def test_does_need_refresh(self): external_account = ExternalAccountFactory( provider='mock2', provider_id='mock_provider_id', provider_name='Mock Provider', oauth_key='old_key', oauth_secret='old_secret', expires_at=datetime.utcfromtimestamp(time.time() - 200).replace(tzinfo=pytz.utc), ) # mock a successful call to the provider to refresh tokens responses.add( responses.Response( responses.POST, self.provider.auto_refresh_url, body=json.dumps({ 'access_token': 'refreshed_access_token', 'expires_in': 3600, 'refresh_token': 'refreshed_refresh_token' }) ) ) old_expiry = external_account.expires_at self.provider.account = external_account self.provider.refresh_oauth_key(force=False) external_account.reload() assert_equal(external_account.oauth_key, 'refreshed_access_token') assert_equal(external_account.refresh_token, 'refreshed_refresh_token') assert_not_equal(external_account.expires_at, old_expiry) assert_true(external_account.expires_at > old_expiry)
def test_does_not_need_refresh(self): self.provider.refresh_time = 1 external_account = ExternalAccountFactory( provider='mock2', provider_id='mock_provider_id', provider_name='Mock Provider', oauth_key='old_key', oauth_secret='old_secret', refresh_token='old_refresh', expires_at=datetime.utcfromtimestamp(time.time() + 200).replace(tzinfo=pytz.utc), ) # mock a successful call to the provider to refresh tokens httpretty.register_uri( httpretty.POST, self.provider.auto_refresh_url, body=json.dumps({ 'err_msg': 'Should not be hit' }), status=500 ) # .reload() has the side effect of rounding the microsends down to 3 significant figures # (e.g. DT(YMDHMS, 365420) becomes DT(YMDHMS, 365000)), # but must occur after possible refresh to reload tokens. # Doing so before allows the `old_expiry == EA.expires_at` comparison to work. external_account.reload() old_expiry = external_account.expires_at self.provider.account = external_account self.provider.refresh_oauth_key(force=False) external_account.reload() assert_equal(external_account.oauth_key, 'old_key') assert_equal(external_account.refresh_token, 'old_refresh') assert_equal(external_account.expires_at, old_expiry)
def setUp(self): super(TestCallbackView, self).setUp() self.user = AuthUserFactory() self.external_account = ExternalAccountFactory() self.institution = InstitutionFactory() self.provider = MockOAuth2Provider(self.external_account) self.user.affiliated_institutions.add(self.institution) app = flask.Flask(__name__) make_url_map(app) app.config['SECRET_KEY'] = 'aaaaa' self.ctx = app.test_request_context() self.ctx.push() self.request = RequestFactory().get('/fake_path') add_session_to_request(self.request) self.view0 = views.ConnectView() self.view0 = setup_user_view(self.view0, self.request, user=self.user) self.view0.kwargs = { 'addon_name': self.external_account.provider, 'institution_id': self.institution.id, } self.view = views.CallbackView() self.view = setup_user_view(self.view, self.request, user=self.user) self.view.kwargs = { 'addon_name': self.external_account.provider, 'institution_id': self.institution.id, }
def test_does_need_refresh(self): external_account = ExternalAccountFactory( provider='mock2', provider_id='mock_provider_id', provider_name='Mock Provider', oauth_key='old_key', oauth_secret='old_secret', expires_at=datetime.utcfromtimestamp(time.time() - 200).replace(tzinfo=pytz.utc), ) # mock a successful call to the provider to refresh tokens httpretty.register_uri(httpretty.POST, self.provider.auto_refresh_url, body=json.dumps({ 'access_token': 'refreshed_access_token', 'expires_in': 3600, 'refresh_token': 'refreshed_refresh_token' })) old_expiry = external_account.expires_at self.provider.account = external_account self.provider.refresh_oauth_key(force=False) external_account.reload() assert_equal(external_account.oauth_key, 'refreshed_access_token') assert_equal(external_account.refresh_token, 'refreshed_refresh_token') assert_not_equal(external_account.expires_at, old_expiry) assert_true(external_account.expires_at > old_expiry)
