def test_twofactor_required_with_flag(self):
self.rp_config.flag_twofactor = 'FOO'
request = RequestFactory().get('/')
with switches(FOO=True):
self.assertTrue(self.rp_config.twofactor_required(request))
with switches(FOO=False):
self.assertFalse(self.rp_config.twofactor_required(request))
def test_allow_unverified_disabled_and_login_by_phone_enabled(self):
email = self.account.emailaddress_set.get(email=self.email)
email.status = EmailStatus.NEW
email.save()
# enable the LOGIN_BY_PHONE flag selective on team membership
team_name = 'tomb-riders'
key = 'LOGIN_BY_PHONE'
field_name = 'team'
value = team_name
condition_set = ('identityprovider.gargoyle.LPTeamConditionSet('
'lp_team)')
self.conditionally_enable_flag(key, field_name, value, condition_set)
# without proper team, authenticate_user will not succeed
with switches(ALLOW_UNVERIFIED=False):
self.assert_failed_login(AuthenticationError)
# bind account with the team
team = self.factory.make_team(name=team_name)
self.factory.add_account_to_team(self.account, team)
with switches(ALLOW_UNVERIFIED=False):
result = authenticate_user(self.email, self.password)
self.assertEqual(result, self.account)
def test_context_manager(self):
switch = self.gargoyle['test']
switch.status = DISABLED
with switches(self.gargoyle, test=True):
self.assertTrue(self.gargoyle.is_active('test'))
self.assertEquals(self.gargoyle['test'].status, DISABLED)
switch.status = GLOBAL
with switches(self.gargoyle, test=False):
self.assertFalse(self.gargoyle.is_active('test'))
self.assertEquals(self.gargoyle['test'].status, GLOBAL)
def setUp(self):
super(SuspendUnverifiedAccountsTestCase, self).setUp()
self.call_command = lambda: call_command(self.command_name)
self.mock_send_warning = self._apply_patch(
'identityprovider.emailutils.send_action_required_warning')
self.mock_send_notice = self._apply_patch(
'identityprovider.emailutils.send_action_applied_notice')
self.mock_logger = self._apply_patch(
'identityprovider.management.commands.suspend_unverified_accounts.'
'logging')
self.mock_now = self._apply_patch(
'identityprovider.management.commands.suspend_unverified_accounts.'
'datetime')
self.mock_now.utcnow.return_value = self.now = datetime.utcnow()
# enable ALLOW_UNVERIFIED
p = switches(ALLOW_UNVERIFIED=True)
p.patch()
self.addCleanup(p.unpatch)
new_settings = zip(self.new_settings,
(self.action_after_days, self.warn_before_days))
p = patch_settings(**dict(new_settings))
p.start()
self.addCleanup(p.stop)
def test_context_manager(self):
switch = self.gargoyle['test']
switch.status = DISABLED
with switches(self.gargoyle, test=True):
assert self.gargoyle.is_active('test')
assert self.gargoyle['test'].status == DISABLED
switch.status = GLOBAL
switch.save()
with switches(self.gargoyle, test=False):
assert not self.gargoyle.is_active('test')
assert self.gargoyle['test'].status == GLOBAL
def setUp(self):
super(TestPaperPrintingAndGenerating, self).setUp()
switch = switches(PAPER_DEVICE=True)
switch.patch()
self.addCleanup(switch.unpatch)
self.device = MagicMock(autospec=AuthenticationDevice)
self.device.id = 1
self.device.key = 'some key'
self.device.counter = 0
self.device.device_type = 'paper'
mock_get = self._do_patch(MOD_PREFIX + '._get_device_or_404')
mock_get.return_value = self.device
self.mock_hotp = mock_hotp = self._do_patch(MOD_PREFIX + '.hotp')
mock_hotp.side_effect = lambda k, i, t: self.letters[i]
