def test_authenticate_different_passwords(self): '''This test case ensures an exception is raised when passwords do not match.''' creation_time, expiration_time = self._mock_creationexpiration_time() user = User(username="******", password="******") user.session = Mock() return_url = "/test/url" token = Token({ "client_id": self._IDP_CLIENTID, "type": "login", "user_id": user.user_id, "creation_time": creation_time, "expiration_time": expiration_time }) request, user_repo_cls, user_repo, tokens_service_cls, \ tokens_service, clienturl_facade = self._mock_authenticate_dependencies(token, user, return_url) with self.assertRaises(OAuth2AuthenticationError): self._idp_controller.authenticate( request, tokens_service_cls=tokens_service_cls, user_repo_cls=user_repo_cls)
def test_authenticate_invalid_redirecturi(self): '''This test case ensures an exception is raised when the return url query parameter is not accepted by idp.''' creation_time, expiration_time = self._mock_creationexpiration_time() user = User(username="******", password="******") user.session = Mock() return_url = "/test/url?state=xyz" token = Token({"client_id": self._IDP_CLIENTID, "type": "login", "user_id": user.user_id, "creation_time": creation_time, "expiration_time": expiration_time}) request, user_repo_cls, user_repo, tokens_service_cls, \ tokens_service, clienturl_facade = self._mock_authenticate_dependencies(token, user, return_url) clienturl_facade.get_records_paged = Mock(return_value=[]) with self.assertRaises(OAuth2MissingQueryParamError): self._idp_controller.authenticate(request, tokens_service_cls=tokens_service_cls, user_repo_cls=user_repo_cls) return_url = return_url[:return_url.find("?")] clienturl_facade.get_records_paged.assert_called_once_with( start_record=0, end_record=1, filter_expr=ModelFilterAnd( ModelFilter(ClientReturnUrl.client_id, self._IDP_CLIENTID, ModelFilter.EQ), ModelFilter(ClientReturnUrl.return_url, return_url, ModelFilter.EQ)))
def _test_authenticate_encrypt_ex(self, ex): '''This method provides a template test case which allows token encrypt method to raise various exceptions.''' creation_time, expiration_time = self._mock_creationexpiration_time() user = User(username="******", password="******") user.session = Mock() return_url = "/test/url" token = Token({ "client_id": self._IDP_CLIENTID, "type": "login", "user_id": user.user_id, "creation_time": creation_time, "expiration_time": expiration_time }) request, user_repo_cls, user_repo, tokens_service_cls, \ tokens_service, clienturl_facade = self._mock_authenticate_dependencies(token, user, return_url) tokens_service.encrypt = Mock(side_effect=ex) self._idp_controller.authenticate( request, tokens_service_cls=tokens_service_cls, user_repo_cls=user_repo_cls)
def test_authenticate_usernotfound(self): '''This test case ensures a concrete exception is raised when user is not found.''' creation_time, expiration_time = self._mock_creationexpiration_time() user = User(username="******", password="******") user.session = Mock() return_url = "/test/url" token = Token({"client_id": self._IDP_CLIENTID, "type": "login", "user_id": user.user_id, "creation_time": creation_time, "expiration_time": expiration_time}) request, user_repo_cls, user_repo, tokens_service_cls, \ tokens_service, clienturl_facade = self._mock_authenticate_dependencies(token, user, return_url) user_repo.load_by_username = Mock(return_value=None) with self.assertRaises(OAuth2AuthenticationError): self._idp_controller.authenticate(request, tokens_service_cls=tokens_service_cls, user_repo_cls=user_repo_cls) user_repo.load_by_username.assert_called_once_with(user.username)
def test_validate_user_update(self): '''This test case ensures validation works correctly for existing users.''' request = Request.blank("/test", {}) request.method = 'PUT' resource = User(username="******", password="******") resource.user_id = 55 self._test_validate_user_template(resource, request)
def test_validate_user_update(self): '''This test case ensures validation works correctly for existing users.''' request = Request.blank("/test", {}) request.method = 'PUT' resource = User(username="******", password="******") resource.user_id = 55 self._test_validate_user_template(resource, request)
def test_validate_user_missingusername(self): '''This test case ensures an exception is raised if username is attribute is not sent.''' for resource in [ User(), User(username=None), User(username=""), User(username="******") ]: with self.assertRaises(FantasticoRoaError) as ctx: self._validator.validate(resource, Mock()) self.assertTrue( str(ctx.exception).find("username") > -1, "Username not found in exception text.")
