def test_pre_social_login_matched_login(self): """ https://bugzil.la/1063830, happy path A user tries to sign in with GitHub, but their GitHub email matches an existing Persona-backed MDN account. They follow the prompt to login with Persona, and the accounts are connected. """ # Set up a GitHub SocialLogin in the session github_account = SocialAccount.objects.get(user__username='******') github_login = SocialLogin(account=github_account, user=github_account.user) request = self.rf.get('/') session = self.client.session session['sociallogin_provider'] = 'github' session['socialaccount_sociallogin'] = github_login.serialize() session.save() request.session = session # Set up an matching Persona SocialLogin for request persona_account = SocialAccount.objects.create( user=github_account.user, provider='persona', uid=github_account.user.email) persona_login = SocialLogin(account=persona_account) # Verify the social_login receiver over-writes the provider # stored in the session self.adapter.pre_social_login(request, persona_login) session = request.session eq_(session['sociallogin_provider'], 'persona')
def test_pre_social_login_error_for_unmatched_login(self): """ https://bugzil.la/1063830 """ # Set up a GitHub SocialLogin in the session github_account = SocialAccount.objects.get(user__username='******') github_login = SocialLogin(account=github_account) request = self.rf.get('/') session = self.client.session session['socialaccount_sociallogin'] = github_login.serialize() session.save() request.session = session messages = self.get_messages(request) # Set up an un-matching Persona SocialLogin for request persona_account = SocialAccount(user=User(), provider='persona', uid='*****@*****.**') persona_login = SocialLogin(account=persona_account) self.assertRaises(ImmediateHttpResponse, self.adapter.pre_social_login, request, persona_login) queued_messages = list(messages) eq_(len(queued_messages), 1) eq_(django_messages.ERROR, queued_messages[0].level)
def test_pre_social_login_same_provider(self): """ pre_social_login passes if existing provider is the same. I'm not sure what the real-world counterpart of this is. Logging in with a different GitHub account? Needed for branch coverage. """ # Set up a GitHub SocialLogin in the session github_account = SocialAccount.objects.get(user__username='******') github_login = SocialLogin(account=github_account, user=github_account.user) request = self.rf.get('/') session = self.client.session session['sociallogin_provider'] = 'github' session['socialaccount_sociallogin'] = github_login.serialize() session.save() request.session = session # Set up an un-matching GitHub SocialLogin for request github2_account = SocialAccount(user=self.user_model(), provider='github', uid=github_account.uid + '2') github2_login = SocialLogin(account=github2_account) self.adapter.pre_social_login(request, github2_login) eq_(request.session['sociallogin_provider'], 'github')
def test_pre_social_login_error_for_unmatched_login(self): """ When we suspect the signup form is used as a connection form, abort. https://bugzil.la/1063830 """ # Set up a GitHub SocialLogin in the session github_account = SocialAccount.objects.get(user__username='******') github_login = SocialLogin(account=github_account, user=github_account.user) request = self.rf.get('/') session = self.client.session session['socialaccount_sociallogin'] = github_login.serialize() session.save() request.session = session messages = self.get_messages(request) # Set up an un-matching alternate SocialLogin for request other_account = SocialAccount(user=self.user_model(), provider='other', uid='*****@*****.**') other_login = SocialLogin(account=other_account) self.assertRaises(ImmediateHttpResponse, self.adapter.pre_social_login, request, other_login) queued_messages = list(messages) eq_(len(queued_messages), 1) eq_(django_messages.ERROR, queued_messages[0].level)
