async def test_token_authentication(self):
obj1 = user.User(self._app, self.LDAP_USERNAME, self.LDAP_PASSWORD)
self.assertTrue(await obj1.authenticate())
token = await self.get_token(self.LDAP_USERNAME)
obj2 = user.User(self._app, None, None, token)
self.assertTrue(await obj2.authenticate())
self.assertEqual(obj1.username, obj2.username)
async def test_reset_on_authentication_failure(self):
obj = user.User(self.app, LDAP_USERNAME, LDAP_PASSWORD)
self.assertTrue(await obj.authenticate())
for key in {'display_name', 'email_address', 'external_id'}:
self.assertIsNotNone(getattr(obj, key))
obj = user.User(self.app, LDAP_USERNAME, str(uuid.uuid4()))
self.assertFalse(await obj.authenticate())
for key in {'display_name', 'email_address', 'external_id'}:
self.assertIsNone(getattr(obj, key))
async def test_token_authentication(self):
obj1 = user.User(self.app, LDAP_USERNAME, LDAP_PASSWORD)
self.assertTrue(await obj1.authenticate())
token = str(uuid.uuid4())
async with self.cursor() as cursor:
await cursor.execute(self.SQL_INSERT_TOKEN, {
'username': obj1.username,
'token': token
})
obj2 = user.User(self.app, None, None, token)
self.assertTrue(await obj2.authenticate())
self.assertEqual(obj1.username, obj2.username)
async def test_authenticate_happy_path(self):
user_value = await self.setup_user()
group_value = await self.setup_group()
await self.setup_group_membership(user_value['username'],
group_value['name'])
obj = user.User(self.app, user_value['username'],
user_value['password'])
self.assertTrue(await obj.authenticate())
values = obj.as_dict()
for key in {
'created_at', 'last_refreshed_at', 'last_seen_at', 'password'
}:
self.assertIn(key, values)
del values[key]
values['groups'] = [dict(g) for g in values['groups']]
expectation = {
'username': user_value['username'],
'user_type': 'internal',
'external_id': None,
'display_name': user_value['display_name'],
'email_address': user_value['email_address'],
'groups': [group_value]
}
self.assertDictEqual(values, expectation)
for role in group_value['permissions']:
self.assertTrue(obj.has_permission(role))
self.assertFalse(obj.has_permission('other'))
async def test_token_authentication(self):
user_value = await self.setup_user()
token = await self.get_token(user_value['username'])
obj = user.User(self._app, None, None, token)
self.assertTrue(await obj.authenticate())
for key in {'display_name', 'email_address'}:
self.assertEqual(user_value[key], getattr(obj, key))
async def test_refresh(self):
user_value = await self.setup_user()
group_value = await self.setup_group()
await self.setup_group_membership(
user_value['username'], group_value['name'])
obj = user.User(
self._app, user_value['username'], user_value['password'])
self.assertTrue(await obj.authenticate())
display_name = str(uuid.uuid4())
self.assertNotEqual(display_name, user_value['display_name'])
await self.postgres_execute(
self.SQL_UPDATE_DISPLAY_NAME,
{'display_name': display_name, 'username': user_value['username']})
await obj.refresh()
values = obj.as_dict()
for key in {
'created_at', 'last_refreshed_at', 'last_seen_at', 'password'}:
self.assertIn(key, values)
del values[key]
expectation = {
'username': user_value['username'],
'user_type': 'internal',
'external_id': None,
'display_name': display_name,
'email_address': user_value['email_address'],
'groups': [group_value['name']],
'permissions': sorted(set(group_value['permissions']))
}
self.assertDictEqual(values, expectation)
async def test_password_is_decrypted_on_assignment(self):
username = str(uuid.uuid4())
password = str(uuid.uuid4())
obj = user.User(
self._app, username,
self._app.encrypt_value('password', password))
self.assertEqual(obj.password, password)
async def _load_data(self) -> typing.Optional[user.User]:
"""Load the data from Redis, creating the user object and returning it
if there was a previously saved user,
:rtype: User or None
"""
LOGGER.debug('Loading session %s', self.id)
result = await self._redis.get(self._redis_key)
if not result:
LOGGER.info('Session %r not found', self.id)
return
data = json.loads(result.decode('utf-8'))
self.last_save = data['last_save']
self.start = data['start']
if not data.get('user'):
return
if 'password' in data['user']:
data['user']['password'] = self._application.decrypt_value(
'password', data['user']['password']).decode('utf-8')
user_obj = user.User(self._handler.application)
for key, value in data['user'].items():
setattr(user_obj, key, value)
return user_obj
async def test_should_refresh_true(self):
user_value = await self.setup_user()
obj = user.User(self.app, user_value['username'],
user_value['password'])
self.assertTrue(await obj.authenticate())
self.assertFalse(obj.should_refresh)
obj.last_refreshed_at = timestamp.utcnow() - (obj.REFRESH_AFTER * 2)
self.assertTrue(obj.should_refresh)
async def test_update_last_seen_at(self):
user_value = await self.setup_user()
obj = user.User(self.app, user_value['username'],
user_value['password'])
self.assertTrue(await obj.authenticate())
last_seen_at = obj.last_seen_at
await obj.update_last_seen_at()
self.assertGreater(obj.last_seen_at, last_seen_at)
async def get_current_user(self) -> typing.Optional[user.User]:
"""Used by the system to manage authentication behaviors."""
