97 lines
4.5 KiB
Python
97 lines
4.5 KiB
Python
# authentic2 - versatile identity manager
|
|
# Copyright (C) 2010-2019 Entr'ouvert
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify it
|
|
# under the terms of the GNU Affero General Public License as published
|
|
# by the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
from authentic2.apps.authenticators.models import LoginPasswordAuthenticator
|
|
from authentic2.backends import is_user_authenticable
|
|
from authentic2.models import Attribute
|
|
from authentic2.utils.misc import authenticate
|
|
|
|
|
|
def test_user_filters(settings, db, simple_user, user_ou1, ou1):
|
|
assert authenticate(username=simple_user.username, password=simple_user.username)
|
|
assert is_user_authenticable(simple_user)
|
|
assert is_user_authenticable(user_ou1)
|
|
assert authenticate(username=user_ou1.username, password=user_ou1.username)
|
|
settings.A2_USER_FILTER = {'ou__slug': 'ou1'}
|
|
assert not authenticate(username=simple_user.username, password=simple_user.username)
|
|
assert authenticate(username=user_ou1.username, password=user_ou1.username)
|
|
assert not is_user_authenticable(simple_user)
|
|
assert is_user_authenticable(user_ou1)
|
|
settings.A2_USER_EXCLUDE = {'ou__slug': 'ou1'}
|
|
assert not authenticate(username=simple_user.username, password=simple_user.username)
|
|
assert not authenticate(username=user_ou1.username, password=user_ou1.username)
|
|
assert not is_user_authenticable(simple_user)
|
|
assert not is_user_authenticable(user_ou1)
|
|
settings.A2_USER_FILTER = {}
|
|
assert authenticate(username=simple_user.username, password=simple_user.username)
|
|
assert not authenticate(username=user_ou1.username, password=user_ou1.username)
|
|
assert is_user_authenticable(simple_user)
|
|
assert not is_user_authenticable(user_ou1)
|
|
|
|
|
|
def test_model_backend_phone_number(settings, db, simple_user, nomail_user, ou1, phone_activated_authn):
|
|
nomail_user.attributes.phone = '+33123456789'
|
|
nomail_user.save()
|
|
simple_user.attributes.phone = '+33123456789'
|
|
simple_user.save()
|
|
assert authenticate(username=simple_user.phone, password=simple_user.username)
|
|
assert is_user_authenticable(simple_user)
|
|
assert authenticate(username=nomail_user.phone, password=nomail_user.username)
|
|
assert is_user_authenticable(nomail_user)
|
|
|
|
|
|
def test_model_backend_phone_number_nondefault_attribute(settings, db, simple_user, nomail_user, ou1):
|
|
phone, dummy = Attribute.objects.get_or_create(
|
|
name='another_phone',
|
|
kind='phone_number',
|
|
defaults={'label': 'Another phone'},
|
|
)
|
|
LoginPasswordAuthenticator.objects.update(
|
|
accept_phone_authentication=True,
|
|
phone_identifier_field=phone,
|
|
)
|
|
|
|
nomail_user.phone = ''
|
|
nomail_user.attributes.another_phone = '+33123456789'
|
|
nomail_user.save()
|
|
simple_user.phone = ''
|
|
simple_user.attributes.another_phone = '+33123456789'
|
|
simple_user.save()
|
|
assert authenticate(username=simple_user.attributes.another_phone, password=simple_user.username)
|
|
assert is_user_authenticable(simple_user)
|
|
assert authenticate(username=nomail_user.attributes.another_phone, password=nomail_user.username)
|
|
assert is_user_authenticable(nomail_user)
|
|
|
|
nomail_user.attributes.another_phone = ''
|
|
nomail_user.phone = '+33123456789'
|
|
nomail_user.save()
|
|
simple_user.attributes.another_phone = ''
|
|
simple_user.phone = '+33123456789'
|
|
simple_user.save()
|
|
assert not authenticate(username=simple_user.phone, password=simple_user.username)
|
|
assert is_user_authenticable(simple_user)
|
|
assert not authenticate(username=nomail_user.phone, password=nomail_user.username)
|
|
assert is_user_authenticable(nomail_user)
|
|
|
|
|
|
def test_model_backend_phone_number_email(settings, db, simple_user, phone_activated_authn):
|
|
simple_user.attributes.phone = '+33123456789'
|
|
simple_user.save()
|
|
# user with both phone number and username can authenticate in two different ways
|
|
assert authenticate(username=simple_user.username, password=simple_user.username)
|
|
assert authenticate(username=simple_user.phone, password=simple_user.username)
|
|
assert is_user_authenticable(simple_user)
|