def test_unit__authenticate_user___err__wrong_user(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
with pytest.raises(AuthenticationFailed):
api.authenticate('*****@*****.**', 'wrong_password')
def test_unit__authenticate_user___err__wrong_user(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
with pytest.raises(AuthenticationFailed):
api.authenticate('*****@*****.**', 'wrong_password')
def _authenticate_user(
self,
request: Request,
email: typing.Optional[str],
password: typing.Optional[str],
) -> typing.Optional[User]:
"""
Helper to authenticate user in pyramid request
from user email and password
:param request: pyramid request
:return: User or None
"""
app_config = request.registry.settings['CFG']
uapi = UserApi(None, session=request.dbsession, config=app_config)
ldap_connector = None
if AuthType.LDAP in app_config.AUTH_TYPES:
ldap_connector = get_ldap_connector(request)
try:
user = uapi.authenticate(
email=email,
password=password,
ldap_connector=ldap_connector
)
return user
except AuthenticationFailed:
return None
def test_unit__authenticate_user___ok__new_user_ldap_auth_custom_profile(self):
# TODO - G.M - 2018-12-05 - [ldap_profile]
# support for profile attribute disabled
# Should be reenabled later probably with a better code
class fake_ldap_connector(object):
def authenticate(self, email: str, password: str):
if not email == '*****@*****.**' \
and password == 'professor':
return None
return [None, {'mail': ['*****@*****.**'],
'givenName': ['Hubert'],
'profile': ['trusted-users'],
}]
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
user = api.authenticate('*****@*****.**', 'professor', fake_ldap_connector()) # nopep8
assert isinstance(user, User)
assert user.email == '*****@*****.**'
assert user.auth_type == AuthType.LDAP
assert user.display_name == 'Hubert'
assert user.profile.name == 'trusted-users'
def test_unit__authenticate_user___ok__new_user_ldap_auth_custom_profile(
self, session, app_config
):
# TODO - G.M - 2018-12-05 - [ldap_profile]
# support for profile attribute disabled
# Should be reenabled later probably with a better code
class fake_ldap_connector(object):
def authenticate(self, email: str, password: str):
if not email == "*****@*****.**" and password == "professor":
return None
return [
None,
{
"mail": ["*****@*****.**"],
"givenName": ["Hubert"],
"profile": ["trusted-users"],
},
]
api = UserApi(current_user=None, session=session, config=app_config)
user = api.authenticate("*****@*****.**", "professor", fake_ldap_connector())
assert isinstance(user, User)
assert user.email == "*****@*****.**"
assert user.auth_type == AuthType.LDAP
assert user.display_name == "Hubert"
assert user.profile.slug == "trusted-users"
def test_unit__authenticate_user___ok__new_user_ldap_auth_custom_profile(
self):
# TODO - G.M - 2018-12-05 - [ldap_profile]
# support for profile attribute disabled
# Should be reenabled later probably with a better code
class fake_ldap_connector(object):
def authenticate(self, email: str, password: str):
if not email == '*****@*****.**' \
and password == 'professor':
return None
return [
None, {
'mail': ['*****@*****.**'],
'givenName': ['Hubert'],
'profile': ['trusted-users'],
}
]
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
user = api.authenticate('*****@*****.**', 'professor',
fake_ldap_connector()) # nopep8
assert isinstance(user, User)
assert user.email == '*****@*****.**'
assert user.auth_type == AuthType.LDAP
assert user.display_name == 'Hubert'
assert user.profile.name == 'trusted-users'
def test_unit__authenticate_user___ok__new_user_ldap_auth(self):
class fake_ldap_connector(object):
def authenticate(self, email: str, password: str):
if not email == '*****@*****.**' \
and password == 'professor':
return None
return [
None, {
'mail': ['*****@*****.**'],
'givenName': ['Hubert'],
}
]
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
user = api.authenticate('*****@*****.**', 'professor',
fake_ldap_connector()) # nopep8
assert isinstance(user, User)
assert user.email == '*****@*****.**'
assert user.auth_type == AuthType.LDAP
