entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 32 Releases Activity
authentic/tests/conftest.py

492 lines
15 KiB
Python
Raw Blame History

# -*- coding: utf-8 -*-
# authentic2 - versatile identity manager
# Copyright (C) 2010-2019 Entr'ouvert
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import pytest
import mock
import django_webtest
import django
from django.contrib.auth import get_user_model
from django.core.cache import cache
from django_rbac.utils import get_ou_model, get_role_model
from django.utils.six.moves.urllib import parse as urlparse
from django.db.migrations.executor import MigrationExecutor
from django.db import connection
from django.core.management import call_command
from pytest_django.migrations import DisableMigrations
from authentic2 import hooks as a2_hooks
from authentic2.models import Service
from authentic2.utils.evaluate import BaseExpressionValidator
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.manager.utils import get_ou_count
from authentic2_auth_oidc.utils import get_providers
from authentic2_auth_oidc.utils import get_provider_by_issuer
from authentic2_auth_oidc.utils import has_providers
from authentic2_idp_oidc.models import OIDCClient
from authentic2.authentication import OIDCUser
from . import utils
def pytest_addoption(parser):
parser.addoption(
"--slow",
action="store_true",
help="run slow tests",
)
def pytest_configure(config):
# register an additional marker
config.addinivalue_line(
"markers", "slow: mark test as slow"
)
def pytest_runtest_setup(item):
markers = list(item.iter_markers(name='slow'))
slow = item.config.getoption('--slow')
if markers and not slow:
pytest.skip('slow tests must not run')
Role = get_role_model()
@pytest.fixture
def settings(settings, request):
# our post_migrate handlers depends upon some values of the settings (like
# A2_RBAC_MANAGED_CONTENT_TYPES), making the media fixture "autouse=True"
# fixed the order of running settings and transactional_db, but
# transactional_db use the flush() which use the post_migrate handlers to
# restore a blank database state. To force the ordering of transactional_db
# and settings fixture we need to override the later and use a dynamic call
# to the transactional_db fixture when needed.
if 'transactional_db' in request.fixturenames:
request.getfixturevalue('transactional_db')
yield settings
settings.finalize()
@pytest.fixture
def app_factory():
wtm = django_webtest.WebTestMixin()
wtm._patch_settings()
try:
def factory(hostname='testserver'):
return django_webtest.DjangoTestApp(extra_environ={'HTTP_HOST': hostname})
yield factory
finally:
wtm._unpatch_settings()
@pytest.fixture
def app(app_factory):
return app_factory()
@pytest.fixture
def ou1(db):
OU = get_ou_model()
return OU.objects.create(name='OU1', slug='ou1')
@pytest.fixture
def ou2(db):
OU = get_ou_model()
return OU.objects.create(name='OU2', slug='ou2')
@pytest.fixture
def ou_rando(db):
OU = get_ou_model()
return OU.objects.create(name='ou_rando', slug='ou_rando')
def create_user(**kwargs):
User = get_user_model()
password = kwargs.pop('password', None) or kwargs['username']
user, created = User.objects.get_or_create(**kwargs)
if password:
user.set_password(password)
user.save()
return user
@pytest.fixture
def simple_user(db, ou1):
return create_user(username='user', first_name=u'Jôhn', last_name=u'Dôe',
email='user@example.net', ou=get_default_ou())
@pytest.fixture
def superuser(db):
return create_user(username='superuser',
first_name='super', last_name='user',
email='superuser@example.net',
is_superuser=True,
is_staff=True,
is_active=True)
@pytest.fixture
def admin(db):
user = create_user(username='admin',
first_name='global', last_name='admin',
email='admin@example.net',
is_active=True,
ou=get_default_ou())
Role = get_role_model()
user.roles.add(Role.objects.get(slug='_a2-manager'))
return user
@pytest.fixture
def user_ou1(db, ou1):
return create_user(username='john.doe', first_name=u'Jôhn', last_name=u'Dôe',
email='john.doe@example.net', ou=ou1)
@pytest.fixture
def user_ou2(db, ou2):
return create_user(username='john.doe', first_name=u'Jôhn', last_name=u'Dôe',
email='john.doe@example.net', ou=ou2)
@pytest.fixture
def admin_ou1(db, ou1):
