Revision 9d20fe23 snf-astakos-app/astakos/im/tests.py
b/snf-astakos-app/astakos/im/tests.py | ||
---|---|---|
31 | 31 |
# interpreted as representing official policies, either expressed |
32 | 32 |
# or implied, of GRNET S.A. |
33 | 33 |
|
34 |
import copy |
|
34 | 35 |
import datetime |
35 | 36 |
|
36 | 37 |
from django.test import TestCase, Client |
37 | 38 |
from django.conf import settings |
38 | 39 |
from django.core import mail |
39 | 40 |
|
41 |
from astakos.im.activation_backends import * |
|
40 | 42 |
from astakos.im.target.shibboleth import Tokens as ShibbolethTokens |
41 | 43 |
from astakos.im.models import * |
42 | 44 |
from astakos.im import functions |
... | ... | |
46 | 48 |
from urllib import quote |
47 | 49 |
|
48 | 50 |
from astakos.im import messages |
51 |
from astakos.im import auth_providers |
|
49 | 52 |
|
50 | 53 |
|
51 | 54 |
astakos_settings.EMAILCHANGE_ENABLED = True |
52 | 55 |
|
56 |
|
|
53 | 57 |
class ShibbolethClient(Client): |
54 | 58 |
""" |
55 | 59 |
A shibboleth agnostic client. |
56 | 60 |
""" |
57 |
VALID_TOKENS = filter(lambda x: not x.startswith("_"), dir(ShibbolethTokens)) |
|
61 |
VALID_TOKENS = filter(lambda x: not x.startswith("_"), |
|
62 |
dir(ShibbolethTokens)) |
|
58 | 63 |
|
59 | 64 |
def __init__(self, *args, **kwargs): |
60 | 65 |
self.tokens = kwargs.pop('tokens', {}) |
... | ... | |
140 | 145 |
|
141 | 146 |
def setUp(self): |
142 | 147 |
self.client = ShibbolethClient() |
143 |
settings.ASTAKOS_IM_MODULES = ['local', 'shibboleth']
|
|
144 |
settings.ASTAKOS_MODERATION_ENABLED = True
|
|
148 |
astakos_settings.IM_MODULES = ['local', 'shibboleth']
|
|
149 |
astakos_settings.MODERATION_ENABLED = True
|
|
145 | 150 |
|
146 | 151 |
def test_create_account(self): |
147 | 152 |
|
... | ... | |
167 | 172 |
cn="Kostas Papadimitriou", |
168 | 173 |
ep_affiliation="Test Affiliation") |
169 | 174 |
r = client.get('/im/login/shibboleth?', follow=True) |
175 |
token = PendingThirdPartyUser.objects.get().token |
|
176 |
self.assertRedirects(r, '/im/signup?third_party_token=%s' % token) |
|
170 | 177 |
self.assertEqual(r.status_code, 200) |
171 | 178 |
|
172 |
# astakos asks if we want to add shibboleth |
|
173 |
self.assertContains(r, "Already have an account?") |
|
174 |
|
|
175 | 179 |
# a new pending user created |
176 | 180 |
pending_user = PendingThirdPartyUser.objects.get( |
177 | 181 |
third_party_identifier="kpapeppn") |
... | ... | |
185 | 189 |
r = client.get('/im/shibboleth/signup/%s' % pending_user.username) |
186 | 190 |
self.assertEqual(r.status_code, 404) |
187 | 191 |
|
188 |
# this is the signup unique url associated with the pending user created |
|
192 |
# this is the signup unique url associated with the pending user |
|
193 |
# created |
|
189 | 194 |
r = client.get('/im/signup/?third_party_token=%s' % token) |
190 |
form = r.context['form']
|
|
191 |
post_data = {'third_party_identifier': pending_user.third_party_identifier,
|
|
195 |
identifier = pending_user.third_party_identifier
|
|
196 |
post_data = {'third_party_identifier': identifier, |
|
192 | 197 |
'first_name': 'Kostas', |
193 | 198 |
'third_party_token': token, |
194 | 199 |
'last_name': 'Mitroglou', |
195 |
'provider': 'shibboleth' |
|
196 |
} |
|
200 |
'provider': 'shibboleth'} |
|
197 | 201 |
|
198 | 202 |
# invlid email |
199 | 203 |
post_data['email'] = 'kpap' |
... | ... | |
228 | 232 |
client.set_tokens(mail="kpap@grnet.gr", eppn="kpapeppn", |
229 | 233 |
cn="Kostas Papadimitriou", ) |
230 | 234 |
r = client.get("/im/login/shibboleth?", follow=True) |
231 |
self.assertContains(r, messages.ACCOUNT_PENDING_MODERATION)
|
|
235 |
self.assertContains(r, 'is pending moderation')
|
|
232 | 236 |
r = client.get("/im/profile", follow=True) |
233 | 237 |
self.assertRedirects(r, 'http://testserver/im/?next=/im/profile') |
234 | 238 |
|
... | ... | |
254 | 258 |
# shibboleth logged us in, notice that we use different email |
255 | 259 |
client.set_tokens(mail="kpap@shibboleth.gr", eppn="kpapeppn", |
256 | 260 |
cn="Kostas Papadimitriou", ) |
257 |
