2017-05-05 17:20:20 +00:00
|
|
|
import pytest
|
|
|
|
|
2017-10-12 20:49:06 +00:00
|
|
|
from contextlib import contextmanager
|
2017-05-05 17:20:20 +00:00
|
|
|
from mock import patch
|
|
|
|
|
|
|
|
from data.database import model
|
|
|
|
from data.users.federated import DISABLED_MESSAGE
|
2017-10-12 20:49:06 +00:00
|
|
|
from data.users.oidc import OIDCInternalAuth
|
2017-05-05 17:20:20 +00:00
|
|
|
from test.test_ldap import mock_ldap
|
|
|
|
from test.test_keystone_auth import fake_keystone
|
2017-05-11 03:55:10 +00:00
|
|
|
from test.test_external_jwt_authn import fake_jwt
|
2017-05-05 17:20:20 +00:00
|
|
|
|
|
|
|
from test.fixtures import *
|
|
|
|
|
|
|
|
@pytest.mark.parametrize('auth_system_builder, user1, user2', [
|
|
|
|
(mock_ldap, ('someuser', 'somepass'), ('testy', 'password')),
|
|
|
|
(fake_keystone, ('cool.user', 'password'), ('some.neat.user', 'foobar')),
|
|
|
|
])
|
|
|
|
def test_auth_createuser(auth_system_builder, user1, user2, config, app):
|
|
|
|
with auth_system_builder() as auth:
|
|
|
|
# Login as a user and ensure a row in the database is created for them.
|
|
|
|
user, err = auth.verify_and_link_user(*user1)
|
|
|
|
assert err is None
|
|
|
|
assert user
|
|
|
|
|
|
|
|
federated_info = model.user.lookup_federated_login(user, auth.federated_service)
|
|
|
|
assert federated_info is not None
|
|
|
|
|
|
|
|
# Disable user creation.
|
|
|
|
with patch('features.USER_CREATION', False):
|
|
|
|
# Ensure that the existing user can login.
|
|
|
|
user_again, err = auth.verify_and_link_user(*user1)
|
|
|
|
assert err is None
|
|
|
|
assert user_again.id == user.id
|
|
|
|
|
|
|
|
# Ensure that a new user cannot.
|
|
|
|
new_user, err = auth.verify_and_link_user(*user2)
|
|
|
|
assert new_user is None
|
|
|
|
assert err == DISABLED_MESSAGE
|
2017-05-11 03:55:10 +00:00
|
|
|
|
2017-10-12 20:49:06 +00:00
|
|
|
@contextmanager
|
|
|
|
def fake_oidc(app_config):
|
|
|
|
yield OIDCInternalAuth(app_config, 'someoidc', False)
|
2017-05-11 03:55:10 +00:00
|
|
|
|
|
|
|
@pytest.mark.parametrize('auth_system_builder,auth_kwargs', [
|
|
|
|
(mock_ldap, {}),
|
|
|
|
(fake_keystone, {'version': 3}),
|
|
|
|
(fake_keystone, {'version': 2}),
|
|
|
|
(fake_jwt, {}),
|
2017-10-12 20:49:06 +00:00
|
|
|
(fake_oidc, {'app_config': {
|
|
|
|
'SOMEOIDC_LOGIN_CONFIG': {},
|
|
|
|
}}),
|
2017-05-11 03:55:10 +00:00
|
|
|
])
|
|
|
|
def test_ping(auth_system_builder, auth_kwargs, app):
|
|
|
|
with auth_system_builder(**auth_kwargs) as auth:
|
|
|
|
status, err = auth.ping()
|
|
|
|
assert status
|
|
|
|
assert err is None
|