p = patch_settings(TWOFACTOR_PAPER_CODES=10)
p.start()
self.addCleanup(p.stop)
self.mock_request = self._get_mock_request()
self.mock_request.user = self.factory.make_account()
def test_context_manager(self):
switch = self.gargoyle['test']
switch.status = DISABLED
with switches(self.gargoyle, test=True):
self.assertTrue(self.gargoyle.is_active('test'))
self.assertEquals(self.gargoyle['test'].status, DISABLED)
switch.status = GLOBAL
switch.save()
with switches(self.gargoyle, test=False):
self.assertFalse(self.gargoyle.is_active('test'))
self.assertEquals(self.gargoyle['test'].status, GLOBAL)
def test_context_manager(self):
switch = self.gargoyle['test']
switch.status = DISABLED
with switches(self.gargoyle, test=True):
assert self.gargoyle.is_active('test')
assert self.gargoyle['test'].status == DISABLED
switch.status = GLOBAL
switch.save()
with switches(self.gargoyle, test=False):
assert not self.gargoyle.is_active('test')
assert self.gargoyle['test'].status == GLOBAL
def test_user_not_2f_but_not_required(self):
OpenIDRPConfig.objects.create(trust_root=self.ACS_URL,
flag_twofactor='SAML_TWOFACTOR')
with switches(SAML_TWOFACTOR=False):
response = self.client.get('/+saml', data=self.REQUEST_DATA)
self.assertEqual(response.status_code, 302)
self.assertTrue('/+saml/process' in response['Location'])
def setUp(self):
super(DeviceTemplateTest, self).setUp()
condition_set = 'identityprovider.gargoyle.LPTeamConditionSet(lp_team)'
self.conditionally_enable_flag(
'PAPER_DEVICE', 'team', 'paperdeviceteam', condition_set)
# enable TWOFACTOR flag
twofactor_switch = switches(TWOFACTOR=True)
twofactor_switch.patch()
self.addCleanup(twofactor_switch.unpatch)
def test_user_not_2f_but_required(self):
# make sure the rpconfig entry requires 2f
OpenIDRPConfig.objects.create(trust_root=self.ACS_URL,
flag_twofactor='SAML_TWOFACTOR')
with switches(SAML_TWOFACTOR=True):
response = self.client.get('/+saml', data=self.REQUEST_DATA,
follow=True)
# make sure the last redirect was for twofactor
self.assertIn('/two_factor_auth', response.redirect_chain[-1][0])
def assert_device_types(self, paper_flag, expected_types):
request = self._get_mock_request()
with switches(PAPER_DEVICE=paper_flag):
response = device_addition(request)
tree = PyQuery(response.content)
type_nodes = tree.find('input[type="radio"]')
# Note: can't just use node.value as it is None for unset radios
self.assertEqual([dict(node.items())['value'] for node in type_nodes],
expected_types)
def test_register_captcha_required(self, mock_captcha):
captcha_data = {'captcha_id': 999, 'image_url': 'somewhere'}
del self.data['captcha_id']
del self.data['captcha_solution']
mock_captcha.new.return_value.serialize.return_value = captcha_data
with switches(CAPTCHA=True):
response, json_body = call(
self.handler.create, self.url, self.data)
self.assertEqual(response.status_code, 401)
self.assertEqual(json_body['code'], "CAPTCHA_REQUIRED")
self.assertIn('A captcha challenge is required', json_body['message'])
self.assertFalse(self.mock_register.called)
self.assertEqual(json_body['extra'], captcha_data)
def setUp(self):
super(InvalidateEmailTestCase, self).setUp()
# email invalidation makes sense only when ALLOW_UNVERIFIED is enabled
switch = switches(ALLOW_UNVERIFIED=True)
switch.patch()
self.addCleanup(switch.unpatch)
p = mock.patch('webui.views.account.logger')
self.mock_logger = p.start()
