def test_saml_auth_with_error(
self,
url_name,
current_backend,
current_provider,
enterprise_customer_mock,
):
params = []
request = RequestFactory().get(reverse(url_name), params, HTTP_ACCEPT='text/html')
SessionMiddleware().process_request(request)
request.user = AnonymousUser()
self.enable_saml()
dummy_idp = 'testshib'
self._configure_testshib_provider(current_provider, dummy_idp)
enterprise_customer_data = {
'uuid': '72416e52-8c77-4860-9584-15e5b06220fb',
'name': 'Dummy Enterprise',
'identity_provider': dummy_idp,
}
enterprise_customer_mock.return_value = enterprise_customer_data
dummy_error_message = 'Authentication failed: SAML login failed ' \
'["invalid_response"] [SAML Response must contain 1 assertion]'
# Add error message for error in auth pipeline
MessageMiddleware().process_request(request)
messages.error(request, dummy_error_message, extra_tags='social-auth')
# Simulate a running pipeline
pipeline_response = {
'response': {
'idp_name': dummy_idp
}
}
pipeline_target = 'openedx.core.djangoapps.user_authn.views.login_form.third_party_auth.pipeline'
with simulate_running_pipeline(pipeline_target, current_backend, **pipeline_response):
with mock.patch('common.djangoapps.edxmako.request_context.get_current_request', return_value=request):
response = login_and_registration_form(request)
expected_error_message = Text(_(
'We are sorry, you are not authorized to access {platform_name} via this channel. '
'Please contact your learning administrator or manager in order to access {platform_name}.'
'{line_break}{line_break}'
'Error Details:{line_break}{error_message}')
).format(
platform_name=settings.PLATFORM_NAME,
error_message=dummy_error_message,
line_break=HTML('<br/>')
)
self._assert_saml_auth_data_with_error(
response,
current_backend,
current_provider,
expected_error_message
)
def test_running_pipeline(self, current_backend, current_provider, add_user_details):
"""
Test that when third party pipeline is running, the api returns details
of current provider
"""
email = '*****@*****.**' if add_user_details else None
params = {
'next': self.query_params['next']
}
# Simulate a running pipeline
pipeline_target = 'openedx.core.djangoapps.user_authn.views.login_form.third_party_auth.pipeline'
with simulate_running_pipeline(pipeline_target, current_backend, email=email):
response = self.client.get(self.url, self.query_params)
assert response.status_code == 200
assert response.data == self.get_context(params, current_provider, current_backend, add_user_details)
def test_get_idp_logout_url_from_running_pipeline(self, idp_type,
backend_name):
"""
Test idp logout url setting for running pipeline
"""
self.enable_saml()
idp_slug = "test"
idp_config = {"logout_url": "http://example.com/logout"}
getattr(self, f'configure_{idp_type}_provider')(
enabled=True,
name="Test Provider",
slug=idp_slug,
backend_name=backend_name,
other_settings=json.dumps(idp_config))
request = mock.MagicMock()
kwargs = {"response": {"idp_name": idp_slug}}
with simulate_running_pipeline(
"common.djangoapps.third_party_auth.pipeline", backend_name,
**kwargs):
logout_url = pipeline.get_idp_logout_url_from_running_pipeline(
request)
assert idp_config['logout_url'] == logout_url
def test_third_party_auth(
self,
url_name,
current_backend,
current_provider,
expected_enterprise_customer_mock_attrs,
add_user_details,
enterprise_customer_mock,
):
params = [
('course_id', 'course-v1:Org+Course+Run'),
('enrollment_action', 'enroll'),
('course_mode', CourseMode.DEFAULT_MODE_SLUG),
('email_opt_in', 'true'),
('next', '/custom/final/destination'),
]
if expected_enterprise_customer_mock_attrs:
expected_ec = {
'name': expected_enterprise_customer_mock_attrs['name'],
'branding_configuration': {
'logo':
'https://host.com/logo.jpg',
'welcome_message':
expected_enterprise_customer_mock_attrs['welcome_msg']
}
}
else:
expected_ec = None
email = None
if add_user_details:
email = '*****@*****.**'
enterprise_customer_mock.return_value = expected_ec
# Simulate a running pipeline
if current_backend is not None:
pipeline_target = "openedx.core.djangoapps.user_authn.views.login_form.third_party_auth.pipeline"
with simulate_running_pipeline(pipeline_target,
current_backend,
email=email):
response = self.client.get(reverse(url_name),
params,
HTTP_ACCEPT="text/html")
# Do NOT simulate a running pipeline
else:
response = self.client.get(reverse(url_name),
params,
HTTP_ACCEPT="text/html")
# This relies on the THIRD_PARTY_AUTH configuration in the test settings
expected_providers = [
{
"id":
"oa2-dummy",
"name":
"Dummy",
"iconClass":
None,
"iconImage":
settings.MEDIA_URL + "icon.svg",
"loginUrl":
self._third_party_login_url("dummy", "login", params),
"registerUrl":
self._third_party_login_url("dummy", "register", params)
},
{
"id":
"oa2-facebook",
"name":
"Facebook",
"iconClass":
"fa-facebook",
"iconImage":
None,
"loginUrl":
self._third_party_login_url("facebook", "login", params),
"registerUrl":
self._third_party_login_url("facebook", "register", params)
},
{
"id":
"oa2-google-oauth2",
"name":
"Google",
"iconClass":
"fa-google-plus",
"iconImage":
None,
"loginUrl":
self._third_party_login_url("google-oauth2", "login", params),
"registerUrl":
self._third_party_login_url("google-oauth2", "register",
params)
},
]
self._assert_third_party_auth_data(response, current_backend,
current_provider,
expected_providers, expected_ec,
add_user_details)
