~ubuntuone-pqm-team/django-openid-auth/trunk : revision 127.1.1

31

32

import cgi

33

34

from urlparse import parse_qs

34

try:

35

from urllib.parse import parse_qs

36

except ImportError:

37

from urlparse import parse_qs

35

38

36

39

from django.conf import settings

37

40

from django.contrib.auth.models import User, Group, Permission

125

128

def parseFormPost(self, content):

126

129

"""Parse an HTML form post to create an OpenID request."""

127

130

# Hack to make the javascript XML compliant ...

128

content = content.replace('i < elements.length',

129

'i < elements.length')

131

content = content.replace(

132

'i < elements.length', 'i < elements.length')

130

133

tree = ET.XML(content)

131

134

form = tree.find('.//form')

132

135

assert form is not None, 'No form in document'

137

140

for input in form.findall('input'):

138

141

if input.get('type') != 'hidden':

139

142

continue

140

query[input.get('name').encode('UTF-8')] = \

141

input.get('value').encode('UTF-8')

143

query[input.get('name')] = input.get('value')

142

144

self.last_request = self.server.decodeRequest(query)

143

145

return self.last_request

144

146

236

238

response = self.client.post(self.login_url, self.openid_req)

237

239

self.assertContains(response, 'OpenID transaction in progress')

238

240

239

openid_request = self.provider.parseFormPost(response.content)

241

openid_request = self.provider.parseFormPost(

242

response.content.decode('utf-8'))

240

243

self.assertEqual(openid_request.mode, 'checkid_setup')

241

244

self.assertTrue(openid_request.return_to.startswith(

242

245

'http://testserver/openid/complete/'))

248

251

249

252

# And they are now logged in:

250

253

response = self.client.get('/getuser/')

251

self.assertEqual(response.content, 'someuser')

254

self.assertEqual(response.content.decode('utf-8'), 'someuser')

252

255

253

256

def test_login_with_nonascii_return_to(self):

254

257

"""Ensure non-ascii characters can be used for the 'next' arg."""

270

273

271

274

self.assertContains(response, 'OpenID transaction in progress')

272

275

273

openid_request = self.provider.parseFormPost(response.content)

276

openid_request = self.provider.parseFormPost(

277

response.content.decode('utf-8'))

274

278

self.assertEqual(openid_request.mode, 'checkid_setup')

275

279

self.assertTrue(openid_request.return_to.startswith(

276

280

'http://testserver/openid/complete/'))

297

301

self.assertEqual(response.status_code, 200)

298

302

self.assertContains(response, 'OpenID transaction in progress')

299

303

300

openid_request = self.provider.parseFormPost(response.content)

304

openid_request = self.provider.parseFormPost(

305

response.content.decode('utf-8'))

301

306

self.assertEqual(openid_request.mode, 'checkid_setup')

302

307

self.assertTrue(openid_request.return_to.startswith(

303

308

'http://testserver/openid/complete/'))

309

314

310

315

# And they are now logged in:

311

316

response = self.client.get('/getuser/')

312

self.assertEqual(response.content, 'someuser')

317

self.assertEqual(response.content.decode('utf-8'), 'someuser')

313

318

314

319

def test_login_create_users(self):

315

320

# Create a user with the same name as we'll pass back via sreg.

321

326

322

327

# Complete the request, passing back some simple registration

323

328

# data. The user is redirected to the next URL.

324

openid_request = self.provider.parseFormPost(response.content)

329

openid_request = self.provider.parseFormPost(

330

response.content.decode('utf-8'))

325

331

sreg_request = sreg.SRegRequest.fromOpenIDRequest(openid_request)

326

332

openid_response = openid_request.answer(True)

327

333

sreg_response = sreg.SRegResponse.extractResponse(

335

341

# And they are now logged in as a new user (they haven't taken

336

342

# over the existing "someuser" user).

337

343

response = self.client.get('/getuser/')

338

self.assertEqual(response.content, 'someuser2')

344

self.assertEqual(response.content.decode('utf-8'), 'someuser2')

339

345

340

346

# Check the details of the new user.

341

347

user = User.objects.get(username='someuser2')

359

365

360

366

# Complete the request, passing back some simple registration

361

367

# data. The user is redirected to the next URL.

362

openid_request = self.provider.parseFormPost(response.content)

368

openid_request = self.provider.parseFormPost(

369

response.content.decode('utf-8'))

363

370

return openid_request

364

371

365

372

def _get_login_response(self, openid_request, resp_data, use_sreg,

383

390

self.provider.type_uris.append(pape.ns_uri)

384

391

385

392

response = self.client.post(self.login_url, self.openid_req)

386

openid_request = self.provider.parseFormPost(response.content)

