Пример #1
0
 def test_random_source(self, authenticate_mock):
     backend = MozilliansAuthBackend()
     request_mock = Mock()
     request_mock.META = {'HTTP_REFERER': settings.SITE_URL + '/?source=foobar'}
     backend.request = request_mock
     backend.authenticate(request=request_mock)
     eq_(backend.referral_source, None)
Пример #2
0
 def test_filter_users_by_secondary_email(self):
     backend = MozilliansAuthBackend()
     user = UserFactory.create(email='*****@*****.**')
     kwargs = {'type': ExternalAccount.TYPE_EMAIL, 'identifier': '*****@*****.**'}
     user.userprofile.externalaccount_set.create(**kwargs)
     result = backend.filter_users_by_email('*****@*****.**')
     eq_(result[0], user)
    def setUp(self):
        """Setup class."""

        # Avoid circular dependencies
        from mozillians.common.authbackend import MozilliansAuthBackend

        self.backend = MozilliansAuthBackend()
Пример #4
0
 def test_get_involved_source(self, authenticate_mock):
     backend = MozilliansAuthBackend()
     request_mock = Mock()
     request_mock.META = {'HTTP_REFERER': settings.SITE_URL + '/?source=contribute'}
     backend.request = request_mock
     backend.authenticate(request=request_mock)
     eq_(backend.referral_source, 'contribute')
Пример #5
0
 def test_random_source(self, authenticate_mock):
     backend = MozilliansAuthBackend()
     request_mock = Mock()
     request_mock.META = {
         'HTTP_REFERER': settings.SITE_URL + '/?source=foobar'
     }
     backend.request = request_mock
     backend.authenticate(request=request_mock)
     eq_(backend.referral_source, None)
Пример #6
0
 def test_get_involved_source(self, authenticate_mock):
     backend = MozilliansAuthBackend()
     request_mock = Mock()
     request_mock.META = {
         'HTTP_REFERER': settings.SITE_URL + '/?source=contribute'
     }
     backend.request = request_mock
     backend.authenticate(request=request_mock)
     eq_(backend.referral_source, 'contribute')
Пример #7
0
 def test_filter_users_by_secondary_email(self):
     backend = MozilliansAuthBackend()
     user = UserFactory.create(email='*****@*****.**')
     kwargs = {
         'type': ExternalAccount.TYPE_EMAIL,
         'identifier': '*****@*****.**'
     }
     user.userprofile.externalaccount_set.create(**kwargs)
     result = backend.filter_users_by_email('*****@*****.**')
     eq_(result[0], user)
Пример #8
0
    def test_create_user_integrity_error(self):
        backend = MozilliansAuthBackend()
        backend.User = Mock()
        error = IntegrityError()
        user = UserFactory.create()
        backend.User.objects.create_user.side_effect = error
        backend.User.objects.get.return_value = user

        eq_(backend.create_user('*****@*****.**'), user)

        backend.User.DoesNotExist = Exception
        backend.User.objects.get.side_effect = backend.User.DoesNotExist
        with self.assertRaises(IntegrityError) as e:
            backend.create_user('*****@*****.**')

        eq_(e.exception, error)
Пример #9
0
    def test_create_user_integrity_error(self):
        backend = MozilliansAuthBackend()
        backend.User = Mock()
        error = IntegrityError()
        user = UserFactory.create()
        backend.User.objects.create_user.side_effect = error
        backend.User.objects.get.return_value = user

        eq_(backend.create_user('*****@*****.**'), user)

        backend.User.DoesNotExist = Exception
        backend.User.objects.get.side_effect = backend.User.DoesNotExist
        with self.assertRaises(IntegrityError) as e:
            backend.create_user('*****@*****.**')

        eq_(e.exception, error)
Пример #10
0
    def setUp(self):
        """Setup class."""