self.addCleanup(p.stop)
self.account = self.factory.make_account(
email=self.email, email_validated=False,
password_encrypted=False, password=DEFAULT_USER_PASSWORD,
)
self.emailaddress = self.account.emailaddress_set.get()
assert self.emailaddress.status == EmailStatus.NEW
self.authtoken = AuthToken.objects.create(
email=self.email, token=self.token,
token_type=TokenType.INVALIDATEEMAIL)
def setUp(self):
super(DeviceViewsTestCaseBase, self).setUp()
self.account = account = self.factory.make_account()
self.device = self.factory.make_device(account, name='foo')
self.client.login(username=account.preferredemail.email,
password=DEFAULT_USER_PASSWORD)
self.patch_is_upgraded = mock.patch(
'identityprovider.models.twofactor.is_upgraded')
self.patch_is_fresh = mock.patch(
'identityprovider.models.twofactor.is_fresh')
self.mock_is_upgraded = self.patch_is_upgraded.start()
self.mock_is_upgraded.return_value = True
self.mock_is_fresh = self.patch_is_fresh.start()
self.mock_is_fresh.return_value = True
self.addCleanup(self.patch_is_upgraded.stop)
self.addCleanup(self.patch_is_fresh.stop)
self.switch_twofactor = switches(TWOFACTOR=True)
self.switch_twofactor.patch()
self.addCleanup(self.switch_twofactor.unpatch)
def setUp(self):
super(AccountEditTestCase, self).setUp()
if self.twofactor_enabled is not None:
self.switch = switches(TWOFACTOR=self.twofactor_enabled)
self.switch.patch()
self.addCleanup(self.switch.unpatch)
self.account.twofactor_required = self.user_wants_twofactor
self.account.warn_about_backup_device = self.user_wants_warn
self.account.save()
for i in xrange(self.devices_count):
self.factory.make_device(account=self.account)
assert self.account.devices.count() == self.devices_count
if self.devices_count > 0 and self.paper_device_exhausted:
counter = (settings.TWOFACTOR_PAPER_CODES -
settings.TWOFACTOR_PAPER_CODES_WARN_RENEWAL + 1)
device = self.account.devices.all()[0]
device.counter = counter
device.device_type = 'paper'
device.save()
def setUp(self):
super(TwoFactorMixin, self).setUp()
self.switch = switches(TWOFACTOR=True)
self.switch.patch()
self.addCleanup(self.switch.unpatch)
def enable_flag(self):
# enable LOGIN_BY_PHONE globally
switcher = switches(LOGIN_BY_PHONE=True)
switcher.patch()
self.addCleanup(switcher.unpatch)
def enable_flag(self):
switcher = switches(ALLOW_UNVERIFIED=True)
switcher.patch()
self.addCleanup(switcher.unpatch)
def setUp(self):
super(RegisterMessagesTestCase, self).setUp()
switch = switches(ALLOW_UNVERIFIED=True)
switch.patch()
self.addCleanup(switch.unpatch)
def setUp(self):
super(VerifyEmailWarningTestCase, self).setUp()
self.switch = switches(ALLOW_UNVERIFIED=True)
self.switch.patch()
self.addCleanup(self.switch.unpatch)
def test_includes_create_account_form_for_u1_brand(self):
with mock.patch.multiple(settings, BRAND='ubuntu'):
with switches(BRAND_UBUNTUONE=True):
r = self.client.get(reverse('account-index'))
self.assertIn('create_account_form', r.context)
def test_new_email_not_allowed(self):
email = self.account.emailaddress_set.get(email=self.email)
email.status = EmailStatus.NEW
email.save()
with switches(ALLOW_UNVERIFIED=False, LOGIN_BY_PHONE=False):
self.assert_failed_login(AuthenticationError)
def render_u1_login_with_rpconfig(self, rpconfig):
with switches(BRAND_UBUNTUONE=True):
return render_to_string(
'registration/login.html',
dict(rpconfig=rpconfig, brand_description="Ubuntu One"))
