def test_tuakiri_login_by_techical_contact_organisation_not_onboarded(client):
"""Test logging attempt by technical contact when organisation is not onboarded."""
org = Organisation(name="Org112",
tuakiri_name="Org112",
confirmed=False,
is_email_sent=True)
u = User(email="*****@*****.**",
confirmed=True,
roles=Role.TECHNICAL,
organisation=org)
org.tech_contact = u
org.save()
UserOrg(user=u, org=org, is_admin=True)
rv = client.get("/Tuakiri/login",
headers={
"Auedupersonsharedtoken": "ABC11s1",
"Sn": "LAST NAME/SURNAME/FAMILY NAME",
'Givenname': "FIRST NAME/GIVEN NAME",
"Mail": "*****@*****.**",
"O": "Org112",
"Displayname": "TEST USER FROM THE Org112",
"Unscoped-Affiliation": "student",
"Eppn": "*****@*****.**"
},
follow_redirects=True)
assert u.organisation == org
assert not org.confirmed
assert u.is_tech_contact_of(org)
assert rv.status_code == 200
assert b"<!DOCTYPE html>" in rv.data, "Expected HTML content"
def test_tuakiri_login_usgin_eppn(client):
"""Test logging attempt via Shibboleth using differt values to identify the user."""
org = Organisation(tuakiri_name="ORGANISATION 123ABC")
org.save()
user = User.create(email="*****@*****.**",
eppn="*****@*****.**",
roles=Role.RESEARCHER)
user.save()
rv = client.get("/Tuakiri/login",
headers={
"Auedupersonsharedtoken": "ABC123",
"Sn": "LAST NAME/SURNAME/FAMILY NAME",
'Givenname': "FIRST NAME/GIVEN NAME",
"Mail": "*****@*****.**",
"O": "ORGANISATION 123ABC",
"Displayname": "TEST USER FROM 123",
"Unscoped-Affiliation": "staff",
"Eppn": "*****@*****.**"
})
assert rv.status_code == 302
u = User.get(eppn="*****@*****.**")
assert u.email == "*****@*****.**"
assert u.name == "TEST USER FROM 123", "Expected to have the user in the DB"
assert u.first_name == "FIRST NAME/GIVEN NAME"
assert u.last_name == "LAST NAME/SURNAME/FAMILY NAME"
def test_tuakiri_login_with_org(client):
"""
Test logging attempt via Shibboleth.
If a user logs in from an organisation that isn't
onboared, the user should be informed about that and
redirected to the login page.
"""
org = Organisation(tuakiri_name="THE ORGANISATION", confirmed=True)
org.save()
rv = client.get("/Tuakiri/login",
headers={
"Auedupersonsharedtoken": "ABC111",
"Sn": "LAST NAME/SURNAME/FAMILY NAME",
'Givenname': "FIRST NAME/GIVEN NAME",
"Mail": "*****@*****.**",
"O": "THE ORGANISATION",
"Displayname": "TEST USER FROM THE ORGANISATION",
"Unscoped-Affiliation": "staff",
"Eppn": "*****@*****.**"
},
follow_redirects=True)
u = User.get(email="*****@*****.**")
assert u.organisation == org
assert org in u.organisations
assert b"Your organisation (THE ORGANISATION) is not onboarded" not in rv.data
uo = UserOrg.get(user=u, org=org)
assert not uo.is_admin
def test_link_orcid_auth_callback(name, request_ctx):
"""Test ORCID callback - the user authorized the organisation access to the ORCID profile."""
with request_ctx("/auth?state=xyz") as ctx:
org = Organisation(name="THE ORGANISATION", confirmed=True)
org.save()
test_user = User.create(
name=name,
email="*****@*****.**",
organisation=org,
orcid="ABC123",
confirmed=True)
orcidtoken = OrcidToken.create(
user=test_user,
org=org,
scope="/read-limited,/activities/update",
access_token="ABC1234")
login_user(test_user, remember=True)
session['oauth_state'] = "xyz"
rv = ctx.app.full_dispatch_request()
assert rv.status_code == 302, "If the user is already affiliated, the user should be redirected ..."
assert "profile" in rv.location, "redirection to 'profile' showing the ORCID"
u = User.get(id=test_user.id)
orcidtoken = OrcidToken.get(user=u)
assert u.orcid == "ABC-123-456-789"
assert orcidtoken.access_token == "ABC1234"
if name:
assert u.name == name, "The user name should be changed"
else:
assert u.name == "NEW TEST", "the user name should be set from record coming from ORCID"
def test_link_already_affiliated(request_ctx):
"""Test a user affiliation initialization if the uerer is already affilated."""
with request_ctx("/link") as ctx:
org = Organisation(name="THE ORGANISATION", confirmed=True, orcid_client_id="ABC123")
org.save()
test_user = User(
email="*****@*****.**",
name="TEST USER",
organisation=org,
orcid="ABC123",
confirmed=True)
test_user.save()
orcidtoken = OrcidToken(
user=test_user, org=org, scope="/read-limited", access_token="ABC1234")
orcidtoken_write = OrcidToken(
user=test_user,
org=org,
scope="/read-limited,/activities/update",
access_token="ABC234")
orcidtoken.save()
orcidtoken_write.save()
login_user(test_user, remember=True)
uo = UserOrg(user=test_user, org=org)
uo.save()
rv = ctx.app.full_dispatch_request()
assert rv.status_code == 302, "If the user is already affiliated, the user should be redirected ..."
assert "profile" in rv.location, "redirection to 'profile' showing the ORCID"
def test_profile_wo_orcid(request_ctx):
"""Test a user profile that doesn't hava an ORCID."""
with request_ctx("/profile") as ctx:
org = Organisation(name="THE ORGANISATION", confirmed=True)
org.save()
test_user = User(
email="*****@*****.**", organisation=org, orcid=None, confirmed=True)
test_user.save()
login_user(test_user, remember=True)
rv = ctx.app.full_dispatch_request()
assert rv.status_code == 302
assert rv.location == url_for("link")
def test_link_with_unconfirmed_org(request_ctx):
"""Test a user affiliation initialization if the user Organisation isn't registered yet."""
with request_ctx("/link") as ctx:
org = Organisation(
name="THE ORGANISATION", confirmed=False, orcid_client_id="Test Client id")
org.save()
test_user = User(
name="TEST USER", email="*****@*****.**", confirmed=True, organisation=org)
test_user.save()
login_user(test_user, remember=True)
rv = ctx.app.full_dispatch_request()
assert rv.status_code == 302
def test_profile(request_ctx):
"""Test an affilated user profile and ORCID data retrieval."""
with request_ctx("/profile") as ctx:
org = Organisation(name="THE ORGANISATION", confirmed=True)
org.save()
test_user = User(
email="*****@*****.**", organisation=org, orcid="ABC123", confirmed=True)
test_user.save()
orcidtoken = OrcidToken(
user=test_user,
org=org,
scope="/read-limited,/activities/update",
access_token="ABC1234")
orcidtoken.save()
login_user(test_user, remember=True)
rv = ctx.app.full_dispatch_request()
assert rv.status_code == 200
assert b"ABC123" in rv.data