393

openid_request = self.provider.parseFormPost(

394

response.content.decode('utf-8'))

387

395

388

396

request_auth = openid_request.message.getArg(

389

397

'http://specs.openid.net/extensions/pape/1.0',

431

439

query['openid.pape.auth_policies'], [preferred_auth])

432

440

433

441

response = self.client.get('/getuser/')

434

self.assertEqual(response.content, 'testuser')

442

self.assertEqual(response.content.decode('utf-8'), 'testuser')

435

443

436

444

@override_settings(OPENID_PHYSICAL_MULTIFACTOR_REQUIRED=True)

437

445

def test_login_physical_multifactor_not_provided(self):

547

555

response = self.client.get('/getuser/')

548

556

549

557

# username defaults to 'openiduser'

550

self.assertEqual(response.content, 'openiduser')

558

username = response.content.decode('utf-8')

559

self.assertEqual(username, 'openiduser')

551

560

552

561

# The user's full name and email have been updated.

553

user = User.objects.get(username=response.content)

562

user = User.objects.get(username=username)

554

563

self.assertEqual(user.first_name, 'Openid')

555

564

self.assertEqual(user.last_name, 'User')

556

565

self.assertEqual(user.email, 'foo@example.com')

565

574

response = self.client.get('/getuser/')

566

575

567

576

# username defaults to a munged version of the email

568

self.assertEqual(response.content, 'fooexamplecom')

577

self.assertEqual(response.content.decode('utf-8'), 'fooexamplecom')

569

578

570

579

def test_login_duplicate_username_numbering(self):

571

580

# Setup existing user who's name we're going to conflict with

582

591

583

592

# Since this username is already taken by someone else, we go through

584

593

# the process of adding +i to it, and get testuser2.

585

self.assertEqual(response.content, 'testuser2')

594

self.assertEqual(response.content.decode('utf-8'), 'testuser2')

586

595

587

596

def test_login_duplicate_username_numbering_with_conflicts(self):

588

597

# Setup existing user who's name we're going to conflict with

602

611

# the process of adding +i to it starting with the count of users with

603

612

# username starting with 'testuser', of which there are 2. i should

604

613

# start at 3, which already exists, so it should skip to 4.

605

self.assertEqual(response.content, 'testuser4')

614

self.assertEqual(response.content.decode('utf-8'), 'testuser4')

606

615

607

616

def test_login_duplicate_username_numbering_with_holes(self):

608

617

# Setup existing user who's name we're going to conflict with

625

634

# the process of adding +i to it starting with the count of users with

626

635

# username starting with 'testuser', of which there are 5. i should

627

636

# start at 6, and increment until it reaches 9.

628

self.assertEqual(response.content, 'testuser9')

637

self.assertEqual(response.content.decode('utf-8'), 'testuser9')

629

638

630

639

def test_login_duplicate_username_numbering_with_nonsequential_matches(

631

640

self):

646

655

# the process of adding +i to it starting with the count of users with

647

656

# username starting with 'testuser', of which there are 2. i should

648

657

# start at 3, which will be available.

649

self.assertEqual(response.content, 'testuser3')

658

self.assertEqual(response.content.decode('utf-8'), 'testuser3')

650

659

651

660

def test_login_follow_rename(self):

652

661

user = User.objects.create_user('testuser', 'someone@example.com')

666

675

667

676

# If OPENID_FOLLOW_RENAMES, they are logged in as

668

677

# someuser (the passed in nickname has changed the username)

669

self.assertEqual(response.content, 'someuser')

678

username = response.content.decode('utf-8')

679

self.assertEqual(username, 'someuser')

670

680

671

681

# The user's full name and email have been updated.

672

user = User.objects.get(username=response.content)

682

user = User.objects.get(username=username)

673

683

self.assertEqual(user.first_name, 'Some')

674

684

self.assertEqual(user.last_name, 'User')

675

685

self.assertEqual(user.email, 'foo@example.com')

691

701

response = self.client.get('/getuser/')

692

702

693

703

# Username should not have changed

694

self.assertEqual(response.content, 'testuser')

704

username = response.content.decode('utf-8')

705

self.assertEqual(username, 'testuser')

695

706

696

707

# The user's full name and email have been updated.

697

user = User.objects.get(username=response.content)

708

user = User.objects.get(username=username)

698

709

self.assertEqual(user.first_name, 'Some')

699

710

self.assertEqual(user.last_name, 'User')

700

711

self.assertEqual(user.email, 'foo@example.com')

730

741

# If OPENID_FOLLOW_RENAMES, attempt to change username to 'testuser'

731

742

# but since that username is already taken by someone else, we go

732

743

# through the process of adding +i to it, and get testuser2.

733

self.assertEqual(response.content, 'testuser2')

