def test_last_modified_by_and_fields_update_when_not_active(self):
"""
Ensure that fields properly update and that `last_modified_by` updates
as expected when SSOEnterpriseSettingsForm validates and
update_identity_provider() is called.
"""
email_domain = AuthenticatedEmailDomain.objects.create(
identity_provider=self.idp,
email_domain='vaultwax.com',
)
UserExemptFromSingleSignOn.objects.create(
username='******',
email_domain=email_domain,
)
post_data = self._get_post_data()
edit_sso_idp_form = SSOEnterpriseSettingsForm(self.idp, post_data)
self.assertTrue(edit_sso_idp_form.is_valid())
edit_sso_idp_form.update_identity_provider(self.accounting_admin)
idp = IdentityProvider.objects.get(id=self.idp.id)
self.assertTrue(idp.is_editable)
self.assertFalse(idp.is_active)
self.assertEqual(idp.last_modified_by, self.accounting_admin.username)
self.assertNotEqual(idp.created_by, self.accounting_admin.username)
self.assertEqual(idp.entity_id, post_data['entity_id'])
self.assertEqual(idp.login_url, post_data['login_url'])
self.assertEqual(idp.logout_url, post_data['logout_url'])
self.assertEqual(idp.idp_cert_public, post_data['idp_cert_public'])
self.assertEqual(idp.date_idp_cert_expiration.strftime(TIME_FORMAT),
post_data['date_idp_cert_expiration'])
def test_require_encrypted_assertions_is_saved(self):
"""
Ensure that SSOEnterpriseSettingsForm updates the
`require_encrypted_assertions property` on the IdentityProvider.
"""
post_data = self._get_post_data(
require_encrypted_assertions=True,
)
self.assertFalse(self.idp.require_encrypted_assertions)
edit_sso_idp_form = SSOEnterpriseSettingsForm(self.idp, post_data)
self.assertTrue(edit_sso_idp_form.is_valid())
edit_sso_idp_form.update_identity_provider(self.accounting_admin)
self.idp.refresh_from_db()
self.assertTrue(self.idp.require_encrypted_assertions)
def test_that_validation_error_is_raised_when_certificate_file_is_bad(self):
"""
Ensure that SSOEnterpriseSettingsForm raises a validation error
when the certificate file contains bad data.
"""
certificate_file = generator.get_bad_cert_file(b"bad cert")
post_data = self._get_post_data(certificate=certificate_file)
edit_sso_idp_form = SSOEnterpriseSettingsForm(
self.idp, post_data, self._get_request_files(certificate_file)
)
edit_sso_idp_form.cleaned_data = post_data
with self.assertRaises(forms.ValidationError):
edit_sso_idp_form.clean_idp_cert_public()
def test_date_idp_cert_expiration_with_bad_value(self):
"""
Ensure that SSOEnterpriseSettingsForm raises a ValidationError if
`date_idp_cert_expiration` is provided with a incorrectly formatted date
string.
"""
post_data = {
'is_active': self.idp.is_active,
'entity_id': self.idp.entity_id,
'login_url': self.idp.login_url,
'logout_url': self.idp.logout_url,
'idp_cert_public': self.idp.idp_cert_public,
'date_idp_cert_expiration': 'purposefully bad date string',
}
edit_sso_idp_form = SSOEnterpriseSettingsForm(self.idp, post_data)
edit_sso_idp_form.cleaned_data = post_data
with self.assertRaises(forms.ValidationError):
edit_sso_idp_form.clean_date_idp_cert_expiration()
def test_that_is_active_updates_successfully_when_requirements_are_met(self):
"""
Ensure that update_identity_provider() updates the `is_active` field on
the IdentityProvider as expected when requirements are met.
"""
email_domain = AuthenticatedEmailDomain.objects.create(
identity_provider=self.idp,
email_domain='vaultwax.com',
)
UserExemptFromSingleSignOn.objects.create(
username='******',
email_domain=email_domain,
)
certificate_file = generator.get_public_cert_file()
post_data = self._get_post_data(
is_active=True,
certificate=certificate_file,
)
self.assertFalse(self.idp.is_active)
edit_sso_idp_form = SSOEnterpriseSettingsForm(
self.idp, post_data, self._get_request_files(certificate_file)
)
edit_sso_idp_form.cleaned_data = post_data
self.assertTrue(edit_sso_idp_form.is_valid())
edit_sso_idp_form.update_identity_provider(self.accounting_admin)
idp = IdentityProvider.objects.get(id=self.idp.id)
self.assertTrue(idp.is_editable)
self.assertTrue(idp.is_active)
self.assertEqual(idp.entity_id, post_data['entity_id'])
self.assertEqual(idp.login_url, post_data['login_url'])
self.assertEqual(idp.logout_url, post_data['logout_url'])
certificate_file.seek(0)
self.assertEqual(idp.idp_cert_public, certificate_file.read().decode('utf-8'))
self.assertIsNotNone(idp.date_idp_cert_expiration)
def edit_enterprise_idp_form(self):
if self.request.method == 'POST':
return SSOEnterpriseSettingsForm(self.identity_provider,
self.request.POST)
return SSOEnterpriseSettingsForm(self.identity_provider)
def test_is_active_triggers_required_fields_and_updates(self):
"""
Test that if `is_active` is set to true, then related required fields
raise ValidationErrors if left blank. Once the requirements are met and
SSOEnterpriseSettingsForm validates, ensure that
update_identity_provider() updates the `is_active` field on
the IdentityProvider as expected.