r = client.get("/im/login/shibboleth?") |
|
258 |
|
|
259 |
# astakos asks if we want to switch a local account to shibboleth |
|
260 |
self.assertContains(r, "Already have an account?") |
|
261 |
r = client.get("/im/login/shibboleth?", follow=True) |
|
261 | 262 |
|
262 | 263 |
# a new pending user created |
263 | 264 |
pending_user = PendingThirdPartyUser.objects.get() |
265 |
token = pending_user.token |
|
264 | 266 |
self.assertEqual(PendingThirdPartyUser.objects.count(), 1) |
265 | 267 |
pending_key = pending_user.token |
266 | 268 |
client.reset_tokens() |
269 |
self.assertRedirects(r, "/im/signup?third_party_token=%s" % token) |
|
267 | 270 |
|
268 |
# we choose to add shibboleth to an our existing account |
|
269 |
# we get redirected to login page with the pending token set |
|
270 |
r = client.get('/im/login?key=%s' % pending_key) |
|
271 |
post_data = {'password': 'password', |
|
272 |
'username': 'kpap@grnet.gr', |
|
273 |
'key': pending_key} |
|
274 |
r = client.post('/im/local', post_data, follow=True) |
|
275 |
self.assertRedirects(r, "/im/profile") |
|
276 |
self.assertContains(r, messages.AUTH_PROVIDER_ADDED) |
|
271 |
form = r.context['form'] |
|
272 |
signupdata = copy.copy(form.initial) |
|
273 |
signupdata['email'] = 'kpap@grnet.gr' |
|
274 |
signupdata['third_party_token'] = token |
|
275 |
signupdata['provider'] = 'shibboleth' |
|
276 |
del signupdata['id'] |
|
277 | 277 |
|
278 |
self.assertTrue(existing_user.has_auth_provider('shibboleth')) |
|
279 |
self.assertTrue(existing_user.has_auth_provider('local', |
|
280 |
auth_backend='astakos')) |
|
281 |
client.logout() |
|
278 |
r = client.post("/im/signup", signupdata) |
|
279 |
self.assertContains(r, "There is already an account with this email " |
|
280 |
"address") |
|
282 | 281 |
|
283 |
# check that we cannot assign same third party provide twice |
|
284 |
r = client.get('/im/login?key=%s' % pending_key) |
|
285 | 282 |
post_data = {'password': 'password', |
286 |
'username': 'kpap@grnet.gr', |
|
287 |
'key': pending_key} |
|
288 |
r = self.client.post('/im/local', post_data, follow=True) |
|
289 |
self.assertContains(r, messages.AUTH_PROVIDER_ADD_FAILED) |
|
290 |
self.client.logout() |
|
283 |
'username': 'kpap@grnet.gr'} |
|
284 |
r = client.post('/im/local', post_data, follow=True) |
|
285 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
|
286 |
client.set_tokens(mail="kpap@shibboleth.gr", eppn="kpapeppn", |
|
287 |
cn="Kostas Papadimitriou", ) |
|
288 |
r = client.get("/im/login/shibboleth?", follow=True) |
|
289 |
self.assertContains(r, "enabled for this account") |
|
290 |
client.reset_tokens() |
|
291 |
|
|
292 |
user = existing_user |
|
293 |
self.assertTrue(user.has_auth_provider('shibboleth')) |
|
294 |
self.assertTrue(user.has_auth_provider('local', |
|
295 |
auth_backend='astakos')) |
|
291 | 296 |
client.logout() |
292 | 297 |
|
293 | 298 |
# look Ma, i can login with both my shibboleth and local account |
... | ... | |
311 | 316 |
r = self.client.post('/im/local', post_data, follow=True) |
312 | 317 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
313 | 318 |
self.assertTrue(r.context['request'].user.email == "kpap@grnet.gr") |
314 |
self.assertRedirects(r, '/im/profile')
|
|
319 |
self.assertRedirects(r, '/im/landing')
|
|
315 | 320 |
self.assertEqual(r.status_code, 200) |
316 | 321 |
|
317 | 322 |
# cannot add the same eppn |
... | ... | |
322 | 327 |
self.assertTrue(r.status_code, 200) |
323 | 328 |
self.assertEquals(existing_user.auth_providers.count(), 2) |
324 | 329 |
|
325 |
# but can add additional eppn
|
|
330 |
# only one allowed by default
|
|
326 | 331 |
client.set_tokens(mail="secondary@shibboleth.gr", eppn="kpapeppn2", |
327 | 332 |
cn="Kostas Papadimitriou", ep_affiliation="affil2") |
333 |
prov = auth_providers.get_provider('shibboleth') |
|
328 | 334 |
r = client.get("/im/login/shibboleth?", follow=True) |
329 |
new_provider = existing_user.auth_providers.get(identifier="kpapeppn2")
|
|
335 |
self.assertContains(r, "Failed to add")
|
|
330 | 336 |
self.assertRedirects(r, '/im/profile') |
