def test_tampered_response(self): a = SAMLAuthenticator() a.metadata_content = test_constants.sample_metadata_xml assert a._authenticate(None, { a.login_post_field: test_constants.tampered_sample_response_encoded }) is None
def test_metadata_field(self): a = SAMLAuthenticator() a.metadata_url = 'bad_data' a.metadata_content = test_constants.sample_metadata_xml assert a._get_metadata_from_config( ) == test_constants.sample_metadata_xml self._test_high_level_metadata_retrieval_functions(a)
def test_malformed_metadata(self): a = SAMLAuthenticator() bad_xml = 'not an xml document' a.metadata_content = bad_xml assert a._get_metadata_from_config() == bad_xml assert a._get_preferred_metadata_from_source() == bad_xml assert a._get_saml_metadata_etree() is None
def test_get_invalid_xml_element(self): a = SAMLAuthenticator() a.metadata_content = test_constants.sample_metadata_xml mock_handler_self = MagicMock() with self.assertRaises(IndexError): a._get_redirect_from_metadata_and_redirect('md:BadElement', mock_handler_self)
def test_get_empty_metadata(self): a = SAMLAuthenticator() a.metadata_filepath = None a.metadata_content = None a.metadata_url = None mock_handler_self = MagicMock() with self.assertRaises(HTTPError): a._get_redirect_from_metadata_and_redirect('md:BadElement', mock_handler_self)
def test_get_valid_logout_redirect(self): a = SAMLAuthenticator() a.metadata_content = test_constants.sample_metadata_xml mock_handler_self = MagicMock() a._get_redirect_from_metadata_and_redirect('md:SingleLogoutService', mock_handler_self) mock_handler_self.redirect.assert_called_once_with( 'https://bluedata-test-before-deploy.onelogin.com/trust/saml2/http-redirect/slo/719630', permanent=False)
def _confirm_tom(self, saml_data, mock_datetime, mock_pwd): mock_datetime.now.return_value = saml_data.datetime_stamp mock_datetime.strptime = datetime.strptime mock_pwd.getpwnam.return_value = True a = SAMLAuthenticator() a.metadata_content = saml_data.metadata_xml assert 'tom' == a._authenticate( None, {a.login_post_field: saml_data.b64encoded_response}) mock_datetime.now.assert_called_once_with(timezone.utc) mock_pwd.getpwnam.assert_called_once_with('tom')
def test_file_fail(self, mock_fileopen): entered_obj = MagicMock() entered_obj.read.side_effect = IOError('Fake IO Error') mock_fileopen().__enter__.return_value = entered_obj a = SAMLAuthenticator() a.metadata_url = 'bad_data' a.metadata_content = 'bad_data' a.metadata_filepath = '/completely/illegitimate/filepath' with pytest.raises(IOError): a._get_metadata_from_file() with pytest.raises(IOError): a._get_preferred_metadata_from_source() assert a._get_saml_metadata_etree() is None
def test_file_read(self, mock_fileopen): entered_obj = MagicMock() entered_obj.read.return_value = test_constants.sample_metadata_xml mock_fileopen().__enter__.return_value = entered_obj a = SAMLAuthenticator() a.metadata_url = 'bad_data' a.metadata_content = 'bad_data' a.metadata_filepath = '/completely/legitimate/filepath' assert a._get_metadata_from_file( ) == test_constants.sample_metadata_xml # Check that we have, at least once, called open with the provided filepath # TODO: Figure out how to do this so we can use 'assert_called_once_with' mock_fileopen.assert_any_call(a.metadata_filepath, 'r') # Check that we're reading the file entered_obj.read.assert_called_once() self._test_readable_mock(a, mock_fileopen)
def test_no_allowed_roles(self): with patch('samlauthenticator.samlauthenticator.datetime' ) as mock_datetime: mock_datetime.now.return_value = datetime(2020, 7, 1, 23, 0, 0, tzinfo=timezone.utc) mock_datetime.strptime = datetime.strptime a = SAMLAuthenticator() a.metadata_content = test_constants.sample_metadata_xml a.xpath_role_location = '//saml:AttributeStatement/saml:Attribute[@Name="Roles"]/saml:AttributeValue/text()' # The included XML should not have either of these roles. a.allowed_roles = 'allowed_role_1,allowed_role_2' assert a._authenticate( None, { a.login_post_field: test_constants.b64encoded_response_xml_with_roles }) is None mock_datetime.now.assert_called_once_with(timezone.utc)
def test_add_user_fail(self): with patch('samlauthenticator.samlauthenticator.pwd') as mock_pwd, \ patch('samlauthenticator.samlauthenticator.datetime') as mock_datetime, \ patch('samlauthenticator.samlauthenticator.subprocess') as mock_subprocess: mock_pwd.getpwnam.side_effect = KeyError('No User') mock_datetime.now.return_value = datetime(2019, 4, 9, 21, 35, 0, tzinfo=timezone.utc) mock_datetime.strptime = datetime.strptime mock_subprocess.call.return_value = 1 a = SAMLAuthenticator() a.metadata_content = test_constants.sample_metadata_xml assert a._authenticate( None, {a.login_post_field: test_constants.b64encoded_response_xml }) is None mock_pwd.getpwnam.assert_called_once_with('bluedata') mock_datetime.now.assert_called_once_with(timezone.utc) mock_subprocess.call.assert_called_once_with( ['useradd', 'bluedata'])