def test_group_claim(self):
backend = AdfsAuthCodeBackend()
with patch("django_auth_adfs.backend.settings.GROUPS_CLAIM", "nonexisting"):
user = backend.authenticate(self.request, authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 0)
def test_with_auth_code_2016(self):
backend = AdfsAuthCodeBackend()
user = backend.authenticate(self.request, authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 2)
self.assertEqual(user.groups.all()[0].name, "group1")
self.assertEqual(user.groups.all()[1].name, "group2")
def test_with_auth_code_azure_guest_block(self):
from django_auth_adfs.config import django_settings
settings = deepcopy(django_settings)
del settings.AUTH_ADFS["SERVER"]
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
settings.AUTH_ADFS["BLOCK_GUEST_USERS"] = True
# Patch audience since we're patching django_auth_adfs.backend.settings to load Settings() as well
settings.AUTH_ADFS["AUDIENCE"] = 'microsoft:identityserver:your-RelyingPartyTrust-identifier'
with patch("django_auth_adfs.config.django_settings", settings):
with patch('django_auth_adfs.backend.settings', Settings()):
with patch("django_auth_adfs.config.settings", Settings()):
with patch("django_auth_adfs.backend.provider_config", ProviderConfig()):
with self.assertRaises(PermissionDenied, msg=''):
backend = AdfsAuthCodeBackend()
_ = backend.authenticate(self.request, authorization_code="dummycode")
def test_boolean_claim_mapping(self):
boolean_claim_mapping = {
"is_superuser": "******",
}
with patch("django_auth_adfs.backend.settings.BOOLEAN_CLAIM_MAPPING", boolean_claim_mapping):
backend = AdfsAuthCodeBackend()
user = backend.authenticate(self.request, authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 2)
self.assertFalse(user.is_staff)
self.assertTrue(user.is_superuser)
def test_empty_keys(self):
backend = AdfsAuthCodeBackend()
with patch("django_auth_adfs.config.provider_config.signing_keys", []):
self.assertRaises(PermissionDenied,
backend.authenticate,
self.request,
authorization_code='testcode')
def test_with_auth_code_azure(self):
from django_auth_adfs.config import django_settings
settings = deepcopy(django_settings)
del settings.AUTH_ADFS["SERVER"]
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
with patch("django_auth_adfs.config.django_settings", settings):
with patch("django_auth_adfs.config.settings", Settings()):
with patch("django_auth_adfs.backend.provider_config", ProviderConfig()):
backend = AdfsAuthCodeBackend()
user = backend.authenticate(self.request, authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 2)
self.assertEqual(user.groups.all()[0].name, "group1")
self.assertEqual(user.groups.all()[1].name, "group2")
def test_nonexisting_user(self):
from django_auth_adfs.config import django_settings
settings = deepcopy(django_settings)
settings.AUTH_ADFS["CREATE_NEW_USERS"] = False
with patch("django_auth_adfs.config.django_settings", settings),\
patch("django_auth_adfs.backend.settings", Settings()):
backend = AdfsAuthCodeBackend()
self.assertRaises(PermissionDenied, backend.authenticate, self.request, authorization_code='testcode')
def test_group_to_flag_mapping(self):
group_to_flag_mapping = {
"is_staff": ["group1", "group4"],
"is_superuser": "******",
}
with patch("django_auth_adfs.backend.settings.GROUP_TO_FLAG_MAPPING", group_to_flag_mapping):
with patch("django_auth_adfs.backend.settings.BOOLEAN_CLAIM_MAPPING", {}):
backend = AdfsAuthCodeBackend()
user = backend.authenticate(self.request, authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 2)
self.assertTrue(user.is_staff)
self.assertTrue(user.is_superuser)
def test_version_two_endpoint_calls_correct_url(self):
from django_auth_adfs.config import django_settings
settings = deepcopy(django_settings)
del settings.AUTH_ADFS["SERVER"]
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
settings.AUTH_ADFS["VERSION"] = 'v2.0'
# Patch audience since we're patching django_auth_adfs.backend.settings to load Settings() as well
with patch("django_auth_adfs.config.django_settings", settings):
with patch('django_auth_adfs.backend.settings', Settings()):
with patch("django_auth_adfs.config.settings", Settings()):
with patch("django_auth_adfs.backend.provider_config", ProviderConfig()):
backend = AdfsAuthCodeBackend()
user = backend.authenticate(self.request, authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 2)
self.assertEqual(user.groups.all()[0].name, "group1")
self.assertEqual(user.groups.all()[1].name, "group2")
def test_with_auth_code_azure_guest_no_block(self):
from django_auth_adfs.config import django_settings
settings = deepcopy(django_settings)
del settings.AUTH_ADFS["SERVER"]
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
settings.AUTH_ADFS["BLOCK_GUEST_USERS"] = False
# Patch audience since we're patching django_auth_adfs.backend.settings to load Settings() as well
settings.AUTH_ADFS["AUDIENCE"] = 'microsoft:identityserver:your-RelyingPartyTrust-identifier'
with patch("django_auth_adfs.config.django_settings", settings):
with patch('django_auth_adfs.backend.settings', Settings()):
with patch("django_auth_adfs.config.settings", Settings()):
with patch("django_auth_adfs.backend.provider_config", ProviderConfig()):
backend = AdfsAuthCodeBackend()
user = backend.authenticate(self.request, authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 2)
self.assertEqual(user.groups.all()[0].name, "group1")
self.assertEqual(user.groups.all()[1].name, "group2")
def test_group_removal(self):
user, created = User.objects.get_or_create(
**{User.USERNAME_FIELD: "testuser"})
group = Group.objects.get(name="group3")
user.groups.add(group)
user.set_unusable_password()
user.save()
self.assertEqual(user.groups.all()[0].name, "group3")
backend = AdfsAuthCodeBackend()
user = backend.authenticate(self.request,
authorization_code="dummycode")
self.assertIsInstance(user, User)
self.assertEqual(user.first_name, "John")
self.assertEqual(user.last_name, "Doe")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(len(user.groups.all()), 2)
self.assertEqual(user.groups.all()[0].name, "group1")
self.assertEqual(user.groups.all()[1].name, "group2")
def test_empty(self):
backend = AdfsAuthCodeBackend()
self.assertIsNone(backend.authenticate(self.request))
def test_mfa_error(self):
with self.assertRaises(MFARequired):
backend = AdfsAuthCodeBackend()
backend.authenticate(self.request, authorization_code="dummycode")
def test_post_authenticate_signal_send(self):
backend = AdfsAuthCodeBackend()
backend.authenticate(self.request, authorization_code="dummycode")
self.assertEqual(self.signal_handler.call_count, 1)