331 | 337 |
self.assertTrue(r.status_code, 200) |
332 |
self.assertEquals(existing_user.auth_providers.count(), 3) |
|
333 |
self.assertEqual(new_provider.affiliation, 'affil2') |
|
338 |
self.assertEquals(existing_user.auth_providers.count(), 2) |
|
334 | 339 |
client.logout() |
335 | 340 |
client.reset_tokens() |
336 | 341 |
|
... | ... | |
343 | 348 |
# lets remove local password |
344 | 349 |
user = AstakosUser.objects.get(username="kpap@grnet.gr", |
345 | 350 |
email="kpap@grnet.gr") |
346 |
remove_local_url = user.get_provider_remove_url('local') |
|
347 |
remove_shibbo_url = user.get_provider_remove_url('shibboleth', |
|
348 |
identifier='kpapeppn') |
|
349 |
remove_shibbo2_url = user.get_provider_remove_url('shibboleth', |
|
350 |
identifier='kpapeppn2') |
|
351 |
remove_local_url = user.get_auth_provider('local').get_remove_url |
|
352 |
remove_shibbo_url = user.get_auth_provider('shibboleth', |
|
353 |
'kpapeppn').get_remove_url |
|
351 | 354 |
client.set_tokens(mail="kpap@shibboleth.gr", eppn="kpapeppn", |
352 | 355 |
cn="Kostas Papadimtriou") |
353 | 356 |
r = client.get("/im/login/shibboleth?", follow=True) |
... | ... | |
356 | 359 |
# TODO: this view should use POST |
357 | 360 |
r = client.get(remove_local_url) |
358 | 361 |
# 2 providers left |
359 |
self.assertEqual(user.auth_providers.count(), 2) |
|
360 |
r = client.get(remove_shibbo2_url) |
|
361 |
# 1 provider left |
|
362 | 362 |
self.assertEqual(user.auth_providers.count(), 1) |
363 | 363 |
# cannot remove last provider |
364 | 364 |
r = client.get(remove_shibbo_url) |
... | ... | |
399 | 399 |
cn="Kostas Papadimitriou") |
400 | 400 |
r = client.get("/im/login/shibboleth?", follow=True) |
401 | 401 |
# try to assign existing shibboleth identifier of another user |
402 |
client.set_tokens(mail="kpap_second@shibboleth.gr", eppn="existingeppn",
|
|
403 |
cn="Kostas Papadimitriou") |
|
402 |
client.set_tokens(mail="kpap_second@shibboleth.gr", |
|
403 |
eppn="existingeppn", cn="Kostas Papadimitriou")
|
|
404 | 404 |
r = client.get("/im/login/shibboleth?", follow=True) |
405 |
self.assertContains(r, messages.AUTH_PROVIDER_ADD_FAILED) |
|
406 |
self.assertContains(r, messages.AUTH_PROVIDER_ADD_EXISTS) |
|
405 |
self.assertContains(r, "this account is already assigned") |
|
407 | 406 |
|
408 | 407 |
|
409 | 408 |
class LocalUserTests(TestCase): |
... | ... | |
411 | 410 |
fixtures = ['groups'] |
412 | 411 |
|
413 | 412 |
def setUp(self): |
414 |
from django.conf import settings |
|
415 | 413 |
settings.ADMINS = (('admin', 'support@cloud.grnet.gr'),) |
416 | 414 |
settings.SERVER_EMAIL = 'no-reply@grnet.gr' |
415 |
self._orig_moderation = astakos_settings.MODERATION_ENABLED |
|
416 |
settings.ASTAKOS_MODERATION_ENABLED = True |
|
417 |
|
|
418 |
def tearDown(self): |
|
419 |
settings.ASTAKOS_MODERATION_ENABLED = self._orig_moderation |
|
417 | 420 |
|
418 | 421 |
def test_no_moderation(self): |
419 | 422 |
# disable moderation |
... | ... | |
422 | 425 |
# create a new user |
423 | 426 |
r = self.client.get("/im/signup") |
424 | 427 |
self.assertEqual(r.status_code, 200) |
425 |
data = {'email':'kpap@grnet.gr', 'password1':'password',
|
|
426 |
'password2':'password', 'first_name': 'Kostas', |
|
428 |
data = {'email': 'kpap@grnet.gr', 'password1': 'password',
|
|
429 |
'password2': 'password', 'first_name': 'Kostas',
|
|
427 | 430 |
'last_name': 'Mitroglou', 'provider': 'local'} |
428 | 431 |
r = self.client.post("/im/signup", data) |
429 | 432 |
|
... | ... | |
442 | 445 |
|
443 | 446 |
def test_email_case(self): |
444 | 447 |
data = { |
445 |
'email': 'kPap@grnet.gr', |
|
446 |
'password1': '1234', |
|
447 |
'password2': '1234' |
|
448 |
'email': 'kPap@grnet.gr',
|
|
449 |
'password1': '1234',
|
|
450 |
'password2': '1234'
|
|
448 | 451 |
} |
449 | 452 |
|
450 | 453 |
form = forms.LocalUserCreationForm(data) |
... | ... | |
452 | 455 |
user = form.save() |
453 | 456 |
form.store_user(user, {}) |
454 | 457 |
|
455 |
u = AstakosUser.objects.get(pk=1)
|
|
458 |
u = AstakosUser.objects.get() |
|
456 | 459 |
