def test_callback(self):
super(TestGoogleOAuthAdminAuthenticationProvider, self).setup_method()
auth_integration, ignore = create(
self._db,
ExternalIntegration,
protocol=ExternalIntegration.GOOGLE_OAUTH,
goal=ExternalIntegration.ADMIN_AUTH_GOAL,
)
self.google = GoogleOAuthAdminAuthenticationProvider(auth_integration,
"",
test_mode=True)
auth_integration.libraries += [self._default_library]
ConfigurationSetting.for_library_and_externalintegration(
self._db, "domains", self._default_library,
auth_integration).value = json.dumps(["nypl.org"])
# Returns a problem detail when Google returns an error.
error_response, redirect = self.google.callback(
self._db, {"error": "access_denied"})
assert True == isinstance(error_response, ProblemDetail)
assert 400 == error_response.status_code
assert True == error_response.detail.endswith("access_denied")
assert None == redirect
# Successful case creates a dict of admin details
success, redirect = self.google.callback(self._db, {"code": "abc"})
assert "*****@*****.**" == success["email"]
default_credentials = json.dumps(
{"id_token": {
"hd": "nypl.org",
"email": "*****@*****.**"
}})
assert default_credentials == success["credentials"]
assert GoogleOAuthAdminAuthenticationProvider.NAME == success["type"]
[role] = success.get("roles")
assert AdminRole.LIBRARIAN == role.get("role")
assert self._default_library.short_name == role.get("library")
# If domains are set, the admin's domain must match one of the domains.
setting = ConfigurationSetting.for_library_and_externalintegration(
self._db, "domains", self._default_library, auth_integration)
setting.value = json.dumps(["otherlibrary.org"])
failure, ignore = self.google.callback(self._db, {"code": "abc"})
assert INVALID_ADMIN_CREDENTIALS == failure
setting.value = json.dumps(["nypl.org"])
# Returns a problem detail when the oauth client library
# raises an exception.
class ExceptionRaisingClient(DummyGoogleClient):
def step2_exchange(self, auth_code):
raise GoogleClient.FlowExchangeError("mock error")
self.google.dummy_client = ExceptionRaisingClient()
error_response, redirect = self.google.callback(
self._db, {"code": "abc"})
assert True == isinstance(error_response, ProblemDetail)
assert 400 == error_response.status_code
assert True == error_response.detail.endswith("mock error")
assert None == redirect
def test_callback(self):
super(TestGoogleOAuthAdminAuthenticationProvider, self).setup()
auth_integration, ignore = create(
self._db,
ExternalIntegration,
protocol=ExternalIntegration.GOOGLE_OAUTH,
goal=ExternalIntegration.ADMIN_AUTH_GOAL)
self.google = GoogleOAuthAdminAuthenticationProvider(auth_integration,
"",
test_mode=True)
auth_integration.libraries += [self._default_library]
ConfigurationSetting.for_library_and_externalintegration(
self._db, "domains", self._default_library,
auth_integration).value = json.dumps(["nypl.org"])
# Returns a problem detail when Google returns an error.
error_response, redirect = self.google.callback(
self._db, {'error': 'access_denied'})
eq_(True, isinstance(error_response, ProblemDetail))
eq_(400, error_response.status_code)
eq_(True, error_response.detail.endswith('access_denied'))
eq_(None, redirect)
# Successful case creates a dict of admin details
success, redirect = self.google.callback(self._db, {'code': 'abc'})
eq_('*****@*****.**', success['email'])
default_credentials = json.dumps(
{"id_token": {
"email": "*****@*****.**",
"hd": "nypl.org"
}})
eq_(default_credentials, success['credentials'])
eq_(GoogleOAuthAdminAuthenticationProvider.NAME, success["type"])
[role] = success.get("roles")
eq_(AdminRole.LIBRARIAN, role.get("role"))
eq_(self._default_library.short_name, role.get("library"))
