def test_authenticate_different_passwords(self):
'''This test case ensures an exception is raised when passwords do not match.'''
creation_time, expiration_time = self._mock_creationexpiration_time()
user = User(username="******", password="******")
user.session = Mock()
return_url = "/test/url"
token = Token({
"client_id": self._IDP_CLIENTID,
"type": "login",
"user_id": user.user_id,
"creation_time": creation_time,
"expiration_time": expiration_time
})
request, user_repo_cls, user_repo, tokens_service_cls, \
tokens_service, clienturl_facade = self._mock_authenticate_dependencies(token, user, return_url)
with self.assertRaises(OAuth2AuthenticationError):
self._idp_controller.authenticate(
request,
tokens_service_cls=tokens_service_cls,
user_repo_cls=user_repo_cls)
def test_authenticate_invalid_redirecturi(self):
'''This test case ensures an exception is raised when the return url query parameter is not accepted by idp.'''
creation_time, expiration_time = self._mock_creationexpiration_time()
user = User(username="******", password="******")
user.session = Mock()
return_url = "/test/url?state=xyz"
token = Token({"client_id": self._IDP_CLIENTID,
"type": "login",
"user_id": user.user_id,
"creation_time": creation_time,
"expiration_time": expiration_time})
request, user_repo_cls, user_repo, tokens_service_cls, \
tokens_service, clienturl_facade = self._mock_authenticate_dependencies(token, user, return_url)
clienturl_facade.get_records_paged = Mock(return_value=[])
with self.assertRaises(OAuth2MissingQueryParamError):
self._idp_controller.authenticate(request, tokens_service_cls=tokens_service_cls, user_repo_cls=user_repo_cls)
return_url = return_url[:return_url.find("?")]
clienturl_facade.get_records_paged.assert_called_once_with(
start_record=0, end_record=1,
filter_expr=ModelFilterAnd(
ModelFilter(ClientReturnUrl.client_id, self._IDP_CLIENTID, ModelFilter.EQ),
ModelFilter(ClientReturnUrl.return_url, return_url, ModelFilter.EQ)))
def _test_authenticate_encrypt_ex(self, ex):
'''This method provides a template test case which allows token encrypt method to raise various exceptions.'''
creation_time, expiration_time = self._mock_creationexpiration_time()
user = User(username="******", password="******")
user.session = Mock()
return_url = "/test/url"
token = Token({
"client_id": self._IDP_CLIENTID,
"type": "login",
"user_id": user.user_id,
"creation_time": creation_time,
"expiration_time": expiration_time
})
request, user_repo_cls, user_repo, tokens_service_cls, \
tokens_service, clienturl_facade = self._mock_authenticate_dependencies(token, user, return_url)
tokens_service.encrypt = Mock(side_effect=ex)
self._idp_controller.authenticate(
request,
tokens_service_cls=tokens_service_cls,
user_repo_cls=user_repo_cls)
def test_authenticate_usernotfound(self):
'''This test case ensures a concrete exception is raised when user is not found.'''
creation_time, expiration_time = self._mock_creationexpiration_time()
user = User(username="******", password="******")
user.session = Mock()
return_url = "/test/url"
token = Token({"client_id": self._IDP_CLIENTID,
"type": "login",
"user_id": user.user_id,
"creation_time": creation_time,
"expiration_time": expiration_time})
request, user_repo_cls, user_repo, tokens_service_cls, \
tokens_service, clienturl_facade = self._mock_authenticate_dependencies(token, user, return_url)
user_repo.load_by_username = Mock(return_value=None)
with self.assertRaises(OAuth2AuthenticationError):
self._idp_controller.authenticate(request, tokens_service_cls=tokens_service_cls, user_repo_cls=user_repo_cls)
user_repo.load_by_username.assert_called_once_with(user.username)
def test_validate_user_update(self):
'''This test case ensures validation works correctly for existing users.'''
request = Request.blank("/test", {})
request.method = 'PUT'
resource = User(username="******", password="******")
resource.user_id = 55
self._test_validate_user_template(resource, request)
def test_validate_user_update(self):
'''This test case ensures validation works correctly for existing users.'''
request = Request.blank("/test", {})
request.method = 'PUT'
resource = User(username="******", password="******")
resource.user_id = 55
self._test_validate_user_template(resource, request)
def test_validate_user_missingusername(self):
'''This test case ensures an exception is raised if username is attribute is not sent.'''