self.assertEqual(u.email, 'kPap@grnet.gr') |
457 | 460 |
self.assertEqual(u.username, 'kpap@grnet.gr') |
458 | 461 |
u.is_active = True |
... | ... | |
468 | 471 |
self.assertTrue(login.is_valid()) |
469 | 472 |
|
470 | 473 |
data = { |
471 |
'email': 'kpap@grnet.gr', |
|
472 |
'password1': '1234', |
|
473 |
'password2': '1234' |
|
474 |
'email': 'kpap@grnet.gr',
|
|
475 |
'password1': '1234',
|
|
476 |
'password2': '1234'
|
|
474 | 477 |
} |
475 | 478 |
form = forms.LocalUserCreationForm(data) |
476 | 479 |
self.assertFalse(form.is_valid()) |
... | ... | |
482 | 485 |
# create a user |
483 | 486 |
r = self.client.get("/im/signup") |
484 | 487 |
self.assertEqual(r.status_code, 200) |
485 |
data = {'email':'kpap@grnet.gr', 'password1':'password',
|
|
486 |
'password2':'password', 'first_name': 'Kostas', |
|
488 |
data = {'email': 'kpap@grnet.gr', 'password1': 'password',
|
|
489 |
'password2': 'password', 'first_name': 'Kostas',
|
|
487 | 490 |
'last_name': 'Mitroglou', 'provider': 'local'} |
488 | 491 |
r = self.client.post("/im/signup", data) |
489 | 492 |
|
... | ... | |
493 | 496 |
email="kpap@grnet.gr") |
494 | 497 |
self.assertEqual(user.username, 'kpap@grnet.gr') |
495 | 498 |
self.assertEqual(user.has_auth_provider('local'), True) |
496 |
self.assertFalse(user.is_active) # not activated |
|
497 |
self.assertFalse(user.email_verified) # not verified |
|
498 |
self.assertFalse(user.activation_sent) # activation automatically sent |
|
499 |
self.assertFalse(user.is_active) # not activated
|
|
500 |
self.assertFalse(user.email_verified) # not verified
|
|
501 |
self.assertFalse(user.activation_sent) # activation automatically sent
|
|
499 | 502 |
|
500 | 503 |
# admin gets notified and activates the user from the command line |
501 | 504 |
self.assertEqual(len(get_mailbox('support@cloud.grnet.gr')), 1) |
502 | 505 |
r = self.client.post('/im/local', {'username': 'kpap@grnet.gr', |
503 |
'password': 'password'})
|
|
504 |
self.assertContains(r, messages.ACCOUNT_PENDING_MODERATION)
|
|
506 |
'password': 'password'}) |
|
507 |
self.assertContains(r, messages.NOTIFICATION_SENT)
|
|
505 | 508 |
functions.send_activation(user) |
506 | 509 |
|
507 | 510 |
# user activation fields updated and user gets notified via email |
... | ... | |
513 | 516 |
|
514 | 517 |
# user forgot she got registered and tries to submit registration |
515 | 518 |
# form. Notice the upper case in email |
516 |
data = {'email':'KPAP@grnet.gr', 'password1':'password',
|
|
517 |
'password2':'password', 'first_name': 'Kostas', |
|
519 |
data = {'email': 'KPAP@grnet.gr', 'password1': 'password',
|
|
520 |
'password2': 'password', 'first_name': 'Kostas',
|
|
518 | 521 |
'last_name': 'Mitroglou', 'provider': 'local'} |
519 | 522 |
r = self.client.post("/im/signup", data, follow=True) |
520 | 523 |
self.assertRedirects(r, reverse('index')) |
521 | 524 |
self.assertContains(r, messages.NOTIFICATION_SENT) |
522 | 525 |
|
526 |
user = AstakosUser.objects.get() |
|
527 |
functions.send_activation(user) |
|
528 |
|
|
523 | 529 |
# previous user replaced |
524 |
user = AstakosUser.objects.get(pk=user.pk) |
|
525 | 530 |
self.assertTrue(user.activation_sent) |
526 | 531 |
self.assertFalse(user.email_verified) |
527 | 532 |
self.assertFalse(user.is_active) |
528 |
self.assertEqual(len(get_mailbox('kpap@grnet.gr')), 2)
|
|
533 |
self.assertEqual(len(get_mailbox('KPAP@grnet.gr')), 1)
|
|
529 | 534 |
|
530 | 535 |
# hmmm, email exists; lets request a password change |
531 | 536 |
r = self.client.get('/im/local/password_reset') |
532 | 537 |
self.assertEqual(r.status_code, 200) |
533 |
r = self.client.post('/im/local/password_reset', {'email': |
|
534 |
'kpap@grnet.gr'}, |
|
535 |
follow=True) |
|
538 |
data = {'email': 'kpap@grnet.gr'} |
|
539 |
r = self.client.post('/im/local/password_reset', data, follow=True) |
|
536 | 540 |
# she can't because account is not active yet |
537 |
self.assertContains(r, "doesn't have an associated user account")
|
|
541 |
self.assertContains(r, 'pending activation')
|
|
538 | 542 |
|
539 |