if self.session and self.session.user:
return self.session.user
token = self.request.headers.get('Private-Token', None)
if token:
current_user = user.User(self.application, token=token)
if await current_user.authenticate():
return current_user
async def test_reset_on_authentication_failure(self):
user_value = await self.setup_user()
obj = user.User(self.app, user_value['username'],
user_value['password'])
self.assertTrue(await obj.authenticate())
for key in {'display_name', 'email_address'}:
self.assertEqual(user_value[key], getattr(obj, key))
obj.password = str(uuid.uuid4())
self.assertFalse(await obj.authenticate())
for key in {'display_name', 'email_address'}:
self.assertIsNone(getattr(obj, key))
async def test_token_authentication_failure(self):
user_value = await self.setup_user()
token = str(uuid.uuid4())
async with self.cursor() as cursor:
await cursor.execute(self.SQL_INSERT_TOKEN, {
'username': user_value['username'],
'token': token
})
obj = user.User(self.app, None, None, str(uuid.uuid4()))
self.assertFalse(await obj.authenticate())
async def authenticate(self, username: str, password: str) -> bool:
"""Authenticate the user and attach it to the session
:param username: The username to authenticate with
:param password: The password to use when authenticating
"""
self.user = user.User(self._handler.application, username, password)
self.authenticated = await self.user.authenticate()
if not self.authenticated:
self.user = None
await self.clear()
return False
return True
async def test_token_authentication(self):
user_value = await self.setup_user()
token = str(uuid.uuid4())
async with self.cursor() as cursor:
await cursor.execute(self.SQL_INSERT_TOKEN, {
'username': user_value['username'],
'token': token
})
obj = user.User(self.app, None, None, token)
self.assertTrue(await obj.authenticate())
for key in {'display_name', 'email_address'}:
self.assertEqual(user_value[key], getattr(obj, key))
async def test_authenticate(self):
obj = user.User(self.app, LDAP_USERNAME, LDAP_PASSWORD)
self.assertTrue(await obj.authenticate())
await obj.refresh()
values = obj.as_dict()
for key in {
'created_at', 'last_refreshed_at', 'last_seen_at', 'password'
}:
self.assertIn(key, values)
del values[key]
values['groups'] = sorted((dict(g) for g in values['groups']),
key=lambda v: v['name'])
expectation = {
'username':
'******',
'user_type':
'ldap',
'external_id':
'cn=test,ou=users,dc=example,dc=org',
'display_name':
'Its Imbi',
'email_address':
'*****@*****.**',
'groups': [{
'name': 'admin',
'permissions': ['admin']
}, {
'name': 'imbi',
'permissions': ['reader']
}]
}
self.assertDictEqual(values, expectation)
self.assertTrue(obj.has_permission('admin'))
self.assertFalse(obj.has_permission('other'))
async def test_should_refresh_true(self):
obj = user.User(self.app, LDAP_USERNAME, LDAP_PASSWORD)
self.assertTrue(await obj.authenticate())
self.assertFalse(obj.should_refresh)
obj.last_refreshed_at = timestamp.utcnow() - (obj.REFRESH_AFTER * 2)
self.assertTrue(obj.should_refresh)
async def test_should_refresh_false(self):
obj = user.User(self.app, LDAP_USERNAME, LDAP_PASSWORD)
self.assertTrue(await obj.authenticate())
self.assertFalse(obj.should_refresh)
async def test_token_authentication_failure(self):
obj = user.User(self._app, 'foo', None, str(uuid.uuid4()))
self.assertFalse(await obj.authenticate())
async def test_should_refresh_false(self):
user_value = await self.setup_user()
obj = user.User(self.app, user_value['username'],
user_value['password'])
self.assertTrue(await obj.authenticate())
self.assertFalse(obj.should_refresh)
async def test_authentication_failure_without_password(self):
obj = user.User(self.app, LDAP_USERNAME)
self.assertFalse(await obj.authenticate())
