mirror of
https://github.com/zulip/zulip.git
synced 2025-11-02 13:03:29 +00:00
Umair Khan
Tim Abbott
@@ -80,6 +80,12 @@ class AuthBackendTest(TestCase):
|
||||
good_kwargs=dict(use_dummy_backend=True),
|
||||
bad_kwargs=dict(use_dummy_backend=False))
|
||||
|
||||
def setup_subdomain(self, user_profile):
|
||||
# type: (UserProfile) -> None
|
||||
realm = user_profile.realm
|
||||
realm.subdomain = 'zulip'
|
||||
realm.save()
|
||||
|
||||
def test_email_auth_backend(self):
|
||||
# type: () -> None
|
||||
email = "hamlet@zulip.com"
|
||||
@@ -87,10 +93,35 @@ class AuthBackendTest(TestCase):
|
||||
password = "testpassword"
|
||||
user_profile.set_password(password)
|
||||
user_profile.save()
|
||||
self.setup_subdomain(user_profile)
|
||||
|
||||
self.verify_backend(EmailAuthBackend(),
|
||||
bad_kwargs=dict(password=''),
|
||||
good_kwargs=dict(password=password))
|
||||
|
||||
# Subdomain is ignored when feature is not enabled
|
||||
self.verify_backend(EmailAuthBackend(),
|
||||
good_kwargs=dict(password=password,
|
||||
realm_subdomain='acme',
|
||||
return_data=dict()))
|
||||
|
||||
with self.settings(REALMS_HAVE_SUBDOMAINS=True):
|
||||
# With subdomains, authenticating with the right subdomain
|
||||
# works; using the wrong subdomain doesn't
|
||||
self.verify_backend(EmailAuthBackend(),
|
||||
good_kwargs=dict(password=password,
|
||||
realm_subdomain='zulip',
|
||||
return_data=dict()),
|
||||
bad_kwargs=dict(password=password,
|
||||
realm_subdomain='acme',
|
||||
return_data=dict()))
|
||||
# Things work normally in the event that we're using a
|
||||
# non-subdomain login page, even if subdomains are enabled
|
||||
self.verify_backend(EmailAuthBackend(),
|
||||
bad_kwargs=dict(password="wrong"),
|
||||
good_kwargs=dict(password=password))
|
||||
|
||||
|
||||
def test_email_auth_backend_disabled_password_auth(self):
|
||||
# type: () -> None
|
||||
email = u"hamlet@zulip.com"
|
||||
@@ -108,9 +139,25 @@ class AuthBackendTest(TestCase):
|
||||
backend = GoogleMobileOauth2Backend()
|
||||
payload = dict(email_verified=True,
|
||||
email=email)
|
||||
user_profile = get_user_profile_by_email(email)
|
||||
self.setup_subdomain(user_profile)
|
||||
|
||||
with mock.patch('apiclient.sample_tools.client.verify_id_token', return_value=payload):
|
||||
self.verify_backend(backend)
|
||||
|
||||
# With REALMS_HAVE_SUBDOMAINS off, subdomain is ignored
|
||||
with mock.patch('apiclient.sample_tools.client.verify_id_token', return_value=payload):
|
||||
self.verify_backend(backend,
|
||||
good_kwargs=dict(realm_subdomain='acme'))
|
||||
|
||||
with self.settings(REALMS_HAVE_SUBDOMAINS=True):
|
||||
# With subdomains, authenticating with the right subdomain
|
||||
# works; using the wrong subdomain doesn't
|
||||
with mock.patch('apiclient.sample_tools.client.verify_id_token', return_value=payload):
|
||||
self.verify_backend(backend,
|
||||
good_kwargs=dict(realm_subdomain="zulip"),
|
||||
bad_kwargs=dict(realm_subdomain='acme'))
|
||||
|
||||
# Verify valid_attestation parameter is set correctly
|
||||
unverified_payload = dict(email_verified=False)
|
||||
with mock.patch('apiclient.sample_tools.client.verify_id_token', return_value=unverified_payload):
|
||||
@@ -131,6 +178,9 @@ class AuthBackendTest(TestCase):
|
||||
# type: () -> None
|
||||
email = "hamlet@zulip.com"
|
||||
password = "test_password"
|
||||
user_profile = get_user_profile_by_email(email)
|
||||
self.setup_subdomain(user_profile)
|
||||
|
||||
backend = ZulipLDAPAuthBackend()
|
||||
|
||||
# Test LDAP auth fails when LDAP server rejects password
|
||||
@@ -148,28 +198,80 @@ class AuthBackendTest(TestCase):
|
||||
return_value=dict(full_name=['Hamlet'])):
|
||||
self.verify_backend(backend, good_kwargs=dict(password=password))
|
||||
|
||||
