← Back to branch summary

~roadmr/canonical-identity-provider/webauthn-register-endpoint-part-2-the-registration

« back to all changes in this revision

Viewing changes to src/identityprovider/tests/test_models_twofactor.py

Merged webauthn-register-endpoint into webauthn-register-endpoint-part-2-the-registration.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/identityprovider/tests/test_models_twofactor.py
9
9
from identityprovider.models.twofactor import (
10
10
    TWOFACTOR_LOGIN,
11
11
    AuthenticationDevice,
 
12
    authenticate,
12
13
    is_authenticated,
13
14
    is_twofactor_enabled,
14
15
    is_upgraded,
151
152
 
152
153
    def test_is_twofactor_enabled_in_readonly_mode(self):
153
154
        with self.settings(READ_ONLY_MODE=True):
154
 
            self.assertFalse(is_twofactor_enabled(self.request))
 
155
            self.assertTrue(is_twofactor_enabled(self.request))
155
156
 
156
157
    @patch('identityprovider.models.twofactor.gargoyle.is_active')
157
158
    def test_is_twofactor_enabled_in_readwrite_mode(self, mock_is_active):
324
325
        devices[0].sync.assert_not_called(otps)
325
326
        devices[1].sync.assert_not_called(otps)
326
327
        devices[2].sync.assert_not_called(otps)
 
328
 
 
329
    def test_sync_disabled_when_readonly(self):
 
330
        account = Mock()
 
331
        devices = [Mock(), Mock()]
 
332
        otps = ['otp1', 'otp2']
 
333
        account.devices.order_by.return_value = devices
 
334
        devices[0].is_totp.return_value = False
 
335
        devices[0].sync.return_value = False
 
336
        devices[1].is_totp.return_value = False
 
337
        devices[1].sync.return_value = True
 
338
 
 
339
        with self.settings(READ_ONLY_MODE=True):
 
340
            self.assertRaises(AuthenticationError, sync, account, otps)
 
341
 
 
342
    def test_authenticate_stops_on_first_device_that_succeeds(self):
 
343
        account = Mock()
 
344
        devices = [Mock(), Mock(), Mock()]
 
345
        account.devices.order_by.return_value = devices
 
346
        devices[0].is_totp.return_value = False
 
347
        devices[0].authenticate.return_value = False
 
348
        devices[1].is_totp.return_value = True
 
349
        devices[1].authenticate.return_value = True
 
350
 
 
351
        self.assertTrue(authenticate(account, 'otp'))
 
352
 
 
353
        devices[0].authenticate.assert_called_once_with('otp')
 
354
        devices[1].authenticate.assert_called_once_with('otp')
 
355
        self.assertFalse(devices[2].called)
 
356
 
 
357
    def test_authenticate_raises_error_if_none_of_the_devices_succeeds(self):
 
358
        account = Mock()
 
359
        devices = [Mock(), Mock(), Mock()]
 
360
        account.devices.order_by.return_value = devices
 
361
        devices[0].authenticate.return_value = False
 
362
        devices[0].is_totp.return_value = False
 
363
        devices[1].authenticate.return_value = False
 
364
        devices[1].is_totp.return_value = False
 
365
        devices[2].authenticate.return_value = False
 
366
        devices[2].is_totp.return_value = False
 
367
 
 
368
        self.assertRaises(AuthenticationError, authenticate, account, 'otp')
 
369
 
 
370
        devices[0].authenticate.assert_called_once_with('otp')
 
371
        devices[1].authenticate.assert_called_once_with('otp')
 
372
        devices[2].authenticate.assert_called_once_with('otp')
 
373
 
 
374
    def test_authenticate_totp_enabled_when_readonly(self):
 
375
        account = Mock()
 
376
        devices = [Mock(), Mock()]
 
377
        account.devices.order_by.return_value = devices
 
378
        devices[0].is_totp.return_value = True
 
379
        devices[0].authenticate.return_value = True
 
380
 
 
381
        with self.settings(READ_ONLY_MODE=True):
 
382
            self.assertTrue(authenticate(account, 'otp'))
 
383
 
 
384
    def test_authenticate_non_totp_disabled_when_readonly(self):
 
385
        account = Mock()
 
386
        devices = [Mock(), Mock()]
 
387
        otp = 'otp'
 
388
        account.devices.order_by.return_value = devices
 
389
        devices[0].is_totp.return_value = False
 
390
        devices[0].authenticate.return_value = True
 
391
        devices[1].is_totp.return_value = True
 
392
        devices[1].authenticate.return_value = False
 
393
 
 
394
        with self.settings(READ_ONLY_MODE=True):
 
395
            self.assertRaises(AuthenticationError, authenticate, account, otp)