1
from __future__ import unicode_literals
2
from datetime import date
4
from django.conf import settings
5
from django.contrib.auth.models import User, Group, Permission, AnonymousUser
6
from django.contrib.auth.tests.utils import skipIfCustomUser
7
from django.contrib.auth.tests.custom_user import ExtensionUser, CustomPermissionsUser, CustomUser
8
from django.contrib.contenttypes.models import ContentType
9
from django.core.exceptions import ImproperlyConfigured
10
from django.contrib.auth import authenticate
11
from django.test import TestCase
12
from django.test.utils import override_settings
15
class BaseModelBackendTest(object):
17
A base class for tests that need to validate the ModelBackend
18
with different User models. Subclasses should define a class
19
level UserModel attribute, and a create_users() method to
20
construct two users for test purposes.
22
backend = 'django.contrib.auth.backends.ModelBackend'
25
self.curr_auth = settings.AUTHENTICATION_BACKENDS
26
settings.AUTHENTICATION_BACKENDS = (self.backend,)
30
settings.AUTHENTICATION_BACKENDS = self.curr_auth
31
# The custom_perms test messes with ContentTypes, which will
32
# be cached; flush the cache to ensure there are no side effects
34
ContentType.objects.clear_cache()
36
def test_has_perm(self):
37
user = self.UserModel._default_manager.get(pk=self.user.pk)
38
self.assertEqual(user.has_perm('auth.test'), False)
41
self.assertEqual(user.has_perm('auth.test'), False)
42
user.is_superuser = True
44
self.assertEqual(user.has_perm('auth.test'), True)
46
user.is_superuser = False
48
self.assertEqual(user.has_perm('auth.test'), False)
50
user.is_superuser = True
51
user.is_active = False
53
self.assertEqual(user.has_perm('auth.test'), False)
55
def test_custom_perms(self):
56
user = self.UserModel._default_manager.get(pk=self.user.pk)
57
content_type = ContentType.objects.get_for_model(Group)
58
perm = Permission.objects.create(name='test', content_type=content_type, codename='test')
59
user.user_permissions.add(perm)
62
# reloading user to purge the _perm_cache
63
user = self.UserModel._default_manager.get(pk=self.user.pk)
64
self.assertEqual(user.get_all_permissions() == set(['auth.test']), True)
65
self.assertEqual(user.get_group_permissions(), set([]))
66
self.assertEqual(user.has_module_perms('Group'), False)
67
self.assertEqual(user.has_module_perms('auth'), True)
68
perm = Permission.objects.create(name='test2', content_type=content_type, codename='test2')
69
user.user_permissions.add(perm)
71
perm = Permission.objects.create(name='test3', content_type=content_type, codename='test3')
72
user.user_permissions.add(perm)
74
user = self.UserModel._default_manager.get(pk=self.user.pk)
75
self.assertEqual(user.get_all_permissions(), set(['auth.test2', 'auth.test', 'auth.test3']))
76
self.assertEqual(user.has_perm('test'), False)
77
self.assertEqual(user.has_perm('auth.test'), True)
78
self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), True)
79
perm = Permission.objects.create(name='test_group', content_type=content_type, codename='test_group')
80
group = Group.objects.create(name='test_group')
81
group.permissions.add(perm)
83
user.groups.add(group)
84
user = self.UserModel._default_manager.get(pk=self.user.pk)
85
exp = set(['auth.test2', 'auth.test', 'auth.test3', 'auth.test_group'])
86
self.assertEqual(user.get_all_permissions(), exp)
87
self.assertEqual(user.get_group_permissions(), set(['auth.test_group']))
88
self.assertEqual(user.has_perms(['auth.test3', 'auth.test_group']), True)
90
user = AnonymousUser()
91
self.assertEqual(user.has_perm('test'), False)
92
self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), False)
94
def test_has_no_object_perm(self):
95
"""Regressiontest for #12462"""
96
user = self.UserModel._default_manager.get(pk=self.user.pk)
97
content_type = ContentType.objects.get_for_model(Group)
98
perm = Permission.objects.create(name='test', content_type=content_type, codename='test')
99
user.user_permissions.add(perm)
102
self.assertEqual(user.has_perm('auth.test', 'object'), False)
103
self.assertEqual(user.get_all_permissions('object'), set([]))
104
self.assertEqual(user.has_perm('auth.test'), True)
105
self.assertEqual(user.get_all_permissions(), set(['auth.test']))
107
def test_get_all_superuser_permissions(self):
108
"A superuser has all permissions. Refs #14795"
109
user = self.UserModel._default_manager.get(pk=self.superuser.pk)
110
self.assertEqual(len(user.get_all_permissions()), len(Permission.objects.all()))
114
class ModelBackendTest(BaseModelBackendTest, TestCase):
116
Tests for the ModelBackend using the default User model.