def test_authenticate_missing_redirecturi(self): '''This test case ensures an exception is raised when the return url query parameter is missing.''' user = User(username="******", password="******") self._test_authenticate_missing_param( user, None, self._idp_controller.REDIRECT_PARAM)
def test_validate_user_missingpasswd_update(self): '''This test case ensures an exception is raised if passowrd is not present in dictionary when trying to update an existing user.''' request = Request.blank("/test", {}) request.method = "PUT" for resource in [ User(username="******"), User(username="******", password="******") ]: with self.assertRaises(FantasticoRoaError) as ctx: self._validator.validate(resource, request) self.assertTrue( str(ctx.exception).find("password") > -1, "Password not found in exception text.")
def test_init_noargs(self): '''This test case ensures an user can be instantiated without arguments.''' user = User() self.assertIsNone(user.username) self.assertIsNone(user.password) self.assertIsNone(user.person_id)
def _test_authenticate_ok(self, return_url, expected_url): '''This method provides a template test case for ensuring authenticate succeeds for various return_url values.''' user = User(username="******", password="******", person_id=1) user.user_id = 123 creation_time, expiration_time = self._mock_creationexpiration_time() token = Token({ "client_id": self._IDP_CLIENTID, "type": "login", "user_id": user.user_id, "creation_time": creation_time, "expiration_time": expiration_time }) request, user_repo_cls, user_repo, tokens_service_cls, \ tokens_service, clienturl_facade = self._mock_authenticate_dependencies(token, user, return_url) response = self._idp_controller.authenticate( request, tokens_service_cls=tokens_service_cls, user_repo_cls=user_repo_cls) self.assertIsNotNone(response) self.assertEqual(302, response.status_code) location = response.headers.get("Location") self.assertEqual(expected_url, location) user_repo.load_by_username.assert_called_once_with(user.username) self._hasher.hash_password.assert_called_once_with( user.password, DictionaryObject({"salt": user.user_id})) tokens_service_cls.assert_called_once_with(clienturl_facade.session) tokens_service.generate.assert_called_once_with( { "client_id": self._IDP_CLIENTID, "user_id": user.user_id, "expires_in": self._EXPIRES_IN }, TokenGeneratorFactory.LOGIN_TOKEN) tokens_service.encrypt.assert_called_once_with(token, token.client_id)
def test_validate_user_new(self): '''This test case ensures validation works correctly when the user is new (user_id is not known) - POST.''' request = Request.blank("/test", {}) request.method = 'POST' resource = User(username="******", password="******") self._test_validate_user_template(resource, request)
def test_init_with_args(self): '''This test case ensures an user can be instantiated with arguments.''' username = "******" password = "******" person_id = 1 user = User(username, password, person_id) self.assertEqual(username, user.username) self.assertEqual(password, user.password) self.assertEqual(person_id, user.person_id)
def _test_authenticate_encrypt_ex(self, ex): '''This method provides a template test case which allows token encrypt method to raise various exceptions.''' creation_time, expiration_time = self._mock_creationexpiration_time() user = User(username="******", password="******") user.session = Mock() return_url = "/test/url" token = Token({"client_id": self._IDP_CLIENTID, "type": "login", "user_id": user.user_id, "creation_time": creation_time, "expiration_time": expiration_time}) request, user_repo_cls, user_repo, tokens_service_cls, \ tokens_service, clienturl_facade = self._mock_authenticate_dependencies(token, user, return_url) tokens_service.encrypt = Mock(side_effect=ex) self._idp_controller.authenticate(request, tokens_service_cls=tokens_service_cls, user_repo_cls=user_repo_cls)
def test_authenticate_invalid_redirecturi(self): '''This test case ensures an exception is raised when the return url query parameter is not accepted by idp.''' creation_time, expiration_time = self._mock_creationexpiration_time() user = User(username="******", password="******") user.session = Mock() return_url = "/test/url?state=xyz" token = Token({ "client_id": self._IDP_CLIENTID, "type": "login", "user_id": user.user_id, "creation_time": creation_time, "expiration_time": expiration_time }) request, user_repo_cls, user_repo, tokens_service_cls, \ tokens_service, clienturl_facade = self._mock_authenticate_dependencies(token, user, return_url) clienturl_facade.get_records_paged = Mock(return_value=[]) with self.assertRaises(OAuth2MissingQueryParamError): self._idp_controller.authenticate( request, tokens_service_cls=tokens_service_cls, user_repo_cls=user_repo_cls) return_url = return_url[:return_url.find("?")] clienturl_facade.get_records_paged.assert_called_once_with( start_record=0, end_record=1, filter_expr=ModelFilterAnd( ModelFilter(ClientReturnUrl.client_id, self._IDP_CLIENTID, ModelFilter.EQ), ModelFilter(ClientReturnUrl.return_url, return_url, ModelFilter.EQ)))
def test_validate_user_usernamenotemail(self): '''This test case ensures an exception is raised if username attribute is not a valid email address.''' resource = User(username="******") with self.assertRaises(FantasticoRoaError) as ctx: self._validator.validate(resource, Mock()) msg = str(ctx.exception) self.assertTrue( msg.find("username") > -1, "Username not found in exception text.") self.assertTrue( msg.find("email") > -1, "Email not found in exception text.")