744

username = response.content.decode('utf-8')

745

self.assertEqual(username, 'testuser2')

734

746

735

747

# The user's full name and email have been updated.

736

user = User.objects.get(username=response.content)

748

user = User.objects.get(username=username)

737

749

self.assertEqual(user.first_name, 'Rename')

738

750

self.assertEqual(user.last_name, 'User')

739

751

self.assertEqual(user.email, 'rename@example.com')

772

784

# the username follows the nickname+i scheme, it has non-numbers in the

773

785

# suffix, so it's not an auto-generated one. The regular process of

774

786

# renaming to 'testuser' has a conflict, so we get +2 at the end.

775

self.assertEqual(response.content, 'testuser2')

787

username = response.content.decode('utf-8')

788

self.assertEqual(username, 'testuser2')

776

789

777

790

# The user's full name and email have been updated.

778

user = User.objects.get(username=response.content)

791

user = User.objects.get(username=username)

779

792

self.assertEqual(user.first_name, 'Rename')

780

793

self.assertEqual(user.last_name, 'User')

781

794

self.assertEqual(user.email, 'rename@example.com')

812

825

# but since that username is already taken by someone else, we go

813

826

# through the process of adding +i to it. Since the user for this

814

827

# identity url already has a name matching that pattern, check if first

815

self.assertEqual(response.content, 'testuser2000')

828

username = response.content.decode('utf-8')

829

self.assertEqual(username, 'testuser2000')

816

830

817

831

# The user's full name and email have been updated.

818

user = User.objects.get(username=response.content)

832

user = User.objects.get(username=username)

819

833

self.assertEqual(user.first_name, 'Rename')

820

834

self.assertEqual(user.last_name, 'User')

821

835

self.assertEqual(user.email, 'rename@example.com')

842

856

843

857

# If OPENID_FOLLOW_RENAMES, username should be changed to 'testuser'

844

858

# because it wasn't currently taken

845

self.assertEqual(response.content, 'testuser')

859

username = response.content.decode('utf-8')

860

self.assertEqual(username, 'testuser')

846

861

847

862

# The user's full name and email have been updated.

848

user = User.objects.get(username=response.content)

863

user = User.objects.get(username=username)

849

864

self.assertEqual(user.first_name, 'Same')

850

865

self.assertEqual(user.last_name, 'User')

851

866

self.assertEqual(user.email, 'same@example.com')

860

875

861

876

# Complete the request, passing back some simple registration

862

877

# data. The user is redirected to the next URL.

863

openid_request = self.provider.parseFormPost(response.content)

878

openid_request = self.provider.parseFormPost(

879

response.content.decode('utf-8'))

864

880

sreg_request = sreg.SRegRequest.fromOpenIDRequest(openid_request)

865

881

openid_response = openid_request.answer(True)

866

882

sreg_response = sreg.SRegResponse.extractResponse(

898

914

899

915

# Complete the request, passing back some simple registration

900

916

# data. The user is redirected to the next URL.

901

openid_request = self.provider.parseFormPost(response.content)

917

openid_request = self.provider.parseFormPost(

918

response.content.decode('utf-8'))

902

919

sreg_request = sreg.SRegRequest.fromOpenIDRequest(openid_request)

903

920

openid_response = openid_request.answer(True)

904

921

sreg_response = sreg.SRegResponse.extractResponse(

927

944

928

945

# Complete the request, passing back some simple registration

929

946

# data. The user is redirected to the next URL.

930

openid_request = self.provider.parseFormPost(response.content)

947

openid_request = self.provider.parseFormPost(

948

response.content.decode('utf-8'))

931

949

sreg_request = sreg.SRegRequest.fromOpenIDRequest(openid_request)

932

950

openid_response = openid_request.answer(True)

933

951

sreg_response = sreg.SRegResponse.extractResponse(

969

987

970

988

# Complete the request, passing back some simple registration

971

989

# data. The user is redirected to the next URL.

972

openid_request = self.provider.parseFormPost(response.content)

990

openid_request = self.provider.parseFormPost(

991

response.content.decode('utf-8'))

973

992

sreg_request = sreg.SRegRequest.fromOpenIDRequest(openid_request)

974

993

openid_response = openid_request.answer(True)

975

994

sreg_response = sreg.SRegResponse.extractResponse(

992

1011

993

1012

# Complete the request, passing back some simple registration

994

1013

# data. The user is redirected to the next URL.

995

openid_request = self.provider.parseFormPost(response.content)

1014

openid_request = self.provider.parseFormPost(

1015

response.content.decode('utf-8'))

996

1016

sreg_request = sreg.SRegRequest.fromOpenIDRequest(openid_request)

