async def test_token_authentication(self): obj1 = user.User(self._app, self.LDAP_USERNAME, self.LDAP_PASSWORD) self.assertTrue(await obj1.authenticate()) token = await self.get_token(self.LDAP_USERNAME) obj2 = user.User(self._app, None, None, token) self.assertTrue(await obj2.authenticate()) self.assertEqual(obj1.username, obj2.username)
async def test_reset_on_authentication_failure(self): obj = user.User(self.app, LDAP_USERNAME, LDAP_PASSWORD) self.assertTrue(await obj.authenticate()) for key in {'display_name', 'email_address', 'external_id'}: self.assertIsNotNone(getattr(obj, key)) obj = user.User(self.app, LDAP_USERNAME, str(uuid.uuid4())) self.assertFalse(await obj.authenticate()) for key in {'display_name', 'email_address', 'external_id'}: self.assertIsNone(getattr(obj, key))
async def test_token_authentication(self): obj1 = user.User(self.app, LDAP_USERNAME, LDAP_PASSWORD) self.assertTrue(await obj1.authenticate()) token = str(uuid.uuid4()) async with self.cursor() as cursor: await cursor.execute(self.SQL_INSERT_TOKEN, { 'username': obj1.username, 'token': token }) obj2 = user.User(self.app, None, None, token) self.assertTrue(await obj2.authenticate()) self.assertEqual(obj1.username, obj2.username)
async def test_authenticate_happy_path(self): user_value = await self.setup_user() group_value = await self.setup_group() await self.setup_group_membership(user_value['username'], group_value['name']) obj = user.User(self.app, user_value['username'], user_value['password']) self.assertTrue(await obj.authenticate()) values = obj.as_dict() for key in { 'created_at', 'last_refreshed_at', 'last_seen_at', 'password' }: self.assertIn(key, values) del values[key] values['groups'] = [dict(g) for g in values['groups']] expectation = { 'username': user_value['username'], 'user_type': 'internal', 'external_id': None, 'display_name': user_value['display_name'], 'email_address': user_value['email_address'], 'groups': [group_value] } self.assertDictEqual(values, expectation) for role in group_value['permissions']: self.assertTrue(obj.has_permission(role)) self.assertFalse(obj.has_permission('other'))
async def test_token_authentication(self): user_value = await self.setup_user() token = await self.get_token(user_value['username']) obj = user.User(self._app, None, None, token) self.assertTrue(await obj.authenticate()) for key in {'display_name', 'email_address'}: self.assertEqual(user_value[key], getattr(obj, key))
async def test_refresh(self): user_value = await self.setup_user() group_value = await self.setup_group() await self.setup_group_membership( user_value['username'], group_value['name']) obj = user.User( self._app, user_value['username'], user_value['password']) self.assertTrue(await obj.authenticate()) display_name = str(uuid.uuid4()) self.assertNotEqual(display_name, user_value['display_name']) await self.postgres_execute( self.SQL_UPDATE_DISPLAY_NAME, {'display_name': display_name, 'username': user_value['username']}) await obj.refresh() values = obj.as_dict() for key in { 'created_at', 'last_refreshed_at', 'last_seen_at', 'password'}: self.assertIn(key, values) del values[key] expectation = { 'username': user_value['username'], 'user_type': 'internal', 'external_id': None, 'display_name': display_name, 'email_address': user_value['email_address'], 'groups': [group_value['name']], 'permissions': sorted(set(group_value['permissions'])) } self.assertDictEqual(values, expectation)
async def test_password_is_decrypted_on_assignment(self): username = str(uuid.uuid4()) password = str(uuid.uuid4()) obj = user.User( self._app, username, self._app.encrypt_value('password', password)) self.assertEqual(obj.password, password)
async def _load_data(self) -> typing.Optional[user.User]: """Load the data from Redis, creating the user object and returning it if there was a previously saved user, :rtype: User or None """ LOGGER.debug('Loading session %s', self.id) result = await self._redis.get(self._redis_key) if not result: LOGGER.info('Session %r not found', self.id) return data = json.loads(result.decode('utf-8')) self.last_save = data['last_save'] self.start = data['start'] if not data.get('user'): return if 'password' in data['user']: data['user']['password'] = self._application.decrypt_value( 'password', data['user']['password']).decode('utf-8') user_obj = user.User(self._handler.application) for key, value in data['user'].items(): setattr(user_obj, key, value) return user_obj
