def test_login_authenticate_do_not_create_user(monkeypatch, django_user_model, settings):
"""
Test the case where the login view authenticates a user, but does not
create a user based on the CAS_CREATE_USER setting.
"""
# No need to test the message framework
settings.CAS_CREATE_USER = False
# No need to test the message framework
settings.CAS_LOGIN_MSG = None
# Make sure we use our backend
settings.AUTHENTICATION_BACKENDS = ['django_cas_ng.backends.CASBackend']
# Json serializer was havinga hard time
settings.SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
def mock_verify(ticket, service):
return '*****@*****.**', {'ticket': ticket, 'service': service}, None
monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify)
factory = RequestFactory()
request = factory.get('/login/', {'ticket': 'fake-ticket',
'service': 'fake-service'})
# Create a session object from the middleware
process_request_for_middleware(request, SessionMiddleware)
# Create a user object from middleware
process_request_for_middleware(request, AuthenticationMiddleware)
with pytest.raises(PermissionDenied):
login(request)
assert django_user_model.objects.filter(username='******').exists() is False
def test_login_authenticate_do_not_create_user(monkeypatch, django_user_model,
settings):
"""
Test the case where the login view authenticates a user, but does not
create a user based on the CAS_CREATE_USER setting.
"""
# No need to test the message framework
settings.CAS_CREATE_USER = False
# No need to test the message framework
settings.CAS_LOGIN_MSG = None
# Make sure we use our backend
settings.AUTHENTICATION_BACKENDS = ['django_cas_ng.backends.CASBackend']
# Json serializer was havinga hard time
settings.SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
def mock_verify(ticket, service):
return '*****@*****.**', {'ticket': ticket, 'service': service}, None
monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify)
factory = RequestFactory()
request = factory.get('/login/', {
'ticket': 'fake-ticket',
'service': 'fake-service'
})
# Create a session object from the middleware
process_request_for_middleware(request, SessionMiddleware)
# Create a user object from middleware
process_request_for_middleware(request, AuthenticationMiddleware)
with pytest.raises(PermissionDenied):
login(request)
assert django_user_model.objects.filter(
username='******').exists() is False
def test_login_post_logout(django_user_model, settings):
"""
Test that when CAS authentication creates a user, the signal is called with
`created = True`
"""
settings.CAS_VERSION = 'CAS_2_SAML_1_0'
data = {
'logoutRequest':
'<samlp:LogoutRequest '
'xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">'
'<samlp:SessionIndex>fake-ticket'
'</samlp:SessionIndex></samlp:LogoutRequest>'
}
session = SessionStore()
session['fake_session'] = 'fake-session'
session.save()
assert SessionStore(session_key=session.session_key) is not None
factory = RequestFactory()
request = factory.post('/login/', data)
request.session = session
# Create a fake session ticket and make sure it exists in the db
session_ticket = SessionTicket.objects.create(
session_key=session.session_key, ticket='fake-ticket')
assert session_ticket is not None
assert SessionTicket.objects.filter(session_key=session.session_key,
ticket='fake-ticket').exists() is True
user = django_user_model.objects.create(username='******',
email='*****@*****.**')
assert user is not None
assert django_user_model.objects.filter(
username='******').exists() is True
request.user = user
# Create a fake pgt
pgt = ProxyGrantingTicket.objects.create(session_key=session.session_key,
user=user,
pgtiou='fake-ticket-iou',
pgt='fake-ticket')
assert pgt is not None
assert ProxyGrantingTicket.objects.filter(
session_key=session.session_key,
user=user,
pgtiou='fake-ticket-iou',
pgt='fake-ticket').exists() is True
login(request)
assert SessionTicket.objects.filter(session_key=session.session_key,
ticket='fake-ticket').exists() is False
assert ProxyGrantingTicket.objects.filter(
session_key=session.session_key,
user=user,
pgtiou='fake-ticket-iou',
pgt='fake-ticket').exists() is False
assert SessionTicket.objects.filter(session_key=session.session_key,
ticket='fake-ticket').exists() is False
