def test_backend_authentication_create_user_with_id_and_attributes(monkeypatch, django_user_model, settings): """ CAS_CREATE_USER_WITH_ID is True and the attributes are not provided. Should raise ImproperlyConfigured exception """ factory = RequestFactory() request = factory.get('/login/') request.session = {} def mock_verify(ticket, service): return '*****@*****.**', None, None monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify) # sanity check assert not django_user_model.objects.filter( username='******', ).exists() settings.CAS_CREATE_USER_WITH_ID = True backend = backends.CASBackend() with pytest.raises(ImproperlyConfigured) as excinfo: user = backend.authenticate( request, ticket='fake-ticket', service='fake-service', ) assert "CAS_CREATE_USER_WITH_ID is True, but no attributes were provided" in str(excinfo)
def test_backend_authentication_creating_a_user(monkeypatch, django_user_model): """ Test the case where CAS authentication is creating a new user. """ factory = RequestFactory() request = factory.get('/login/') request.session = {} def mock_verify(ticket, service): return '*****@*****.**', {'ticket': ticket, 'service': service}, None # we mock out the verify method so that we can bypass the external http # calls needed for real authentication since we are testing the logic # around authentication. monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify) # sanity check assert not django_user_model.objects.filter( username='******', ).exists() backend = backends.CASBackend() user = backend.authenticate( request, ticket='fake-ticket', service='fake-service', ) assert user is not None assert user.username == '*****@*****.**' assert django_user_model.objects.filter( username='******', ).exists()
def test_backend_authentication_creates_a_user_with_id_attribute(monkeypatch, django_user_model, settings): """ If CAS_CREATE_USER_WITH_ID is True and 'id' is in the attributes, use this field to get_or_create a User. """ factory = RequestFactory() request = factory.get('/login/') request.session = {} def mock_verify(ticket, service): return '*****@*****.**', {'id': 999, 'is_staff': True, 'is_superuser': False}, None monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify) # sanity check assert not django_user_model.objects.filter( username='******', ).exists() settings.CAS_CREATE_USER_WITH_ID = True backend = backends.CASBackend() user = backend.authenticate( request, ticket='fake-ticket', service='fake-service', ) assert user is not None assert user.username == '*****@*****.**' assert django_user_model.objects.filter(id=999).exists()
def test_backend_authentication_create_user_with_id_and_user_exists(monkeypatch, django_user_model, settings): """ If CAS_CREATE_USER_WITH_ID is True and and the User already exists, don't create another user. """ factory = RequestFactory() request = factory.get('/login/') request.session = {} def mock_verify(ticket, service): return '*****@*****.**', {'id': 999, 'is_staff': True, 'is_superuser': False}, None monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify) existing_user = django_user_model.objects.create_user('*****@*****.**', '', id=999) settings.CAS_CREATE_USER_WITH_ID = True backend = backends.CASBackend() user = backend.authenticate( request, ticket='fake-ticket', service='fake-service', ) assert django_user_model.objects.all().count() == 1 assert user is not None assert user.username == '*****@*****.**' assert user.id == 999 assert user == existing_user
def test_backend_for_failed_auth(monkeypatch, django_user_model): """ Test CAS authentication failure. """ factory = RequestFactory() request = factory.get('/login/') request.session = {} def mock_verify(ticket, service): return None, {}, None # we mock out the verify method so that we can bypass the external http # calls needed for real authentication since we are testing the logic # around authentication. monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify) assert not django_user_model.objects.filter( username='******', ).exists() backend = backends.CASBackend() user = backend.authenticate( request, ticket='fake-ticket', service='fake-service', ) assert user is None assert not django_user_model.objects.filter( username='******', ).exists()
def test_cas_attributes_renaming_working(monkeypatch, settings): """ Test to make sure attributes are renamed according to the setting file """ factory = RequestFactory() request = factory.get('/login/') request.session = {} def mock_verify(ticket, service): return '*****@*****.**', \ {'ln': 'MyLastName','fn':'MyFirstName','unkownAttr':'knownAttr'}, \ None monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify) settings.CAS_RENAME_ATTRIBUTES = {'ln':'last_name'} settings.CAS_APPLY_ATTRIBUTES_TO_USER = True backend = backends.CASBackend() user = backend.authenticate(request, ticket='fake-ticket', service='fake-service') # Checking user data assert user is not None assert user.last_name == 'MyLastName' assert user.first_name == '' # checking session data session_attr = request.session['attributes'] assert session_attr['fn'] == 'MyFirstName' assert session_attr['last_name'] == 'MyLastName' with pytest.raises(KeyError): session_attr['ln']