user = create_user(username='admin.ou1', first_name=u'Admin', last_name=u'OU1',
email='admin.ou1@example.net', ou=ou1)
user.roles.add(ou1.get_admin_role())
return user
@pytest.fixture
def admin_ou2(db, ou2):
user = create_user(username='admin.ou2', first_name=u'Admin', last_name=u'OU2',
email='admin.ou2@example.net', ou=ou2)
user.roles.add(ou2.get_admin_role())
return user
@pytest.fixture
def admin_rando_role(db, role_random, ou_rando):
user = create_user(username='admin_rando', first_name='admin', last_name='rando',
email='admin.rando@weird.com', ou=ou_rando)
user.roles.add(ou_rando.get_admin_role())
return user
@pytest.fixture(params=['superuser', 'user_ou1', 'user_ou2', 'admin_ou1', 'admin_ou2',
'admin_rando_role', 'member_rando'])
def user(request, superuser, user_ou1, user_ou2, admin_ou1, admin_ou2, admin_rando_role,
member_rando):
return locals().get(request.param)
@pytest.fixture
def logged_app(app, user):
utils.login(app, user)
return app
@pytest.fixture
def simple_role(db):
return Role.objects.create(name='simple role', slug='simple-role', ou=get_default_ou())
@pytest.fixture
def role_random(db, ou_rando):
return Role.objects.create(name='rando', slug='rando', ou=ou_rando)
@pytest.fixture
def role_ou1(db, ou1):
return Role.objects.create(name='role_ou1', slug='role_ou1', ou=ou1)
@pytest.fixture
def role_ou2(db, ou2):
return Role.objects.create(name='role_ou2', slug='role_ou2', ou=ou2)
@pytest.fixture(params=['role_random', 'role_ou1', 'role_ou2'])
def role(request, role_random, role_ou1, role_ou2):
return locals().get(request.param)
@pytest.fixture
def member_rando(db, ou_rando):
return create_user(username='test', first_name='test', last_name='test', email='test@test.org',
ou=ou_rando)
@pytest.fixture
def member_rando2(db, ou_rando):
return create_user(username='test2', first_name='test2', last_name='test2', email='test2@test.org',
ou=ou_rando)
@pytest.fixture
def member_fake():
return type('user', (object,), {'username': 'fake', 'uuid': 'fake_uuid'})
@pytest.fixture(params=['member_rando', 'member_fake'])
def member(request, member_rando, member_fake):
return locals().get(request.param)
@pytest.fixture(params=['superuser', 'admin'])
def superuser_or_admin(request, superuser, admin):
return locals().get(request.param)
@pytest.fixture
def concurrency(settings):
'''Select a level of concurrency based on the db. Currently only
postgresql is supported.
'''
return 100
@pytest.fixture
def migrations():
from django.conf import settings
if isinstance(settings.MIGRATION_MODULES, DisableMigrations):
pytest.skip('this test requires native migrations')
@pytest.fixture
def oidc_client(db, ou1):
client = OIDCClient.objects.create(
name='example', slug='example', client_id='example',
client_secret='example', authorization_flow=1,
post_logout_redirect_uris='https://example.net/redirect/',
identifier_policy=OIDCClient.POLICY_UUID,
has_api_access=True,
)
class TestOIDCUser(OIDCUser):
def __init__(self, oidc_client):
super(TestOIDCUser, self).__init__(oidc_client)
@property
def username(self):
return self.oidc_client.client_id
@property
def is_superuser(self):
return False
@property
def roles(self):
return mock.Mock(exists=lambda: True)
@property
def ou(self):
return ou1
return TestOIDCUser(client)
@pytest.fixture(params=['oidc_client', 'superuser', 'user_ou1', 'user_ou2',
'admin_ou1', 'admin_ou2', 'admin_rando_role', 'member_rando'])
def api_user(request, oidc_client, superuser, user_ou1, user_ou2,
admin_ou1, admin_ou2, admin_rando_role, member_rando):
return locals().get(request.param)
@pytest.fixture(autouse=True)
def clear_cache():
OU = get_ou_model()
cache.clear()
BaseExpressionValidator.__call__.cache_clear()
for cached_el in (OU.cached, a2_hooks.get_hooks, get_providers,
get_provider_by_issuer, get_ou_count, has_providers):
cached_el.cache.clear()
class AllHook(object):
def __init__(self):
self.calls = {}
def __call__(self, hook_name, *args, **kwargs):
calls = self.calls.setdefault(hook_name, [])
calls.append({'args': args, 'kwargs': kwargs})
def __getattr__(self, name):
return self.calls.get(name, [])
def clear(self):
self.calls = {}
@pytest.fixture
def hooks(settings):
if hasattr(settings, 'A2_HOOKS'):
hooks = settings.A2_HOOKS
