def test_group_claim(self): backend = AdfsAuthCodeBackend() with patch("django_auth_adfs.backend.settings.GROUPS_CLAIM", "nonexisting"): user = backend.authenticate(self.request, authorization_code="dummycode") self.assertIsInstance(user, User) self.assertEqual(user.first_name, "John") self.assertEqual(user.last_name, "Doe") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(len(user.groups.all()), 0)
def test_with_auth_code_2016(self): backend = AdfsAuthCodeBackend() user = backend.authenticate(self.request, authorization_code="dummycode") self.assertIsInstance(user, User) self.assertEqual(user.first_name, "John") self.assertEqual(user.last_name, "Doe") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(len(user.groups.all()), 2) self.assertEqual(user.groups.all()[0].name, "group1") self.assertEqual(user.groups.all()[1].name, "group2")
def test_with_auth_code_azure_guest_block(self): from django_auth_adfs.config import django_settings settings = deepcopy(django_settings) del settings.AUTH_ADFS["SERVER"] settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id" settings.AUTH_ADFS["BLOCK_GUEST_USERS"] = True # Patch audience since we're patching django_auth_adfs.backend.settings to load Settings() as well settings.AUTH_ADFS["AUDIENCE"] = 'microsoft:identityserver:your-RelyingPartyTrust-identifier' with patch("django_auth_adfs.config.django_settings", settings): with patch('django_auth_adfs.backend.settings', Settings()): with patch("django_auth_adfs.config.settings", Settings()): with patch("django_auth_adfs.backend.provider_config", ProviderConfig()): with self.assertRaises(PermissionDenied, msg=''): backend = AdfsAuthCodeBackend() _ = backend.authenticate(self.request, authorization_code="dummycode")
def test_boolean_claim_mapping(self): boolean_claim_mapping = { "is_superuser": "******", } with patch("django_auth_adfs.backend.settings.BOOLEAN_CLAIM_MAPPING", boolean_claim_mapping): backend = AdfsAuthCodeBackend() user = backend.authenticate(self.request, authorization_code="dummycode") self.assertIsInstance(user, User) self.assertEqual(user.first_name, "John") self.assertEqual(user.last_name, "Doe") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(len(user.groups.all()), 2) self.assertFalse(user.is_staff) self.assertTrue(user.is_superuser)
def test_empty_keys(self): backend = AdfsAuthCodeBackend() with patch("django_auth_adfs.config.provider_config.signing_keys", []): self.assertRaises(PermissionDenied, backend.authenticate, self.request, authorization_code='testcode')
def test_with_auth_code_azure(self): from django_auth_adfs.config import django_settings settings = deepcopy(django_settings) del settings.AUTH_ADFS["SERVER"] settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id" with patch("django_auth_adfs.config.django_settings", settings): with patch("django_auth_adfs.config.settings", Settings()): with patch("django_auth_adfs.backend.provider_config", ProviderConfig()): backend = AdfsAuthCodeBackend() user = backend.authenticate(self.request, authorization_code="dummycode") self.assertIsInstance(user, User) self.assertEqual(user.first_name, "John") self.assertEqual(user.last_name, "Doe") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(len(user.groups.all()), 2) self.assertEqual(user.groups.all()[0].name, "group1") self.assertEqual(user.groups.all()[1].name, "group2")
def test_nonexisting_user(self): from django_auth_adfs.config import django_settings settings = deepcopy(django_settings) settings.AUTH_ADFS["CREATE_NEW_USERS"] = False with patch("django_auth_adfs.config.django_settings", settings),\ patch("django_auth_adfs.backend.settings", Settings()): backend = AdfsAuthCodeBackend() self.assertRaises(PermissionDenied, backend.authenticate, self.request, authorization_code='testcode')
def test_group_to_flag_mapping(self): group_to_flag_mapping = { "is_staff": ["group1", "group4"], "is_superuser": "******", } with patch("django_auth_adfs.backend.settings.GROUP_TO_FLAG_MAPPING", group_to_flag_mapping): with patch("django_auth_adfs.backend.settings.BOOLEAN_CLAIM_MAPPING", {}): backend = AdfsAuthCodeBackend() user = backend.authenticate(self.request, authorization_code="dummycode") self.assertIsInstance(user, User) self.assertEqual(user.first_name, "John") self.assertEqual(user.last_name, "Doe") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(len(user.groups.all()), 2) self.assertTrue(user.is_staff) self.assertTrue(user.is_superuser)
def test_version_two_endpoint_calls_correct_url(self): from django_auth_adfs.config import django_settings settings = deepcopy(django_settings) del settings.AUTH_ADFS["SERVER"] settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id" settings.AUTH_ADFS["VERSION"] = 'v2.0' # Patch audience since we're patching django_auth_adfs.backend.settings to load Settings() as well with patch("django_auth_adfs.config.django_settings", settings): with patch('django_auth_adfs.backend.settings', Settings()): with patch("django_auth_adfs.config.settings", Settings()): with patch("django_auth_adfs.backend.provider_config", ProviderConfig()): backend = AdfsAuthCodeBackend() user = backend.authenticate(self.request, authorization_code="dummycode") self.assertIsInstance(user, User) self.assertEqual(user.first_name, "John") self.assertEqual(user.last_name, "Doe") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(len(user.groups.all()), 2) self.assertEqual(user.groups.all()[0].name, "group1") self.assertEqual(user.groups.all()[1].name, "group2")
def test_with_auth_code_azure_guest_no_block(self): from django_auth_adfs.config import django_settings settings = deepcopy(django_settings) del settings.AUTH_ADFS["SERVER"] settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id" settings.AUTH_ADFS["BLOCK_GUEST_USERS"] = False # Patch audience since we're patching django_auth_adfs.backend.settings to load Settings() as well settings.AUTH_ADFS["AUDIENCE"] = 'microsoft:identityserver:your-RelyingPartyTrust-identifier' with patch("django_auth_adfs.config.django_settings", settings): with patch('django_auth_adfs.backend.settings', Settings()): with patch("django_auth_adfs.config.settings", Settings()): with patch("django_auth_adfs.backend.provider_config", ProviderConfig()): backend = AdfsAuthCodeBackend() user = backend.authenticate(self.request, authorization_code="dummycode") self.assertIsInstance(user, User) self.assertEqual(user.first_name, "John") self.assertEqual(user.last_name, "Doe") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(len(user.groups.all()), 2) self.assertEqual(user.groups.all()[0].name, "group1") self.assertEqual(user.groups.all()[1].name, "group2")
def test_group_removal(self): user, created = User.objects.get_or_create( **{User.USERNAME_FIELD: "testuser"}) group = Group.objects.get(name="group3") user.groups.add(group) user.set_unusable_password() user.save() self.assertEqual(user.groups.all()[0].name, "group3") backend = AdfsAuthCodeBackend() user = backend.authenticate(self.request, authorization_code="dummycode") self.assertIsInstance(user, User) self.assertEqual(user.first_name, "John") self.assertEqual(user.last_name, "Doe") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(len(user.groups.all()), 2) self.assertEqual(user.groups.all()[0].name, "group1") self.assertEqual(user.groups.all()[1].name, "group2")
def test_empty(self): backend = AdfsAuthCodeBackend() self.assertIsNone(backend.authenticate(self.request))
def test_mfa_error(self): with self.assertRaises(MFARequired): backend = AdfsAuthCodeBackend() backend.authenticate(self.request, authorization_code="dummycode")
def test_post_authenticate_signal_send(self): backend = AdfsAuthCodeBackend() backend.authenticate(self.request, authorization_code="dummycode") self.assertEqual(self.signal_handler.call_count, 1)