"""
post_data = self._get_post_data(is_active=True,
no_entity_id=True,
no_login_url=True,
no_logout_url=True,
no_certificate=True,
no_certificate_date=True)
edit_sso_idp_form = SSOEnterpriseSettingsForm(self.idp, post_data)
edit_sso_idp_form.cleaned_data = post_data
with self.assertRaises(forms.ValidationError):
edit_sso_idp_form.clean_is_active()
email_domain = AuthenticatedEmailDomain.objects.create(
identity_provider=self.idp,
email_domain='vaultwax.com',
)
with self.assertRaises(forms.ValidationError):
edit_sso_idp_form.clean_is_active()
UserExemptFromSingleSignOn.objects.create(
username='******',
email_domain=email_domain,
)
# should not raise exception now
edit_sso_idp_form.clean_is_active()
with self.assertRaises(forms.ValidationError):
edit_sso_idp_form.clean_entity_id()
with self.assertRaises(forms.ValidationError):
edit_sso_idp_form.clean_login_url()
with self.assertRaises(forms.ValidationError):
edit_sso_idp_form.clean_logout_url()
with self.assertRaises(forms.ValidationError):
edit_sso_idp_form.clean_idp_cert_public()
with self.assertRaises(forms.ValidationError):
edit_sso_idp_form.clean_date_idp_cert_expiration()
self.assertFalse(edit_sso_idp_form.is_valid())
corrected_post_data = self._get_post_data(is_active=True)
corrected_edit_sso_idp_form = SSOEnterpriseSettingsForm(
self.idp, corrected_post_data)
self.assertTrue(corrected_edit_sso_idp_form.is_valid())
corrected_edit_sso_idp_form.update_identity_provider(
self.accounting_admin)
idp = IdentityProvider.objects.get(id=self.idp.id)
self.assertTrue(idp.is_editable)
self.assertTrue(idp.is_active)
self.assertEqual(idp.entity_id, corrected_post_data['entity_id'])
self.assertEqual(idp.login_url, corrected_post_data['login_url'])
self.assertEqual(idp.logout_url, corrected_post_data['logout_url'])
self.assertEqual(idp.idp_cert_public,
corrected_post_data['idp_cert_public'])
self.assertEqual(idp.date_idp_cert_expiration.strftime(TIME_FORMAT),
corrected_post_data['date_idp_cert_expiration'])
def test_is_active_triggers_form_validation_errors(self):
"""
Test that if `is_active` is set to true, then related required fields
raise ValidationErrors if left blank. Once the requirements are met and
SSOEnterpriseSettingsForm validates, ensure that
update_identity_provider() updates the `is_active` field on
the IdentityProvider as expected.
"""
post_data = self._get_post_data(
is_active=True,
no_entity_id=True,
no_login_url=True,
no_logout_url=True,
)
edit_sso_idp_form = SSOEnterpriseSettingsForm(self.idp, post_data)
edit_sso_idp_form.cleaned_data = post_data
with self.assertRaises(forms.ValidationError):
edit_sso_idp_form.clean_is_active()
email_domain = AuthenticatedEmailDomain.objects.create(
identity_provider=self.idp,
email_domain='vaultwax.com',
)
with self.assertRaises(forms.ValidationError):
edit_sso_idp_form.clean_is_active()
UserExemptFromSingleSignOn.objects.create(
username='******',
email_domain=email_domain,
)
# should not raise exception now
edit_sso_idp_form.clean_is_active()
with self.assertRaises(forms.ValidationError):
edit_sso_idp_form.clean_entity_id()
with self.assertRaises(forms.ValidationError):
edit_sso_idp_form.clean_login_url()
with self.assertRaises(forms.ValidationError):
edit_sso_idp_form.clean_logout_url()
with self.assertRaises(forms.ValidationError):
edit_sso_idp_form.clean_idp_cert_public()
self.assertFalse(edit_sso_idp_form.is_valid())