def test_backend_user_can_authenticate(monkeypatch, django_user_model): """ Test CAS authentication failure. """ factory = RequestFactory() request = factory.get('/login/') request.session = {} def mock_verify(ticket, service): return '*****@*****.**', {'ticket': ticket, 'service': service}, None # we mock out the verify method so that we can bypass the external http # calls needed for real authentication since we are testing the logic # around authentication. monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify) user = backends.CASBackend().authenticate( request, ticket='fake-ticket', service='fake-service', ) assert user is not None class AllowNoneBackend(backends.CASBackend): def user_can_authenticate(self, user): return False user = AllowNoneBackend().authenticate( request, ticket='fake-ticket', service='fake-service', ) assert user is None
def test_backend_applies_attributes_when_set(monkeypatch, settings): """ If CAS_APPLY_ATTRIBUTES_TO_USER is set, make sure the attributes returned with the ticket are added to the User model. """ factory = RequestFactory() request = factory.get('/login/') request.session = {} def mock_verify(ticket, service): return '*****@*****.**', { 'is_staff': 'True', 'is_superuser': '******' }, None monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify) settings.CAS_APPLY_ATTRIBUTES_TO_USER = True backend = backends.CASBackend() user = backend.authenticate(request, ticket='fake-ticket', service='fake-service') assert user is not None assert user.is_staff
def test_backend_for_existing_user(monkeypatch, django_user_model): """ Test the case where CAS authenticates an existing user, but request argument is None. """ def mock_verify(ticket, service): return '*****@*****.**', {'ticket': ticket, 'service': service}, None # we mock out the verify method so that we can bypass the external http # calls needed for real authentication since we are testing the logic # around authentication. monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify) existing_user = django_user_model.objects.create_user( '*****@*****.**', '') backend = backends.CASBackend() user = backend.authenticate( None, ticket='fake-ticket', service='fake-service', ) assert user is not None assert user.username == '*****@*****.**' assert user == existing_user
def test_boolean_attributes_applied_as_booleans(monkeypatch, settings): """ If CAS_CREATE_USER_WITH_ID is True and 'id' is in the attributes, use this field to get_or_create a User. """ factory = RequestFactory() request = factory.get('/login/') request.session = {} def mock_verify(ticket, service): return '*****@*****.**', { 'is_staff': 'True', 'is_superuser': '******' }, None monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify) settings.CAS_APPLY_ATTRIBUTES_TO_USER = True backend = backends.CASBackend() user = backend.authenticate(request, ticket='fake-ticket', service='fake-service') assert user is not None assert user.is_superuser is False assert user.is_staff is True
def test_backend_user_can_authenticate_with_cas_username_attribute(monkeypatch, settings): """ Test CAS_USERNAME_ATTRIBUTE setting. """ factory = RequestFactory() request = factory.get('/login/') request.session = {} settings.CAS_USERNAME_ATTRIBUTE = 'username' settings.CAS_FORCE_CHANGE_USERNAME_CASE = 'upper' # Testing to make sure the custom username attribute is handled correctly. def mock_verify(ticket, service): return '*****@*****.**', {'ticket': ticket, 'service': service, 'username': '******'}, None monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify) user = backends.CASBackend().authenticate( request, ticket='fake-ticket', service='fake-service', ) assert user.username == '*****@*****.**' # Testing to make sure None is returned if username attribute is missing. def mock_verify(ticket, service): return '*****@*****.**', {'ticket': ticket, 'service': service}, None monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify) user = backends.CASBackend().authenticate( request, ticket='fake-ticket', service='fake-service', ) assert user is None # Testing to make sure None is returned if attributes are None. def mock_verify(ticket, service): return '*****@*****.**', None, None monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify) user = backends.CASBackend().authenticate( request, ticket='fake-ticket', service='fake-service', ) assert user is None
def test_backend_does_not_apply_attributes_by_default(monkeypatch): """ Test to make sure attributes returned from the provider are not assigned to the User model by default. """ factory = RequestFactory() request = factory.get('/login/') request.session = {} def mock_verify(ticket, service): return '*****@*****.**', {'is_staff': 'True', 'is_superuser': '******'}, None monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify) backend = backends.CASBackend() user = backend.authenticate(request, ticket='fake-ticket', service='fake-service') assert user is not None assert not user.is_staff
def test_backend_user_can_authenticate_with_cas_username_attribute2(monkeypatch, settings): """ Test CAS_USERNAME_ATTRIBUTE setting. """ factory = RequestFactory() request = factory.get('/login/') request.session = {} settings.CAS_USERNAME_ATTRIBUTE = 'cas:user' # Test to make user we return the cas:user value and not an attibute named cas:user def mock_verify(ticket, service): return 'good', {'ticket': ticket, 'service': service, 'cas:user': '******'}, None monkeypatch.setattr('cas.CASClientV2.verify_ticket', mock_verify) user = backends.CASBackend().authenticate( request, ticket='fake-ticket', service='fake-service', ) assert user.username == 'good'