async def test_should_refresh_true(self): user_value = await self.setup_user() obj = user.User(self.app, user_value['username'], user_value['password']) self.assertTrue(await obj.authenticate()) self.assertFalse(obj.should_refresh) obj.last_refreshed_at = timestamp.utcnow() - (obj.REFRESH_AFTER * 2) self.assertTrue(obj.should_refresh)
async def test_update_last_seen_at(self): user_value = await self.setup_user() obj = user.User(self.app, user_value['username'], user_value['password']) self.assertTrue(await obj.authenticate()) last_seen_at = obj.last_seen_at await obj.update_last_seen_at() self.assertGreater(obj.last_seen_at, last_seen_at)
async def get_current_user(self) -> typing.Optional[user.User]: """Used by the system to manage authentication behaviors.""" if self.session and self.session.user: return self.session.user token = self.request.headers.get('Private-Token', None) if token: current_user = user.User(self.application, token=token) if await current_user.authenticate(): return current_user
async def test_reset_on_authentication_failure(self): user_value = await self.setup_user() obj = user.User(self.app, user_value['username'], user_value['password']) self.assertTrue(await obj.authenticate()) for key in {'display_name', 'email_address'}: self.assertEqual(user_value[key], getattr(obj, key)) obj.password = str(uuid.uuid4()) self.assertFalse(await obj.authenticate()) for key in {'display_name', 'email_address'}: self.assertIsNone(getattr(obj, key))
async def test_token_authentication_failure(self): user_value = await self.setup_user() token = str(uuid.uuid4()) async with self.cursor() as cursor: await cursor.execute(self.SQL_INSERT_TOKEN, { 'username': user_value['username'], 'token': token }) obj = user.User(self.app, None, None, str(uuid.uuid4())) self.assertFalse(await obj.authenticate())
async def authenticate(self, username: str, password: str) -> bool: """Authenticate the user and attach it to the session :param username: The username to authenticate with :param password: The password to use when authenticating """ self.user = user.User(self._handler.application, username, password) self.authenticated = await self.user.authenticate() if not self.authenticated: self.user = None await self.clear() return False return True
async def test_token_authentication(self): user_value = await self.setup_user() token = str(uuid.uuid4()) async with self.cursor() as cursor: await cursor.execute(self.SQL_INSERT_TOKEN, { 'username': user_value['username'], 'token': token }) obj = user.User(self.app, None, None, token) self.assertTrue(await obj.authenticate()) for key in {'display_name', 'email_address'}: self.assertEqual(user_value[key], getattr(obj, key))
async def test_authenticate(self): obj = user.User(self.app, LDAP_USERNAME, LDAP_PASSWORD) self.assertTrue(await obj.authenticate()) await obj.refresh() values = obj.as_dict() for key in { 'created_at', 'last_refreshed_at', 'last_seen_at', 'password' }: self.assertIn(key, values) del values[key] values['groups'] = sorted((dict(g) for g in values['groups']), key=lambda v: v['name']) expectation = { 'username': '******', 'user_type': 'ldap', 'external_id': 'cn=test,ou=users,dc=example,dc=org', 'display_name': 'Its Imbi', 'email_address': '*****@*****.**', 'groups': [{ 'name': 'admin', 'permissions': ['admin'] }, { 'name': 'imbi', 'permissions': ['reader'] }] } self.assertDictEqual(values, expectation) self.assertTrue(obj.has_permission('admin')) self.assertFalse(obj.has_permission('other'))
async def test_should_refresh_true(self): obj = user.User(self.app, LDAP_USERNAME, LDAP_PASSWORD) self.assertTrue(await obj.authenticate()) self.assertFalse(obj.should_refresh) obj.last_refreshed_at = timestamp.utcnow() - (obj.REFRESH_AFTER * 2) self.assertTrue(obj.should_refresh)
async def test_should_refresh_false(self): obj = user.User(self.app, LDAP_USERNAME, LDAP_PASSWORD) self.assertTrue(await obj.authenticate()) self.assertFalse(obj.should_refresh)
async def test_token_authentication_failure(self): obj = user.User(self._app, 'foo', None, str(uuid.uuid4())) self.assertFalse(await obj.authenticate())
async def test_should_refresh_false(self): user_value = await self.setup_user() obj = user.User(self.app, user_value['username'], user_value['password']) self.assertTrue(await obj.authenticate()) self.assertFalse(obj.should_refresh)
async def test_authentication_failure_without_password(self): obj = user.User(self.app, LDAP_USERNAME) self.assertFalse(await obj.authenticate())