def test_login_post_logout(django_user_model, settings):
"""
Test that when CAS authentication creates a user, the signal is called with
`created = True`
"""
settings.CAS_VERSION = 'CAS_2_SAML_1_0'
data = {'logoutRequest': '<samlp:LogoutRequest '
'xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">'
'<samlp:SessionIndex>fake-ticket'
'</samlp:SessionIndex></samlp:LogoutRequest>'
}
session = SessionStore()
session['fake_session'] = 'fake-session'
session.save()
assert SessionStore(session_key=session.session_key) is not None
factory = RequestFactory()
request = factory.post('/login/', data)
request.session = session
# Create a fake session ticket and make sure it exists in the db
session_ticket = SessionTicket.objects.create(
session_key=session.session_key,
ticket='fake-ticket'
)
assert session_ticket is not None
assert SessionTicket.objects.filter(session_key=session.session_key,
ticket='fake-ticket').exists() is True
user = django_user_model.objects.create(username='******', email='*****@*****.**')
assert user is not None
assert django_user_model.objects.filter(username='******').exists() is True
request.user = user
# Create a fake pgt
pgt = ProxyGrantingTicket.objects.create(session_key=session.session_key,
user=user, pgtiou='fake-ticket-iou',
pgt='fake-ticket')
assert pgt is not None
assert ProxyGrantingTicket.objects.filter(session_key=session.session_key,
user=user, pgtiou='fake-ticket-iou',
pgt='fake-ticket').exists() is True
login(request)
assert SessionTicket.objects.filter(session_key=session.session_key,
ticket='fake-ticket').exists() is False
assert ProxyGrantingTicket.objects.filter(session_key=session.session_key,
user=user, pgtiou='fake-ticket-iou',
pgt='fake-ticket').exists() is False
assert SessionTicket.objects.filter(session_key=session.session_key,
ticket='fake-ticket').exists() is False
def test_login_authenticate_and_create_user(monkeypatch, django_user_model, settings):
"""
Test the case where the login view authenticates a new user.
"""
# No need to test the message framework
settings.CAS_LOGIN_MSG = None
# Make sure we use our backend
settings.AUTHENTICATION_BACKENDS = ['django_cas_ng.backends.CASBackend']
# Json serializer was havinga hard time
settings.SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
def mock_verify(ticket, service):
return '*****@*****.**', {'ticket': ticket, 'service': service}, None
monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify)
factory = RequestFactory()
request = factory.get('/login/', {'ticket': 'fake-ticket',
'service': 'fake-service'})
# Create a session object from the middleware
process_request_for_middleware(request, SessionMiddleware)
# Create a user object from middleware
process_request_for_middleware(request, AuthenticationMiddleware)
response = login(request)
assert response.status_code == 302
assert django_user_model.objects.get(username='******').is_authenticated() is True
def wrapper(request, *args, **kwargs):
try:
if isinstance(request.user, AnonymousUser):
ticket = request.GET.get("ticket", "")
if ticket:
logger.info('caslogin--ticket=%s', ticket)
return cas_views.login(request, next_page=request.get_full_path())
# 未登陆用户,先获取用户的code,为获取openid做准备
if check_weixin_agent(request):
state = convert_from_url_path('http://' + request.META.get('HTTP_HOST', "") + request.get_full_path())
if not state:
return HttpResponseForbidden()
else:
return HttpResponseRedirect("/wx/authorize_fhlogin?state=%s" % state)
else:
return HttpResponseForbidden('<h1>Forbidden<br/> 请从微信上登陆使用本系统</h1>')
else:
# 已登陆用户,获取用户当前所在学校,然后跳转到该学校的首页
if check_weixin_agent(request):
return HttpResponseRedirect("/m?sid=%s" % request.user.school.id)
else:
return HttpResponseForbidden('<h1>Forbidden<br/> 请从微信登陆使用本系统</h1>')
except Exception as ex:
sErrInfo = traceback.format_exc()
logger.error(sErrInfo)
return HttpResponseForbidden('<h1>Forbidden</h1>')
def page_login(request, next_page=None):
if not isinstance(request.user, AnonymousUser):
page_logout(request)
if settings.CAS_AUTH:
return cas_views.login(request, next_page=next_page)
else:
return render_to_response('page/base/login/login.html')
def test_login_authenticate_and_create_user(monkeypatch, django_user_model, settings):
"""
Test the case where the login view authenticates a new user.