with mock.patch('django_auth_ldap.backend._LDAPUser._authenticate_user_dn'), \
|
||||
mock.patch('django_auth_ldap.backend._LDAPUser._check_requirements'), \
|
||||
mock.patch('django_auth_ldap.backend._LDAPUser._get_user_attrs',
|
||||
return_value=dict(full_name=['Hamlet'])):
|
||||
self.verify_backend(backend, good_kwargs=dict(password=password,
|
||||
realm_subdomain='acme'))
|
||||
|
||||
with self.settings(REALMS_HAVE_SUBDOMAINS=True):
|
||||
# With subdomains, authenticating with the right subdomain
|
||||
# works; using the wrong subdomain doesn't
|
||||
with mock.patch('django_auth_ldap.backend._LDAPUser._authenticate_user_dn'), \
|
||||
mock.patch('django_auth_ldap.backend._LDAPUser._check_requirements'), \
|
||||
mock.patch('django_auth_ldap.backend._LDAPUser._get_user_attrs',
|
||||
return_value=dict(full_name=['Hamlet'])):
|
||||
self.verify_backend(backend,
|
||||
bad_kwargs=dict(password=password,
|
||||
realm_subdomain='acme'),
|
||||
good_kwargs=dict(password=password,
|
||||
realm_subdomain='zulip'))
|
||||
|
||||
def test_devauth_backend(self):
|
||||
# type: () -> None
|
||||
self.verify_backend(DevAuthBackend())
|
||||
|
||||
def test_remote_user_backend(self):
|
||||
# type: () -> None
|
||||
self.verify_backend(ZulipRemoteUserBackend())
|
||||
self.setup_subdomain(get_user_profile_by_email(u'hamlet@zulip.com'))
|
||||
self.verify_backend(ZulipRemoteUserBackend(),
|
||||
good_kwargs=dict(realm_subdomain='acme'))
|
||||
|
||||
with self.settings(REALMS_HAVE_SUBDOMAINS=True):
|
||||
# With subdomains, authenticating with the right subdomain
|
||||
# works; using the wrong subdomain doesn't
|
||||
self.verify_backend(ZulipRemoteUserBackend(),
|
||||
good_kwargs=dict(realm_subdomain='zulip'),
|
||||
bad_kwargs=dict(realm_subdomain='acme'))
|
||||
|
||||
def test_remote_user_backend_sso_append_domain(self):
|
||||
# type: () -> None
|
||||
self.setup_subdomain(get_user_profile_by_email(u'hamlet@zulip.com'))
|
||||
with self.settings(SSO_APPEND_DOMAIN='zulip.com'):
|
||||
self.verify_backend(ZulipRemoteUserBackend(),
|
||||
email_to_username=email_to_username)
|
||||
email_to_username=email_to_username,
|
||||
good_kwargs=dict(realm_subdomain='acme'))
|
||||
|
||||
|
||||
with self.settings(REALMS_HAVE_SUBDOMAINS=True):
|
||||
# With subdomains, authenticating with the right subdomain
|
||||
# works; using the wrong subdomain doesn't
|
||||
with self.settings(SSO_APPEND_DOMAIN='zulip.com'):
|
||||
self.verify_backend(ZulipRemoteUserBackend(),
|
||||
email_to_username=email_to_username,
|
||||
good_kwargs=dict(realm_subdomain='zulip'),
|
||||
bad_kwargs=dict(realm_subdomain='acme'))
|
||||
|
||||
def test_github_backend(self):
|
||||
# type: () -> None
|
||||
email = 'hamlet@zulip.com'
|
||||
good_kwargs = dict(response=dict(email=email), return_data=dict())
|
||||
bad_kwargs = dict() # type: Dict[str, str]
|
||||
self.setup_subdomain(get_user_profile_by_email(email))
|
||||
good_kwargs = dict(response=dict(email=email), return_data=dict(),
|
||||
realm_subdomain='acme')
|
||||
self.verify_backend(GitHubAuthBackend(),
|
||||
good_kwargs=good_kwargs,
|
||||
bad_kwargs=bad_kwargs)
|
||||
bad_kwargs=dict())
|
||||
with self.settings(REALMS_HAVE_SUBDOMAINS=True):
|
||||
# With subdomains, authenticating with the right subdomain
|
||||
# works; using the wrong subdomain doesn't
|
||||
good_kwargs = dict(response=dict(email=email), return_data=dict(),
|
||||
realm_subdomain='zulip')
|
||||
bad_kwargs = dict(response=dict(email=email), return_data=dict(),
|
||||
realm_subdomain='acme')
|
||||
self.verify_backend(GitHubAuthBackend(),
|
||||
good_kwargs=good_kwargs,
|
||||
bad_kwargs=bad_kwargs)
|
||||
|
||||
class GitHubAuthBackendTest(ZulipTestCase):
|
||||
def setUp(self):
|
||||
|
||||
Reference in New Issue
Block a user