        # Avoid circular dependencies
        from mozillians.common.authbackend import MozilliansAuthBackend
        self.backend = MozilliansAuthBackend()
Пример #11
0
class MozilliansAuthBackendTests(TestCase):
    """Test Mozillian's Authentication Backend."""

    @override_settings(OIDC_OP_TOKEN_ENDPOINT='https://server.example.com/token')
    @override_settings(OIDC_OP_USER_ENDPOINT='https://server.example.com/user')
    @override_settings(OIDC_RP_CLIENT_ID='example_id')
    @override_settings(OIDC_RP_CLIENT_SECRET='client_secret')
    def setUp(self):
        """Setup class."""

        # Avoid circular dependencies
        from mozillians.common.authbackend import MozilliansAuthBackend
        self.backend = MozilliansAuthBackend()

    def test_add_a_new_email(self):
        """Test to add a new email in an authenticated user."""

        user = UserFactory.create(email='*****@*****.**')
        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        request_mock.user.is_authenticated = Mock()
        request_mock.user.is_authenticated.return_value = True
        self.backend.request = request_mock
        claims = {
            'email': '*****@*****.**'
        }
        email_q = ExternalAccount.objects.filter(type=ExternalAccount.TYPE_EMAIL,
                                                 user=user.userprofile,
                                                 identifier='*****@*****.**')
        ok_(not email_q.exists())
        returned_user = self.backend.filter_users_by_claims(claims)
        email_q = ExternalAccount.objects.filter(type=ExternalAccount.TYPE_EMAIL,
                                                 user=user.userprofile,
                                                 identifier='*****@*****.**')
        ok_(email_q.exists())
        eq_(len(returned_user), 1)
        eq_(returned_user[0], user)

    @patch('mozillians.common.authbackend.messages.error')
    def test_alternate_email_already_exists(self, mocked_message):
        """Test to add an email that already exists."""

        user = UserFactory.create(email='*****@*****.**')
        ExternalAccount.objects.create(type=ExternalAccount.TYPE_EMAIL,
                                       user=user.userprofile,
                                       identifier='*****@*****.**')
        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        request_mock.user.is_authenticated = Mock()
        request_mock.user.is_authenticated.return_value = True
        self.backend.request = request_mock
        claims = {
            'email': '*****@*****.**'
        }
        returned_user = self.backend.filter_users_by_claims(claims)
        email_q = ExternalAccount.objects.filter(type=ExternalAccount.TYPE_EMAIL,
                                                 user=user.userprofile,
                                                 identifier='*****@*****.**')
        ok_(email_q.exists())
        eq_(len(returned_user), 1)
        eq_(returned_user[0], user)
        ok_(not mocked_message.called)

    @patch('mozillians.common.authbackend.messages.error')
    def test_add_primary_email_as_alternate(self, mocked_message):
        """Test to add the primary email as alternate."""

        user = UserFactory.create(email='*****@*****.**')
        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        request_mock.user.is_authenticated = Mock()
        request_mock.user.is_authenticated.return_value = True
        self.backend.request = request_mock
        claims = {
            'email': '*****@*****.**'
        }
        self.backend.filter_users_by_claims(claims)
        email_q = ExternalAccount.objects.filter(type=ExternalAccount.TYPE_EMAIL,
                                                 user=user.userprofile,
                                                 identifier='*****@*****.**')
        ok_(not mocked_message.called)
        ok_(not email_q.exists())

    @patch('mozillians.common.authbackend.messages.error')
    def test_add_email_belonging_to_other_user(self, mocked_message):
        """Test to add an email belonging to another user."""

        user1 = UserFactory.create(email='*****@*****.**')
        UserFactory.create(email='*****@*****.**')
        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user1
        request_mock.user.is_authenticated = Mock()
        request_mock.user.is_authenticated.return_value = True
        self.backend.request = request_mock
        claims = {
            'email': '*****@*****.**'
        }
        returned_user = self.backend.filter_users_by_claims(claims)
        email_q = ExternalAccount.objects.filter(type=ExternalAccount.TYPE_EMAIL,
                                                 user=user1.userprofile,
                                                 identifier='*****@*****.**')
        mocked_message.assert_called_once_with(request_mock, u'Email [email protected] already '
                                                             'exists in the database.')
        ok_(not email_q.exists())
        eq_(len(returned_user), 1)
        eq_(returned_user[0], user1)
Пример #12
0
class MozilliansAuthBackendTests(TestCase):
    """Test Mozillian's Authentication Backend."""