# moderation is enabled so no automatic activation can be send |
|
540 |
r = self.client.get('/im/send/activation/%d' % user.pk) |
|
541 |
self.assertEqual(r.status_code, 403) |
|
542 |
self.assertEqual(len(get_mailbox('kpap@grnet.gr')), 1) |
|
543 |
# moderation is enabled and an activation email has already been sent |
|
544 |
# so user can trigger resend of the activation email |
|
545 |
r = self.client.get('/im/send/activation/%d' % user.pk, follow=True) |
|
546 |
self.assertContains(r, 'has been sent to your email address.') |
|
547 |
self.assertEqual(len(get_mailbox('KPAP@grnet.gr')), 2) |
|
543 | 548 |
|
544 | 549 |
# also she cannot login |
545 |
r = self.client.post('/im/local', {'username': 'kpap@grnet.gr', |
|
546 |
'password': 'password'}) |
|
547 |
self.assertContains(r, messages.ACCOUNT_PENDING_ACTIVATION_HELP) |
|
548 |
self.assertContains(r, messages.ACCOUNT_PENDING_ACTIVATION) |
|
549 |
self.assertNotContains(r, 'Resend activation') |
|
550 |
self.assertFalse(r.context['request'].user.is_authenticated()) |
|
551 |
self.assertFalse('_pithos2_a' in self.client.cookies) |
|
552 |
|
|
553 |
# same with disabled moderation |
|
554 |
astakos_settings.MODERATION_ENABLED = False |
|
555 |
r = self.client.post('/im/local/password_reset', {'email': |
|
556 |
'kpap@grnet.gr'}) |
|
557 |
self.assertContains(r, "doesn't have an associated user account") |
|
558 |
r = self.client.post('/im/local', {'username': 'kpap@grnet.gr', |
|
559 |
'password': 'password'}) |
|
560 |
self.assertContains(r, messages.ACCOUNT_PENDING_ACTIVATION) |
|
550 |
data = {'username': 'kpap@grnet.gr', 'password': 'password'} |
|
551 |
r = self.client.post('/im/local', data, follow=True) |
|
561 | 552 |
self.assertContains(r, 'Resend activation') |
562 | 553 |
self.assertFalse(r.context['request'].user.is_authenticated()) |
563 | 554 |
self.assertFalse('_pithos2_a' in self.client.cookies) |
564 | 555 |
|
565 | 556 |
# user sees the message and resends activation |
566 |
r = self.client.get('/im/send/activation/%d' % user.pk) |
|
567 |
self.assertEqual(len(get_mailbox('kpap@grnet.gr')), 2)
|
|
557 |
r = self.client.get('/im/send/activation/%d' % user.pk, follow=True)
|
|
558 |
self.assertEqual(len(get_mailbox('KPAP@grnet.gr')), 3)
|
|
568 | 559 |
|
569 | 560 |
# switch back moderation setting |
570 | 561 |
astakos_settings.MODERATION_ENABLED = True |
571 | 562 |
r = self.client.get(user.get_activation_url(), follow=True) |
572 |
self.assertRedirects(r, "/im/profile") |
|
573 |
self.assertContains(r, "kpap@grnet.gr") |
|
574 |
self.assertEqual(len(get_mailbox('kpap@grnet.gr')), 3) |
|
563 |
self.assertRedirects(r, "/im/landing") |
|
564 |
r = self.client.get('/im/profile', follow=True) |
|
565 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
|
566 |
self.assertTrue('_pithos2_a' in self.client.cookies) |
|
567 |
self.assertContains(r, "KPAP@grnet.gr") |
|
568 |
self.assertEqual(len(get_mailbox('KPAP@grnet.gr')), 4) |
|
575 | 569 |
|
576 | 570 |
user = AstakosUser.objects.get(pk=user.pk) |
577 | 571 |
# user activated and logged in, token cookie set |
578 | 572 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
579 | 573 |
self.assertTrue('_pithos2_a' in self.client.cookies) |
580 | 574 |
cookies = self.client.cookies |
581 |
self.assertTrue(quote(user.auth_token) in cookies.get('_pithos2_a').value) |
|
575 |
self.assertTrue(quote(user.auth_token) in |
|
576 |
cookies.get('_pithos2_a').value) |
|
582 | 577 |
r = self.client.get('/im/logout', follow=True) |
583 | 578 |
r = self.client.get('/im/') |
584 | 579 |
# user logged out, token cookie removed |
585 | 580 |
self.assertFalse(r.context['request'].user.is_authenticated()) |
586 | 581 |
self.assertFalse(self.client.cookies.get('_pithos2_a').value) |
587 |
# https://docs.djangoproject.com/en/dev/topics/testing/#persistent-state |
|
582 |
|
|
583 |
#https://docs.djangoproject.com/en/dev/topics/testing/#persistent-state |
|
588 | 584 |
del self.client.cookies['_pithos2_a'] |
589 | 585 |
|
590 | 586 |
# user can login |
591 | 587 |