def test_pre_social_login_error_for_unmatched_login(self): """ https://bugzil.la/1063830 """ # Set up a GitHub SocialLogin in the session github_account = SocialAccount.objects.get(user__username='******') github_login = SocialLogin(account=github_account) request = RequestFactory().get('/') session = self.client.session session['socialaccount_sociallogin'] = github_login.serialize() session.save() request.session = session # django 1.4 RequestFactory requests can't be used to test views that # call messages.add (https://code.djangoproject.com/ticket/17971) # FIXME: HACK from http://stackoverflow.com/q/11938164/571420 messages = FallbackStorage(request) request._messages = messages # Set up an un-matching Persona SocialLogin for request persona_account = SocialAccount(user=User(), provider='persona', uid='*****@*****.**') persona_login = SocialLogin(account=persona_account) assert_raises(ImmediateHttpResponse, self.adapter.pre_social_login, request, persona_login) for m in messages: eq_(django_messages.ERROR, m.level)
def complete_login(self, request, app, token, **kwargs): resp = requests.get(self.profile_url, params={ 'access_token': token.token, 'alt': 'json' }) extra_data = resp.json() # extra_data is something of the form: # # {u'family_name': u'Penners', u'name': u'Raymond Penners', # u'picture': u'https://lh5.googleusercontent.com/-GOFYGBVOdBQ/AAAAAAAAAAI/AAAAAAAAAGM/WzRfPkv4xbo/photo.jpg', # u'locale': u'nl', u'gender': u'male', # u'email': u'*****@*****.**', # u'link': u'https://plus.google.com/108204268033311374519', # u'given_name': u'Raymond', u'id': u'108204268033311374519', # u'verified_email': True} # # TODO: We could use verified_email to bypass allauth email verification uid = str(extra_data['id']) user = get_adapter() \ .populate_new_user(email=extra_data.get('email'), last_name=extra_data.get('family_name'), first_name=extra_data.get('given_name')) email_addresses = [] email = user_email(user) if email and extra_data.get('verified_email'): email_addresses.append(EmailAddress(email=email, verified=True, primary=True)) account = SocialAccount(extra_data=extra_data, uid=uid, provider=self.provider_id, user=user) return SocialLogin(account, email_addresses=email_addresses)
def test_staff_social_adaptor_staff(self): """ Test a regular staff login """ request = RequestFactory() request.site = self.site adaptor = StaffUserSocialAdapter(request=request) user = get_user_model().objects.create_user( username='******', email='*****@*****.**', password='******', is_staff=True, ) sociallogin = SocialLogin(user=user) group = Group.objects.filter().first() perm = Permission.objects.filter().first() user.groups.add(group) user.user_permissions.add(perm) self.assertFalse(adaptor.is_open_for_signup(request, sociallogin)) adaptor.add_perms(user) self.assertTrue(user.groups.all().exists()) self.assertTrue(user.user_permissions.all().exists()) user.delete()
def test_staff_social_adaptor_new_user(self): """ Test a new user getting an invite to admin site """ request = RequestFactory() request.site = self.site adaptor = StaffUserSocialAdapter(request=request) user = get_user_model()(username='******', email='*****@*****.**', password='******') sociallogin = SocialLogin(user=user) group = Group.objects.filter().first() perm = Permission.objects.filter().first() self.assertFalse(user.pk) self.assertFalse(adaptor.is_open_for_signup(request, sociallogin)) invite = Invite.objects.create(email=user.email, user=self.user, site=self.site) invite.groups.add(group) invite.permissions.add(perm) adaptor.add_perms(user) invite.refresh_from_db() self.assertTrue(invite.is_accepted) self.assertTrue(user.groups.all().exists()) self.assertTrue(user.user_permissions.all().exists()) user.delete() invite.delete()
def complete_login(self, request, app, token): resp = requests.get(self.profile_url, { 'access_token': token.token, 'alt': 'json' }) extra_data = resp.json # extra_data is something of the form: # # {u'family_name': u'Penners', u'name': u'Raymond Penners', # u'picture': u'https://lh5.googleusercontent.com/-GOFYGBVOdBQ/AAAAAAAAAAI/AAAAAAAAAGM/WzRfPkv4xbo/photo.jpg', # u'locale': u'nl', u'gender': u'male', # u'email': u'*****@*****.**', # u'link': u'https://plus.google.com/108204268033311374519', # u'given_name': u'Raymond', u'id': u'108204268033311374519', # u'verified_email': True} # # TODO: We could use verified_email to bypass allauth email verification uid = str(extra_data['id']) user = User(email=extra_data.get('email', ''), last_name=extra_data.get('family_name', ''), first_name=extra_data.get('given_name', '')) account = SocialAccount(extra_data=extra_data, uid=uid, provider=self.provider_id, user=user) return SocialLogin(account)
