def test_request_auth_type_guess_session_attribute(
self, mock_set_custom_attribute):
self.request.user = UserFactory()
self.middleware.process_response(self.request, None)
mock_set_custom_attribute.assert_any_call('request_auth_type_guess',
'session-or-other')
def test_authenticated_superuser(self, mock_set_custom_attribute):
self.request.user = UserFactory(is_superuser=True)
self.middleware.process_request(self.request)
self.middleware.process_response(self.request, None)
mock_set_custom_attribute.assert_any_call(
'request_is_staff_or_superuser', 'superuser')
def test_request_auth_type_guess_token_attribute(
self, token, expected_token_type, mock_set_custom_attribute):
self.request.user = UserFactory()
self.request.META['HTTP_AUTHORIZATION'] = token
self.middleware.process_response(self.request, None)
mock_set_custom_attribute.assert_any_call('request_auth_type_guess',
expected_token_type)
def test_authenticated_user_found_in_process_view(
self, mock_set_custom_attribute):
self.request.user = UserFactory()
self.middleware.process_view(self.request, None, None, None)
self.middleware.process_response(self.request, None)
mock_set_custom_attribute.assert_any_call(
'request_authenticated_user_found_in_middleware', 'process_view')
def test_request_auth_type_guess_jwt_cookie_attribute(
self, mock_set_custom_attribute):
self.request.user = UserFactory()
self.request.META[USE_JWT_COOKIE_HEADER] = True
self.request.COOKIES[jwt_cookie_name()] = 'reconstituted-jwt-cookie'
self.middleware.process_response(self.request, None)
mock_set_custom_attribute.assert_any_call('request_auth_type_guess',
'jwt-cookie')
def test_authenticated_standard_user(self, mock_set_custom_attribute):
self.request.user = UserFactory()
self.middleware.process_request(self.request)
self.middleware.process_response(self.request, None)
attributes_called_with = [
c[0] for c in mock_set_custom_attribute.call_args_list
]
assert 'request_is_staff_or_superuser' not in attributes_called_with
def test_request_user_id_attribute_with_exception(
self, mock_set_custom_attribute):
self.request.user = UserFactory()
self.middleware.process_exception(self.request, None)
mock_set_custom_attribute.assert_any_call('request_user_id',
self.request.user.id)
mock_set_custom_attribute.assert_any_call(
'request_authenticated_user_found_in_middleware',
'process_exception')
def test_get_decoded_jwt_from_existing_cookie(self):
user = UserFactory()
payload = generate_latest_version_payload(user)
jwt = generate_jwt_token(payload)
expected_decoded_jwt = jwt_decode_handler(jwt)
mock_request_with_cookie = mock.Mock(COOKIES={'edx-jwt-cookie': jwt})
decoded_jwt = cookies.get_decoded_jwt(mock_request_with_cookie)
self.assertEqual(expected_decoded_jwt, decoded_jwt)
def test_get_token(self):
"""
Ensure we can get a CSRF token.
"""
url = reverse('csrf_token')
user = UserFactory()
jwt = generate_jwt(user)
self.client.credentials(HTTP_AUTHORIZATION='JWT {}'.format(jwt))
response = self.client.get(url, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn('csrfToken', response.data)
def authenticate(self, request):
if request.COOKIES.get(jwt_cookie_name(), None) != 'header.payload.signature':
return None
# authenticate was failing on POST calls because it previously wasn't passing the
# supported parsers into the new Request object. This retrieval of POST data
# simulates the CSRF POST data checks in the non-test authenticate method. This
# line lets us verify that the parsers are being correctly passed to the request
request.POST.get('csrfmiddlewaretoken', '')
user = UserFactory()
return (user, None)
def test_authenticated_user_found_is_properly_reset(
self, mock_set_custom_attribute):
# set user before process_request
self.request.user = UserFactory()
self.middleware.process_request(self.request)
self.middleware.process_response(self.request, None)
mock_set_custom_attribute.assert_any_call(
'request_authenticated_user_found_in_middleware',
'process_request')
# set up new request and set user before process_response
mock_set_custom_attribute.reset_mock()
RequestCache.clear_all_namespaces()
self.request = RequestFactory().get('/')
self.request.user = UserFactory()
self.middleware.process_response(self.request, None)
mock_set_custom_attribute.assert_any_call(
'request_authenticated_user_found_in_middleware',
'process_response')
def setUp(self):
super(JwtHasContentOrgFilterForRequestedCourseTests, self).setUp()
self.user = UserFactory()
def setUp(self):
super(JwtHasScopeTests, self).setUp()
self.user = UserFactory()
def test_request_auth_type_session_metric(self, mock_set_custom_metric):
self.request.user = UserFactory()
self.middleware.process_response(self.request, None)
mock_set_custom_metric.assert_called_once_with('request_auth_type',
'session-or-unknown')
def setUp(self):
super().setUp()
self.user = UserFactory()
self.payload = generate_latest_version_payload(self.user)
self.jwt = generate_jwt_token(self.payload)
def setUp(self):
super(HasScopedTokenTests, self).setUp()
self.user = UserFactory()
self.payload = generate_jwt_payload(self.user)
self.jwt = generate_jwt_token(self.payload)
self.filters = {'content_org': ['edX', 'Microsoft'], 'user': ['me']}
def _create_request(self, user_filters, requested_username):
url = f'/?username={requested_username}'
request = RequestFactory().get(url)
request.user = UserFactory(username='******')
request.auth = generate_jwt(request.user, filters=user_filters)
return request
def setUp(self):
super(JWTDecodeHandlerTests, self).setUp()
self.user = UserFactory()
self.payload = generate_latest_version_payload(self.user)
self.jwt = generate_jwt_token(self.payload)
def setUp(self):
super(IsTokenVersionIncompatibleTests, self).setUp()
self.user = UserFactory()
self.payload = generate_jwt_payload(self.user)
self.jwt = generate_jwt_token(self.payload)
self.decoded_token = utils.jwt_decode_handler(self.jwt)
def setUp(self):
super().setUp()
self.user = UserFactory()
def authenticate(self, request):
if request.COOKIES.get(jwt_cookie_name(),
None) != 'header.payload.signature':
return None
user = UserFactory()
return (user, None)
def _create_user(self, is_staff=False):
return UserFactory(username='******', is_staff=is_staff)
def test_request_user_id_metric(self, mock_set_custom_metric):
self.request.user = UserFactory()
self.middleware.process_response(self.request, None)
mock_set_custom_metric.assert_any_call('request_user_id', self.request.user.id)
