summaryrefslogtreecommitdiffstats
path: root/authentic2_idp_cas/tests.py
diff options
context:
space:
mode:
Diffstat (limited to 'authentic2_idp_cas/tests.py')
-rw-r--r--authentic2_idp_cas/tests.py71
1 files changed, 48 insertions, 23 deletions
diff --git a/authentic2_idp_cas/tests.py b/authentic2_idp_cas/tests.py
index c1750f3..59bd6fa 100644
--- a/authentic2_idp_cas/tests.py
+++ b/authentic2_idp_cas/tests.py
@@ -2,11 +2,12 @@ from xml.etree import ElementTree as ET
from django.test import TestCase
-from django.test.client import RequestFactory
+from django.test.client import RequestFactory, Client
+from django.test.utils import override_settings
from authentic2.compat import get_user_model
-from .models import CasTicket
+from .models import CasTicket, CasService
from . import views
from . import constants
@@ -14,12 +15,49 @@ from . import constants
class CasTests(TestCase):
LOGIN = 'test'
PASSWORD = 'test'
+ DOMAIN = 'casclient.com'
+ SERVICE = 'https://%s/' % DOMAIN
def setUp(self):
User = get_user_model()
self.user = User.objects.create_user(self.LOGIN, password=self.PASSWORD)
self.factory = RequestFactory()
+ def test_cas_login_blacklist_failure(self):
+ client = Client()
+ response = client.get('/idp/cas/login/', {'service': self.SERVICE})
+ self.assertEqual(response.status_code, 400)
+ self.assertIn('is not allowed', response.content)
+
+ @override_settings(A2_IDP_CAS_SERVICES=(SERVICE,))
+ def test_cas_login_settings_whitelist(self):
+ self.helper_test_cas_login()
+
+ def test_cas_login_model_whitelist(self):
+ CasService.objects.create(
+ name=self.DOMAIN,
+ slug=self.DOMAIN,
+ domain=self.DOMAIN)
+ self.helper_test_cas_login()
+
+ def helper_test_cas_login(self):
+ client = Client()
+ response = client.get('/idp/cas/login/', {'service': self.SERVICE})
+ self.assertIn('Location', response)
+ self.assertTrue(response['Location'].startswith('http://testserver/login'))
+ response = client.post(response['Location'], {
+ 'username': self.LOGIN,
+ 'password': self.PASSWORD,
+ 'submit-password': ''})
+ self.assertTrue(response['Location'].startswith('http://testserver/idp/cas/continue/'))
+ response = client.get(response['Location'])
+ self.assertTrue(response['Location'].startswith('https://casclient.com/?ticket=ST-'))
+ # verify ticket
+ ticket = response['Location'].split('ticket=')[1]
+ response = client.get('/idp/cas/serviceValidate/', {'service': self.SERVICE, 'ticket': ticket})
+ self.assertEqual(response.content, '''<?xml version='1.0' encoding='utf8'?>
+<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas"><cas:authenticationSuccess><cas:user>test</cas:user></cas:authenticationSuccess></cas:serviceResponse>''')
+
def test_service_validate_with_default_attributes(self):
CasTicket.objects.create(
ticket_id='ST-xxx',
@@ -32,28 +70,15 @@ class CasTests(TestCase):
def get_attributes(self, request, st):
assert st.service == 'yyy'
assert st.ticket_id == 'ST-xxx'
- return { 'username': 'bob', 'email': 'bob@example.com' }, 'default'
+ return 'bob', { 'username': 'bob', 'email': 'bob@example.com' }
provider = TestCasProvider()
response = provider.service_validate(request)
- print response.content
root = ET.fromstring(response.content)
ns_ctx = { 'cas': constants.CAS_NAMESPACE }
- user_elt = root.find('cas:authenticationSuccess/cas:utilisateur', namespaces=ns_ctx)
- assert user_elt is not None
-
- def test_service_validate_with_custom_attributes(self):
- CasTicket.objects.create(
- ticket_id='ST-xxx',
- service='yyy',
- user=self.user,
- validity=True)
- request = self.factory.get('/idp/cas/serviceValidate',
- {'service': 'yyy', 'ticket': 'ST-xxx'})
- class TestCasProvider(views.CasProvider):
- def get_attributes(self, request, st):
- assert st.service == 'yyy'
- assert st.ticket_id == 'ST-xxx'
- return { 'username': 'bob', 'email': 'bob@example.com' }, 'utilisateur'
- provider = TestCasProvider()
- response = provider.service_validate(request)
- print response.content
+ user_elt = root.find('cas:authenticationSuccess/cas:user', namespaces=ns_ctx)
+ self.assertIsNotNone(user_elt)
+ self.assertEqual(user_elt.text, 'bob')
+ username_elt = root.find('cas:authenticationSuccess/cas:attributes/cas:username', namespaces=ns_ctx)
+ self.assertEqual(username_elt.text, 'bob')
+ email_elt = root.find('cas:authenticationSuccess/cas:attributes/cas:email', namespaces=ns_ctx)
+ self.assertEqual(email_elt.text, 'bob@example.com')