def complete_login(self, request, app, token, **kwargs): userob = kwargs["user"] extra = kwargs["extra"] extra_info = [] for item in extra: item_serial = item.__dict__['display_name'] extra_info.append(item_serial) #extra = serializers.serialize("json", extra) logging.debug(extra_info) #extra = json.dumps(extra) # auth = ('bearer', token.token) # resp = requests.get(self.profile_url, # params={ 'oauth_token': token.token }) #extra_data = resp.json() # uid = str(extra_data['id']) user = get_adapter() \ .populate_new_user(name=userob.name, username=userob.name, email=userob.name) account = SocialAccount(user=user, uid=userob.id, extra_data=extra_info, provider=self.provider_id) return SocialLogin(account)
def sociallogin_from_response(self, request, response, **kwargs): """Custom sociallogin from user for person and company models.""" from allauth.socialaccount.models import SocialLogin, SocialAccount adapter = SocialAccountAdapter() uid = self.extract_uid(response) extra_data = self.extract_extra_data(response) common_fields = self.extract_common_fields(response) socialaccount = SocialAccount(extra_data=extra_data, uid=uid, provider=self.id) email_addresses = self.extract_email_addresses(response) self.cleanup_email_addresses(common_fields.get('email'), email_addresses) sociallogin = SocialLogin(account=socialaccount, email_addresses=email_addresses) # user = sociallogin.user = adapter.new_user(request, sociallogin) from .serializers import RegisterSerializer data = RegisterSerializer().validate_account_type(account_type=extra_data['account_type']) if 'C' in data.keys(): user = sociallogin.user = Company() user.user_type = User.COMPANY else: user = sociallogin.user = Person() user.set_unusable_password() adapter.populate_user(request, sociallogin, common_fields) return sociallogin, response
def sociallogin_from_response(self, request, response): """ Instantiates and populates a `SocialLogin` model based on the data retrieved in `response`. The method does NOT save the model to the DB. Data for `SocialLogin` will be extracted from `response` with the help of the `.extract_uid()`, `.extract_extra_data()`, `.extract_common_fields()`, and `.extract_email_addresses()` methods. :param request: a Django `HttpRequest` object. :param response: object retrieved via the callback response of the social auth provider. :return: A populated instance of the `SocialLogin` model (unsaved). """ # NOTE: Avoid loading models at top due to registry boot... from allauth.socialaccount.models import SocialLogin, SocialAccount adapter = get_adapter(request) uid = self.extract_uid(response) extra_data = self.extract_extra_data(response) common_fields = self.extract_common_fields(response) socialaccount = SocialAccount(extra_data=extra_data, uid=uid, provider=self.id) email_addresses = self.extract_email_addresses(response) self.cleanup_email_addresses(common_fields.get('email'), email_addresses) sociallogin = SocialLogin(account=socialaccount, email_addresses=email_addresses) user = sociallogin.user = adapter.new_user(request, sociallogin) user.set_unusable_password() adapter.populate_user(request, sociallogin, common_fields) return sociallogin
def test_pre_social_login_overwrites_session_var(self): """ When a user logs in a second time, second login wins the session. https://bugzil.la/1055870 """ # Set up a pre-existing "Alternate" sign-in session request = self.rf.get('/') session = self.client.session session['sociallogin_provider'] = 'alternate' session.save() request.session = session # Set up a in-process GitHub SocialLogin (unsaved) account = SocialAccount.objects.get(user__username='******') assert account.provider == 'github' sociallogin = SocialLogin(account=account) # Verify the social_login receiver over-writes the provider # stored in the session self.adapter.pre_social_login(request, sociallogin) eq_( account.provider, request.session['sociallogin_provider'], "receiver should have over-written sociallogin_provider " "session variable")
