class TestAccountDeactivation(TestCase):
"""
Tests the account deactivation endpoint.
"""
def setUp(self):
super(TestAccountDeactivation, self).setUp()
self.superuser = SuperuserFactory()
self.staff_user = AdminFactory()
self.test_user = UserFactory()
self.url = reverse('accounts_deactivation',
kwargs={'username': self.test_user.username})
def assert_activation_status(self,
expected_status=status.HTTP_200_OK,
expected_activation_status=False):
"""
Helper function for making a request to the deactivation endpoint, and asserting the status.
Args:
expected_status(int): Expected request's response status.
expected_activation_status(bool): Expected user has_usable_password attribute value.
"""
response = self.client.post(self.url)
self.assertEqual(response.status_code, expected_status)
self.test_user.refresh_from_db() # pylint: disable=no-member
self.assertEqual(self.test_user.has_usable_password(),
expected_activation_status) # pylint: disable=no-member
def test_superuser_deactivates_user(self):
"""
Verify a user is deactivated when a superuser posts to the deactivation endpoint.
"""
self.client.login(username=self.superuser.username,
password=TEST_PASSWORD)
self.assertTrue(self.test_user.has_usable_password()) # pylint: disable=no-member
self.assert_activation_status()
def test_user_with_permission_deactivates_user(self):
"""
Verify a user is deactivated when a user with permission posts to the deactivation endpoint.
"""
user = UserFactory()
permission = PermissionFactory(
codename='can_deactivate_users',
content_type=ContentTypeFactory(app_label='student'))
user.user_permissions.add(permission) # pylint: disable=no-member
self.client.login(username=user.username, password=TEST_PASSWORD)
self.assertTrue(self.test_user.has_usable_password()) # pylint: disable=no-member
self.assert_activation_status()
def test_unauthorized_rejection(self):
"""
Verify unauthorized users cannot deactivate accounts.
"""
self.client.login(username=self.test_user.username,
password=TEST_PASSWORD)
self.assertTrue(self.test_user.has_usable_password()) # pylint: disable=no-member
self.assert_activation_status(
expected_status=status.HTTP_403_FORBIDDEN,
expected_activation_status=True)
class TestAccountDeactivation(TestCase):
"""
Tests the account deactivation endpoint.
"""
def setUp(self):
super(TestAccountDeactivation, self).setUp()
self.test_user = UserFactory()
self.url = reverse('accounts_deactivation',
kwargs={'username': self.test_user.username})
def build_jwt_headers(self, user):
"""
Helper function for creating headers for the JWT authentication.
"""
token = JwtBuilder(user).build_token([])
headers = {'HTTP_AUTHORIZATION': 'JWT ' + token}
return headers
def assert_activation_status(self,
headers,
expected_status=status.HTTP_200_OK,
expected_activation_status=False):
"""
Helper function for making a request to the deactivation endpoint, and asserting the status.
Args:
expected_status(int): Expected request's response status.
expected_activation_status(bool): Expected user has_usable_password attribute value.
"""
self.assertTrue(self.test_user.has_usable_password()) # pylint: disable=no-member
response = self.client.post(self.url, **headers)
self.assertEqual(response.status_code, expected_status)
self.test_user.refresh_from_db() # pylint: disable=no-member
self.assertEqual(self.test_user.has_usable_password(),
expected_activation_status) # pylint: disable=no-member
def test_superuser_deactivates_user(self):
"""
Verify a user is deactivated when a superuser posts to the deactivation endpoint.
"""
superuser = SuperuserFactory()
headers = self.build_jwt_headers(superuser)
self.assert_activation_status(headers)
def test_user_with_permission_deactivates_user(self):
"""
Verify a user is deactivated when a user with permission posts to the deactivation endpoint.
"""
user = UserFactory()
permission = PermissionFactory(
codename='can_deactivate_users',
content_type=ContentTypeFactory(app_label='student'))
user.user_permissions.add(permission) # pylint: disable=no-member
headers = self.build_jwt_headers(user)
self.assertTrue(self.test_user.has_usable_password()) # pylint: disable=no-member
self.assert_activation_status(headers)
def test_unauthorized_rejection(self):
"""
Verify unauthorized users cannot deactivate accounts.
"""
headers = self.build_jwt_headers(self.test_user)
self.assert_activation_status(
headers,
expected_status=status.HTTP_403_FORBIDDEN,
expected_activation_status=True)
def test_on_jwt_headers_rejection(self):
"""
Verify users who are not JWT authenticated are rejected.