# If domains are set, the admin's domain must match one of the domains.
setting = ConfigurationSetting.for_library_and_externalintegration(
self._db, "domains", self._default_library, auth_integration)
setting.value = json.dumps(["otherlibrary.org"])
failure, ignore = self.google.callback(self._db, {'code': 'abc'})
eq_(INVALID_ADMIN_CREDENTIALS, failure)
setting.value = json.dumps(["nypl.org"])
# Returns a problem detail when the oauth client library
# raises an exception.
class ExceptionRaisingClient(DummyGoogleClient):
def step2_exchange(self, auth_code):
raise GoogleClient.FlowExchangeError("mock error")
self.google.dummy_client = ExceptionRaisingClient()
error_response, redirect = self.google.callback(
self._db, {'code': 'abc'})
eq_(True, isinstance(error_response, ProblemDetail))
eq_(400, error_response.status_code)
eq_(True, error_response.detail.endswith('mock error'))
eq_(None, redirect)
class TestGoogleOAuthAdminAuthenticationProvider(DatabaseTest):
def test_callback(self):
super(TestGoogleOAuthAdminAuthenticationProvider, self).setup()
auth_integration, ignore = create(
self._db,
ExternalIntegration,
protocol=ExternalIntegration.GOOGLE_OAUTH,
goal=ExternalIntegration.ADMIN_AUTH_GOAL)
self.google = GoogleOAuthAdminAuthenticationProvider(auth_integration,
"",
test_mode=True)
# Returns a problem detail when Google returns an error.
error_response, redirect = self.google.callback(
{'error': 'access_denied'})
eq_(True, isinstance(error_response, ProblemDetail))
eq_(400, error_response.status_code)
eq_(True, error_response.detail.endswith('access_denied'))
eq_(None, redirect)
# Successful case creates a dict of admin details
success, redirect = self.google.callback({'code': 'abc'})
eq_('*****@*****.**', success['email'])
default_credentials = json.dumps(
{"id_token": {
"email": "*****@*****.**",
"hd": "nypl.org"
}})
eq_(default_credentials, success['credentials'])
# Returns a problem detail when the oauth client library
# raises an exception.
class ExceptionRaisingClient(DummyGoogleClient):
def step2_exchange(self, auth_code):
raise GoogleClient.FlowExchangeError("mock error")
self.google.dummy_client = ExceptionRaisingClient()
error_response, redirect = self.google.callback({'code': 'abc'})
eq_(True, isinstance(error_response, ProblemDetail))
eq_(400, error_response.status_code)
eq_(True, error_response.detail.endswith('mock error'))
eq_(None, redirect)
def test_domains(self):
super(TestGoogleOAuthAdminAuthenticationProvider, self).setup()
auth_integration, ignore = create(
self._db,
ExternalIntegration,
protocol=ExternalIntegration.GOOGLE_OAUTH,
goal=ExternalIntegration.ADMIN_AUTH_GOAL)
auth_integration.set_setting("domains", json.dumps(["nypl.org"]))
google = GoogleOAuthAdminAuthenticationProvider(auth_integration,
"",
test_mode=True)
eq_(["nypl.org"], google.domains)
def test_domains(self):
super(TestGoogleOAuthAdminAuthenticationProvider, self).setup()
auth_integration, ignore = create(
self._db,
ExternalIntegration,
protocol=ExternalIntegration.GOOGLE_OAUTH,
goal=ExternalIntegration.ADMIN_AUTH_GOAL)
auth_integration.libraries += [self._default_library]
ConfigurationSetting.for_library_and_externalintegration(
self._db, "domains", self._default_library,
auth_integration).value = json.dumps(["nypl.org"])
google = GoogleOAuthAdminAuthenticationProvider(auth_integration,
"",
test_mode=True)
eq_(["nypl.org"], google.domains.keys())
eq_([self._default_library], google.domains["nypl.org"])