def sociallogin_from_response(self, request, response): """ COPIED FROM https://github.com/pennersr/django-allauth/blob/5b1cbf485fa363ccb87513545e3b98f3c3bd81fa/allauth/socialaccount/providers/base.py#L52 TO PASS SocialApp TO EXTRACT METHODS PER https://github.com/pennersr/django-allauth/issues/1297 """ # NOTE: Avoid loading models at top due to registry boot... from allauth.socialaccount.models import SocialLogin, SocialAccount adapter = get_adapter() app = self.get_app(request) uid = self.extract_uid(response, app) extra_data = self.extract_extra_data(response, app) common_fields = self.extract_common_fields(response, app) socialaccount = SocialAccount(extra_data=extra_data, uid=uid, provider=self.id) email_addresses = self.extract_email_addresses(response, app) self.cleanup_email_addresses(common_fields.get('email'), email_addresses) sociallogin = SocialLogin(account=socialaccount, email_addresses=email_addresses) user = sociallogin.user = adapter.new_user(request, sociallogin) user.set_unusable_password() adapter.populate_user(request, sociallogin, common_fields) return sociallogin
def test_pre_social_login_banned_user(self): """A banned user is not allowed to login.""" # Set up a GitHub SocialLogin in the session github_account = SocialAccount.objects.get(user__username='******') github_login = SocialLogin(account=github_account, user=github_account.user) request = self.rf.get('/') session = self.client.session session['sociallogin_provider'] = 'github' session['socialaccount_sociallogin'] = github_login.serialize() session.save() request.session = session request.user = AnonymousUser() request.LANGUAGE_CODE = 'en-US' # Ban the user banned_by = User.objects.get(username='******') UserBan.objects.create(user=github_account.user, by=banned_by, reason='Banned by unit test.') with pytest.raises(ImmediateHttpResponse) as e_info: self.adapter.pre_social_login(request, github_login) resp = e_info.value.response assert 'Banned by unit test.' in resp.content assert not resp.has_header('Vary') never_cache = 'no-cache, no-store, must-revalidate, max-age=0' assert resp['Cache-Control'] == never_cache
def test_auto_activiate_if_qualified_after_signup(self, mock_vouched): """Users qualified after sign-up should be auto-activated on sign-in""" mock_vouched.return_value = False sociallogin = SocialLogin(user=self.user) self.user.is_active = True user_signed_up.send(sender=self.user.__class__, request=None, user=self.user) self.assertEqual(False, self.user.is_active) pre_social_login.send(sender=SocialLogin, request=None, sociallogin=sociallogin) self.assertEqual(False, self.user.is_active) profile = UserProfile.objects.get_profile(self.user) self.assertEqual(True, profile.invite_pending) mock_vouched.return_value = True pre_social_login.send(sender=SocialLogin, request=None, sociallogin=sociallogin) self.assertEqual(True, self.user.is_active) profile = UserProfile.objects.get_profile(self.user) self.assertEqual(False, profile.invite_pending)
def test_pre_social_login_matched_login(self): """ When we detected a legacy Persona account, advise recovery of account. A user tries to sign in with GitHub, but their GitHub email matches an existing MDN account backed by Persona. They are prompted to recover the existing account. https://bugzil.la/1063830, happy path """ # Set up a session-only GitHub SocialLogin # These are created at the start of the signup process, and saved on # profile completion. github_account = SocialAccount.objects.get(user__username='******') github_login = SocialLogin(account=github_account, user=github_account.user) # Setup existing Persona SocialLogin for the same email SocialAccount.objects.create(user=github_account.user, provider='persona', uid=github_account.user.email) request = self.rf.get('/') session = self.client.session session['sociallogin_provider'] = 'github' session['socialaccount_sociallogin'] = github_login.serialize() session.save() request.session = session # Verify the social_login receiver over-writes the provider # stored in the session self.adapter.pre_social_login(request, github_login) session = request.session eq_(session['sociallogin_provider'], 'github')