def test_multiple_users_associated(self): # Create only one ExternalAccount for multiple OSF users # # For some providers (ex: GitHub), the act of completing the OAuth flow # revokes previously generated credentials. In addition, there is often no # way to know the user's id on the external service until after the flow # has completed. # # Having only one ExternalAccount instance per account on the external # service means that connecting subsequent OSF users to the same external # account will not invalidate the credentials used by the OSF for users # already associated. user_a = UserFactory() external_account = ExternalAccountFactory( provider='mock2', provider_id='mock_provider_id', provider_name='Mock Provider', ) user_a.external_accounts.add(external_account) user_a.save() user_b = UserFactory() # Mock the exchange of the code for an access token _prepare_mock_oauth2_handshake_response() # Fake a request context for the callback with self.app.app.test_request_context( path="/oauth/callback/mock2/", query_string="code=mock_code&state=mock_state" ) as ctx: # make sure the user is logged in authenticate(user=user_b, access_token=None, response=None) session.data['oauth_states'] = { self.provider.short_name: { 'state': 'mock_state', }, } session.save() # do the key exchange self.provider.auth_callback(user=user_b) user_a.reload() user_b.reload() external_account.reload() assert_equal( list(user_a.external_accounts.values_list('pk', flat=True)), list(user_b.external_accounts.values_list('pk', flat=True)), ) assert_equal( ExternalAccount.objects.all().count(), 1 )
def test_multiple_users_associated(self): # Create only one ExternalAccount for multiple OSF users # # For some providers (ex: GitHub), the act of completing the OAuth flow # revokes previously generated credentials. In addition, there is often no # way to know the user's id on the external service until after the flow # has completed. # # Having only one ExternalAccount instance per account on the external # service means that connecting subsequent OSF users to the same external # account will not invalidate the credentials used by the OSF for users # already associated. user_a = UserFactory() external_account = ExternalAccountFactory( provider='mock2', provider_id='mock_provider_id', provider_name='Mock Provider', ) user_a.external_accounts.add(external_account) user_a.save() user_b = UserFactory() # Mock the exchange of the code for an access token _prepare_mock_oauth2_handshake_response() # Fake a request context for the callback with self.app.app.test_request_context( path="/oauth/callback/mock2/", query_string="code=mock_code&state=mock_state" ) as ctx: # make sure the user is logged in authenticate(user=user_b, access_token=None, response=None) session.data['oauth_states'] = { self.provider.short_name: { 'state': 'mock_state', }, } session.save() # do the key exchange self.provider.auth_callback(user=user_b) user_a.reload() user_b.reload() external_account.reload() assert_equal( list(user_a.external_accounts.values_list('pk', flat=True)), list(user_b.external_accounts.values_list('pk', flat=True)), ) assert_equal( ExternalAccount.find().count(), 1 )
class TestNoInstitutionAddonAllowView(AdminTestCase): def setUp(self): super(TestNoInstitutionAddonAllowView, self).setUp() self.user = AuthUserFactory() self.external_account = ExternalAccountFactory() self.rdm_addon_option = rdm_addon_factories.RdmAddonNoInstitutionFactoryOption( ) self.rdm_addon_option.external_accounts.add(self.external_account) self.rdm_addon_option.save() self.user.external_accounts.add(self.external_account) self.user.save() self.request = RequestFactory().get('/fake_path') self.view = views.AddonAllowView() self.view = setup_user_view(self.view, self.request, user=self.user) self.view.kwargs = { 'addon_name': self.rdm_addon_option.provider, 'institution_id': MAGIC_INSTITUTION_ID, 'allowed': '1', } def tearDown(self): super(TestNoInstitutionAddonAllowView, self).tearDown() if self.user.external_accounts.filter( pk=self.external_account.id).exists(): self.user.external_accounts.remove(self.external_account) self.user.delete() self.rdm_addon_option.external_accounts.remove(self.external_account) self.rdm_addon_option.delete() self.external_account.delete() def test_super_admin_login(self): """test superuser login""" self.request.user.is_active = True self.request.user.is_registered = True self.request.user.is_superuser = True nt.assert_true(self.view.test_func()) def