def test_request_with_fake_token_should_return_403(self):
        csrf_token = 'dummy_csrf_token'
        
        request = testing.DummyRequest(headers={'X-CSRF-Token': csrf_token}, post={'google_token': 'invalid_token'})
        request.session['_csrft_'] = csrf_token
        request.context = testing.DummyRequest()

        response = sign_in(request)
        self.assertEqual(response.status_code, 403)
        self.assertEqual(json.loads(response.body), {'error': 'Authentication token is invalid'})
        self.assertNotIn('email', request.session)
 def test_request_with_no_token_should_return_403(self):
     csrf_token = 'dummy_csrf_token'
     
     request = testing.DummyRequest(headers={'X-CSRF-Token': csrf_token})
     request.session['_csrft_'] = csrf_token
     request.context = testing.DummyRequest()
     
     response = sign_in(request)
     self.assertEqual(response.status_code, 403)
     self.assertEqual(json.loads(response.body), {'error': 'Expected authentication token not found'})
     self.assertNotIn('email', request.session)
    def test_request_with_valid_token_but_no_email_should_return_403(self, token_validator):
        csrf_token = 'dummy_csrf_token'
        
        request = testing.DummyRequest(headers={'X-CSRF-Token': csrf_token}, post={'google_token': 'valid_token'})
        request.session['_csrft_'] = csrf_token
        request.context = testing.DummyRequest()

        token_validator.return_value = {'iss': 'accounts.google.com'}

        response = sign_in(request)
        self.assertEqual(response.status_code, 403)
        self.assertEqual(json.loads(response.body), {'error': 'Authentication token has no email'})
        self.assertNotIn('email', request.session)
    def test_request_with_valid_token_but_not_a_curator_should_return_403(self, token_validator, curator_or_none, log):
        csrf_token = 'dummy_csrf_token'
        
        request = testing.DummyRequest(headers={'X-CSRF-Token': csrf_token}, post={'google_token': 'valid_token'})
        request.session['_csrft_'] = csrf_token
        request.context = testing.DummyRequest()
        request.remote_addr = '127.0.0.1'

        token_validator.return_value = {'iss': 'accounts.google.com', 'email': '*****@*****.**'}
        curator_or_none.return_value = None

        response = sign_in(request)

        self.assertEqual(response.status_code, 403)
        self.assertEqual(json.loads(response.body), {'error': 'User [email protected] is not authorized on SGD'})
        self.assertNotIn('email', request.session)
        log.assert_called_with('User [email protected] trying to authenticate from 127.0.0.1')
    def test_request_with_valid_token_and_user_should_return_a_logged_session(self, token_validator, curator_or_none, log):
        csrf_token = 'dummy_csrf_token'
        
        request = testing.DummyRequest(headers={'X-CSRF-Token': csrf_token}, post={'google_token': 'valid_token'})
        
        request.session['_csrft_'] = csrf_token
        request.context = testing.DummyRequest()
        request.remote_addr = '127.0.0.1'

        token_validator.return_value = {'iss': 'accounts.google.com', 'email': '*****@*****.**'}
        curator_or_none.return_value = factory.DbuserFactory.build()

        response = sign_in(request)

        self.assertEqual(response.status_code, 200)
        self.assertEqual(request.session.get('email'), '*****@*****.**')
        log.assert_called_with('User [email protected] was successfuly authenticated.')
 def test_request_with_no_csrf_should_return_400(self):
     request = testing.DummyRequest(post={})
     request.context = testing.DummyRequest()
     response = sign_in(request)
     self.assertEqual(response.status_code, 400)
     self.assertEqual(json.loads(response.body), {'error': 'Bad CSRF Token'})