api: test user phone number basic authz (#69314)
gitea/authentic/pipeline/head Build started...
Details
gitea/authentic/pipeline/head Build started...
Details
This commit is contained in:
parent
b3036b4cc0
commit
8ee074f6ed
|
|
@ -2860,3 +2860,35 @@ def test_check_api_client(app, superuser):
|
|||
assert data['is_superuser'] is False
|
||||
assert data['restrict_to_anonymised_data'] is False
|
||||
assert data['roles'] == [role1.uuid]
|
||||
|
||||
|
||||
def test_api_basic_authz_user_phone_number(app, settings, superuser):
|
||||
settings.A2_ACCEPT_PHONE_AUTHENTICATION = True
|
||||
Attribute.objects.get_or_create(name='phone', kind='phone_number')
|
||||
|
||||
headers = {'Authorization': 'Basic abc'}
|
||||
app.get('/api/users/', headers=headers, status=401)
|
||||
|
||||
headers = basic_authorization_header(superuser)
|
||||
app.get('/api/users/', headers=headers, status=200)
|
||||
|
||||
superuser.phone = '+33499985643'
|
||||
superuser.save()
|
||||
|
||||
# authn valid
|
||||
headers = basic_authorization_header('+33499985643', superuser.username)
|
||||
app.get('/api/users/', headers=headers, status=200)
|
||||
|
||||
# non E.164 representations
|
||||
headers = basic_authorization_header('+33499985643 ', superuser.username)
|
||||
app.get('/api/users/', headers=headers, status=401)
|
||||
|
||||
headers = basic_authorization_header('+33-4/99/985643', superuser.username)
|
||||
app.get('/api/users/', headers=headers, status=401)
|
||||
|
||||
headers = basic_authorization_header('0499985643', superuser.username)
|
||||
app.get('/api/users/', headers=headers, status=401)
|
||||
|
||||
# E.164 yet wrong phone number
|
||||
headers = basic_authorization_header('+33499985644', superuser.username)
|
||||
app.get('/api/users/', headers=headers, status=401)
|
||||
|
|
|
|||
|
|
@ -43,6 +43,7 @@ except ImportError: # oops, not running in django3
|
|||
return json.loads(data.decode('latin-1'), cls=MessageDecoder)
|
||||
|
||||
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.core import signing
|
||||
from django.core.management import call_command as django_call_command
|
||||
from django.shortcuts import resolve_url
|
||||
|
|
@ -120,8 +121,13 @@ def logout(app):
|
|||
return response
|
||||
|
||||
|
||||
def basic_authorization_header(user, password=None):
|
||||
cred = '%s:%s' % (user.username, password or user.username)
|
||||
def basic_authorization_header(user_or_id, password=None):
|
||||
if isinstance(user_or_id, get_user_model()):
|
||||
username = user_or_id.username
|
||||
password = password or user_or_id.username
|
||||
else:
|
||||
username = user_or_id
|
||||
cred = '%s:%s' % (username, password)
|
||||
b64_cred = base64.b64encode(cred.encode('utf-8'))
|
||||
return {'Authorization': 'Basic %s' % str(force_str(b64_cred))}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue