def test_authdata_token_credential_lookup_success(self): # Create an authdata token Credential for Bob. now = datetime.datetime.utcnow() token, ignore = Credential.persistent_token_create( self._db, self.data_source, self.model.AUTHDATA_TOKEN_TYPE, self.bob_patron) # The token is persistent. eq_(None, token.expires) # Use that token to perform a lookup of Bob's Adobe Vendor ID # UUID. urn, label = self.model.authdata_lookup(token.credential) # There is now an anonymized identifier associated with Bob's # patron account. internal = DataSource.lookup(self._db, DataSource.INTERNAL_PROCESSING) bob_anonymized_identifier = Credential.lookup( self._db, internal, AuthdataUtility.ADOBE_ACCOUNT_ID_PATRON_IDENTIFIER, self.bob_patron, None) # That anonymized identifier is associated with a # DelegatedPatronIdentifier whose delegated_identifier is a # UUID. [bob_delegated_patron_identifier ] = self._db.query(DelegatedPatronIdentifier).filter( DelegatedPatronIdentifier.patron_identifier == bob_anonymized_identifier.credential).all() # That UUID is the one returned by authdata_lookup. eq_(urn, bob_delegated_patron_identifier.delegated_identifier)
def test_authdata_lookup_failure_wrong_token(self): # Bob has an authdata token. token, ignore = Credential.persistent_token_create( self._db, self.data_source, self.model.AUTHDATA_TOKEN_TYPE, self.bob_patron) # But we look up a different token and get nothing. urn, label = self.model.authdata_lookup("nosuchauthdata") eq_(None, urn) eq_(None, label)
def test_smuggled_authdata_credential_success(self): # Bob's client has created a persistent token to authenticate him. now = datetime.datetime.utcnow() token, ignore = Credential.persistent_token_create( self._db, self.data_source, self.model.AUTHDATA_TOKEN_TYPE, self.bob_patron ) # But Bob's client can't trigger the operation that will cause # Adobe to authenticate him via that token, so it passes in # the token credential as the 'username' and leaves the # password blank. urn, label = self.model.standard_lookup( dict(username=token.credential) ) # There is now an anonymized identifier associated with Bob's # patron account. internal = DataSource.lookup(self._db, DataSource.INTERNAL_PROCESSING) bob_anonymized_identifier = Credential.lookup( self._db, internal, AuthdataUtility.ADOBE_ACCOUNT_ID_PATRON_IDENTIFIER, self.bob_patron, None ) # That anonymized identifier is associated with a # DelegatedPatronIdentifier whose delegated_identifier is a # UUID. [bob_delegated_patron_identifier] = self._db.query( DelegatedPatronIdentifier).filter( DelegatedPatronIdentifier.patron_identifier ==bob_anonymized_identifier.credential ).all() # That UUID is the one returned by standard_lookup. eq_(urn, bob_delegated_patron_identifier.delegated_identifier) # A future attempt to authenticate with the token will succeed. urn, label = self.model.standard_lookup( dict(username=token.credential) ) eq_(urn, bob_delegated_patron_identifier.delegated_identifier)
def create_authdata(self, patron): credential, is_new = Credential.persistent_token_create( self._db, self.data_source, self.AUTHDATA_TOKEN_TYPE, patron) return credential