def test_pre_social_login_banned_user(self): """A banned user is not allowed to login.""" # Set up a GitHub SocialLogin in the session github_account = SocialAccount.objects.get(user__username="******") github_login = SocialLogin(account=github_account, user=github_account.user) request = self.rf.get("/") session = self.client.session session["sociallogin_provider"] = "github" session["socialaccount_sociallogin"] = github_login.serialize() session.save() request.session = session request.user = AnonymousUser() request.LANGUAGE_CODE = "en-US" # Ban the user banned_by = User.objects.get(username="******") UserBan.objects.create(user=github_account.user, by=banned_by, reason="Banned by unit test.") with pytest.raises(ImmediateHttpResponse) as e_info: self.adapter.pre_social_login(request, github_login) resp = e_info.value.response assert b"Banned by unit test." in resp.content assert not resp.has_header("Vary") never_cache = ["no-cache", "no-store", "must-revalidate", "max-age=0"] assert set(resp["Cache-Control"].split(", ")) == set(never_cache)
def persona_login(request): assertion = request.POST.get('assertion', '') audience = request.build_absolute_uri('/') resp = requests.post('https://verifier.login.persona.org/verify', { 'assertion': assertion, 'audience': audience }) if resp.json['status'] != 'okay': return render_authentication_error(request) email = resp.json['email'] user = User(email=email) extra_data = resp.json account = SocialAccount(uid=email, provider=PersonaProvider.id, extra_data=extra_data, user=user) # TBD: Persona e-mail addresses are verified, so we could check if # a matching local user account already exists with an identical # verified e-mail address and short-circuit the social login. Then # again, this holds for all social providers that guarantee # verified e-mail addresses, so if at all, short-circuiting should # probably not be handled here... login = SocialLogin(account) login.state = SocialLogin.state_from_request(request) return complete_social_login(request, login)
def _create_social_user(self, emails, provider, uid, token=None): factory = RequestFactory() request = factory.get("/me/login/callback/") request.user = AnonymousUser() SessionMiddleware().process_request(request) MessageMiddleware().process_request(request) user = User( username=emails[0].email.split("@")[0], first_name=emails[0].email.split("@")[0], last_name=emails[0].email.split("@")[1], email=emails[0].email, ) account = SocialAccount(provider=provider, uid=uid) if token is not None: token = SocialToken( token=token, account=account, app=SocialApp.objects.get(provider=provider), ) sociallogin = SocialLogin(account=account, user=user, email_addresses=emails, token=token) complete_social_login(request, sociallogin)
def test_pre_social_login_matched_google_login(self): """ When we detected a legacy Persona account, advise recovery of account. A user tries to sign in with Google, but their Google email matches an existing MDN account backed by Persona. They are prompted to recover the existing account. Same as above, but with Google instead of GitHub """ # Set up a session-only Google SocialLogin # These are created at the start of the signup process, and saved on # profile completion. google_account = SocialAccount.objects.get(user__username="******") google_login = SocialLogin(account=google_account, user=google_account.user) # Setup existing Persona SocialLogin for the same email SocialAccount.objects.create(user=google_account.user, provider="persona", uid=google_account.user.email) request = self.rf.get("/") session = self.client.session session["sociallogin_provider"] = "google" session["socialaccount_sociallogin"] = google_login.serialize() session.save() request.session = session # Verify the social_login receiver over-writes the provider # stored in the session self.adapter.pre_social_login(request, google_login) session = request.session assert "google" == session["sociallogin_provider"]