test_get(self, *args, **kwargs): rdm_addon_option = utils.get_rdm_addon_option( MAGIC_INSTITUTION_ID, self.view.kwargs['addon_name']) nt.assert_true(rdm_addon_option.is_allowed) nt.assert_equal(rdm_addon_option.provider, self.view.kwargs['addon_name']) def test_get_disallowed(self, *args, **kwargs): self.view.kwargs['allowed'] = False self.view.get(self.request, *args, **self.view.kwargs) rdm_addon_option = utils.get_rdm_addon_option( MAGIC_INSTITUTION_ID, self.view.kwargs['addon_name']) nt.assert_equal(rdm_addon_option.is_allowed, False) nt.assert_equal(rdm_addon_option.provider, self.view.kwargs['addon_name']) nt.assert_equal( self.user.external_accounts.filter( pk=self.external_account.id).exists(), False)
def test_callback_wrong_user(self): # Reject temporary credentials not assigned to the user # # This prohibits users from associating their external account with # another user's OSF account by using XSS or similar attack vector to # complete the OAuth flow using the logged-in user but their own account # on the external service. # # If the OSF were to allow login via OAuth with the provider in question, # this would allow attackers to hijack OSF accounts with a simple script # injection. # mock a successful call to the provider to exchange temp keys for # permanent keys responses.add( responses.Response( responses.POST, 'http://mock1a.com/callback', body='oauth_token=perm_token' '&oauth_token_secret=perm_secret' '&oauth_callback_confirmed=true', ) ) user = UserFactory() account = ExternalAccountFactory( provider='mock1a', provider_name='Mock 1A', oauth_key='temp_key', oauth_secret='temp_secret' ) account.save() # associate this ExternalAccount instance with the user user.external_accounts.add(account) user.save() malicious_user = UserFactory() # Fake a request context for the callback with self.app.app.test_request_context( path='/oauth/callback/mock1a/', query_string='oauth_token=temp_key&oauth_verifier=mock_verifier' ): # make sure the user is logged in authenticate(user=malicious_user, access_token=None, response=None) with assert_raises(PermissionsError): # do the key exchange self.provider.auth_callback(user=malicious_user)
def test_callback_wrong_user(self): # Reject temporary credentials not assigned to the user # # This prohibits users from associating their external account with # another user's OSF account by using XSS or similar attack vector to # complete the OAuth flow using the logged-in user but their own account # on the external service. # # If the OSF were to allow login via OAuth with the provider in question, # this would allow attackers to hijack OSF accounts with a simple script # injection. # mock a successful call to the provider to exchange temp keys for # permanent keys responses.add( responses.Response( responses.POST, 'http://mock1a.com/callback', body='oauth_token=perm_token' '&oauth_token_secret=perm_secret' '&oauth_callback_confirmed=true', ) ) user = UserFactory() account = ExternalAccountFactory( provider="mock1a", provider_name='Mock 1A', oauth_key="temp_key", oauth_secret="temp_secret" ) account.save() # associate this ExternalAccount instance with the user user.external_accounts.add(account) user.save() malicious_user = UserFactory() # Fake a request context for the callback with self.app.app.test_request_context( path="/oauth/callback/mock1a/", query_string="oauth_token=temp_key&oauth_verifier=mock_verifier" ): # make sure the user is logged in authenticate(user=malicious_user, access_token=None, response=None) with assert_raises(PermissionsError): # do the key exchange self.provider.auth_callback(user=malicious_user)
def test_refresh_with_broken_provider(self): external_account = ExternalAccountFactory( provider='mock2', provider_id='mock_provider_id', provider_name='Mock Provider', oauth_key='old_key', oauth_secret='old_secret', expires_at=datetime.utcfromtimestamp(time.time() - 200).replace(tzinfo=pytz.utc) ) self.provider.client_id = None self.provider.client_secret = None self.provider.account = external_account # mock a successful call to the provider to refresh tokens httpretty.register_uri( httpretty.POST, self.provider.auto_refresh_url, body=json.dumps({ 'err_msg': 'Should not be hit' }), status=500 ) ret = self.provider.refresh_oauth_key(force=False) assert_false(ret)
