def run_oauth(self, m, user=None):
strategy = DjangoStrategy(DjangoStorage)
backend = self.Backend_Class(strategy, redirect_uri=self.client_complete_url)
start_url = do_auth(backend).url
start_query = parse_qs(urlparse(start_url).query)
# set 'state' in client
backend.data.update({'state': start_query['state']})
m.get(backend.USER_DATA_URL,
json={"username": self.social_username,
"email": self.social_email},
status_code=200)
m.post(backend.ACCESS_TOKEN_URL,
json={'access_token': self.access_token,
'token_type': self.token_type,
'expires_in': self.expires_in,
'scope': self.scope,
'refresh_token': self.refresh_token},
status_code=200)
def _login(backend, user, social_user):
backend.strategy.session_set('username', user.username)
do_complete(backend, user=user, login=_login)
social = backend.strategy.storage.user.get_social_auth(backend.name, self.social_username)
return strategy.session_get('username'), social, backend
def moves_auth():
httpretty.enable()
def _method(method):
return {"GET": httpretty.GET, "POST": httpretty.POST}[method]
strategy = DjangoStrategy(MovesOAuth2, DjangoStorage)
start_url = strategy.start().url
target_url = handle_state(MovesOAuth2, start_url, strategy.build_absolute_uri("/complete/{0}/?code=foobar"))
httpretty.register_uri(httpretty.GET, start_url, status=301, location=target_url)
httpretty.register_uri(httpretty.GET, target_url, status=200, body="foobar")
httpretty.register_uri(
_method(MovesOAuth2.ACCESS_TOKEN_METHOD),
uri=MovesOAuth2.ACCESS_TOKEN_URL,
status=200,
body=json.dumps({"access_token": "foobar", "token_type": "bearer"}),
content_type="text/json",
)
user_data_url = "https://api.moves-app.com.com/oauth2/v1/user/profile"
if user_data_url:
httpretty.register_uri(
httpretty.GET, user_data_url, body=json.dumps({"userId": "1010101010011"}), content_type="application/json"
)
yield
httpretty.disable()
httpretty.reset()
def google_auth():
# TODO: This could be abstracted for twitter and facebook too.
httpretty.enable()
def _method(method):
return {"GET": httpretty.GET, "POST": httpretty.POST}[method]
strategy = DjangoStrategy(GoogleOAuth2, DjangoStorage)
start_url = strategy.start().url
target_url = handle_state(GoogleOAuth2, start_url, strategy.build_absolute_uri("/complete/{0}/?code=foobar"))
httpretty.register_uri(httpretty.GET, start_url, status=301, location=target_url)
httpretty.register_uri(httpretty.GET, target_url, status=200, body="foobar")
httpretty.register_uri(
_method(GoogleOAuth2.ACCESS_TOKEN_METHOD),
uri=GoogleOAuth2.ACCESS_TOKEN_URL,
status=200,
body=json.dumps({"access_token": "foobar", "token_type": "bearer"}),
content_type="text/json",
)
user_data_url = "https://www.googleapis.com/oauth2/v1/userinfo"
if user_data_url:
httpretty.register_uri(
httpretty.GET,
user_data_url,
body=json.dumps({"email": "*****@*****.**", "id": "101010101010101010101"}),
content_type="application/json",
)
yield
httpretty.disable()
httpretty.reset()
def test_no_prof_ed_third_party_autoenroll(self):
"""
Test that a user authenticating via third party auth while attempting to enroll
in a professional education course is not automatically enrolled in the course.
"""
self.client.logout()
# Create the course mode required for this test case
CourseModeFactory(course_id=self.course.id, mode_slug='professional')
self.client.get(reverse('register_user'), {'course_id': self.course.id})
self.client.login(username=self.USERNAME, password=self.PASSWORD)
dummy_request = RequestFactory().request()
dummy_request.session = self.client.session
strategy = DjangoStrategy(RequestFactory, request=dummy_request)
change_enrollment_third_party(is_register=True, strategy=strategy, user=self.user)
# Verify that the user has not been enrolled in the course
self.assertFalse(CourseEnrollment.is_enrolled(self.user, self.course.id))
def update_user_details(hacker_id, user):
social_auth = DjangoUserMixin.get_social_auth_for_user(user)[0]
backend = social_auth.get_backend_instance()
try:
social_auth.refresh_token(DjangoStrategy(None))
except Exception:
pass # Ignore failures to refresh token
url = backend.HACKER_SCHOOL_ROOT + '/api/v1/people/%s?' % hacker_id + urlencode(
{'access_token': social_auth.extra_data['access_token']})
try:
response = backend.request(url, method='GET')
hacker_data = backend.get_user_details(response.json())
create_or_update_hacker(None, hacker_data, None,
User.objects.get(id=hacker_id))
except Exception:
# It's not very bad, if we are not able to update the userdata... we
# silently ignore it.
pass
def test_user_data(self):
"""
Tests that the server return a json with the expected schema and content.
"""
# get a valid access token from the server
access_token = self._get_test_access_token(
settings.TEST_INTEGRATION_CLIENT_ID)
# call oauth server to retrieve user data
# the server should define an user with the following profile info
from social.strategies.django_strategy import DjangoStrategy
from social.storage.django_orm import BaseDjangoStorage
user_data = OAuth2ioOAuth2(
DjangoStrategy(BaseDjangoStorage)).user_data(access_token)
self.assertDictContainsSubset(
{
'username': '******',
'first_name': 'Test',
'last_name': 'User',
'email': '*****@*****.**',
}, user_data)
def test_enroll_from_redirect_autoreg_third_party(self):
"""
Test that, when a user visits the registration page *after* visiting a course,
if they go on to register and/or log in via third-party auth, they'll be registered
in that course.
The testing here is a bit hackish, since we just ping the registration page, then
directly call the step in the third party pipeline that registers the user if
`registration_course_id` is set in the session, but it should catch any major breaks.
"""
self.client.logout()
self.client.get(reverse('register_user'),
{'course_id': self.course.id})
self.client.login(username=self.USERNAME, password=self.PASSWORD)
self.dummy_request = RequestFactory().request()
self.dummy_request.session = self.client.session
strategy = DjangoStrategy(RequestFactory, request=self.dummy_request)
change_enrollment_third_party(is_register=True,
strategy=strategy,
user=self.user)
self.assertTrue(CourseEnrollment.is_enrolled(self.user,
self.course.id))
def setUp(self):
"""Setup the test"""
self.backend = BSDToolsOAuth2()
# We need to use the django strategy to get access to django settings
self.backend.strategy = DjangoStrategy(BaseDjangoStorage())