"""
# No need to test the message framework
settings.CAS_LOGIN_MSG = None
# Make sure we use our backend
settings.AUTHENTICATION_BACKENDS = ['django_cas_ng.backends.CASBackend']
# Json serializer was havinga hard time
settings.SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
def mock_verify(ticket, service):
return '*****@*****.**', {'ticket': ticket, 'service': service}, None
monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify)
factory = RequestFactory()
request = factory.get('/login/', {'ticket': 'fake-ticket',
'service': 'fake-service'})
# Create a session object from the middleware
process_request_for_middleware(request, SessionMiddleware)
# Create a user object from middleware
process_request_for_middleware(request, AuthenticationMiddleware)
response = login(request)
assert response.status_code == 302
assert django_user_model.objects.get(username='******').is_authenticated() is True
def cas_login(request, **kwargs):
r = baseviews.login(request, **kwargs)
if not request.user.is_anonymous():
token = get_token(request)
if token:
r.set_cookie('token', token)
else:
print 'Get token error'
else:
print('User is anonymous')
return r
def test_login_proxy_callback(monkeypatch, django_user_model, settings):
"""
Test the case where the login view has a pgtiou.
"""
# No need to test the message framework
settings.CAS_PROXY_CALLBACK = True
# No need to test the message framework
settings.CAS_LOGIN_MSG = None
# Make sure we use our backend
settings.AUTHENTICATION_BACKENDS = ['django_cas_ng.backends.CASBackend']
# Json serializer was havinga hard time
settings.SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
def mock_verify(ticket, service):
return '*****@*****.**', {'ticket': ticket, 'service': service}, None
monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify)
factory = RequestFactory()
request = factory.get('/login/', {
'ticket': 'fake-ticket',
'service': 'fake-service'
})
# Create a session object from the middleware
process_request_for_middleware(request, SessionMiddleware)
# Create a user object from middleware
process_request_for_middleware(request, AuthenticationMiddleware)
request.session['pgtiou'] = 'fake-pgtiou'
request.session.save()
user = django_user_model.objects.create_user('*****@*****.**', '')
assert user is not None
pgt = ProxyGrantingTicket.objects.create(
session_key=request.session.session_key,
user=user,
pgtiou='fake-pgtiou',
pgt='fake-pgt')
assert pgt is not None
response = login(request)
assert response.status_code == 302
if django.VERSION[0] < 2:
assert django_user_model.objects.get(
username='******').is_authenticated() is True
else:
assert django_user_model.objects.get(
username='******').is_authenticated is True
assert ProxyGrantingTicket.objects.filter(
pgtiou='fake-pgtiou').exists() is True
assert ProxyGrantingTicket.objects.filter(
pgtiou='fake-pgtiou').count() == 1
def test_login_no_ticket():
"""
Test the case where we try to login with no ticket
"""
factory = RequestFactory()
request = factory.get('/login/')
# Create a session object from the middleware
process_request_for_middleware(request, SessionMiddleware)
# Create a user object from middleware
process_request_for_middleware(request, AuthenticationMiddleware)
response = login(request)
assert response.status_code == 302
def test_login_no_ticket():
"""
Test the case where we try to login with no ticket
"""
factory = RequestFactory()
request = factory.get('/login/')
# Create a session object from the middleware
process_request_for_middleware(request, SessionMiddleware)
# Create a user object from middleware
process_request_for_middleware(request, AuthenticationMiddleware)
response = login(request)
assert response.status_code == 302
def test_login_no_ticket_stores_explicit_next(settings):
"""
When there is an explicit next pointer, it gets stored in the cookie
"""
settings.CAS_STORE_NEXT = True
factory = RequestFactory()
request = factory.get('/login/', {'next': '/admin/'})
# Create a session object from the middleware
process_request_for_middleware(request, SessionMiddleware)
# Create a user object from middleware
process_request_for_middleware(request, AuthenticationMiddleware)
response = login(request)
assert response.status_code == 302
assert 'CASNEXT' in request.session
assert request.session['CASNEXT'] == '/admin/'
def test_signal_when_user_logout_slo(monkeypatch, django_user_model, settings):
data = {'logoutRequest': '<samlp:LogoutRequest '
'xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">'
'<samlp:SessionIndex>fake-ticket'
'</samlp:SessionIndex></samlp:LogoutRequest>'
}
settings.CAS_VERSION = 'CAS_2_SAML_1_0'
factory = RequestFactory()
request = factory.post('/login', data)
# user session and current requests.session are different
request.session = {}
user = django_user_model.objects.create_user('*****@*****.**', '')
assert user is not None
session = SessionStore()
session['fake_session_key'] = 'fake-session_value'
session.save()
assert SessionStore(session_key=session.session_key) is not None
# Create a fake session ticket and make sure it exists in the db
session_ticket = SessionTicket.objects.create(
session_key=session.session_key,
ticket='fake-ticket'
)
callback_values = {}
@receiver(cas_user_logout)
def callback(sender, session, **kwargs):
callback_values.update(kwargs)
callback_values['session'] = dict(session)
response = login(request)
assert 'user' in callback_values
assert 'session' in callback_values
assert callback_values['session'].get('fake_session_key') == 'fake-session_value'
assert 'ticket' in callback_values
assert callback_values['ticket'] == 'fake-ticket'
def test_login_redirect_based_on_cookie(monkeypatch, django_user_model,
settings):
"""
Test the case where the login view authenticates a new user and redirects them based on cookie.