def test_force_refresh_with_expired_credentials(self): external_account = ExternalAccountFactory( provider='mock2', provider_id='mock_provider_id', provider_name='Mock Provider', oauth_key='old_key', oauth_secret='old_secret', expires_at=datetime.utcfromtimestamp(time.time() - 10000).replace(tzinfo=pytz.utc) # Causes has_expired_credentials to be True ) self.provider.account = external_account # mock a failing call to the provider to refresh tokens responses.add( responses.Response( responses.POST, self.provider.auto_refresh_url, body=json.dumps({ 'error': 'invalid_grant', }), status=401 ) ) with assert_raises(OAuth2Error): self.provider.refresh_oauth_key(force=True)
def test_refresh_with_expired_credentials(self): external_account = ExternalAccountFactory( provider='mock2', provider_id='mock_provider_id', provider_name='Mock Provider', oauth_key='old_key', oauth_secret='old_secret', expires_at=datetime.utcfromtimestamp(time.time() - 10000).replace(tzinfo=pytz.utc) # Causes has_expired_credentials to be True ) self.provider.account = external_account # mock a successful call to the provider to refresh tokens responses.add( responses.Response( responses.POST, self.provider.auto_refresh_url, body=json.dumps({ 'err': 'Should not be hit' }), status=500 ) ) ret = self.provider.refresh_oauth_key(force=False) assert_false(ret)
def setUp(self): super(TestConnectView, self).setUp() self.user = AuthUserFactory() self.external_account = ExternalAccountFactory() self.institution = InstitutionFactory() self.user.affiliated_institutions.add(self.institution) self.provider = MockOAuth2Provider(self.external_account) self.request = RequestFactory().get('/fake_path') add_session_to_request(self.request) self.view = views.ConnectView() self.view = setup_user_view(self.view, self.request, user=self.user) self.view.kwargs = { 'addon_name': self.external_account.provider, 'institution_id': self.institution.id, }
def setUp(self): super(TestNoInstitutionAddonForceView, self).setUp() self.user = AuthUserFactory() self.external_account = ExternalAccountFactory() self.rdm_addon_option = rdm_addon_factories.RdmAddonNoInstitutionFactoryOption( ) self.rdm_addon_option.external_accounts.add(self.external_account) self.rdm_addon_option.save() self.user.external_accounts.add(self.external_account) self.user.save() self.request = RequestFactory().get('/fake_path') self.view = views.AddonForceView() self.view = setup_user_view(self.view, self.request, user=self.user) self.view.kwargs = { 'addon_name': self.rdm_addon_option.provider, 'institution_id': MAGIC_INSTITUTION_ID, 'forced': '1', }
def setUp(self): super(TestOAuthView, self).setUp() self.user = AuthUserFactory() self.external_account = ExternalAccountFactory() self.rdm_addon_option = rdm_addon_factories.RdmAddonOptionFactory() self.rdm_addon_option.provider = self.external_account.provider self.rdm_addon_option.external_accounts.add(self.external_account) self.rdm_addon_option.save() self.user.affiliated_institutions.add(self.rdm_addon_option.institution) self.user.external_accounts.add(self.external_account) self.user.save() self.request = RequestFactory().get('/fake_path') self.view = views.OAuthView() self.view = setup_user_view(self.view, self.request, user=self.user) self.view.kwargs = { 'external_account_id': self.external_account._id, 'institution_id': self.rdm_addon_option.institution.id, }
def test_does_not_need_refresh(self): self.provider.refresh_time = 1 external_account = ExternalAccountFactory( provider='mock2', provider_id='mock_provider_id', provider_name='Mock Provider', oauth_key='old_key', oauth_secret='old_secret', refresh_token='old_refresh', expires_at=datetime.utcfromtimestamp(time.time() + 200).replace(tzinfo=pytz.utc), ) # mock a successful call to the provider to refresh tokens httpretty.register_uri(httpretty.POST, self.provider.auto_refresh_url, body=json.dumps( {'err_msg': 'Should not be hit'}), status=500) # .reload() has the side effect of rounding the microsends down to 3 significant figures # (e.g. DT(YMDHMS, 365420) becomes DT(YMDHMS, 365000)), # but must occur after possible refresh to reload tokens. # Doing so before allows the `old_expiry == EA.expires_at` comparison to work. external_account.reload() old_expiry = external_account.expires_at self.provider.account = external_account self.provider.refresh_oauth_key(force=False) external_account.reload() assert_equal(external_account.oauth_key, 'old_key') assert_equal(external_account.refresh_token, 'old_refresh') assert_equal(external_account.expires_at, old_expiry)