    @override_settings(OIDC_OP_TOKEN_ENDPOINT='https://server.example.com/token')
    @override_settings(OIDC_OP_USER_ENDPOINT='https://server.example.com/user')
    @override_settings(OIDC_RP_CLIENT_ID='example_id')
    @override_settings(OIDC_RP_CLIENT_SECRET='client_secret')
    def setUp(self):
        """Setup class."""

        # Avoid circular dependencies
        from mozillians.common.authbackend import MozilliansAuthBackend
        self.backend = MozilliansAuthBackend()

    @patch('mozillians.common.authbackend.messages')
    def test_add_a_new_email_identity(self, mocked_message):
        """Test to add a new email in an authenticated user."""
        user = UserFactory.create(email='*****@*****.**')
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id='email|',
            email=user.email,
            primary=True
        )
        claims = {
            'email': '*****@*****.**',
            'user_id': 'ad|ldap'
        }

        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock

        email_q = IdpProfile.objects.filter(profile=user.userprofile,
                                            email='*****@*****.**')
        ok_(not email_q.exists())
        returned_user = self.backend.check_authentication_method(user)
        email_q = IdpProfile.objects.filter(profile=user.userprofile,
                                            email='*****@*****.**')
        ok_(email_q.exists())
        eq_(returned_user, user)
        ok_(not mocked_message.called)

    @patch('mozillians.common.authbackend.messages')
    def test_identity_already_exists(self, mocked_message):
        """Test to add an email that already exists."""

        user = UserFactory.create(email='*****@*****.**')
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id='email|',
            email=user.email,
            primary=True
        )
        claims = {
            'email': '*****@*****.**',
            'user_id': 'email|'
        }

        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock
        self.backend.check_authentication_method(user)
        idp_q = IdpProfile.objects.filter(auth0_user_id='email|',
                                          email=user.email,
                                          profile=user.userprofile)
        eq_(idp_q.count(), 1)
        ok_(not mocked_message.called)

    @patch('mozillians.common.authbackend.messages')
    def test_identity_single_auth0_id_multiple_emails(self, mocked_message):
        """Test to add an email that already exists."""

        user = UserFactory.create(email='*****@*****.**')
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id='github|12345',
            email='*****@*****.**',
            primary=True
        )
        claims = {
            'email': '*****@*****.**',
            'user_id': 'github|12345'
        }

        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock
        self.backend.check_authentication_method(user)

        eq_(IdpProfile.objects.filter(
            profile=user.userprofile, primary=True, email='*****@*****.**').count(), 1)
        eq_(IdpProfile.objects.filter(
            profile=user.userprofile, primary=False, email='*****@*****.**').count(), 1)

    @patch('mozillians.common.authbackend.messages')
    def test_add_idp_wrong_flow(self, mocked_message):
        """Test logging in with a weaker provider compared to the current one"""

        user = UserFactory.create(email='*****@*****.**')
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id='ad|foobar',
            primary=True
        )
        claims = {
            'email': '*****@*****.**',
            'user_id': 'foobar'
        }

        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock

        returned_user = self.backend.check_authentication_method(user)
        msg = 'Please use one of the following authentication methods: LDAP Provider'
        mocked_message.error.assert_called_once_with(request_mock, msg)

        eq_(returned_user, None)

    def test_filter_users_with_email_belonging_to_non_primary_identity(self):
        """Test filter users with a non primary identity."""

