def test_group_creation(self):
with self.settings(SHIBAUTH_GROUP_ATTRIBUTES=["ritEduMemberOfUid"]):
# Test for group creation
self.client.get(reverse('shibauth_rit:shibauth_info'),
**settings.SAMPLE_HEADERS)
user = User.objects.get(username='******')
self.assertEqual(Group.objects.all().count(), 3)
self.assertEqual(user.groups.all().count(), 3)
def test_empty_group_attribute(self):
# Test everthing is working even if the group attribute is missing in the shibboleth data
with self.settings(
SHIBAUTH_GROUP_ATTRIBUTES=['SomeNonExistingAttribute']):
self.client.get(reverse('shibauth_rit:shibauth_info'),
**settings.SAMPLE_HEADERS)
user = User.objects.get(username='******')
self.assertEqual(Group.objects.all().count(), 0)
self.assertEqual(user.groups.all().count(), 0)
def test_create_unknown_user_true(self):
self.assertFalse(User.objects.all())
shib_meta = self._get_valid_shib_meta(
location=reverse('shibauth_rit:shibauth_info'))
user = auth.authenticate(remote_user='******',
shib_meta=shib_meta)
self.assertEqual(user.username, '*****@*****.**')
self.assertEqual(User.objects.all()[0].username,
'*****@*****.**')
def test_change_required_attributes(self):
shib_meta = self._get_valid_shib_meta(
location=reverse('shibauth_rit:shibauth_info'))
user = auth.authenticate(remote_user='******',
shib_meta=shib_meta)
user.username = '******'
user.save()
user = auth.authenticate(remote_user='******',
shib_meta=shib_meta)
self.assertEqual(user.email, '*****@*****.**')
def test_decorator_authenticated(self):
res = self.client.get(reverse('shibauth_rit:shibauth_info'),
**settings.SAMPLE_HEADERS)
self.assertEqual(str(res.context['user']), 'rrcdis1')
self.assertEqual(res.status_code, 200)
user = res.context.get('user')
self.assertEqual(user.email, '*****@*****.**')
self.assertEqual(user.first_name, 'Sample')
self.assertEqual(user.last_name, 'Developer')
self.assertTrue(user.is_authenticated())
self.assertFalse(user.is_anonymous())
def test_logout(self):
# Login
login = self.client.get(reverse('shibauth_rit:shibauth_login'),
**settings.SAMPLE_HEADERS)
self.assertEqual(login.status_code, 302)
# Logout
logout = self.client.get(reverse('shibauth_rit:shibauth_logout'),
**settings.SAMPLE_HEADERS)
self.assertEqual(logout.status_code, 302)
# Ensure redirect happened.
self.assertEqual(logout['Location'],
'https://shibboleth.main.ad.rit.edu/logout.html')
# Check to see if the session has the force logout key.
self.assertTrue(
self.client.session.get(settings.SHIBAUTH_LOGOUT_SESSION_KEY))
# Load root url to see if user is in fact logged out.
resp = self.client.get(reverse('shibauth_rit:shibauth_info'),
**settings.SAMPLE_HEADERS)
self.assertEqual(resp.status_code, 302)
# Make sure the context is empty.
self.assertEqual(resp.context, None)
def test_create_unknown_user_false(self):
with self.settings(SHIBAUTH_CREATE_UNKNOWN_USER=False):
# because attr is set on the class we need to reload the module
reload(backends)
shib_meta = self._get_valid_shib_meta(
location=reverse('shibauth_rit:shibauth_info'))
self.assertEqual(User.objects.all().count(), 0)
user = auth.authenticate(remote_user='******',
shib_meta=shib_meta)
self.assertTrue(user is None)
self.assertEqual(User.objects.all().count(), 0)
# reload module again to remove the setting override
reload(backends)
def test_unconfigured_group(self):
with self.settings(SHIBAUTH_GROUP_ATTRIBUTES=[]):
# After login the user will be created
self.client.get(reverse('shibauth_rit:shibauth_info'),
**settings.SAMPLE_HEADERS)
query = User.objects.all()
# Ensure the user was created
self.assertEqual(query.count(), 1)
user = User.objects.get(username='******')
# The user should have no groups
self.assertEqual(user.groups.all().count(), 0)
# Create a group and add the user
g = Group(name='Testgroup')
g.save()
# Now we should have exactly one group
self.assertEqual(Group.objects.all().count(), 1)
g.user_set.add(user)
# Now the user should be in exactly one group
self.assertEqual(user.groups.all().count(), 1)
self.client.get(reverse('shibauth_rit:shibauth_info'),
**settings.SAMPLE_HEADERS)
# After a request the user should still be in the group.
self.assertEqual(user.groups.all().count(), 1)
def test_group_removal(self):
user, _ = User.objects.get_or_create(username='******')
user.set_password('12345')
user.is_active = True
user.save()
g, _ = Group.objects.get_or_create(name='should_be_removed')
g2, _ = Group.objects.get_or_create(name='should_not_be_removed')
g.user_set.add(user)
g2.user_set.add(user)
headers = settings.SAMPLE_HEADERS
headers["ritEduAffiliation"] = "should_not_be_removed;Student"
self.client.get(reverse('shibauth_rit:shibauth_info'),
**settings.SAMPLE_HEADERS)
user = User.objects.get(username='******')
self.assertTrue(g not in user.groups.all())
def test_ensure_user_attributes(self):
shib_meta = self._get_valid_shib_meta(
location=reverse('shibauth_rit:shibauth_info'))
# Create / authenticate the test user and store another mail address
user = auth.authenticate(remote_user='******',
shib_meta=shib_meta)
user.email = '*****@*****.**'
user.save()
# The user must contain the invalid mail address
user = User.objects.get(username='******')
self.assertEqual(user.email, '*****@*****.**')
# After authenticate the user again, the mail address must be set back to the shibboleth data
user2 = auth.authenticate(remote_user='******',
shib_meta=shib_meta)
self.assertEqual(user2.email, '*****@*****.**')
def test_auth_middleware_not_loaded(self):
with self.assertRaises(ImproperlyConfigured):
self.client.get(reverse('shibauth_rit:shibauth_info'),
**settings.SAMPLE_HEADERS)
def test_missing_shib_attributes(self):
self.client.get(reverse('shibauth_rit:shibauth_info'),
**settings.SAMPLE_HEADERS)
self.assertEqual(User.objects.count(), 0)
def test_shibauth_info_url_doesnt_exist_debug_false(self):
self.assertEqual(settings.DEBUG, False)
self.assertEqual(settings.SHIBAUTH_TESTING, False)
with self.assertRaises(NoReverseMatch):
reverse('shibauth_rit:shibauth_info')
def test_no_non_required_kwargs(self):
res = self.client.get(reverse('shibauth_rit:shibauth_info'),
**settings.SAMPLE_HEADERS)
self.assertEqual(str(res.context['user']), 'rrcdis1')
self.assertEqual(res.status_code, 200)
def test_decorator_not_authenticated(self):
res = self.client.get(reverse('shibauth_rit:shibauth_info'))
self.assertEqual(res.status_code, 302)
# Test the context - shouldn't exist
self.assertEqual(res.context, None)