def create_external_account(host='foo.bar.baz', token='doremi-abc-123'): """Creates external account for Dataverse with fields populated the same way as `dataverse_add_user_account`""" return ExternalAccountFactory( provider='dataverse', provider_name='Dataverse', display_name=host, oauth_key=host, oauth_secret=token, # Note: provider_id in the addon is currently the same as oauth_secret, # but here we will let it be generated by sequence to avoid # running into duplicate modular ODM entries. )
def test_disconnect_with_multiple_connected(self): # Disconnect an account connected to multiple users from one user external_account = ExternalAccountFactory( provider='mock2', provider_id='mock_provider_id', provider_name='Mock Provider', ) self.user.external_accounts.add(external_account) self.user.save() other_user = UserFactory() other_user.external_accounts.add(external_account) other_user.save() response = self.app.delete( api_url_for('oauth_disconnect', external_account_id=external_account._id), auth=self.user.auth ) # Request succeeded assert_equal( response.status_code, http.OK, ) self.user.reload() # External account has been disassociated with the user assert_not_in( external_account, self.user.external_accounts.all(), ) # External account is still in the database assert_equal(ExternalAccount.find().count(), 1) other_user.reload() # External account is still associated with the other user assert_in( external_account, other_user.external_accounts.all(), )
def test_disconnect(self): # Disconnect an external account from a user external_account = ExternalAccountFactory( provider='mock2', provider_id='mock_provider_id', provider_name='Mock Provider', ) self.user.external_accounts.add(external_account) self.user.save() # If the external account isn't attached, this test has no meaning assert_equal(ExternalAccount.find().count(), 1) assert_in( external_account, self.user.external_accounts.all(), ) response = self.app.delete( api_url_for('oauth_disconnect', external_account_id=external_account._id), auth=self.user.auth ) # Request succeeded assert_equal( response.status_code, http.OK, ) self.user.reload() # external_account.reload() # External account has been disassociated with the user assert_not_in( external_account, self.user.external_accounts.all(), ) # External account is still in the database assert_equal(ExternalAccount.find().count(), 1)
class TestConnectView(AdminTestCase): def setUp(self): super(TestConnectView, self).setUp() self.user = AuthUserFactory() self.external_account = ExternalAccountFactory() self.institution = InstitutionFactory() self.user.affiliated_institutions.add(self.institution) self.provider = MockOAuth2Provider(self.external_account) self.request = RequestFactory().get('/fake_path') add_session_to_request(self.request) self.view = views.ConnectView() self.view = setup_user_view(self.view, self.request, user=self.user) self.view.kwargs = { 'addon_name': self.external_account.provider, 'institution_id': self.institution.id, } def tearDown(self): super(TestConnectView, self).tearDown() self.user.affiliated_institutions.remove(self.institution) self.user.delete() self.institution.delete() self.external_account.delete() def test_super_admin_login(self): """test superuser login""" self.request.user.is_superuser = True nt.assert_true(self.view.test_func()) def test_admin_login(self): """test institution administrator login""" self.request.user.is_superuser = False self.request.user.is_staff = True nt.assert_true(self.view.test_func()) def test_non_admin_login(self): """test user not superuser or institution administrator login""" self.request.user.is_superuser = False self.request.user.is_staff = False nt.assert_equal(self.view.test_func(), False) def test_non_active_user_login(self): """test invalid user login""" self.request.user.is_active = False nt.assert_equal(self.view.test_func(), False) def test_non_registered_user_login(self): """test unregistered user login""" self.request.user.is_registered = False nt.assert_equal(self.view.test_func(), False) def test_non_affiliated_institution_user_login(self): """test user unaffiliated institution login""" self.request.user.is_superuser = False self.request.user.is_staff = True self.view.kwargs = {'institution_id': self.institution.id + 1} nt.assert_equal(self.view.test_func(), False) def test_get(self, *args, **kwargs): self.request.user.is_superuser = False self.request.user.is_staff = True res = self.view.get(self.request, *args, **self.view.kwargs) nt.assert_equal(res.status_code, 302)