r = self.client.post('/im/local', {'username': 'kpap@grnet.gr', |
592 | 588 |
'password': 'password'}, |
593 |
follow=True)
|
|
589 |
follow=True) |
|
594 | 590 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
595 | 591 |
self.assertTrue('_pithos2_a' in self.client.cookies) |
596 | 592 |
cookies = self.client.cookies |
597 |
self.assertTrue(quote(user.auth_token) in cookies.get('_pithos2_a').value) |
|
593 |
self.assertTrue(quote(user.auth_token) in |
|
594 |
cookies.get('_pithos2_a').value) |
|
598 | 595 |
self.client.get('/im/logout', follow=True) |
599 | 596 |
|
600 | 597 |
# user forgot password |
... | ... | |
605 | 602 |
'kpap@grnet.gr'}) |
606 | 603 |
self.assertEqual(r.status_code, 302) |
607 | 604 |
# email sent |
608 |
self.assertEqual(len(get_mailbox('kpap@grnet.gr')), 4)
|
|
605 |
self.assertEqual(len(get_mailbox('KPAP@grnet.gr')), 5)
|
|
609 | 606 |
|
610 | 607 |
# user visits change password link |
611 | 608 |
r = self.client.get(user.get_password_reset_url()) |
612 | 609 |
r = self.client.post(user.get_password_reset_url(), |
613 |
{'new_password1':'newpass',
|
|
614 |
'new_password2':'newpass'})
|
|
610 |
{'new_password1': 'newpass',
|
|
611 |
'new_password2': 'newpass'})
|
|
615 | 612 |
|
616 | 613 |
user = AstakosUser.objects.get(pk=user.pk) |
617 | 614 |
self.assertNotEqual(old_pass, user.password) |
... | ... | |
637 | 634 |
r = self.client.post('/im/local/password_reset', {'email': |
638 | 635 |
'kpap@grnet.gr'}) |
639 | 636 |
# she can't because account is not active yet |
640 |
self.assertContains(r, messages.AUTH_PROVIDER_CANNOT_CHANGE_PASSWORD) |
|
637 |
self.assertContains(r, "Changing password is not") |
|
638 |
|
|
639 |
|
|
640 |
class AuthProviderModules(TestCase): |
|
641 |
|
|
642 |
def setUp(self): |
|
643 |
key = 'ASTAKOS_AUTH_PROVIDER_SHIBBOLETH_LIMIT_POLICY' |
|
644 |
self._SETTING = getattr(settings, key, 1) |
|
645 |
settings.ASTAKOS_AUTH_PROVIDER_SHIBBOLETH_LIMIT_POLICY = 2 |
|
646 |
|
|
647 |
def tearDown(self): |
|
648 |
settings.ASTAKOS_AUTH_PROVIDER_SHIBBOLETH_LIMIT_POLICY = self._SETTING |
|
649 |
|
|
650 |
def test_create(self): |
|
651 |
# this should be wrapped inside a transaction |
|
652 |
user = AstakosUser(email="test@test.com") |
|
653 |
user.save() |
|
654 |
provider = auth_providers.get_provider('shibboleth', user, |
|
655 |
'test@academia.test') |
|
656 |
provider.add_to_user() |
|
657 |
user.get_auth_provider('shibboleth', 'test@academia.test') |
|
658 |
provider = auth_providers.get_provider('local', user) |
|
659 |
provider.add_to_user() |
|
660 |
user.get_auth_provider('local') |
|
661 |
|
|
662 |
settings.ASTAKOS_AUTH_PROVIDER_SHIBBOLETH_CREATE_POLICY = False |
|
663 |
user = AstakosUser(email="test2@test.com") |
|
664 |
user.save() |
|
665 |
provider = auth_providers.get_provider('shibboleth', user, |
|
666 |
'test@shibboleth.com', |
|
667 |
**{'info': {'name': |
|
668 |
'User Test'}}) |
|
669 |
self.assertFalse(provider.get_create_policy) |
|
670 |
settings.ASTAKOS_AUTH_PROVIDER_SHIBBOLETH_CREATE_POLICY = True |
|
671 |
self.assertTrue(provider.get_create_policy) |
|
672 |
academic = provider.add_to_user() |
|
673 |
|
|
674 |
def test_policies(self): |
|
675 |
user = get_local_user('kpap@grnet.gr') |
|
676 |
user.add_auth_provider('shibboleth', identifier='1234') |
|
677 |
user.add_auth_provider('shibboleth', identifier='12345') |
|
678 |
|
|
679 |
# default limit is 1 |
|
680 |
local = user.get_auth_provider('local') |
|
681 |
self.assertEqual(local.get_add_policy, False) |
|
682 |
|
|
683 |
settings.ASTAKOS_AUTH_PROVIDER_SHIBBOLETH_LIMIT_POLICY = 3 |
|
684 |
academic = user.get_auth_provider('shibboleth', |
|
685 |
identifier='1234') |
|
686 |
self.assertEqual(academic.get_add_policy, False) |
|
687 |
newacademic = auth_providers.get_provider('shibboleth', user, |
|
688 |
identifier='123456') |
|
689 |
self.assertEqual(newacademic.get_add_policy, True) |
|
690 |
user.add_auth_provider('shibboleth', identifier='123456') |
|
691 |
self.assertEqual(academic.get_add_policy, False) |
|
692 |
settings.ASTAKOS_AUTH_PROVIDER_SHIBBOLETH_LIMIT_POLICY = 1 |