l2 = self._library()
auth_integration.libraries += [l2]
ConfigurationSetting.for_library_and_externalintegration(
self._db, "domains", l2,
auth_integration).value = json.dumps(["nypl.org", "l2.org"])
eq_(set([self._default_library, l2]), set(google.domains["nypl.org"]))
eq_([l2], google.domains["l2.org"])
def test_domains(self):
super(TestGoogleOAuthAdminAuthenticationProvider, self).setup()
auth_integration, ignore = create(
self._db, ExternalIntegration,
protocol=ExternalIntegration.GOOGLE_OAUTH,
goal=ExternalIntegration.ADMIN_AUTH_GOAL
)
auth_integration.set_setting("domains", json.dumps(["nypl.org"]))
google = GoogleOAuthAdminAuthenticationProvider(auth_integration, "", test_mode=True)
eq_(["nypl.org"], google.domains)
def test_callback(self):
super(TestGoogleOAuthAdminAuthenticationProvider, self).setup()
auth_integration, ignore = create(
self._db, ExternalIntegration,
protocol=ExternalIntegration.GOOGLE_OAUTH,
goal=ExternalIntegration.ADMIN_AUTH_GOAL
)
self.google = GoogleOAuthAdminAuthenticationProvider(auth_integration, "", test_mode=True)
# Returns a problem detail when Google returns an error.
error_response, redirect = self.google.callback({'error' : 'access_denied'})
eq_(True, isinstance(error_response, ProblemDetail))
eq_(400, error_response.status_code)
eq_(True, error_response.detail.endswith('access_denied'))
eq_(None, redirect)
# Successful case creates a dict of admin details
success, redirect = self.google.callback({'code' : 'abc'})
eq_('*****@*****.**', success['email'])
default_credentials = json.dumps({"id_token": {"email": "*****@*****.**", "hd": "nypl.org"}})
eq_(default_credentials, success['credentials'])
def test_callback(self):
super(TestGoogleOAuthAdminAuthenticationProvider, self).setup()
auth_integration, ignore = create(
self._db, ExternalIntegration,
protocol=ExternalIntegration.GOOGLE_OAUTH,
goal=ExternalIntegration.ADMIN_AUTH_GOAL
)
self.google = GoogleOAuthAdminAuthenticationProvider(auth_integration, "", test_mode=True)
auth_integration.libraries += [self._default_library]
ConfigurationSetting.for_library_and_externalintegration(
self._db, "domains", self._default_library, auth_integration
).value = json.dumps(["nypl.org"])
# Returns a problem detail when Google returns an error.
error_response, redirect = self.google.callback(self._db, {'error' : 'access_denied'})
eq_(True, isinstance(error_response, ProblemDetail))
eq_(400, error_response.status_code)
eq_(True, error_response.detail.endswith('access_denied'))
eq_(None, redirect)
# Successful case creates a dict of admin details
success, redirect = self.google.callback(self._db, {'code' : 'abc'})
eq_('*****@*****.**', success['email'])
default_credentials = json.dumps({"id_token": {"email": "*****@*****.**", "hd": "nypl.org"}})
eq_(default_credentials, success['credentials'])
eq_(GoogleOAuthAdminAuthenticationProvider.NAME, success["type"])
[role] = success.get("roles")
eq_(AdminRole.LIBRARIAN, role.get("role"))
eq_(self._default_library.short_name, role.get("library"))
# If domains are set, the admin's domain must match one of the domains.
setting = ConfigurationSetting.for_library_and_externalintegration(
self._db, "domains", self._default_library, auth_integration)
setting.value = json.dumps(["otherlibrary.org"])
failure, ignore = self.google.callback(self._db, {'code' : 'abc'})
eq_(INVALID_ADMIN_CREDENTIALS, failure)
setting.value = json.dumps(["nypl.org"])