assert user.display_name == 'Hubert'
assert user.profile.name == 'users'
def test_unit__authenticate_user___err__user_not_active(self, session, app_config):
api = UserApi(current_user=None, session=session, config=app_config)
profile = Profile.USER
user = api.create_user(
email="*****@*****.**",
password="******",
name="bob",
profile=profile,
timezone="Europe/Paris",
do_save=True,
do_notify=False,
)
api.disable(user)
with pytest.raises(AuthenticationFailed):
api.authenticate("*****@*****.**", "*****@*****.**")
def test_unit__authenticate_user___err__user_not_active(self):
api = UserApi(current_user=None, session=self.session, config=self.app_config)
gapi = GroupApi(current_user=None, session=self.session, config=self.app_config)
groups = [gapi.get_one_with_name("users")]
user = api.create_user(
email="*****@*****.**",
password="******",
name="bob",
groups=groups,
timezone="Europe/Paris",
do_save=True,
do_notify=False,
)
api.disable(user)
with pytest.raises(AuthenticationFailed):
api.authenticate("*****@*****.**", "*****@*****.**")
def authDomainUser(self, realmname: str, username: str, password: str,
environ: typing.Dict[str, typing.Any]) -> bool:
"""
If you ever feel the need to send a request al-mano with a curl, this is the function that'll be called by
http_authenticator to validate the password sent
"""
session = environ['tracim_context'].dbsession
api = UserApi(None, session, self.app_config)
try:
api.authenticate(
email=username,
password=password,
ldap_connector=environ['tracim_registry'].ldap_connector)
transaction.commit()
except AuthenticationFailed:
return False
return True
def test_unit__authenticate_user___err__no_ldap_connector(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
with pytest.raises(MissingLDAPConnector):
user = api.authenticate('*****@*****.**', 'professor')
def test_unit__authenticate_user___err__no_ldap_connector(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
with pytest.raises(MissingLDAPConnector):
user = api.authenticate('*****@*****.**', 'professor')
def authDomainUser(self, realmname: str, username: str, password: str, environ: typing.Dict[str, typing.Any]) -> bool:
"""
If you ever feel the need to send a request al-mano with a curl, this is the function that'll be called by
http_authenticator to validate the password sent
"""
session = environ['tracim_context'].dbsession
api = UserApi(None, session, self.app_config)
try:
api.authenticate(
email=username,
password=password,
ldap_connector=environ['tracim_registry'].ldap_connector
)
transaction.commit()
except AuthenticationFailed:
return False
return True
def test_unit__authenticate_user___ok__nominal_case(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
user = api.authenticate('*****@*****.**', '*****@*****.**')
assert isinstance(user, User)
assert user.email == '*****@*****.**'
assert user.auth_type == AuthType.INTERNAL
def test_unit__authenticate_user___ok__nominal_case(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
user = api.authenticate('*****@*****.**', '*****@*****.**')
assert isinstance(user, User)
assert user.email == '*****@*****.**'
assert user.auth_type == AuthType.INTERNAL
def test_unit__authenticate_user___ok__new_user_ldap_auth(self):
class fake_ldap_connector(object):
def authenticate(self, email: str, password: str):
if not email == "*****@*****.**" and password == "professor":
return None
return [None, {"mail": ["*****@*****.**"], "givenName": ["Hubert"]}]
api = UserApi(current_user=None, session=self.session, config=self.app_config)
user = api.authenticate("*****@*****.**", "professor", fake_ldap_connector())
assert isinstance(user, User)
assert user.email == "*****@*****.**"
assert user.auth_type == AuthType.LDAP
assert user.display_name == "Hubert"
assert user.profile.name == "users"
def login(self, context, request: TracimRequest,
hapic_data: HapicData) -> UserInContext:
"""
Logs the user into the system.
In case of success, the JSON returned is the user profile.
In that case, a cookie is created with a session_key and an expiration date.
