Make email addresses optional in external auth if email feature is turned off

Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled.
2016-09-08 12:24:47 -04:00 · 2016-09-08 12:24:47 -04:00 · d7f56350a4
commit d7f56350a4
parent 934cdecbd6
18 changed files with 206 additions and 93 deletions
--- a/test/test_external_jwt_authn.py
+++ b/test/test_external_jwt_authn.py
@ -18,10 +18,13 @@ from initdb import setup_database_for_testing, finished_database_for_testing

 _PORT_NUMBER = 5001

-
-class JWTAuthTestCase(LiveServerTestCase):
+class JWTAuthTestMixin(object):
  maxDiff = None

+  @property
+  def emails(self):
+    raise NotImplementedError
+
  @classmethod
  def setUpClass(cls):
    public_key = NamedTemporaryFile(delete=True)
@ -60,10 +63,14 @@ class JWTAuthTestCase(LiveServerTestCase):

      for user in users:
        if user['name'].startswith(query):
-          results.append({
+          result = {
            'username': user['name'],
-            'email': user['email'],
-          })
+          }
+
+          if self.emails:
+            result['email'] = user['email']
+
+          results.append(result)

      token_data = {
        'iss': 'authy',
@ -95,7 +102,7 @@ class JWTAuthTestCase(LiveServerTestCase):
            'iat': datetime.utcnow(),
            'exp': datetime.utcnow() + timedelta(seconds=60),
            'sub': user['name'],
-            'email': user['email']
+            'email': user['email'],
          }

          encoded = jwt.encode(token_data, private_key, 'RS256')
@ -124,7 +131,7 @@ class JWTAuthTestCase(LiveServerTestCase):
            'iat': datetime.utcnow(),
            'exp': datetime.utcnow() + timedelta(seconds=60),
            'sub': user['name'],
-            'email': user['email']
+            'email': user['email'],
          }

          encoded = jwt.encode(token_data, private_key, 'RS256')
@ -151,7 +158,8 @@ class JWTAuthTestCase(LiveServerTestCase):
    getuser_url = self.get_server_url() + '/user/get'

    self.jwt_auth = ExternalJWTAuthN(verify_url, query_url, getuser_url, 'authy', '',
-                                     app.config['HTTPCLIENT'], 300, JWTAuthTestCase.public_key.name)
+                                     app.config['HTTPCLIENT'], 300, JWTAuthTestCase.public_key.name,
+                                     requires_email=self.emails)

  def tearDown(self):
    finished_database_for_testing(self)
@ -211,7 +219,7 @@ class JWTAuthTestCase(LiveServerTestCase):
    self.assertEquals(1, len(results))

    self.assertEquals('cooluser', results[0].username)
-    self.assertEquals('user@domain.com', results[0].email)
+    self.assertEquals('user@domain.com' if self.emails else None, results[0].email)

    # Lookup `some`.
    results, identifier, error_message = self.jwt_auth.query_users('some')
@ -220,7 +228,7 @@ class JWTAuthTestCase(LiveServerTestCase):
    self.assertEquals(1, len(results))

    self.assertEquals('some.neat.user', results[0].username)
-    self.assertEquals('neat@domain.com', results[0].email)
+    self.assertEquals('neat@domain.com' if self.emails else None, results[0].email)

    # Lookup `unknown`.
    results, identifier, error_message = self.jwt_auth.query_users('unknown')
@ -271,5 +279,17 @@ class JWTAuthTestCase(LiveServerTestCase):
    self.assertIsNone(user)


+class JWTAuthNoEmailTestCase(JWTAuthTestMixin, LiveServerTestCase):
+  @property
+  def emails(self):
+    return False
+
+
+class JWTAuthTestCase(JWTAuthTestMixin, LiveServerTestCase):
+  @property
+  def emails(self):
+    return True
+
+
 if __name__ == '__main__':
  unittest.main()