1.data['children_url']) # update and check user name obj1_upd = TestModelSerializer( TestModel.objects.get(pk=obj1.data['id']), data={'user': self.request.user.pk}, context={'request': self.request}, partial=True, ) self.assertTrue(obj1_upd.is_valid(), obj1_upd.errors) obj1_upd.save() self.assertEqual(obj1_upd.data['uname'], 'John Doe') # create another TestModel instance obj2 = TestModel.objects.create(name='two') self.assertFalse(obj2.is_accessible(TEST_REALM)) child1 = TestChildModelSerializer(context={'request': self.request}) # obj2 is not in the child1 parent queryset self.assertEqual(child1.fields['parent'].get_queryset().count(), 1) self.assertEqual(child1.fields['parent'].get_queryset().first().pk, obj1.data['id']) # try to save a child with the wrong parent child2 = TestChildModelSerializer( data={ 'name': 'child', 'parent': str(obj2.pk) }, context={'request': self.request}, ) self.assertFalse(child2.is_valid(), child2.errors) # { # 'parent': [ # ErrorDetail( # string='Invalid pk "#" - object does not exist.', # code='does_not_exist', # ) # ] # } self.assertEqual(child2.errors['parent'][0].code, 'does_not_exist') self.assertEqual(str(child2.errors['parent'][0]), f'Invalid pk "{obj2.pk}" - object does not exist.')