class TestCallbackView(AdminTestCase): def setUp(self): super(TestCallbackView, self).setUp() self.user = AuthUserFactory() self.external_account = ExternalAccountFactory() self.institution = InstitutionFactory() self.provider = MockOAuth2Provider(self.external_account) self.user.affiliated_institutions.add(self.institution) app = flask.Flask(__name__) make_url_map(app) app.config['SECRET_KEY'] = 'aaaaa' self.ctx = app.test_request_context() self.ctx.push() self.request = RequestFactory().get('/fake_path') add_session_to_request(self.request) self.view0 = views.ConnectView() self.view0 = setup_user_view(self.view0, self.request, user=self.user) self.view0.kwargs = { 'addon_name': self.external_account.provider, 'institution_id': self.institution.id, } self.view = views.CallbackView() self.view = setup_user_view(self.view, self.request, user=self.user) self.view.kwargs = { 'addon_name': self.external_account.provider, 'institution_id': self.institution.id, } def tearDown(self): super(TestCallbackView, self).tearDown() self.user.affiliated_institutions.remove(self.institution) self.user.delete() self.institution.delete() self.external_account.delete() try: self.ctx.pop() except AssertionError: pass def test_super_admin_login(self): """test superuser login""" self.request.user.is_superuser = True nt.assert_true(self.view.test_func()) def test_admin_login(self): """test institution administrator login""" self.request.user.is_superuser = False self.request.user.is_staff = True nt.assert_true(self.view.test_func()) def test_non_admin_login(self): """test user not superuser or institution administrator login""" self.request.user.is_superuser = False self.request.user.is_staff = False nt.assert_equal(self.view.test_func(), False) def test_non_active_user_login(self): """test invalid user login""" self.request.user.is_active = False nt.assert_equal(self.view.test_func(), False) def test_non_registered_user_login(self): """test unregistered user login""" self.request.user.is_registered = False nt.assert_equal(self.view.test_func(), False)
class TestAddonForceView(AdminTestCase): def setUp(self): super(TestAddonForceView, self).setUp() self.user = AuthUserFactory() self.external_account = ExternalAccountFactory() self.rdm_addon_option = rdm_addon_factories.RdmAddonOptionFactory() self.rdm_addon_option.external_accounts.add(self.external_account) self.rdm_addon_option.save() self.user.affiliated_institutions.add( self.rdm_addon_option.institution) self.user.external_accounts.add(self.external_account) self.user.save() self.request = RequestFactory().get('/fake_path') self.view = views.AddonForceView() self.view = setup_user_view(self.view, self.request, user=self.user) self.view.kwargs = { 'addon_name': self.rdm_addon_option.provider, 'institution_id': self.rdm_addon_option.institution.id, 'forced': '1', } def tearDown(self): super(TestAddonForceView, self).tearDown() institution = self.rdm_addon_option.institution self.user.affiliated_institutions.remove(institution) if self.user.external_accounts.filter( pk=self.external_account.id).exists(): self.user.external_accounts.remove(self.external_account) self.user.delete() self.rdm_addon_option.external_accounts.remove(self.external_account) self.rdm_addon_option.delete() institution.delete() self.external_account.delete() def test_super_admin_login(self): """test superuser login""" self.request.user.is_superuser = True nt.assert_true(self.view.test_func()) def test_admin_login(self): """test institution administrator login""" self.request.user.is_superuser = False self.request.user.is_staff = True nt.assert_true(self.view.test_func()) def