        user = UserFactory.create(email='*****@*****.**')
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id='email|1',
            email='*****@*****.**',
            primary=False
        )
        claims = {
            'email': '*****@*****.**',
            'user_id': 'email|1'
        }

        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock
        users = self.backend.filter_users_by_claims(claims)
        idp_q = IdpProfile.objects.filter(auth0_user_id='email|1',
                                          email='*****@*****.**',
                                          profile=user.userprofile)
        eq_(idp_q.count(), 1)
        eq_(users[0], user)

    def test_filter_users_with_a_non_existing_identity(self):
        """Test filter users with a non primary identity."""

        user = UserFactory.create(email='*****@*****.**')
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id='email|1',
            email='*****@*****.**',
            primary=True
        )
        claims = {
            'email': '*****@*****.**',
            'user_id': 'email|2'
        }

        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock
        users = self.backend.filter_users_by_claims(claims)
        idp_q = IdpProfile.objects.filter(auth0_user_id='email|1',
                                          email='*****@*****.**',
                                          profile=user.userprofile)
        eq_(idp_q.count(), 1)
        eq_(list(users), [])
Пример #13
0
class MozilliansAuthBackendTests(TestCase):
    """Test Mozillian's Authentication Backend."""
    @override_settings(
        OIDC_OP_TOKEN_ENDPOINT='https://server.example.com/token')
    @override_settings(OIDC_OP_USER_ENDPOINT='https://server.example.com/user')
    @override_settings(OIDC_RP_CLIENT_ID='example_id')
    @override_settings(OIDC_RP_CLIENT_SECRET='client_secret')
    def setUp(self):
        """Setup class."""

        # Avoid circular dependencies
        from mozillians.common.authbackend import MozilliansAuthBackend
        self.backend = MozilliansAuthBackend()

    def test_add_a_new_email(self):
        """Test to add a new email in an authenticated user."""

        user = UserFactory.create(email='*****@*****.**')
        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        request_mock.user.is_authenticated = Mock()
        request_mock.user.is_authenticated.return_value = True
        self.backend.request = request_mock
        claims = {'email': '*****@*****.**'}
        email_q = ExternalAccount.objects.filter(
            type=ExternalAccount.TYPE_EMAIL,
            user=user.userprofile,
            identifier='*****@*****.**')
        ok_(not email_q.exists())
        returned_user = self.backend.filter_users_by_claims(claims)
        email_q = ExternalAccount.objects.filter(
            type=ExternalAccount.TYPE_EMAIL,
            user=user.userprofile,
            identifier='*****@*****.**')
        ok_(email_q.exists())
        eq_(len(returned_user), 1)
        eq_(returned_user[0], user)

    @patch('mozillians.common.authbackend.messages.error')
    def test_alternate_email_already_exists(self, mocked_message):
        """Test to add an email that already exists."""

        user = UserFactory.create(email='*****@*****.**')
        ExternalAccount.objects.create(type=ExternalAccount.TYPE_EMAIL,
                                       user=user.userprofile,
                                       identifier='*****@*****.**')
        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        request_mock.user.is_authenticated = Mock()
        request_mock.user.is_authenticated.return_value = True
        self.backend.request = request_mock
        claims = {'email': '*****@*****.**'}
        returned_user = self.backend.filter_users_by_claims(claims)
        email_q = ExternalAccount.objects.filter(
            type=ExternalAccount.TYPE_EMAIL,
            user=user.userprofile,
            identifier='*****@*****.**')
        ok_(email_q.exists())
        eq_(len(returned_user), 1)
        eq_(returned_user[0], user)
        mocked_message.assert_called_once_with(
            request_mock, u'Email [email protected] already '
            'exists in the database.')

