← Back to branch summary

~roadmr/canonical-identity-provider/fix-deprecation-warnings-1

« back to all changes in this revision

Viewing changes to src/identityprovider/tests/test_auth.py

  • Committer: Ubuntu One Auto Copilot
  • Author(s): Tom Wardill
  • Date: 2018-02-26 10:27:50 UTC
  • mfrom: (1597.1.68 canonical-identity-provider)
  • Revision ID: otto-copilot@canonical.com-20180226102750-i14x4w85e1stu1su
Update to django 1.11.

Merged from https://code.launchpad.net/~tom-howrandom/canonical-identity-provider/django-1.11/+merge/338452

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/identityprovider/tests/test_auth.py
12
12
from uuid import uuid4
13
13
 
14
14
from django.conf import settings
15
 
from django.contrib.auth.hashers import get_hasher
16
 
from django.contrib.auth.models import (
 
15
from django.contrib.auth.hashers import (
17
16
    check_password,
 
17
    get_hasher,
18
18
    is_password_usable,
19
19
    make_password,
20
20
)
106
106
        email_address.status = 9999
107
107
        email_address.save()
108
108
 
109
 
        result = self.backend.authenticate(self.email,
 
109
        result = self.backend.authenticate(None,
 
110
                                           self.email,
110
111
                                           DEFAULT_USER_PASSWORD)
111
112
 
112
113
        self.assertIsNone(result)
117
118
 
118
119
    def test_authenticate_with_email_case_insensitive(self):
119
120
        # Make sure authentication works as expected
120
 
        account1 = self.backend.authenticate(self.email,
 
121
        account1 = self.backend.authenticate(None,
 
122
                                             self.email,
121
123
                                             DEFAULT_USER_PASSWORD)
122
124
        self.assertIsNotNone(account1)
123
125
 
124
126
        # Try using different case for email
125
 
        account2 = self.backend.authenticate('Mark@Example.com',
 
127
        account2 = self.backend.authenticate(None,
 
128
                                             'Mark@Example.com',
126
129
                                             DEFAULT_USER_PASSWORD)
127
130
        self.assertIsNotNone(account2)
128
131
 
135
138
        ap.password = encrypt_launchpad_password(DEFAULT_USER_PASSWORD)
136
139
        ap.save()
137
140
 
138
 
        account = self.backend.authenticate(self.email, DEFAULT_USER_PASSWORD)
 
141
        account = self.backend.authenticate(None,
 
142
                                            self.email,
 
143
                                            DEFAULT_USER_PASSWORD)
139
144
        self.assertEqual(account, self.account)
140
145
 
141
146
    def test_changes_cypher_after_verifying_with_launchpad(self):
147
152
        self.assertTrue(validate_launchpad_password(DEFAULT_USER_PASSWORD,
148
153
                                                    ap.password))
149
154
 
150
 
        account = self.backend.authenticate(self.email, DEFAULT_USER_PASSWORD)
 
155
        account = self.backend.authenticate(None,
 
156
                                            self.email,
 
157
                                            DEFAULT_USER_PASSWORD)
151
158
        password = account.accountpassword.password
152
159
        self.assertTrue(check_password(DEFAULT_USER_PASSWORD, password))
153
160
        self.assertFalse(validate_launchpad_password(DEFAULT_USER_PASSWORD,
176
183
        assert self.account.oauth_tokens(
177
184
            scope=TokenScope.WEB_LOGIN).count() == 1
178
185
 
179
 
        account = self.backend.authenticate(self.email, DEFAULT_USER_PASSWORD)
 
186
        account = self.backend.authenticate(None,
 
187
                                            self.email,
 
188
                                            DEFAULT_USER_PASSWORD)
180
189
        assert account.id == self.account.id
181
190
 
182
191
        actual = sorted(
190
199
        ap.password = make_password(DEFAULT_USER_PASSWORD)
191
200
        ap.save()
192
201
 
193
 
        account = self.backend.authenticate(self.email, DEFAULT_USER_PASSWORD)
 
202
        account = self.backend.authenticate(None,
 
203
                                            self.email,
 
204
                                            DEFAULT_USER_PASSWORD)
194
205
        self.assertEqual(account, self.account)
195
206
 
196
207
    def test_authenticate_updates_last_leak_check_with_date(self):
200
211
        ap.save()
201
212
 
202
213
        before = now()
203
 
        account = self.backend.authenticate(self.email, DEFAULT_USER_PASSWORD)
 
214
        account = self.backend.authenticate(None,
 
215
                                            self.email,
 
216
                                            DEFAULT_USER_PASSWORD)
204
217
        after = now()
205
218
        last_leak_check = account.accountpassword.last_leak_check
206
219
        self.assert_datetime_in_range(last_leak_check, before, after)
220
233
        assert Account.objects.all()[0].accountpassword.last_leak_check is None
221
234
 