test_non_admin_login(self): """test user not superuser or institution administrator login""" self.request.user.is_superuser = False self.request.user.is_staff = False nt.assert_equal(self.view.test_func(), False) def test_non_active_user_login(self): """test invalid user login""" self.request.user.is_active = False nt.assert_equal(self.view.test_func(), False) def test_non_registered_user_login(self): """test unregistered user login""" self.request.user.is_registered = False nt.assert_equal(self.view.test_func(), False) def test_non_affiliated_institution_user_login(self): """test user unaffiliated institution login""" self.request.user.is_superuser = False self.request.user.is_staff = True self.view.kwargs = { 'institution_id': self.rdm_addon_option.institution.id + 1 } nt.assert_equal(self.view.test_func(), False) def test_get(self, *args, **kwargs): self.view.get(self.request, *args, **self.view.kwargs) rdm_addon_option = utils.get_rdm_addon_option( self.rdm_addon_option.institution.id, self.view.kwargs['addon_name']) nt.assert_true(rdm_addon_option.is_forced) nt.assert_equal(rdm_addon_option.provider, self.view.kwargs['addon_name']) def test_get_not_forced(self, *args, **kwargs): self.view.kwargs['forced'] = False self.view.get(self.request, *args, **self.view.kwargs) rdm_addon_option = utils.get_rdm_addon_option( self.rdm_addon_option.institution.id, self.view.kwargs['addon_name']) nt.assert_equal(rdm_addon_option.is_forced, False) nt.assert_equal(rdm_addon_option.provider, self.view.kwargs['addon_name']) nt.assert_true( self.user.external_accounts.filter( pk=self.external_account.id).exists())
class TestAccountsView(AdminTestCase): def setUp(self): super(TestAccountsView, self).setUp() self.user = AuthUserFactory() self.external_account = ExternalAccountFactory() self.rdm_addon_option = rdm_addon_factories.RdmAddonOptionFactory() self.rdm_addon_option.provider = self.external_account.provider self.rdm_addon_option.external_accounts.add(self.external_account) self.rdm_addon_option.save() self.user.affiliated_institutions.add(self.rdm_addon_option.institution) self.user.external_accounts.add(self.external_account) self.user.save() self.request = RequestFactory().get('/fake_path') self.view = views.AccountsView() self.view = setup_user_view(self.view, self.request, user=self.user) self.view.kwargs = { 'addon_name': self.external_account.provider, 'institution_id': self.rdm_addon_option.institution.id, } def tearDown(self): super(TestAccountsView, self).tearDown() institution = self.rdm_addon_option.institution self.user.affiliated_institutions.remove(institution) if self.user.external_accounts.filter(pk=self.external_account.id).exists(): self.user.external_accounts.remove(self.external_account) self.user.delete() if self.rdm_addon_option.external_accounts.filter(pk=self.external_account.id).exists(): self.rdm_addon_option.external_accounts.remove(self.external_account) self.rdm_addon_option.delete() institution.delete() self.external_account.delete() def test_super_admin_login(self): """test superuser login""" self.request.user.is_superuser = True nt.assert_true(self.view.test_func()) def test_admin_login(self): """test institution administrator login""" self.request.user.is_superuser = False self.request.user.is_staff = True nt.assert_true(self.view.test_func()) def test_non_admin_login(self): """test user not superuser or institution administrator login""" self.request.user.is_superuser = False self.request.user.is_staff = False nt.assert_equal(self.view.test_func(), False) def test_non_active_user_login(self): """test invalid user login""" self.request.user.is_active = False nt.assert_equal(self.view.test_func(), False) def test_non_registered_user_login(self): """test unregistered user login""" self.request.user.is_registered = False nt.assert_equal(self.view.test_func(), False) def test_non_affiliated_institution_user_login(self): """test user unaffiliated institution login""" self.request.user.is_superuser = False self.request.user.is_staff = True self.view.kwargs = {'institution_id': self.rdm_addon_option.institution.id + 1} nt.assert_equal(self.view.test_func(), False) def test_get(self, *args, **kwargs): res = self.view.get(self.request, *args, **self.view.kwargs) nt.assert_equal(res.status_code, 200) content = json.loads(res.content) nt.assert_equal(len(content['accounts']), 1) def test_post_empty(self, *args, **kwargs): self.request = RequestFactory().post( '/fake', data=json.dumps({}), content_type='application/json' ) self.view.kwargs['addon_name'] = 'dummy' res = self.view.post(self.request, *args, **self.view.kwargs) nt.assert_equal(res.status_code, 400) def test_post_fake_s3_account(self, *args, **kwargs): self.request = RequestFactory().post( '/fake', data=json.dumps({'access_key': 'aaa', 'secret_key': 'bbb'}), content_type='application/json' ) self.view.kwargs['addon_name'] = 's3' res = self.view.post(self.request, *args, **self.view.kwargs) nt.assert_equal(res.status_code, 400)
class TestOAuthView(AdminTestCase): def setUp(self): super(TestOAuthView, self).setUp() self.user = AuthUserFactory() self.external_account = ExternalAccountFactory() self.rdm_addon_option = rdm_addon_factories.RdmAddonOptionFactory() self.rdm_addon_option.provider = self.external_account.provider self.rdm_addon_option.external_accounts.add(self.external_account) self.rdm_addon_option.save() self.user.affiliated_institutions.add(self.rdm_addon_option.institution) self.user.external_accounts.add(self.external_account) self.user.save() self.request = RequestFactory().get('/fake_path') self.view = views.OAuthView() self.view = setup_user_view(self.view, self.request, user=self.user) self.view.kwargs = { 'external_account_id': self.external_account._id, 'institution_id': self.rdm_addon_option.institution.id, } def tearDown(self): super(TestOAuthView, self).tearDown() institution = self.rdm_addon_option.institution self.user.affiliated_institutions.remove(institution) if self.user.external_accounts.filter(pk=self.external_account.id).exists(): self.user.external_accounts.remove(self.external_account) self.user.delete() if self.rdm_addon_option.external_accounts.filter(pk=self.external_account.id).exists(): self.rdm_addon_option.external_accounts.remove(self.external_account) self.rdm_addon_option.delete() institution.delete() self.external_account.delete() def test_super_admin_login(self): """test superuser login""" self.request.user.is_superuser = True nt.assert_true(self.view.test_func()) def test_admin_login(self): """test institution administrator login """ self.request.user.is_superuser = False self.request.user.is_staff = True nt.assert_true(self.view.test_func()) def test_non_admin_login(self): """test user not superuser or institution administrator login""" self.request.user.is_superuser = False self.request.user.is_staff = False nt.assert_equal(self.view.test_func(), False) def test_non_active_user_login(self): """test invalid user login""" self.request.user.is_active = False nt.assert_equal(self.view.test_func(), False) def test_non_registered_user_login(self): """test unregistered user login""" self.request.user.is_registered = False nt.assert_equal(self.view.test_func(), False) def test_non_affiliated_institution_user_login(self): """test unaffiliated institution user login""" self.request.user.is_superuser = False self.request.user.is_staff = True self.view.kwargs['institution_id'] = self.rdm_addon_option.institution.id + 1 nt.assert_equal(self.view.test_func(), False) self.view.kwargs['institution_id'] = self.rdm_addon_option.institution.id def test_delete(self, *args, **kwargs): self.request.user.is_superuser = False self.request.user.is_staff = True nt.assert_equal(self.user.external_accounts.count(), 1) nt.assert_equal(self.rdm_addon_option.external_accounts.count(), 1) self.view.delete(self.request, *args, **self.view.kwargs) nt.assert_equal(self.user.external_accounts.count(), 0) nt.assert_equal(self.rdm_addon_option.external_accounts.count(), 0) def test_delete_dummy(self, *args, **kwargs): self.view.kwargs['external_account_id'] = self.external_account._id + 'dummy' with self.assertRaises(Http404): self.view.delete(self.request, *args, **self.view.kwargs) self.view.kwargs['external_account_id'] = self.external_account._id def test_delete_empty(self, *args, **kwargs): self.rdm_addon_option.external_accounts.remove(self.external_account) with self.assertRaises(Http404): self.view.delete(self.request, *args, **self.view.kwargs)