def test_mfa_required__admin_mfa_required_false__admin_user( self, mock_settings, mock_has_mfa, mock_redirect): mock_settings.MFA_REQUIRED = True mock_settings.SSO_MFA_REQUIRED = True mock_settings.ADMIN_MFA_REQUIRED = False mock_get_response = mock.MagicMock() mock_request = self.mock_request_with_user(is_staff=True) mock_has_mfa.return_value = False TethysMfaRequiredMiddleware(mock_get_response)(mock_request) # not required for admin/staff user mock_redirect.assert_not_called()
def test_mfa_required__admin_mfa_required_false__sso_user( self, mock_settings, mock_has_mfa, mock_redirect): mock_settings.MFA_REQUIRED = True mock_settings.SSO_MFA_REQUIRED = True mock_settings.ADMIN_MFA_REQUIRED = False mock_get_response = mock.MagicMock() mock_request = self.mock_request_with_user(with_sso=True) mock_has_mfa.return_value = False TethysMfaRequiredMiddleware(mock_get_response)(mock_request) # required for sso users mock_redirect.assert_called_once_with('mfa_home')
def test_mfa_required_all_true__valid_token__staff_user( self, mock_settings, mock_has_mfa, mock_redirect, _): mock_settings.MFA_REQUIRED = True mock_settings.SSO_MFA_REQUIRED = True mock_settings.ADMIN_MFA_REQUIRED = True mock_get_response = mock.MagicMock() mock_request = self.mock_request_with_user(is_staff=True) mock_request.headers = { 'Authorization': 'Token abcdefghijklmnopqrstuvwxyz' } mock_has_mfa.return_value = False TethysMfaRequiredMiddleware(mock_get_response)(mock_request) # not required for valid token mock_redirect.assert_not_called()
def test_mfa_required_all_true__invalid_token__staff_user( self, mock_settings, mock_has_mfa, mock_redirect, mock_authenticate): mock_settings.MFA_REQUIRED = True mock_settings.SSO_MFA_REQUIRED = True mock_settings.ADMIN_MFA_REQUIRED = True mock_get_response = mock.MagicMock() mock_request = self.mock_request_with_user(is_staff=True) mock_request.headers = { 'Authorization': 'Token abcdefghijklmnopqrstuvwxyz' } mock_authenticate.side_effect = AuthenticationFailed mock_has_mfa.return_value = False TethysMfaRequiredMiddleware(mock_get_response)(mock_request) # required for all users mock_redirect.assert_called_once_with('mfa_home')
def test_mfa_required_excluded_paths(self, mock_settings, mock_has_mfa, mock_redirect): mock_settings.MFA_REQUIRED = True mock_settings.SSO_MFA_REQUIRED = True mock_settings.ADMIN_MFA_REQUIRED = True mock_has_mfa.return_value = False mock_get_response = mock.MagicMock() excluded_paths = [ '/', '/accounts/login/', '/accounts/logout/', '/oauth2/foo/', '/user/bar/', '/captcha/jar/', '/devices/123/', '/mfa/add/' ] for path in excluded_paths: mock_request = self.mock_request_with_user(path=path) TethysMfaRequiredMiddleware(mock_get_response)(mock_request) # do not react on these paths mock_redirect.assert_not_called()