for resource in [
User(),
User(username=None),
User(username=""),
User(username="******")
]:
with self.assertRaises(FantasticoRoaError) as ctx:
self._validator.validate(resource, Mock())
self.assertTrue(
str(ctx.exception).find("username") > -1,
"Username not found in exception text.")
def test_authenticate_missing_redirecturi(self):
'''This test case ensures an exception is raised when the return url query parameter is missing.'''
user = User(username="******", password="******")
self._test_authenticate_missing_param(
user, None, self._idp_controller.REDIRECT_PARAM)
def test_validate_user_missingpasswd_update(self):
'''This test case ensures an exception is raised if passowrd is not present in dictionary when trying to update
an existing user.'''
request = Request.blank("/test", {})
request.method = "PUT"
for resource in [
User(username="******"),
User(username="******", password="******")
]:
with self.assertRaises(FantasticoRoaError) as ctx:
self._validator.validate(resource, request)
self.assertTrue(
str(ctx.exception).find("password") > -1,
"Password not found in exception text.")
def test_init_noargs(self):
'''This test case ensures an user can be instantiated without arguments.'''
user = User()
self.assertIsNone(user.username)
self.assertIsNone(user.password)
self.assertIsNone(user.person_id)
def _test_authenticate_ok(self, return_url, expected_url):
'''This method provides a template test case for ensuring authenticate succeeds for various return_url values.'''
user = User(username="******",
password="******",
person_id=1)
user.user_id = 123
creation_time, expiration_time = self._mock_creationexpiration_time()
token = Token({
"client_id": self._IDP_CLIENTID,
"type": "login",
"user_id": user.user_id,
"creation_time": creation_time,
"expiration_time": expiration_time
})
request, user_repo_cls, user_repo, tokens_service_cls, \
tokens_service, clienturl_facade = self._mock_authenticate_dependencies(token, user, return_url)
response = self._idp_controller.authenticate(
request,
tokens_service_cls=tokens_service_cls,
user_repo_cls=user_repo_cls)
self.assertIsNotNone(response)
self.assertEqual(302, response.status_code)
location = response.headers.get("Location")
self.assertEqual(expected_url, location)
user_repo.load_by_username.assert_called_once_with(user.username)
self._hasher.hash_password.assert_called_once_with(
user.password, DictionaryObject({"salt": user.user_id}))
tokens_service_cls.assert_called_once_with(clienturl_facade.session)
tokens_service.generate.assert_called_once_with(
{
"client_id": self._IDP_CLIENTID,
"user_id": user.user_id,
"expires_in": self._EXPIRES_IN
}, TokenGeneratorFactory.LOGIN_TOKEN)
tokens_service.encrypt.assert_called_once_with(token, token.client_id)
def test_validate_user_new(self):
'''This test case ensures validation works correctly when the user is new (user_id is not known) - POST.'''
request = Request.blank("/test", {})
request.method = 'POST'
resource = User(username="******", password="******")
self._test_validate_user_template(resource, request)
def test_init_with_args(self):
'''This test case ensures an user can be instantiated with arguments.'''
username = "******"
password = "******"
person_id = 1
user = User(username, password, person_id)
self.assertEqual(username, user.username)
self.assertEqual(password, user.password)
self.assertEqual(person_id, user.person_id)
def _test_authenticate_encrypt_ex(self, ex):
'''This method provides a template test case which allows token encrypt method to raise various exceptions.'''
creation_time, expiration_time = self._mock_creationexpiration_time()
user = User(username="******", password="******")
user.session = Mock()
return_url = "/test/url"
token = Token({"client_id": self._IDP_CLIENTID,
"type": "login",
"user_id": user.user_id,
"creation_time": creation_time,
"expiration_time": expiration_time})
request, user_repo_cls, user_repo, tokens_service_cls, \
tokens_service, clienturl_facade = self._mock_authenticate_dependencies(token, user, return_url)
tokens_service.encrypt = Mock(side_effect=ex)
self._idp_controller.authenticate(request, tokens_service_cls=tokens_service_cls, user_repo_cls=user_repo_cls)
def test_authenticate_invalid_redirecturi(self):
'''This test case ensures an exception is raised when the return url query parameter is not accepted by idp.'''
creation_time, expiration_time = self._mock_creationexpiration_time()
user = User(username="******", password="******")
user.session = Mock()
return_url = "/test/url?state=xyz"
token = Token({
"client_id": self._IDP_CLIENTID,
"type": "login",
"user_id": user.user_id,
"creation_time": creation_time,
"expiration_time": expiration_time
})
request, user_repo_cls, user_repo, tokens_service_cls, \
tokens_service, clienturl_facade = self._mock_authenticate_dependencies(token, user, return_url)
clienturl_facade.get_records_paged = Mock(return_value=[])
with self.assertRaises(OAuth2MissingQueryParamError):
self._idp_controller.authenticate(
request,
tokens_service_cls=tokens_service_cls,
user_repo_cls=user_repo_cls)
return_url = return_url[:return_url.find("?")]
