rest_authentication: allow having user named after service origin (fixes #10691)

It allows managing services' permissions finely.
2016-04-18 23:25:58 +02:00 · 2016-04-18 23:25:58 +02:00 · 80b6a26ca4
parent e0c2bfae00
commit 80b6a26ca4
2 changed files with 23 additions and 6 deletions
--- a/hobo/rest_authentication.py
+++ b/hobo/rest_authentication.py
@ -45,10 +45,9 @@ class PublikAuthentication(authentication.BaseAuthentication):
        super(PublikAuthentication, self).__init__(*args, **kwargs)

    def resolve_user(self, request):
+        User = get_user_model()
        if 'NameID' in request.GET:
            name_id = request.GET['NameID']
-            User = get_user_model()
-
            is_authentic = True
            try:
                User._meta.get_field_by_name('uuid')
@ -69,8 +68,12 @@ class PublikAuthentication(authentication.BaseAuthentication):
            else:
                raise exceptions.AuthenticationFailed(
                            'No usable model to match nameid=%r' % name_id)
-
        else:
+            orig = request.GET['orig']
+            try:
+                return User.objects.get(username=orig)
+            except User.DoesNotExist:
+                pass
            if hasattr(settings, 'HOBO_ANONYMOUS_SERVICE_USER_CLASS'):
                klass = import_string(settings.HOBO_ANONYMOUS_SERVICE_USER_CLASS)
                self.logger.info('anonymous signature validated')
--- a/tests_authentic/test_rest_authentication.py
+++ b/tests_authentic/test_rest_authentication.py
@ -11,6 +11,7 @@ from hobo import signature, rest_authentication

 pytestmark = pytest.mark.django_db

+
 def test_publik_authentication(tenant, settings):
    settings.HOBO_ANONYMOUS_SERVICE_USER_CLASS = \
        'hobo.rest_authentication.AnonymousAdminServiceUser'
@ -33,7 +34,7 @@ def test_publik_authentication(tenant, settings):
        assert isinstance(result, tuple)
        assert len(result) == 2
        assert result[0] == user
-        assert result[1] == None
+        assert result[1] is None

        # Test anonymous user
        AUTH_QUERY = '&orig=%s' % urllib.quote(ORIG)
@ -47,11 +48,24 @@ def test_publik_authentication(tenant, settings):
        assert result[0].__class__ is rest_authentication.AnonymousAdminServiceUser
        assert result[0].is_authenticated()
        assert result[0].is_staff
-        assert result[1] == None
+        assert result[1] is None

+        # Test user named after service orig
+        service_user = User.objects.create(username=ORIG)
+
+        AUTH_QUERY = '&orig=%s' % urllib.quote(ORIG)
+        request = factory.get(signature.sign_url(URL + AUTH_QUERY, key))
+
+        publik_authentication = rest_authentication.PublikAuthentication()
+        result = publik_authentication.authenticate(request)
+        assert result is not None
+        assert isinstance(result, tuple)
+        assert len(result) == 2
+        assert result[0] == service_user
+        assert result[1] is None

        # Failure
-        request = factory.get(signature.sign_url(URL + AUTH_QUERY, key+'zob'))
+        request = factory.get(signature.sign_url(URL + AUTH_QUERY, key + 'zob'))

        publik_authentication = rest_authentication.PublikAuthentication()
        with pytest.raises(AuthenticationFailed):