def _get_sociallogin(user, provider): """ Returns an ready sociallogin object for the given auth provider. """ socialaccount = SocialAccount(user=user, uid='1234', provider=provider) socialaccount.extra_data = {'email': user.email} sociallogin = SocialLogin() sociallogin.account = socialaccount return sociallogin
def sociallogin(client, user_model): account = SocialAccount(provider="google") sociallogin = SocialLogin( account=account, user=user_model(), ) session = client.session session["socialaccount_sociallogin"] = sociallogin.serialize() session.save() return sociallogin
def twitter_complete_login(extra_data): uid = extra_data['id'] user = get_adapter() \ .populate_new_user(username=extra_data.get('screen_name'), name=extra_data.get('name')) account = SocialAccount(user=user, uid=uid, provider=TwitterProvider.id, extra_data=extra_data) return SocialLogin(account)
def test_is_auto_signup_allowed_override_for_helsinki_adfs( settings, provider_id, expected): settings.SOCIALACCOUNT_AUTO_SIGNUP = False request = RequestFactory().get('/accounts/signup/') account = SocialAccount(provider=provider_id) sociallogin = SocialLogin(account=account) assert get_adapter(request).is_auto_signup_allowed(request, sociallogin) == expected
def complete_login(self, request, app, token): client = TwitterAPI(request, app.key, app.secret, self.request_token_url) extra_data = client.get_user_info() uid = extra_data['id'] user = User(username=extra_data['screen_name'], first_name=extra_data['name']) account = SocialAccount(user=user, uid=uid, provider=TwitterProvider.id, extra_data=extra_data) return SocialLogin(account)
def complete_login(self, request, app, token, **kwargs): resp = requests.get(self.profile_url, params={'access_token': token.token}) extra_data = resp.json()['data'] uid = str(extra_data['login']) user = get_adapter().populate_new_user( username=extra_data['login'], name=extra_data.get('full_name')) account = SocialAccount(user=user, uid=uid, extra_data=extra_data, provider=self.provider_id) return SocialLogin(account)
def complete_login(self, request, app, token): client = LinkedInAPI(request, app.key, app.secret, self.request_token_url) extra_data = client.get_user_info() uid = extra_data['id'] user = User(first_name=extra_data.get('first-name', ''), last_name=extra_data.get('last-name', '')) account = SocialAccount(user=user, provider=self.provider_id, extra_data=extra_data, uid=uid) return SocialLogin(account)
def test_social_account_adapter_signup(self): """Test that our Allauth social account adapter correctly handles signups.""" adapter = SocialAccountAdapter() discord_login = SocialLogin(account=self.discord_account) discord_login_role = SocialLogin(account=self.discord_account_one_role) discord_login_not_present = SocialLogin( account=self.discord_account_not_present) discord_login_two_roles = SocialLogin( account=self.discord_account_two_roles) github_login = SocialLogin(account=self.github_account) messages_request = self.request_factory.get("/") messages_request._messages = BaseStorage(messages_request) with patch("pydis_site.utils.account.reverse") as mock_reverse: with patch("pydis_site.utils.account.redirect") as mock_redirect: with self.assertRaises(ImmediateHttpResponse): adapter.is_open_for_signup(messages_request, github_login) with self.assertRaises(ImmediateHttpResponse): adapter.is_open_for_signup(messages_request, discord_login) with self.assertRaises(ImmediateHttpResponse): adapter.is_open_for_signup(messages_request, discord_login_role) with self.assertRaises(ImmediateHttpResponse): adapter.is_open_for_signup(messages_request, discord_login_not_present) self.assertTrue( adapter.is_open_for_signup(messages_request, discord_login_two_roles)) self.assertEqual( len(messages_request._messages._queued_messages), 4) self.assertEqual(mock_redirect.call_count, 4) self.assertEqual(mock_reverse.call_count, 4)
def complete_login(self, request, app, token): client = VimeoAPI(request, app.client_id, app.secret, self.request_token_url) extra_data = client.get_user_info() uid = extra_data['id'] user = get_adapter() \ .populate_new_user(name=extra_data.get('display_name'), username=extra_data.get('username')) account = SocialAccount(user=user, provider=self.provider_id, extra_data=extra_data, uid=uid) return SocialLogin(account)