|
693 |
|
|
694 |
def test_messages(self): |
|
695 |
user = get_local_user('kpap@grnet.gr') |
|
696 |
user.add_auth_provider('shibboleth', identifier='1234') |
|
697 |
user.add_auth_provider('shibboleth', identifier='12345') |
|
698 |
provider = auth_providers.get_provider('shibboleth') |
|
699 |
self.assertEqual(provider.get_message('title'), 'Academic') |
|
700 |
settings.ASTAKOS_AUTH_PROVIDER_SHIBBOLETH_TITLE = 'New title' |
|
701 |
# regenerate messages cache |
|
702 |
provider = auth_providers.get_provider('shibboleth') |
|
703 |
self.assertEqual(provider.get_message('title'), 'New title') |
|
704 |
self.assertEqual(provider.get_message('login_title'), 'New title LOGIN') |
|
705 |
self.assertEqual(provider.get_login_title_msg, 'New title LOGIN') |
|
706 |
self.assertEqual(provider.get_module_icon, |
|
707 |
settings.MEDIA_URL + 'im/auth/icons/shibboleth.png') |
|
708 |
self.assertEqual(provider.get_module_medium_icon, |
|
709 |
settings.MEDIA_URL + 'im/auth/icons-medium/shibboleth.png') |
|
710 |
|
|
711 |
settings.ASTAKOS_AUTH_PROVIDER_SHIBBOLETH_TITLE = None |
|
712 |
provider = auth_providers.get_provider('shibboleth', user, '12345') |
|
713 |
self.assertEqual(provider.get_method_details_msg, |
|
714 |
'Account: 12345') |
|
715 |
provider = auth_providers.get_provider('shibboleth', user, '1234') |
|
716 |
self.assertEqual(provider.get_method_details_msg, |
|
717 |
'Account: 1234') |
|
718 |
|
|
719 |
provider = auth_providers.get_provider('shibboleth', user, '1234') |
|
720 |
self.assertEqual(provider.get_not_active_msg, |
|
721 |
"'Academic login' is disabled.") |
|
722 |
|
|
723 |
def test_templates(self): |
|
724 |
user = get_local_user('kpap@grnet.gr') |
|
725 |
user.add_auth_provider('shibboleth', identifier='1234') |
|
726 |
user.add_auth_provider('shibboleth', identifier='12345') |
|
727 |
|
|
728 |
provider = auth_providers.get_provider('shibboleth') |
|
729 |
self.assertEqual(provider.get_template('login'), |
|
730 |
'im/auth/shibboleth_login.html') |
|
731 |
provider = auth_providers.get_provider('google') |
|
732 |
self.assertEqual(provider.get_template('login'), |
|
733 |
'im/auth/generic_login.html') |
|
734 |
|
|
735 |
|
|
641 | 736 |
|
642 | 737 |
class UserActionsTests(TestCase): |
643 | 738 |
|
... | ... | |
704 | 799 |
self.assertEquals(user.email, 'kpap@yahoo.com') |
705 | 800 |
self.assertEquals(user.username, 'kpap@yahoo.com') |
706 | 801 |
|
707 |
|
|
708 | 802 |
self.client.logout() |
709 | 803 |
r = self.client.post('/im/local?next=' + change2.get_url(), |
710 | 804 |
{'username': 'kpap@grnet.gr', |
... | ... | |
714 | 808 |
self.assertContains(r, "Please enter a correct username and password") |
715 | 809 |
self.assertEqual(user.emailchanges.count(), 0) |
716 | 810 |
|
811 |
|
|
812 |
class TestAuthProvidersAPI(TestCase): |
|
813 |
|
|
814 |
def setUp(self): |
|
815 |
settings.ASTAKOS_IM_MODULES = ['local', 'shibboleth'] |
|
816 |
|
|
817 |
def test_create(self): |
|
818 |
from astakos.im import auth_providers as auth |
|
819 |
user = AstakosUser.objects.create(email="kpap@grnet.gr") |
|
820 |
user2 = AstakosUser.objects.create(email="kpap2@grnet.gr") |
|
821 |
|
|
822 |
module = 'shibboleth' |
|
823 |
identifier = 'SHIB_UUID' |
|
824 |
provider_params = { |
|
825 |
'affiliation': 'UNIVERSITY', |
|
826 |
'info': {'age': 27} |
|
827 |
} |
|
828 |
provider = auth.get_provider(module, user2, identifier, |
|
829 |
**provider_params) |
|
830 |
provider.add_to_user() |
|
831 |
provider = auth.get_provider(module, user, identifier, |
|
832 |
**provider_params) |
|
833 |
provider.add_to_user() |
|
834 |
user.email_verified = True |
|
835 |
user.save() |
|
836 |
self.assertRaises(Exception, provider.add_to_user) |
|
837 |
provider = user.get_auth_provider(module, identifier) |
|
838 |
self.assertEqual(user.get_auth_provider( |
|
839 |
module, identifier)._instance.info.get('age'), 27) |
|
840 |
|
|
841 |
module = 'local' |
|
842 |
identifier = None |
|
843 |
provider_params = {'auth_backend': 'ldap', 'info': |
|
844 |
{'office': 'A1'}} |
|
845 |