"""
user = UserFactory()
self.assert_activation_status(
{},
expected_status=status.HTTP_401_UNAUTHORIZED,
expected_activation_status=True)
class TestRemoveSocialAuthUsersCommand(TestCase):
"""
Test django management command
"""
@classmethod
def setUpClass(cls):
super(TestRemoveSocialAuthUsersCommand, cls).setUpClass()
cls.command = remove_social_auth_users.Command()
def setUp(self):
super(TestRemoveSocialAuthUsersCommand, self).setUp()
self.provider_hogwarts = SAMLProviderConfigFactory.create(
slug='hogwarts')
self.provider_durmstrang = SAMLProviderConfigFactory.create(
slug='durmstrang')
self.user_fleur = UserFactory(username='******') # no social auth
self.user_harry = UserFactory(
username='******') # social auth for Hogwarts
self.user_viktor = UserFactory(
username='******') # social auth for Durmstrang
self.create_social_auth_entry(self.user_harry, self.provider_hogwarts)
self.create_social_auth_entry(self.user_viktor,
self.provider_durmstrang)
@contextmanager
def _replace_stdin(self, text):
orig = sys.stdin
sys.stdin = StringIO(text)
yield
sys.stdin = orig
def create_social_auth_entry(self, user, provider):
external_id = uuid4()
UserSocialAuth.objects.create(
user=user,
uid='{0}:{1}'.format(provider.slug, external_id),
provider=provider.slug,
)
def find_user_social_auth_entry(self, username):
UserSocialAuth.objects.get(user__username=username)
@override_settings(FEATURES=FEATURES_WITH_ENABLED)
def test_remove_users(self):
call_command(self.command, self.provider_hogwarts.slug, force=True)
# user with input idp is removed, along with social auth entries
with self.assertRaises(User.DoesNotExist):
User.objects.get(username='******')
with self.assertRaises(UserSocialAuth.DoesNotExist):
self.find_user_social_auth_entry('harry')
# other users intact
self.user_fleur.refresh_from_db()
self.user_viktor.refresh_from_db()
self.assertIsNotNone(self.user_fleur)
self.assertIsNotNone(self.user_viktor)
# other social auth intact
self.find_user_social_auth_entry(self.user_viktor.username)
@override_settings(FEATURES=FEATURES_WITH_ENABLED)
def test_invalid_idp(self):
invalid_slug = 'jedi-academy'
err_string = u'No SAML provider found for slug {}'.format(invalid_slug)
with self.assertRaisesRegexp(CommandError, err_string):
call_command(self.command, invalid_slug)
@override_settings(FEATURES=FEATURES_WITH_ENABLED)
def test_confirmation_required(self):
""" By default this command will require user input to confirm """
with self._replace_stdin('confirm'):
call_command(self.command, self.provider_hogwarts.slug)
with self.assertRaises(User.DoesNotExist):
User.objects.get(username='******')
with self.assertRaises(UserSocialAuth.DoesNotExist):
self.find_user_social_auth_entry('harry')
@override_settings(FEATURES=FEATURES_WITH_ENABLED)
def test_confirmation_failure(self):
err_string = 'User confirmation required. No records have been modified'
with self.assertRaisesRegexp(CommandError, err_string):
with self._replace_stdin('no'):
call_command(self.command, self.provider_hogwarts.slug)
# no users should be removed
self.assertEqual(len(User.objects.all()), 3)
self.assertEqual(len(UserSocialAuth.objects.all()), 2)
def test_feature_default_disabled(self):
""" By default this command should not be enabled """
err_string = 'ENABLE_ENROLLMENT_RESET feature not enabled on this enviroment'
with self.assertRaisesRegexp(CommandError, err_string):
call_command(self.command, self.provider_hogwarts.slug, force=True)
class TestAccountDeactivation(TestCase):
"""
Tests the account deactivation endpoint.
"""
def setUp(self):
super(TestAccountDeactivation, self).setUp()
self.test_user = UserFactory()
self.url = reverse('accounts_deactivation', kwargs={'username': self.test_user.username})
def build_jwt_headers(self, user):
"""
Helper function for creating headers for the JWT authentication.
"""
token = JwtBuilder(user).build_token([])
headers = {
'HTTP_AUTHORIZATION': 'JWT ' + token
}
return headers
def assert_activation_status(self, headers, expected_status=status.HTTP_200_OK, expected_activation_status=False):
"""
Helper function for making a request to the deactivation endpoint, and asserting the status.
Args:
expected_status(int): Expected request's response status.
expected_activation_status(bool): Expected user has_usable_password attribute value.
"""
self.assertTrue(self.test_user.has_usable_password()) # pylint: disable=no-member
response = self.client.post(self.url, **headers)
self.assertEqual(response.status_code, expected_status)
self.test_user.refresh_from_db() # pylint: disable=no-member
self.assertEqual(self.test_user.has_usable_password(), expected_activation_status) # pylint: disable=no-member
def test_superuser_deactivates_user(self):
"""
Verify a user is deactivated when a superuser posts to the deactivation endpoint.
"""
superuser = SuperuserFactory()
headers = self.build_jwt_headers(superuser)
self.assert_activation_status(headers)
def test_user_with_permission_deactivates_user(self):
"""
Verify a user is deactivated when a user with permission posts to the deactivation endpoint.
"""
user = UserFactory()
permission = PermissionFactory(
codename='can_deactivate_users',
content_type=ContentTypeFactory(
app_label='student'
)
)
user.user_permissions.add(permission) # pylint: disable=no-member
headers = self.build_jwt_headers(user)
self.assertTrue(self.test_user.has_usable_password()) # pylint: disable=no-member
self.assert_activation_status(headers)
def test_unauthorized_rejection(self):
"""
Verify unauthorized users cannot deactivate accounts.
"""
headers = self.build_jwt_headers(self.test_user)
self.assert_activation_status(
headers,
expected_status=status.HTTP_403_FORBIDDEN,
expected_activation_status=True
)
def test_on_jwt_headers_rejection(self):
"""
Verify users who are not JWT authenticated are rejected.
"""
user = UserFactory()
self.assert_activation_status(
{},
expected_status=status.HTTP_401_UNAUTHORIZED,
expected_activation_status=True
)