    @patch('mozillians.common.authbackend.messages.error')
    def test_add_primary_email_as_alternate(self, mocked_message):
        """Test to add the primary email as alternate."""

        user = UserFactory.create(email='*****@*****.**')
        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        request_mock.user.is_authenticated = Mock()
        request_mock.user.is_authenticated.return_value = True
        self.backend.request = request_mock
        claims = {'email': '*****@*****.**'}
        self.backend.filter_users_by_claims(claims)
        email_q = ExternalAccount.objects.filter(
            type=ExternalAccount.TYPE_EMAIL,
            user=user.userprofile,
            identifier='*****@*****.**')
        mocked_message.assert_called_once_with(
            request_mock, u'Email [email protected] already '
            'exists in the database.')
        ok_(not email_q.exists())

    @patch('mozillians.common.authbackend.messages.error')
    def test_add_email_belonging_to_other_user(self, mocked_message):
        """Test to add an email belonging to another user."""

        user1 = UserFactory.create(email='*****@*****.**')
        UserFactory.create(email='*****@*****.**')
        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user1
        request_mock.user.is_authenticated = Mock()
        request_mock.user.is_authenticated.return_value = True
        self.backend.request = request_mock
        claims = {'email': '*****@*****.**'}
        returned_user = self.backend.filter_users_by_claims(claims)
        email_q = ExternalAccount.objects.filter(
            type=ExternalAccount.TYPE_EMAIL,
            user=user1.userprofile,
            identifier='*****@*****.**')
        mocked_message.assert_called_once_with(
            request_mock, u'Email [email protected] already '
            'exists in the database.')
        ok_(not email_q.exists())
        eq_(len(returned_user), 1)
        eq_(returned_user[0], user1)
Пример #14
0
class MozilliansAuthBackendTests(TestCase):
    """Test Mozillian's Authentication Backend."""

    @override_settings(OIDC_OP_TOKEN_ENDPOINT='https://server.example.com/token')
    @override_settings(OIDC_OP_USER_ENDPOINT='https://server.example.com/user')
    @override_settings(OIDC_RP_CLIENT_ID='example_id')
    @override_settings(OIDC_RP_CLIENT_SECRET='client_secret')
    def setUp(self):
        """Setup class."""

        # Avoid circular dependencies
        from mozillians.common.authbackend import MozilliansAuthBackend
        self.backend = MozilliansAuthBackend()

    def test_add_a_new_email_identity(self):
        """Test to add a new email in an authenticated user."""
        user = UserFactory.create(email='*****@*****.**')
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id='email|',
            email=user.email,
            primary=True
        )
        claims = {
            'email': '*****@*****.**',
            'user_id': 'ad|ldap'
        }

        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock

        email_q = IdpProfile.objects.filter(profile=user.userprofile,
                                            email='*****@*****.**')
        ok_(not email_q.exists())
        returned_user = self.backend.check_authentication_method(user)
        email_q = IdpProfile.objects.filter(profile=user.userprofile,
                                            email='*****@*****.**')
        ok_(email_q.exists())
        eq_(returned_user, user)

    def test_identity_already_exists(self):
        """Test to add an email that already exists."""

        user = UserFactory.create(email='*****@*****.**')
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id='email|',
            email=user.email,
            primary=True
        )
        claims = {
            'email': '*****@*****.**',
            'user_id': 'email|'
        }

        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock
        self.backend.check_authentication_method(user)
        idp_q = IdpProfile.objects.filter(auth0_user_id='email|',
                                          email=user.email,
                                          profile=user.userprofile)
        eq_(idp_q.count(), 1)

    def test_identity_single_auth0_id_multiple_emails(self):
        """Test to add an email that already exists."""

        user = UserFactory.create(email='*****@*****.**')
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id='github|12345',
            email='*****@*****.**',
            primary=True
        )
        claims = {
            'email': '*****@*****.**',
            'user_id': 'github|12345',
            'nickname': 'foo'
        }