# Returns a problem detail when the oauth client library
# raises an exception.
class ExceptionRaisingClient(DummyGoogleClient):
def step2_exchange(self, auth_code):
raise GoogleClient.FlowExchangeError("mock error")
self.google.dummy_client = ExceptionRaisingClient()
error_response, redirect = self.google.callback(self._db, {'code' : 'abc'})
eq_(True, isinstance(error_response, ProblemDetail))
eq_(400, error_response.status_code)
eq_(True, error_response.detail.endswith('mock error'))
eq_(None, redirect)
def test_staff_email(self):
super(TestGoogleOAuthAdminAuthenticationProvider, self).setup()
auth_integration, ignore = create(
self._db,
ExternalIntegration,
protocol=ExternalIntegration.GOOGLE_OAUTH,
goal=ExternalIntegration.ADMIN_AUTH_GOAL)
nypl_admin = create(self._db, Admin, email="*****@*****.**")
bpl_admin = create(self._db, Admin, email="*****@*****.**")
# If no domains are set, the admin must already exist in the db
# to be considered library staff.
google = GoogleOAuthAdminAuthenticationProvider(auth_integration,
"",
test_mode=True)
eq_(True, google.staff_email(self._db, "*****@*****.**"))
eq_(True, google.staff_email(self._db, "*****@*****.**"))
eq_(False, google.staff_email(self._db, "*****@*****.**"))
# If domains are set, the admin's domain can match one of the domains
# if the admin doesn't exist yet.
auth_integration.libraries += [self._default_library]
setting = ConfigurationSetting.for_library_and_externalintegration(
self._db, "domains", self._default_library, auth_integration)
setting.value = json.dumps(["nypl.org"])
eq_(True, google.staff_email(self._db, "*****@*****.**"))
eq_(True, google.staff_email(self._db, "*****@*****.**"))
eq_(True, google.staff_email(self._db, "*****@*****.**"))
eq_(False, google.staff_email(self._db, "*****@*****.**"))
setting.value = json.dumps(["nypl.org", "bklynlibrary.org"])
eq_(True, google.staff_email(self._db, "*****@*****.**"))
eq_(True, google.staff_email(self._db, "*****@*****.**"))
eq_(True, google.staff_email(self._db, "*****@*****.**"))
eq_(True, google.staff_email(self._db, "*****@*****.**"))
def test_staff_email(self):
super(TestGoogleOAuthAdminAuthenticationProvider, self).setup()
auth_integration, ignore = create(
self._db, ExternalIntegration,
protocol=ExternalIntegration.GOOGLE_OAUTH,
goal=ExternalIntegration.ADMIN_AUTH_GOAL
)
nypl_admin = create(self._db, Admin, email="*****@*****.**")
bpl_admin = create(self._db, Admin, email="*****@*****.**")
# If no domains are set, the admin must already exist in the db
# to be considered library staff.
google = GoogleOAuthAdminAuthenticationProvider(auth_integration, "", test_mode=True)
eq_(True, google.staff_email(self._db, "*****@*****.**"))
eq_(True, google.staff_email(self._db, "*****@*****.**"))
eq_(False, google.staff_email(self._db, "*****@*****.**"))
# If domains are set, the admin's domain can match one of the domains
# if the admin doesn't exist yet.
auth_integration.libraries += [self._default_library]
setting = ConfigurationSetting.for_library_and_externalintegration(
self._db, "domains", self._default_library, auth_integration)
setting.value = json.dumps(["nypl.org"])
eq_(True, google.staff_email(self._db, "*****@*****.**"))
eq_(True, google.staff_email(self._db, "*****@*****.**"))
eq_(True, google.staff_email(self._db, "*****@*****.**"))
eq_(False, google.staff_email(self._db, "*****@*****.**"))
setting.value = json.dumps(["nypl.org", "bklynlibrary.org"])
eq_(True, google.staff_email(self._db, "*****@*****.**"))
eq_(True, google.staff_email(self._db, "*****@*****.**"))
eq_(True, google.staff_email(self._db, "*****@*****.**"))
eq_(True, google.staff_email(self._db, "*****@*****.**"))