120
def create_users(self):
121
self.user = User.objects.create_user(
123
email='test@example.com',
126
self.superuser = User.objects.create_superuser(
128
email='test2@example.com',
133
@override_settings(AUTH_USER_MODEL='auth.ExtensionUser')
134
class ExtensionUserModelBackendTest(BaseModelBackendTest, TestCase):
136
Tests for the ModelBackend using the custom ExtensionUser model.
138
This isn't a perfect test, because both the User and ExtensionUser are
139
synchronized to the database, which wouldn't ordinary happen in
140
production. As a result, it doesn't catch errors caused by the non-
141
existence of the User table.
143
The specific problem is queries on .filter(groups__user) et al, which
144
makes an implicit assumption that the user model is called 'User'. In
145
production, the auth.User table won't exist, so the requested join
146
won't exist either; in testing, the auth.User *does* exist, and
147
so does the join. However, the join table won't contain any useful
148
data; for testing, we check that the data we expect actually does exist.
151
UserModel = ExtensionUser
153
def create_users(self):
154
self.user = ExtensionUser._default_manager.create_user(
156
email='test@example.com',
158
date_of_birth=date(2006, 4, 25)
160
self.superuser = ExtensionUser._default_manager.create_superuser(
162
email='test2@example.com',
164
date_of_birth=date(1976, 11, 8)
168
@override_settings(AUTH_USER_MODEL='auth.CustomPermissionsUser')
169
class CustomPermissionsUserModelBackendTest(BaseModelBackendTest, TestCase):
171
Tests for the ModelBackend using the CustomPermissionsUser model.
173
As with the ExtensionUser test, this isn't a perfect test, because both
174
the User and CustomPermissionsUser are synchronized to the database,
175
which wouldn't ordinary happen in production.
178
UserModel = CustomPermissionsUser
180
def create_users(self):
181
self.user = CustomPermissionsUser._default_manager.create_user(
182
email='test@example.com',
184
date_of_birth=date(2006, 4, 25)
186
self.superuser = CustomPermissionsUser._default_manager.create_superuser(
187
email='test2@example.com',
189
date_of_birth=date(1976, 11, 8)
193
@override_settings(AUTH_USER_MODEL='auth.CustomUser')
194
class CustomUserModelBackendAuthenticateTest(TestCase):
196
Tests that the model backend can accept a credentials kwarg labeled with
197
custom user model's USERNAME_FIELD.
200
def test_authenticate(self):
201
test_user = CustomUser._default_manager.create_user(
202
email='test@example.com',
204
date_of_birth=date(2006, 4, 25)
206
authenticated_user = authenticate(email='test@example.com', password='test')
207
self.assertEqual(test_user, authenticated_user)
211
class TestObj(object):
215
class SimpleRowlevelBackend(object):
216
def has_perm(self, user, perm, obj=None):
218
return # We only support row level perms
220
if isinstance(obj, TestObj):
221
if user.username == 'test2':
223
elif user.is_anonymous() and perm == 'anon':
225
elif not user.is_active and perm == 'inactive':
229
def has_module_perms(self, user, app_label):
230
if not user.is_anonymous() and not user.is_active:
232
return app_label == "app1"
234
def get_all_permissions(self, user, obj=None):
236
return [] # We only support row level perms
238
if not isinstance(obj, TestObj):
241
if user.is_anonymous():
243
if user.username == 'test2':
244
return ['simple', 'advanced']
248
def get_group_permissions(self, user, obj=None):
250
return # We only support row level perms
252
if not isinstance(obj, TestObj):
255
if 'test_group' in [group.name for group in user.groups.all()]:
256
return ['group_perm']
262
class RowlevelBackendTest(TestCase):
264
Tests for auth backend that supports object level permissions
266
backend = 'django.contrib.auth.tests.auth_backends.SimpleRowlevelBackend'
