toremove

src/authentic2_auth_kerberos/backends.py

@@ -38,7 +38,7 @@ class A2KerberosBackend(KerberosBackend):
             return
         if not app_settings.DJANGO_BACKEND:
             return
-        return super(A2KerberosBackend, self).authenticate(principal=principal)
+        return super(A2KerberosBackend, self).authenticate(request, principal=principal)
 
     def get_saml2_authn_context(self):
         import lasso

src/authentic2_auth_kerberos/views.py

@@ -18,11 +18,10 @@ class A2NegotiateView(NegotiateView):
         self.authentication_successful = True
         utils.login(request, user, 'kerberos')
 
-    def principal_valid(self, request, *args, **kwargs):
-        response = super(A2NegotiateView, self).principal_valid(request, *args, **kwargs)
-        if self.authentication_successful:
-            # set cookie so that automatic login will be tried next time
-            response.set_cookie('a2_kerberos_ok', '1', max_age=86400 * 365)
+    def success(self, request, *args, **kwargs):
+        response = super().success(request, *args, **kwargs)
+        # set cookie so that automatic login will be tried next time
+        response.set_cookie('a2_kerberos_ok', '1', max_age=86400 * 365)
         return response
 
 

tests/test_login.py

@@ -14,6 +14,8 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import mock
+
 import pytest
 
 from authentic2.custom_user.models import User
@@ -21,53 +23,37 @@ from authentic2.custom_user.models import User
 
 @pytest.fixture(autouse=True)
 def kerberos(monkeypatch):
-    import django_kerberos.views
+    import gssapi.exceptions
 
-    class MockKerberos(object):
-        server_init_result = 1
-        server_step_result = 1
-        server_response_result = 'x'
+    class MockKerberos:
         principal = 'user@REALM'
 
-        def set(self, **kwargs):
-            self.__dict__ = kwargs
+        exceptions = gssapi.exceptions
+        Credentials = mock.Mock()
+        server_ctx = mock.Mock()
+        server_ctx.step.return_value = b'outtoken'
+        server_ctx.complete = True
+        server_ctx.initiator_name = principal
 
-        def authGSSServerInit(self, service):
-            return self.server_init_result, {}
-
-        def authGSSServerStep(self, context, authstr):
-            return self.server_step_result
-
-        def authGSSServerResponse(self, context):
-            return self.server_response_result
-
-        def authGSSServerUserName(self, context):
-            return self.principal
-
-        def authGSSServerClean(self, context):
-            pass
-
-        class KrbError(Exception):
-            pass
-    monkeypatch.setattr('django_kerberos.views.kerberos', MockKerberos())
-    return django_kerberos.views.kerberos
+        SecurityContext = mock.Mock(return_value=server_ctx)
+    monkeypatch.setattr('django_kerberos.views.gssapi', MockKerberos)
+    return MockKerberos
 
 
-def test_default(settings, app, db):
+def test_default(settings, app, db, kerberos):
     settings.A2_AUTH_KERBEROS_DJANGO_BACKEND = True
 
-    assert User.objects.count() == 0
+    user = User.objects.create(username=kerberos.principal)
     assert 'a2_kerberos_ok' not in app.cookies
     response = app.get('/login/')
     assert 'login-kerberos' in response.text
     assert 'autologin' not in response.text
     response = response.forms['kerberos-form'].submit(name='login-kerberos')
     assert response.location == '/accounts/kerberos/login/'
-    response = response.follow(headers={'Authorization': 'Negotiate y'})
+    response = response.follow(headers={'Authorization': 'Negotiate yyyy'})
     assert app.cookies['a2_kerberos_ok'] == '1'
+    assert app.session['_auth_user_id'] == str(user.id)
     assert response.location == '/'
-    assert User.objects.count() == 1
-    assert User.objects.get(username='user@realm')
 
     # logout
     app.session.flush()

tox.ini

@@ -45,6 +45,7 @@ deps =
   psycopg2-binary
   oldldap: python-ldap<3
   ldaptools
+  https://git.entrouvert.org/django-kerberos.git/snapshot/django-kerberos-wip/10211-gssapi.tar.gz
 
   # pytest requirements
   pytest
@@ -53,6 +54,7 @@ deps =
   pytest-random
   django-webtest
   pyquery
+  mock
 
 commands =
   py2: ./getlasso.sh