"""
# No need to test the message framework
settings.CAS_LOGIN_MSG = None
# Make sure we use our backend
settings.AUTHENTICATION_BACKENDS = ['django_cas_ng.backends.CASBackend']
# Json serializer was havinga hard time
settings.SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
# Store next as cookie
settings.CAS_STORE_NEXT = True
def mock_verify(ticket, service):
return '*****@*****.**', {'ticket': ticket, 'service': service}, None
monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify)
factory = RequestFactory()
request = factory.get('/login/', {
'ticket': 'fake-ticket',
'service': 'fake-service'
})
# Create a session object from the middleware
process_request_for_middleware(request, SessionMiddleware)
# Create a user object from middleware
process_request_for_middleware(request, AuthenticationMiddleware)
# Add the next pointer
request.session['CASNEXT'] = '/admin/'
response = login(request)
assert response.status_code == 302
assert response['Location'] == '/admin/'
assert 'CASNEXT' not in request.session
if django.VERSION[0] < 2:
assert django_user_model.objects.get(
username='******').is_authenticated() is True
else:
assert django_user_model.objects.get(
username='******').is_authenticated is True
def test_login_proxy_callback(monkeypatch, django_user_model, settings):
"""
Test the case where the login view has a pgtiou.
"""
# No need to test the message framework
settings.CAS_PROXY_CALLBACK = True
# No need to test the message framework
settings.CAS_LOGIN_MSG = None
# Make sure we use our backend
settings.AUTHENTICATION_BACKENDS = ['django_cas_ng.backends.CASBackend']
# Json serializer was havinga hard time
settings.SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
def mock_verify(ticket, service):
return '*****@*****.**', {'ticket': ticket, 'service': service}, None
monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify)
factory = RequestFactory()
request = factory.get('/login/', {'ticket': 'fake-ticket',
'service': 'fake-service'})
# Create a session object from the middleware
process_request_for_middleware(request, SessionMiddleware)
# Create a user object from middleware
process_request_for_middleware(request, AuthenticationMiddleware)
request.session['pgtiou'] = 'fake-pgtiou'
request.session.save()
user = django_user_model.objects.create_user('*****@*****.**', '')
assert user is not None
pgt = ProxyGrantingTicket.objects.create(session_key=request.session.session_key,
user=user, pgtiou='fake-pgtiou',
pgt='fake-pgt')
assert pgt is not None
response = login(request)
assert response.status_code == 302
if django.VERSION[0] < 2:
assert django_user_model.objects.get(username='******').is_authenticated() is True
else:
assert django_user_model.objects.get(username='******').is_authenticated is True
assert ProxyGrantingTicket.objects.filter(pgtiou='fake-pgtiou').exists() is True
assert ProxyGrantingTicket.objects.filter(pgtiou='fake-pgtiou').count() == 1
def test_login_no_ticket_stores_explicit_next(settings):
"""
When there is an explicit next pointer, it gets stored in the cookie
"""
settings.CAS_STORE_NEXT = True
factory = RequestFactory()
request = factory.get('/login/', {'next': '/admin/'})
# Create a session object from the middleware
process_request_for_middleware(request, SessionMiddleware)
# Create a user object from middleware
process_request_for_middleware(request, AuthenticationMiddleware)
response = login(request)
assert response.status_code == 302
assert 'CASNEXT' in request.session
assert request.session['CASNEXT'] == '/admin/'
def test_signal_when_user_logout_slo(monkeypatch, django_user_model, settings):
data = {
'logoutRequest':
'<samlp:LogoutRequest '
'xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">'
'<samlp:SessionIndex>fake-ticket'
'</samlp:SessionIndex></samlp:LogoutRequest>'
}
settings.CAS_VERSION = 'CAS_2_SAML_1_0'
factory = RequestFactory()
request = factory.post('/login', data)
# user session and current requests.session are different
request.session = {}
