def test_missing_scope(self): jwt_auth_backend = backend.JWTAuthBackend() mocked_request = mock.Mock() mocked_request.is_authorized_for.return_value = False with self.assertRaises(exceptions.AuthenticationFailed): jwt_auth_backend.authenticate(mocked_request)
def test_with_scope_correct_user(self, mocked_cache): jwt_auth_backend = backend.JWTAuthBackend() mocked_request = mock.Mock() mocked_request.is_authorized_for.return_value = True mocked_request.get_token_subject = '*****@*****.**' user, scope = jwt_auth_backend.authenticate(mocked_request) self.assertEqual(user, self.normal_user) self.assertEqual(scope, 'SIG/ALL')
def test_with_scope_correct_user(self, mocked_cache, mock_token_data): jwt_auth_backend = backend.JWTAuthBackend() mocked_request = mock.Mock() mocked_request.is_authorized_for.return_value = True settings = get_settings() claims = {settings['USER_ID_FIELD']: '*****@*****.**'} mock_token_data.return_value = claims, '*****@*****.**' user, scope = jwt_auth_backend.authenticate(mocked_request) self.assertEqual(user, self.normal_user)
def test_no_test_login_user(self, mocked_cache): jwt_auth_backend = backend.JWTAuthBackend() mocked_request = mock.Mock() mocked_request.is_authorized_for.return_value = True mocked_request.get_token_subject = 'always_ok' mocked_cache.get.return_value = None # Force database lookup with self.assertRaises(exceptions.AuthenticationFailed): jwt_auth_backend.authenticate(mocked_request)
def test_get_token_subject_is_none(self, mocked_cache): # In case the subject is not set on the JWT token (as the `sub claim`). # This test demonstrates the problem. See SIG-889 for next steps. jwt_auth_backend = backend.JWTAuthBackend() mocked_request = mock.Mock() mocked_request.is_authorized_for.return_value = True mocked_request.get_token_subject = None mocked_cache.get.return_value = None # Force database lookup with self.assertRaises(AttributeError): jwt_auth_backend.authenticate(mocked_request)
def test_with_scope_wrong_user_cache_hit(self, mocked_user_model, mocked_cache): jwt_auth_backend = backend.JWTAuthBackend() mocked_request = mock.Mock() mocked_request.is_authorized_for.return_value = True mocked_request.get_token_subject = '*****@*****.**' # is string not function mocked_cache.get.return_value = backend.USER_DOES_NOT_EXIST with self.assertRaises(exceptions.AuthenticationFailed): jwt_auth_backend.authenticate(mocked_request) mocked_cache.get.assert_called_once_with('*****@*****.**') mocked_user_model.objects.get.assert_not_called()
def test_with_test_login_user(self, mocked_cache): test_user = SuperUserFactory.create( username=settings.TEST_LOGIN, email=settings.TEST_LOGIN, ) jwt_auth_backend = backend.JWTAuthBackend() mocked_request = mock.Mock() mocked_request.is_authorized_for.return_value = True mocked_request.get_token_subject = 'always_ok' mocked_cache.get.return_value = None # Force database lookup user, scope = jwt_auth_backend.authenticate(mocked_request) self.assertEqual(user, test_user)
def test_with_scope_wrong_user_cache_hit(self, mocked_user_model, mocked_cache, mock_token_data): jwt_auth_backend = backend.JWTAuthBackend() mocked_request = mock.Mock() mocked_request.is_authorized_for.return_value = True settings = get_settings() claims = {settings['USER_ID_FIELD']: '*****@*****.**'} mock_token_data.return_value = claims, '*****@*****.**' mocked_cache.get.return_value = backend.USER_DOES_NOT_EXIST with self.assertRaises(exceptions.AuthenticationFailed): jwt_auth_backend.authenticate(mocked_request) mocked_cache.get.assert_called_once_with('*****@*****.**') mocked_user_model.objects.get.assert_not_called()
def test_with_scope_wrong_user_cache_miss(self, mocked_cache, mock_token_data): jwt_auth_backend = backend.JWTAuthBackend() mocked_request = mock.Mock() mocked_request.is_authorized_for.return_value = True settings = get_settings() for user_id_fields in settings['USER_ID_FIELDS']: claims = {user_id_fields: '*****@*****.**'} mock_token_data.return_value = claims, '*****@*****.**' mocked_cache.get.return_value = None with self.assertRaises(exceptions.AuthenticationFailed): jwt_auth_backend.authenticate(mocked_request) mocked_cache.get.assert_called_once_with('*****@*****.**') mocked_cache.set.assert_called_once_with( '*****@*****.**', backend.USER_DOES_NOT_EXIST, 5 * 60 ) mocked_cache.reset_mock()