        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock
        self.backend.check_authentication_method(user)

        eq_(IdpProfile.objects.filter(
            profile=user.userprofile, primary=True,
            username='******', email='*****@*****.**').count(), 1)
        eq_(IdpProfile.objects.filter(
            profile=user.userprofile, primary=False,
            email='*****@*****.**').count(), 1)

    def test_filter_users_with_email_belonging_to_non_primary_identity(self):
        """Test filter users with a non primary identity."""

        user = UserFactory.create(email='*****@*****.**')
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id='email|1',
            email='*****@*****.**',
            primary=True
        )
        claims = {
            'email': '*****@*****.**',
            'user_id': 'email|1'
        }

        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock
        users = self.backend.filter_users_by_claims(claims)
        idp_q = IdpProfile.objects.filter(auth0_user_id='email|1',
                                          email='*****@*****.**',
                                          profile=user.userprofile)
        eq_(idp_q.count(), 1)
        eq_(users[0], user)

    def test_filter_users_with_a_non_existing_identity(self):
        """Test filter users with a non primary identity."""

        user = UserFactory.create(email='*****@*****.**')
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id='email|1',
            email='*****@*****.**',
            primary=True
        )
        claims = {
            'email': '*****@*****.**',
            'user_id': 'email|2'
        }

        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock
        users = self.backend.filter_users_by_claims(claims)
        idp_q = IdpProfile.objects.filter(auth0_user_id='email|1',
                                          email='*****@*****.**',
                                          profile=user.userprofile)
        eq_(idp_q.count(), 1)
        eq_(list(users), [])

    @override_settings(CAN_VOUCH_THRESHOLD=1)
    def test_auto_vouching(self):
        claims = {
            'email': '*****@*****.**',
            'user_id': 'ad|[email protected]',
            'https://sso.mozilla.com/claim/groups': ['hris_is_staff']
        }
        user = UserFactory.create(vouched=False, email='*****@*****.**')
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id='ad|[email protected]',
            email='*****@*****.**',
            primary=True
        )
        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock
        returned_user = self.backend.check_authentication_method(user)
        ok_(returned_user.userprofile.is_vouched)
        eq_(returned_user.userprofile.vouches_received.all()[0].autovouch, True)

    def test_auto_vouching_missing_is_staff_attribute(self):
        claims = {
            'email': '*****@*****.**',
            'user_id': 'ad|[email protected]',
            'https://sso.mozilla.com/claim/groups': ['hello world']
        }
        user = UserFactory.create(vouched=False, email='*****@*****.**')
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id='ad|[email protected]',
            email='*****@*****.**',
            primary=True
        )
        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock
        returned_user = self.backend.check_authentication_method(user)
        ok_(not returned_user.userprofile.is_vouched)
Пример #15
0
class MozilliansAuthBackendTests(TestCase):
    """Test Mozillian's Authentication Backend."""
    @override_settings(
        OIDC_OP_TOKEN_ENDPOINT="https://server.example.com/token")
    @override_settings(OIDC_OP_USER_ENDPOINT="https://server.example.com/user")
    @override_settings(OIDC_RP_CLIENT_ID="example_id")
    @override_settings(OIDC_RP_CLIENT_SECRET="client_secret")
    def setUp(self):
        """Setup class."""

        # Avoid circular dependencies
        from mozillians.common.authbackend import MozilliansAuthBackend

        self.backend = MozilliansAuthBackend()

    def test_add_a_new_email_identity(self):
        """Test to add a new email in an authenticated user."""
        user = UserFactory.create(email="*****@*****.**")
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id="email|",
            email=user.email,
            primary=True,
        )
        claims = {"email": "*****@*****.**", "user_id": "ad|ldap"}

        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock

        email_q = IdpProfile.objects.filter(profile=user.userprofile,
                                            email="*****@*****.**")
        ok_(not email_q.exists())
        returned_user = self.backend.check_authentication_method(user)
        email_q = IdpProfile.objects.filter(profile=user.userprofile,
                                            email="*****@*****.**")
        ok_(email_q.exists())
        eq_(returned_user, user)

    def test_identity_already_exists(self):
        """Test to add an email that already exists."""