222
235
        before = now()
223
 
        account = self.backend.authenticate(self.email, DEFAULT_USER_PASSWORD)
 
236
        account = self.backend.authenticate(None,
 
237
                                            self.email,
 
238
                                            DEFAULT_USER_PASSWORD)
224
239
        after = now()
225
240
        last_leak_check = account.accountpassword.last_leak_check
226
241
        self.assert_datetime_in_range(last_leak_check, before, after)
232
247
        ap.save()
233
248
 
234
249
        with patch.object(settings, 'DEBUG', True):
235
 
            self.backend.authenticate(self.email, DEFAULT_USER_PASSWORD)
 
250
            self.backend.authenticate(None,
 
251
                                      self.email,
 
252
                                      DEFAULT_USER_PASSWORD)
236
253
 
237
254
        for query in connection.queries:
238
255
            sql = query['sql']
243
260
        # make sure account is active
244
261
        self.assertEqual(self.account.status, AccountStatus.ACTIVE)
245
262
        # make sure authentication succeeds
246
 
        response = self.backend.authenticate(self.email,
 
263
        response = self.backend.authenticate(None,
 
264
                                             self.email,
247
265
                                             DEFAULT_USER_PASSWORD)
248
266
        self.assertEqual(response, self.account)
249
267
 
285
303
            self.account.save()
286
304
 
287
305
            # make sure authentication fails
288
 
            response = self.backend.authenticate(self.email,
 
306
            response = self.backend.authenticate(None,
 
307
                                                 self.email,
289
308
                                                 DEFAULT_USER_PASSWORD)
290
309
            self.assertEqual(response, None)
291
310
 
292
311
    def test_authenticate_account_no_password(self):
293
312
        self.account.accountpassword.delete()
294
313
 
295
 
        response = self.backend.authenticate(self.email,
 
314
        response = self.backend.authenticate(None,
 
315
                                             self.email,
296
316
                                             DEFAULT_USER_PASSWORD)
297
317
 
298
318
        self.assertIsNone(response)
309
329
 
310
330
        before = now()
311
331
        account = self.backend.authenticate(
312
 
            self.email, DEFAULT_USER_PASSWORD)
 
332
            None, self.email, DEFAULT_USER_PASSWORD)
313
333
        after = now()
314
334
        # verify account was flagged for password reset
315
335
        self.assertTrue(account.need_password_reset)
333
353
        self.addCleanup(rm.clear_readonly)
334
354
 
335
355
        account = self.backend.authenticate(
336
 
            self.email, DEFAULT_USER_PASSWORD)
 
356
            None, self.email, DEFAULT_USER_PASSWORD)
337
357
        # verify account was NOT flagged for password reset
338
358
        self.assertFalse(account.need_password_reset)
339
359
        # Verify the last_leak_check was NOT updated
357
377
 
358
378
        before = now()
359
379
        account = self.backend.authenticate(
360
 
            self.email, DEFAULT_USER_PASSWORD)
 
380
            None, self.email, DEFAULT_USER_PASSWORD)
361
381
        after = now()
362
382
        # verify account was not flagged for password reset
363
383
        self.assertFalse(account.need_password_reset)
381
401
        # what _validate_raw_password would if the password matched.
382
402
        self.backend._validate_raw_password = Mock(
383
403
            return_value=self.account.accountpassword)
384
 
        self.backend.authenticate(self.email, DEFAULT_USER_PASSWORD)
 
404
        self.backend.authenticate(None, self.email, DEFAULT_USER_PASSWORD)
385
405
        # Check that validate_raw_password was not called with a
386
406
        # hashed_password and update=False, which means it was called from
387
407
        # password_leaked, which we don't want.
429
449
        ap.save()
430
450
        backend = LaunchpadBackend()
431
451
 
432
 
        account = backend.authenticate(email, DEFAULT_USER_PASSWORD)
 
452
        account = backend.authenticate(None, email, DEFAULT_USER_PASSWORD)
433
453
 
434
454
        encrypted = account.accountpassword.password
435
455
        hasher = get_hasher('bcrypt13')
897
917
                           password.encode('latin1'))
898
918
 
899
919
        mock_apiuser_authenticate.assert_called_once_with(
900
 
            username, password)
 
920
            None, username, password)
901
921
        mock_lp_backend_authenticate.assert_called_once_with(
902
 
            username, password)
 
922
            None, username, password)
903
923
 
904
924
 
905
925
class CypherLearningTestCase(SSOBaseTestCase):