269
self.curr_auth = settings.AUTHENTICATION_BACKENDS
270
settings.AUTHENTICATION_BACKENDS = tuple(self.curr_auth) + (self.backend,)
271
self.user1 = User.objects.create_user('test', 'test@example.com', 'test')
272
self.user2 = User.objects.create_user('test2', 'test2@example.com', 'test')
273
self.user3 = User.objects.create_user('test3', 'test3@example.com', 'test')
276
settings.AUTHENTICATION_BACKENDS = self.curr_auth
277
# The get_group_permissions test messes with ContentTypes, which will
278
# be cached; flush the cache to ensure there are no side effects
279
# Refs #14975, #14925
280
ContentType.objects.clear_cache()
282
def test_has_perm(self):
283
self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
284
self.assertEqual(self.user2.has_perm('perm', TestObj()), True)
285
self.assertEqual(self.user2.has_perm('perm'), False)
286
self.assertEqual(self.user2.has_perms(['simple', 'advanced'], TestObj()), True)
287
self.assertEqual(self.user3.has_perm('perm', TestObj()), False)
288
self.assertEqual(self.user3.has_perm('anon', TestObj()), False)
289
self.assertEqual(self.user3.has_perms(['simple', 'advanced'], TestObj()), False)
291
def test_get_all_permissions(self):
292
self.assertEqual(self.user1.get_all_permissions(TestObj()), set(['simple']))
293
self.assertEqual(self.user2.get_all_permissions(TestObj()), set(['simple', 'advanced']))
294
self.assertEqual(self.user2.get_all_permissions(), set([]))
296
def test_get_group_permissions(self):
297
group = Group.objects.create(name='test_group')
298
self.user3.groups.add(group)
299
self.assertEqual(self.user3.get_group_permissions(TestObj()), set(['group_perm']))
302
class AnonymousUserBackendTest(TestCase):
304
Tests for AnonymousUser delegating to backend.
307
backend = 'django.contrib.auth.tests.auth_backends.SimpleRowlevelBackend'
310
self.curr_auth = settings.AUTHENTICATION_BACKENDS
311
settings.AUTHENTICATION_BACKENDS = (self.backend,)
312
self.user1 = AnonymousUser()
315
settings.AUTHENTICATION_BACKENDS = self.curr_auth
317
def test_has_perm(self):
318
self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
319
self.assertEqual(self.user1.has_perm('anon', TestObj()), True)
321
def test_has_perms(self):
322
self.assertEqual(self.user1.has_perms(['anon'], TestObj()), True)
323
self.assertEqual(self.user1.has_perms(['anon', 'perm'], TestObj()), False)
325
def test_has_module_perms(self):
326
self.assertEqual(self.user1.has_module_perms("app1"), True)
327
self.assertEqual(self.user1.has_module_perms("app2"), False)
329
def test_get_all_permissions(self):
330
self.assertEqual(self.user1.get_all_permissions(TestObj()), set(['anon']))
334
@override_settings(AUTHENTICATION_BACKENDS=[])
335
class NoBackendsTest(TestCase):
337
Tests that an appropriate error is raised if no auth backends are provided.
340
self.user = User.objects.create_user('test', 'test@example.com', 'test')
342
def test_raises_exception(self):
343
self.assertRaises(ImproperlyConfigured, self.user.has_perm, ('perm', TestObj(),))
347
class InActiveUserBackendTest(TestCase):
349
Tests for a inactive user
351
backend = 'django.contrib.auth.tests.auth_backends.SimpleRowlevelBackend'
354
self.curr_auth = settings.AUTHENTICATION_BACKENDS
355
settings.AUTHENTICATION_BACKENDS = (self.backend,)
356
self.user1 = User.objects.create_user('test', 'test@example.com', 'test')
357
self.user1.is_active = False
361
settings.AUTHENTICATION_BACKENDS = self.curr_auth
363
def test_has_perm(self):
364
self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
365
self.assertEqual(self.user1.has_perm('inactive', TestObj()), True)
367
def test_has_module_perms(self):
368
self.assertEqual(self.user1.has_module_perms("app1"), False)
369
self.assertEqual(self.user1.has_module_perms("app2"), False)