Eg. : `session_key=932d2ad68f3a094c2d4da563ccb921e6479729f5b5f707eba91d4194979df20831be48a0; expires=Mon, 22-Oct-2018 19:37:02 GMT; Path=/; SameSite=Lax`
"""
login = hapic_data.body # type: LoginCredentials
app_config = request.registry.settings["CFG"] # type: CFG
uapi = UserApi(None, session=request.dbsession, config=app_config)
ldap_connector = None
if AuthType.LDAP in app_config.AUTH_TYPES:
ldap_connector = get_ldap_connector(request)
user = None
if login.email:
try:
user = uapi.authenticate(
login=login.email,
password=login.password,
ldap_connector=ldap_connector,
)
except AuthenticationFailed as exc:
if not login.username:
raise exc
if user is None:
user = uapi.authenticate(
login=login.username,
password=login.password,
ldap_connector=ldap_connector,
)
remember(request, user.user_id)
return uapi.get_user_with_context(user)
def test_unit__authenticate_user___err__user_not_active(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
gapi = GroupApi(
current_user=None,
session=self.session,
config=self.app_config,
)
groups = [gapi.get_one_with_name('users')]
user = api.create_user(
email='*****@*****.**',
password='******',
name='bob',
groups=groups,
timezone='Europe/Paris',
do_save=True,
do_notify=False,
)
api.disable(user)
with pytest.raises(AuthenticationFailed):
api.authenticate('*****@*****.**', '*****@*****.**')
def test_unit__authenticate_user___err__user_not_active(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
gapi = GroupApi(
current_user=None,
session=self.session,
config=self.app_config,
)
groups = [gapi.get_one_with_name('users')]
user = api.create_user(
email='*****@*****.**',
password='******',
name='bob',
groups=groups,
timezone='Europe/Paris',
do_save=True,
do_notify=False,
)
api.disable(user)
with pytest.raises(AuthenticationFailed):
api.authenticate('*****@*****.**', '*****@*****.**')
def _authenticate_user(
self, request: Request, login: typing.Optional[str], password: typing.Optional[str],
) -> typing.Optional[User]:
"""
Helper to authenticate user in pyramid request
from user email or username and password
:param request: pyramid request
:return: User or None
"""
app_config = request.registry.settings["CFG"] # type: CFG
uapi = UserApi(None, session=request.dbsession, config=app_config)
ldap_connector = None
if AuthType.LDAP in app_config.AUTH_TYPES:
ldap_connector = get_ldap_connector(request)
try:
user = uapi.authenticate(login=login, password=password, ldap_connector=ldap_connector,)
return user
except AuthenticationFailed:
return None
def login(self, context, request: TracimRequest, hapic_data=None):
"""
Logs the user into the system.
In case of success, the JSON returned is the user profile.
In that case, a cookie is created with a session_key and an expiration date.
Eg. : `session_key=932d2ad68f3a094c2d4da563ccb921e6479729f5b5f707eba91d4194979df20831be48a0; expires=Mon, 22-Oct-2018 19:37:02 GMT; Path=/; SameSite=Lax`
"""
login = hapic_data.body
app_config = request.registry.settings['CFG'] # type: CFG
uapi = UserApi(
None,
session=request.dbsession,
config=app_config,
)
ldap_connector = None
if AuthType.LDAP in app_config.AUTH_TYPES:
ldap_connector = get_ldap_connector(request)
user = uapi.authenticate(login.email, login.password, ldap_connector)
remember(request, user.user_id)
return uapi.get_user_with_context(user)
def login(self, context, request: TracimRequest, hapic_data=None):
"""
Logs the user into the system.
In case of success, the JSON returned is the user profile.
In that case, a cookie is created with a session_key and an expiration date.
Eg. : `session_key=932d2ad68f3a094c2d4da563ccb921e6479729f5b5f707eba91d4194979df20831be48a0; expires=Mon, 22-Oct-2018 19:37:02 GMT; Path=/; SameSite=Lax`
"""
login = hapic_data.body
app_config = request.registry.settings['CFG'] # type: CFG
uapi = UserApi(
None,
session=request.dbsession,
config=app_config,
)
ldap_connector = None
if AuthType.LDAP in app_config.AUTH_TYPES:
ldap_connector = get_ldap_connector(request)
user = uapi.authenticate(login.email, login.password, ldap_connector)
remember(request, user.user_id)
return uapi.get_user_with_context(user)
def test_unit__authenticate_user___ok__new_user_ldap_auth(self):
class fake_ldap_connector(object):
def authenticate(self, email: str, password: str):
if not email == '*****@*****.**' \
and password == 'professor':
return None
return [None, {'mail': ['*****@*****.**'],
'givenName': ['Hubert'],
}]
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
user = api.authenticate('*****@*****.**', 'professor', fake_ldap_connector()) # nopep8
assert isinstance(user, User)
assert user.email == '*****@*****.**'
assert user.auth_type == AuthType.LDAP
assert user.display_name == 'Hubert'
assert user.profile.name == 'users'
def test_unit__authenticate_user___err__wrong_user(self, session, app_config):
api = UserApi(current_user=None, session=session, config=app_config)
with pytest.raises(AuthenticationFailed):
api.authenticate("*****@*****.**", "wrong_password")
def test_unit__authenticate_user___err__no_ldap_connector(self, session, app_config):
api = UserApi(current_user=None, session=session, config=app_config)
with pytest.raises(MissingLDAPConnector):
api.authenticate("*****@*****.**", "professor")
def test_unit__authenticate_user___ok__nominal_case(self, session, app_config):
api = UserApi(current_user=None, session=session, config=app_config)
user = api.authenticate("*****@*****.**", "*****@*****.**")
assert isinstance(user, User)
assert user.email == "*****@*****.**"
assert user.auth_type == AuthType.INTERNAL