        user = UserFactory.create(email="*****@*****.**")
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id="email|",
            email=user.email,
            primary=True,
        )
        claims = {"email": "*****@*****.**", "user_id": "email|"}

        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock
        self.backend.check_authentication_method(user)
        idp_q = IdpProfile.objects.filter(auth0_user_id="email|",
                                          email=user.email,
                                          profile=user.userprofile)
        eq_(idp_q.count(), 1)

    def test_identity_single_auth0_id_multiple_emails(self):
        """Test to add an email that already exists."""

        user = UserFactory.create(email="*****@*****.**")
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id="github|12345",
            email="*****@*****.**",
            primary=True,
        )
        claims = {
            "email": "*****@*****.**",
            "user_id": "github|12345",
            "nickname": "foo",
        }

        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock
        self.backend.check_authentication_method(user)

        eq_(
            IdpProfile.objects.filter(
                profile=user.userprofile,
                primary=True,
                username="******",
                email="*****@*****.**",
            ).count(),
            1,
        )
        eq_(
            IdpProfile.objects.filter(profile=user.userprofile,
                                      primary=False,
                                      email="*****@*****.**").count(),
            1,
        )

    def test_filter_users_with_email_belonging_to_non_primary_identity(self):
        """Test filter users with a non primary identity."""

        user = UserFactory.create(email="*****@*****.**")
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id="email|1",
            email="*****@*****.**",
            primary=True,
        )
        claims = {"email": "*****@*****.**", "user_id": "email|1"}

        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock
        users = self.backend.filter_users_by_claims(claims)
        idp_q = IdpProfile.objects.filter(auth0_user_id="email|1",
                                          email="*****@*****.**",
                                          profile=user.userprofile)
        eq_(idp_q.count(), 1)
        eq_(users[0], user)

    def test_filter_users_with_a_non_existing_identity(self):
        """Test filter users with a non primary identity."""

        user = UserFactory.create(email="*****@*****.**")
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id="email|1",
            email="*****@*****.**",
            primary=True,
        )
        claims = {"email": "*****@*****.**", "user_id": "email|2"}

        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock
        users = self.backend.filter_users_by_claims(claims)
        idp_q = IdpProfile.objects.filter(auth0_user_id="email|1",
                                          email="*****@*****.**",
                                          profile=user.userprofile)
        eq_(idp_q.count(), 1)
        eq_(list(users), [])

    @override_settings(CAN_VOUCH_THRESHOLD=1)
    def test_auto_vouching(self):
        claims = {
            "email": "*****@*****.**",
            "user_id": "ad|[email protected]",
            "https://sso.mozilla.com/claim/groups": ["hris_is_staff"],
        }
        user = UserFactory.create(vouched=False, email="*****@*****.**")
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id="ad|[email protected]",
            email="*****@*****.**",
            primary=True,
        )
        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock
        returned_user = self.backend.check_authentication_method(user)
        ok_(returned_user.userprofile.is_vouched)
        eq_(returned_user.userprofile.vouches_received.all()[0].autovouch,
            True)

    def test_auto_vouching_missing_is_staff_attribute(self):
        claims = {
            "email": "*****@*****.**",
            "user_id": "ad|[email protected]",
            "https://sso.mozilla.com/claim/groups": ["hello world"],
        }
        user = UserFactory.create(vouched=False, email="*****@*****.**")
        IdpProfile.objects.create(
            profile=user.userprofile,
            auth0_user_id="ad|[email protected]",
            email="*****@*****.**",
            primary=True,
        )
        request_mock = Mock(spec=HttpRequest)
        request_mock.user = user
        self.backend.claims = claims
        self.backend.request = request_mock
        returned_user = self.backend.check_authentication_method(user)
        ok_(not returned_user.userprofile.is_vouched)