user = django_user_model.objects.create_user('*****@*****.**', '')
assert user is not None
session = SessionStore()
session['fake_session_key'] = 'fake-session_value'
session.save()
assert SessionStore(session_key=session.session_key) is not None
# Create a fake session ticket and make sure it exists in the db
session_ticket = SessionTicket.objects.create(
session_key=session.session_key, ticket='fake-ticket')
callback_values = {}
@receiver(cas_user_logout)
def callback(sender, session, **kwargs):
callback_values.update(kwargs)
callback_values['session'] = dict(session)
response = login(request)
assert 'user' in callback_values
assert 'session' in callback_values
assert callback_values['session'].get(
'fake_session_key') == 'fake-session_value'
assert 'ticket' in callback_values
assert callback_values['ticket'] == 'fake-ticket'
def wrapper(request, *args, **kwargs):
try:
if isinstance(request.user, AnonymousUser):
ticket = request.GET.get("ticket", "")
if ticket:
logger.info('caslogin--ticket=%s', ticket)
return cas_views.login(request, next_page=request.get_full_path())
if check_weixin_agent(request):
school_id = request.GET.get("sid", "")
state = convert_from_url_path('http://' + request.META.get('HTTP_HOST', "") + request.get_full_path())
# print state
if not state:
return HttpResponseForbidden()
else:
return HttpResponseRedirect("/wx/authorize?state=" + state + "&sid=" + school_id)
else:
token = request.GET.get("t", "")
now = datetime.datetime.now()
due_date = now + datetime.timedelta(hours=1)
# login_code = LoginCode.objects.filter(value=token, create_time__lt=due_date, del_flag=FLAG_NO).first()
login_code = None # 暂时不允许直接通过token登陆。后面有需要再改,可能会通过openid登陆。
if not login_code:
return HttpResponseForbidden('<h1>Forbidden<br/> 请从手机微信公众号上登陆使用本系统</h1>')
else:
login_code.del_flag = FLAG_YES
auth.login(request, login_code.account)
login_code.save()
return view_func(request, *args, **kwargs)
else:
return view_func(request, *args, **kwargs)
except Exception as ex:
sErrInfo = traceback.format_exc()
logger.error(sErrInfo)
return HttpResponseForbidden('<h1>Forbidden</h1>')
def test_login_redirect_based_on_cookie(monkeypatch, django_user_model, settings):
"""
Test the case where the login view authenticates a new user and redirects them based on cookie.
"""
# No need to test the message framework
settings.CAS_LOGIN_MSG = None
# Make sure we use our backend
settings.AUTHENTICATION_BACKENDS = ['django_cas_ng.backends.CASBackend']
# Json serializer was havinga hard time
settings.SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
# Store next as cookie
settings.CAS_STORE_NEXT = True
def mock_verify(ticket, service):
return '*****@*****.**', {'ticket': ticket, 'service': service}, None
monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify)
factory = RequestFactory()
request = factory.get('/login/', {'ticket': 'fake-ticket',
'service': 'fake-service'})
# Create a session object from the middleware
process_request_for_middleware(request, SessionMiddleware)
# Create a user object from middleware
process_request_for_middleware(request, AuthenticationMiddleware)
# Add the next pointer
request.session['CASNEXT'] = '/admin/'
response = login(request)
assert response.status_code == 302
assert response['Location'] == '/admin/'
assert 'CASNEXT' not in request.session
if django.VERSION[0] < 2:
assert django_user_model.objects.get(username='******').is_authenticated() is True
else:
assert django_user_model.objects.get(username='******').is_authenticated is True
def test_login_delete_not_allowed():
factory = RequestFactory()
request = factory.delete('/login/')
response = login(request)
assert response.status_code == 405
def test_login_delete_not_allowed():
factory = RequestFactory()
request = factory.delete('/login/')
response = login(request)
assert response.status_code == 405
def cas_login(request):
return cas_views.login(request)
def login(request, **kwargs):
return casviews.login(request, **kwargs)
def page_login(request):
return cas_views.login(request)