provider = auth.get_provider(module, user, identifier, |
|
846 |
**provider_params) |
|
847 |
provider.add_to_user() |
|
848 |
self.assertFalse(provider.get_add_policy) |
|
849 |
self.assertRaises(Exception, provider.add_to_user) |
|
850 |
|
|
851 |
shib = user.get_auth_provider('shibboleth', |
|
852 |
'SHIB_UUID') |
|
853 |
self.assertTrue(shib.get_remove_policy) |
|
854 |
|
|
855 |
local = user.get_auth_provider('local') |
|
856 |
self.assertTrue(local.get_remove_policy) |
|
857 |
|
|
858 |
local.remove_from_user() |
|
859 |
self.assertFalse(shib.get_remove_policy) |
|
860 |
self.assertRaises(Exception, shib.remove_from_user) |
|
861 |
|
|
862 |
def test_policies(self): |
|
863 |
group_old, created = Group.objects.get_or_create(name='olduser') |
|
864 |
|
|
865 |
astakos_settings.MODERATION_ENABLED = True |
|
866 |
settings.ASTAKOS_AUTH_PROVIDER_SHIBBOLETH_CREATION_GROUPS_POLICY = \ |
|
867 |
['academic-user'] |
|
868 |
settings.ASTAKOS_AUTH_PROVIDER_GOOGLE_ADD_GROUPS_POLICY = \ |
|
869 |
['google-user'] |
|
870 |
|
|
871 |
user = AstakosUser.objects.create(email="kpap@grnet.gr") |
|
872 |
user.groups.add(group_old) |
|
873 |
user.add_auth_provider('local') |
|
874 |
|
|
875 |
user2 = AstakosUser.objects.create(email="kpap2@grnet.gr") |
|
876 |
user2.add_auth_provider('shibboleth', identifier='shibid') |
|
877 |
|
|
878 |
user3 = AstakosUser.objects.create(email="kpap3@grnet.gr") |
|
879 |
user3.groups.add(group_old) |
|
880 |
user3.add_auth_provider('local') |
|
881 |
user3.add_auth_provider('shibboleth', identifier='1234') |
|
882 |
|
|
883 |
self.assertTrue(user2.groups.get(name='academic-user')) |
|
884 |
self.assertFalse(user2.groups.filter(name='olduser').count()) |
|
885 |
|
|
886 |
local = auth_providers.get_provider('local') |
|
887 |
self.assertTrue(local.get_add_policy) |
|
888 |
|
|
889 |
academic_group = Group.objects.get(name='academic-user') |
|
890 |
AuthProviderPolicyProfile.objects.add_policy('academic', 'shibboleth', |
|
891 |
academic_group, |
|
892 |
exclusive=True, |
|
893 |
add=False, |
|
894 |
login=False) |
|
895 |
AuthProviderPolicyProfile.objects.add_policy('academic', 'shibboleth', |
|
896 |
academic_group, |
|
897 |
exclusive=True, |
|
898 |
login=False, |
|
899 |
add=False) |
|
900 |
# no duplicate entry gets created |
|
901 |
self.assertEqual(academic_group.authpolicy_profiles.count(), 1) |
|
902 |
|
|
903 |
self.assertEqual(user2.authpolicy_profiles.count(), 0) |
|
904 |
AuthProviderPolicyProfile.objects.add_policy('academic', 'shibboleth', |
|
905 |
user2, |
|
906 |
remove=False) |
|
907 |
self.assertEqual(user2.authpolicy_profiles.count(), 1) |
|
908 |
|
|
909 |
local = auth_providers.get_provider('local', user2) |
|
910 |
google = auth_providers.get_provider('google', user2) |
|
911 |
shibboleth = auth_providers.get_provider('shibboleth', user2) |
|
912 |
self.assertTrue(shibboleth.get_login_policy) |
|
913 |
self.assertFalse(shibboleth.get_remove_policy) |
|
914 |
self.assertFalse(local.get_add_policy) |
|
915 |
self.assertFalse(local.get_add_policy) |
|
916 |
self.assertFalse(google.get_add_policy) |
|
917 |
|
|
918 |
user2.groups.remove(Group.objects.get(name='academic-user')) |
|
919 |
self.assertTrue(local.get_add_policy) |
|
920 |
self.assertTrue(google.get_add_policy) |
|
921 |
user2.groups.add(Group.objects.get(name='academic-user')) |
|
922 |
|
|
923 |
AuthProviderPolicyProfile.objects.add_policy('academic', 'shibboleth', |
|
924 |
user2, |
|
925 |
exclusive=True, |
|
926 |
add=True) |
|
927 |
self.assertTrue(local.get_add_policy) |
|
928 |
self.assertTrue(google.get_add_policy) |
|
929 |
|
|
930 |
settings.ASTAKOS_AUTH_PROVIDER_SHIBBOLETH_AUTOMODERATE_POLICY = True |
|
931 |
self.assertFalse(local.get_automoderate_policy) |
|
932 |
self.assertFalse(google.get_automoderate_policy) |
|
933 |
self.assertTrue(shibboleth.get_automoderate_policy) |
|
934 |
|
|
935 |
for s in ['SHIBBOLETH_CREATION_GROUPS_POLICY', |
|
936 |
'GOOGLE_ADD_GROUPS_POLICY']: |
|
937 |
delattr(settings, 'ASTAKOS_AUTH_PROVIDER_%s' % s) |
Also available in: Unified diff