clienturl_facade.get_records_paged.assert_called_once_with(
start_record=0,
end_record=1,
filter_expr=ModelFilterAnd(
ModelFilter(ClientReturnUrl.client_id, self._IDP_CLIENTID,
ModelFilter.EQ),
ModelFilter(ClientReturnUrl.return_url, return_url,
ModelFilter.EQ)))
def test_validate_user_usernamenotemail(self):
'''This test case ensures an exception is raised if username attribute is not a valid email address.'''
resource = User(username="******")
with self.assertRaises(FantasticoRoaError) as ctx:
self._validator.validate(resource, Mock())
msg = str(ctx.exception)
self.assertTrue(
msg.find("username") > -1, "Username not found in exception text.")
self.assertTrue(
msg.find("email") > -1, "Email not found in exception text.")
def _test_authenticate_ok(self, return_url, expected_url):
'''This method provides a template test case for ensuring authenticate succeeds for various return_url values.'''
user = User(username="******",
password="******",
person_id=1)
user.user_id = 123
creation_time, expiration_time = self._mock_creationexpiration_time()
token = Token({"client_id": self._IDP_CLIENTID,
"type": "login",
"user_id": user.user_id,
"creation_time": creation_time,
"expiration_time": expiration_time})
request, user_repo_cls, user_repo, tokens_service_cls, \
tokens_service, clienturl_facade = self._mock_authenticate_dependencies(token, user, return_url)
response = self._idp_controller.authenticate(request, tokens_service_cls=tokens_service_cls,
user_repo_cls=user_repo_cls)
self.assertIsNotNone(response)
self.assertEqual(302, response.status_code)
location = response.headers.get("Location")
self.assertEqual(expected_url, location)
user_repo.load_by_username.assert_called_once_with(user.username)
self._hasher.hash_password.assert_called_once_with(user.password, DictionaryObject({"salt": user.user_id}))
tokens_service_cls.assert_called_once_with(clienturl_facade.session)
tokens_service.generate.assert_called_once_with({"client_id": self._IDP_CLIENTID,
"user_id": user.user_id,
"expires_in": self._EXPIRES_IN}, TokenGeneratorFactory.LOGIN_TOKEN)
tokens_service.encrypt.assert_called_once_with(token, token.client_id)
def test_validate_personid_error(self):
'''This test case ensures that an exception is raised if for create / update operations body contains person id.'''
request = Request.blank("/test", {})
for method in ["POST", "PUT"]:
resource = User(username="******",
password="******",
person_id=5)
request.method = method
with self.assertRaises(FantasticoRoaError) as ctx:
self._validator.validate(resource, request)
self.assertTrue(str(ctx.exception).find("person_id") > -1)
def test_load_by_username(self):
'''This test case ensures a user can be loaded by username.'''
user = User(username="******",
password="******",
person_id=1)
self._user_facade.get_records_paged = Mock(return_value=[user])
result = self._repo.load_by_username(user.username)
self.assertEqual(user, result)
self._user_facade.get_records_paged.assert_called_once_with(
start_record=0,
end_record=1,
filter_expr=ModelFilter(User.username, user.username,
ModelFilter.EQ))
def _test_validate_owned_by_user(self, resource, user_id, person_id):
'''This method provides a template for testing validation for scenarios where resource belongs / does not belong to
expected user.'''
token = Token({"user_id": user_id, "scopes": []})
request = Mock()
request.request_id = 1
request.context = Mock()
request.context.security = SecurityContext(token)
self._model_facade.find_by_pk = Mock(return_value=User(person_id=1))
self._validator.validate(resource, request, person_id)
self._conn_manager.get_connection.assert_called_once_with(
request.request_id)
self._model_facade_cls.assert_called_once_with(User, self._db_conn)
self._model_facade.find_by_pk.assert_called_once_with(
{User.user_id: token.user_id})
def test_authenticate_missing_password(self):
'''This test case ensures an exception is raised when the password is not posted.'''
user = User(username="******")
self._test_authenticate_missing_param(user, None, "password")
def test_authenticate_missing_username(self):
'''This test case ensures an exception is raised when the username is not posted.'''
user = User()
self._test_authenticate_missing_param(user, None, "username")