def _test_authenticate_ok(self, return_url, expected_url): '''This method provides a template test case for ensuring authenticate succeeds for various return_url values.''' user = User(username="******", password="******", person_id=1) user.user_id = 123 creation_time, expiration_time = self._mock_creationexpiration_time() token = Token({"client_id": self._IDP_CLIENTID, "type": "login", "user_id": user.user_id, "creation_time": creation_time, "expiration_time": expiration_time}) request, user_repo_cls, user_repo, tokens_service_cls, \ tokens_service, clienturl_facade = self._mock_authenticate_dependencies(token, user, return_url) response = self._idp_controller.authenticate(request, tokens_service_cls=tokens_service_cls, user_repo_cls=user_repo_cls) self.assertIsNotNone(response) self.assertEqual(302, response.status_code) location = response.headers.get("Location") self.assertEqual(expected_url, location) user_repo.load_by_username.assert_called_once_with(user.username) self._hasher.hash_password.assert_called_once_with(user.password, DictionaryObject({"salt": user.user_id})) tokens_service_cls.assert_called_once_with(clienturl_facade.session) tokens_service.generate.assert_called_once_with({"client_id": self._IDP_CLIENTID, "user_id": user.user_id, "expires_in": self._EXPIRES_IN}, TokenGeneratorFactory.LOGIN_TOKEN) tokens_service.encrypt.assert_called_once_with(token, token.client_id)
def test_validate_personid_error(self): '''This test case ensures that an exception is raised if for create / update operations body contains person id.''' request = Request.blank("/test", {}) for method in ["POST", "PUT"]: resource = User(username="******", password="******", person_id=5) request.method = method with self.assertRaises(FantasticoRoaError) as ctx: self._validator.validate(resource, request) self.assertTrue(str(ctx.exception).find("person_id") > -1)
def test_load_by_username(self): '''This test case ensures a user can be loaded by username.''' user = User(username="******", password="******", person_id=1) self._user_facade.get_records_paged = Mock(return_value=[user]) result = self._repo.load_by_username(user.username) self.assertEqual(user, result) self._user_facade.get_records_paged.assert_called_once_with( start_record=0, end_record=1, filter_expr=ModelFilter(User.username, user.username, ModelFilter.EQ))
def _test_validate_owned_by_user(self, resource, user_id, person_id): '''This method provides a template for testing validation for scenarios where resource belongs / does not belong to expected user.''' token = Token({"user_id": user_id, "scopes": []}) request = Mock() request.request_id = 1 request.context = Mock() request.context.security = SecurityContext(token) self._model_facade.find_by_pk = Mock(return_value=User(person_id=1)) self._validator.validate(resource, request, person_id) self._conn_manager.get_connection.assert_called_once_with( request.request_id) self._model_facade_cls.assert_called_once_with(User, self._db_conn) self._model_facade.find_by_pk.assert_called_once_with( {User.user_id: token.user_id})
def test_authenticate_missing_password(self): '''This test case ensures an exception is raised when the password is not posted.''' user = User(username="******") self._test_authenticate_missing_param(user, None, "password")
def test_authenticate_missing_username(self): '''This test case ensures an exception is raised when the username is not posted.''' user = User() self._test_authenticate_missing_param(user, None, "username")