def test_get_userinfo(self, mocked_verify_token, mocked_get_userinfo):
mocked_get_userinfo.return_value = {}
mocked_verify_token.return_value = {
'realm_access': {
'roles': ['role1', 'role2']
}
}
oidc_auth_backend = OIDCAuthenticationBackend()
userinfo = oidc_auth_backend.get_userinfo(access_token="",
id_token="",
payload={})
self.assertEqual(userinfo.get('roles'), ['role1', 'role2'],
"Unexpected roles returned in get_userinfo")
def test_user_created(self):
"""
An succesful authentication should create a new user
"""
authentication_backend = OIDCAuthenticationBackend()
authentication_backend.get_token = Mock()
authentication_backend.store_tokens = Mock()
# Mock verify token and payload
authentication_backend.verify_token = Mock()
authentication_backend.verify_token.return_value = {
"payload_foo": "foo_data"
}
# Mock user creation
FOO_USER = get_test_user()
authentication_backend.get_or_create_user = Mock()
authentication_backend.get_or_create_user.return_value = FOO_USER
authenticated_result = authentication_backend.authenticate(
MOCK_AUTH_REQUEST)
authentication_backend.get_token.assert_called_once()
authentication_backend.verify_token.assert_called_once()
authentication_backend.store_tokens.assert_called_once()
# Most importantly, the get_or_create_user function is called, and it's return value is given
authentication_backend.get_or_create_user.assert_called_once()
self.assertEquals(authenticated_result, FOO_USER)
def test_update_groups(self):
user = mommy.make(User)
group = Group.objects.create(name='old_group')
group.user_set.add(user)
claims = {'roles': ['new_group']}
OIDCAuthenticationBackend().update_user(user, claims)
self.assertTrue(
user.groups.filter(name="new_group").exists(),
"Expected new group to be added during update")
self.assertFalse(
user.groups.filter(name="old_group").exists(),
"Expected old group to be added during update")
def test_create_user(self):
claims = {
'email': '*****@*****.**',
'given_name': 'Firstname',
'family_name': 'Lastname',
'roles': ['testrole']
}
OIDCAuthenticationBackend().create_user(claims)
self.assertTrue(
User.objects.filter(email='*****@*****.**',
first_name='Firstname',
last_name='Lastname',
groups__name='testrole').exists(),
"Expected user to be created with specific info")
def test_update_user(self):
user = mommy.make(User)
original_email = user.email
claims = {
'email': '*****@*****.**',
'given_name': 'Firstname',
'family_name': 'Lastname',
'roles': ['testrole']
}
OIDCAuthenticationBackend().update_user(user, claims)
self.assertEqual(user.first_name, "Firstname",
"Expected firstname to be updated")
self.assertEqual(user.last_name, "Lastname",
"Expected lastname to be updated")
self.assertEqual(user.email, original_email,
"Expected email not to be updated")
self.assertTrue(
user.groups.filter(name="testrole").exists(),
"Expected new group to be added during update")
def test_no_code_in_request(self):
"""
An authentication without given data and access code will not do anything
"""
authentication_backend = OIDCAuthenticationBackend()
authentication_backend.get_token = Mock()
authentication_backend.verify_token = Mock()
authentication_backend.store_tokens = Mock()
authentication_backend.get_or_create_user = Mock()
request = {}
result = authentication_backend.authenticate(request)
self.assertIsNone(result)
authentication_backend.get_token.assert_not_called()
authentication_backend.verify_token.assert_not_called()
authentication_backend.store_tokens.assert_not_called()
authentication_backend.get_or_create_user.assert_not_called()
def test_verification_fails(self):
"""
No user is created if token verification fails
"""
authentication_backend = OIDCAuthenticationBackend()
authentication_backend.get_token = Mock()
authentication_backend.store_tokens = Mock()
authentication_backend.get_or_create_user = Mock()
# Mock verify token and payload
# This mock raises an 'SuspiciousOperation' exception
authentication_backend.verify_token = Mock(
side_effect=SuspiciousOperation("Token not verified"))
# Call the authentication
with self.assertRaises(Exception):
authentication_backend.authenticate(MOCK_AUTH_REQUEST)
# Verify is called
authentication_backend.verify_token.assert_called_once()
# But the user creation not
authentication_backend.get_or_create_user.assert_not_called()