else:
hooks = settings.A2_HOOKS = {}
hook = hooks['__all__'] = AllHook()
yield hook
hook.clear()
del settings.A2_HOOKS['__all__']
@pytest.fixture
def auto_admin_role(db, ou1):
role = Role.objects.create(
ou=ou1,
slug='auto-admin-role',
name='Auto Admin Role')
role.add_self_administration()
return role
@pytest.fixture
def user_with_auto_admin_role(auto_admin_role, ou1):
user = create_user(username='user.with.auto.admin.role', first_name=u'User', last_name=u'With Auto Admin Role',
email='user.with.auto.admin.role@example.net', ou=ou1)
user.roles.add(auto_admin_role)
return user
# fixtures to check proper validation of redirect_url
@pytest.fixture
def saml_external_redirect(db):
from authentic2.saml.models import LibertyProvider
next_url = 'https://saml.example.com/whatever/'
LibertyProvider.objects.create(
entity_id='https://saml.example.com/',
protocol_conformance=3,
metadata=utils.saml_sp_metadata('https://example.com'))
return next_url, True
@pytest.fixture
def invalid_external_redirect():
return 'https://invalid.example.com/whatever/', False
@pytest.fixture
def whitelist_external_redirect(settings):
settings.A2_REDIRECT_WHITELIST = ['https://whitelist.example.com/']
return 'https://whitelist.example.com/whatever/', True
@pytest.fixture(params=['saml', 'invalid', 'whitelist'])
def external_redirect(request, saml_external_redirect,
invalid_external_redirect, whitelist_external_redirect):
return locals()[request.param + '_external_redirect']
@pytest.fixture
def external_redirect_next_url(external_redirect):
return external_redirect[0]
@pytest.fixture
def assert_external_redirect(external_redirect):
next_url, valid = external_redirect
if valid:
def check_location(response, default_return):
assert next_url.endswith(response['Location'])
else:
def check_location(response, default_return):
assert urlparse.urljoin('http://testserver/', default_return)\
.endswith(response['Location'])
return check_location
@pytest.fixture
def french_translation():
from django.utils.translation import activate, deactivate
activate('fr')
yield
deactivate()
@pytest.fixture(autouse=True)
def media(settings, tmpdir):
settings.MEDIA_ROOT = str(tmpdir.mkdir('media'))
@pytest.fixture
def service(db):
return Service.objects.create(
ou=get_default_ou(),
slug='service',
name='Service')
@pytest.fixture()
def migration(request, transactional_db):
# see https://gist.github.com/asfaltboy/b3e6f9b5d95af8ba2cc46f2ba6eae5e2
if django.VERSION < (1, 9):
pytest.skip('migration fixture only works with Django 1.9')
"""
This fixture returns a helper object to test Django data migrations.
The fixture returns an object with two methods;
- `before` to initialize db to the state before the migration under test
- `after` to execute the migration and bring db to the state after the migration
The methods return `old_apps` and `new_apps` respectively; these can
be used to initiate the ORM models as in the migrations themselves.
For example:
def test_foo_set_to_bar(migration):
old_apps = migration.before([('my_app', '0001_inital')])
Foo = old_apps.get_model('my_app', 'foo')
Foo.objects.create(bar=False)
assert Foo.objects.count() == 1
assert Foo.objects.filter(bar=False).count() == Foo.objects.count()
# executing migration
new_apps = migration.apply([('my_app', '0002_set_foo_bar')])
Foo = new_apps.get_model('my_app', 'foo')
assert Foo.objects.filter(bar=False).count() == 0
assert Foo.objects.filter(bar=True).count() == Foo.objects.count()
Based on: https://gist.github.com/blueyed/4fb0a807104551f103e6
"""
class Migrator(object):
def before(self, targets, at_end=True):
""" Specify app and starting migration names as in:
before([('app', '0001_before')]) => app/migrations/0001_before.py
"""
executor = MigrationExecutor(connection)
executor.migrate(targets)
executor.loader.build_graph()
return executor._create_project_state(with_applied_migrations=True).apps
def apply(self, targets):
""" Migrate forwards to the "targets" migration """
executor = MigrationExecutor(connection)
executor.migrate(targets)
executor.loader.build_graph()
return executor._create_project_state(with_applied_migrations=True).apps
yield Migrator()
call_command('migrate', verbosity=0)
View Git Blame Copy Permalink