997

1017

openid_response = openid_request.answer(True)

998

1018

sreg_response = sreg.SRegResponse.extractResponse(

1028

1048

self._do_user_login(self.openid_req, self.openid_resp)

1029

1049

response = self.client.get('/getuser/')

1030

1050

1031

self.assertEqual(response.content, 'testuser')

1051

username = response.content.decode('utf-8')

1052

self.assertEqual(username, 'testuser')

1032

1053

1033

1054

# The user's full name and email have been updated.

1034

user = User.objects.get(username=response.content)

1055

user = User.objects.get(username=username)

1035

1056

self.assertEqual(user.first_name, 'Some')

1036

1057

self.assertEqual(user.last_name, 'User')

1037

1058

self.assertEqual(user.email, 'foo@example.com')

1047

1068

with self.settings(OPENID_SREG_EXTRA_FIELDS=('language',)):

1048

1069

response = self.client.post(self.login_url, self.openid_req)

1049

1070

1050

openid_request = self.provider.parseFormPost(response.content)

1071

openid_request = self.provider.parseFormPost(

1072

response.content.decode('utf-8'))

1051

1073

sreg_request = sreg.SRegRequest.fromOpenIDRequest(openid_request)

1052

1074

for field in ('email', 'fullname', 'nickname', 'language'):

1053

1075

self.assertTrue(field in sreg_request)

1064

1086

with self.settings(OPENID_SREG_REQUIRED_FIELDS=('email', 'language')):

1065

1087

response = self.client.post(self.login_url, self.openid_req)

1066

1088

1067

openid_request = self.provider.parseFormPost(response.content)

1089

openid_request = self.provider.parseFormPost(

1090

response.content.decode('utf-8'))

1068

1091

sreg_request = sreg.SRegRequest.fromOpenIDRequest(openid_request)

1069

1092

1070

1093

self.assertEqual(['email', 'language'], sreg_request.required)

1086

1109

1087

1110

# The resulting OpenID request uses the Attribute Exchange

1088

1111

# extension rather than the Simple Registration extension.

1089

openid_request = self.provider.parseFormPost(response.content)

1112

openid_request = self.provider.parseFormPost(

1113

response.content.decode('utf-8'))

1090

1114

sreg_request = sreg.SRegRequest.fromOpenIDRequest(openid_request)

1091

1115

self.assertEqual(sreg_request.required, [])

1092

1116

self.assertEqual(sreg_request.optional, [])

1132

1156

assert not settings.OPENID_FOLLOW_RENAMES, (

1133

1157

'OPENID_FOLLOW_RENAMES must be False')

1134

1158

response = self.client.get('/getuser/')

1135

self.assertEqual(response.content, 'testuser')

1159

self.assertEqual(response.content.decode('utf-8'), 'testuser')

1136

1160

1137

1161

# The user's full name and email have been updated.

1138

1162

user = User.objects.get(username='testuser')

1216

1240

self.assertContains(response, 'OpenID transaction in progress')

1217

1241

1218

1242

# Complete the request

1219

openid_request = self.provider.parseFormPost(response.content)

1243

openid_request = self.provider.parseFormPost(

1244

response.content.decode('utf-8'))

1220

1245

openid_response = openid_request.answer(True)

1221

1246

teams_request = teams.TeamsRequest.fromOpenIDRequest(openid_request)

1222

1247

teams_response = teams.TeamsResponse.extractResponse(

1231

1256

1232

1257

# And they are now logged in as testuser

1233

1258

response = self.client.get('/getuser/')

1234

self.assertEqual(response.content, 'testuser')

1259

self.assertEqual(response.content.decode('utf-8'), 'testuser')

1235

1260

1236

1261

# The user's groups have been updated.

1237

1262

User.objects.get(username='testuser')

1263

1288

OPENID_LAUNCHPAD_TEAMS_MAPPING=mapping,

1264

1289

OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO=True,

1265

1290

OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO_BLACKLIST=blacklist):

1266

openid_request = self.provider.parseFormPost(response.content)

1291

openid_request = self.provider.parseFormPost(

1292

response.content.decode('utf-8'))

1267

1293

openid_request.answer(True)

1268

1294

teams.TeamsRequest.fromOpenIDRequest(openid_request)

1269

1295

1316

1342

response = self.client.post(self.login_url, self.openid_req_no_next)

1317

1343

1318

1344

# Complete the request

1319

openid_request = self.provider.parseFormPost(response.content)

1345

openid_request = self.provider.parseFormPost(

1346

response.content.decode('utf-8'))

1320

1347

openid_response = openid_request.answer(True)

1321

1348

teams_request = teams.TeamsRequest.fromOpenIDRequest(openid_request)

1322

1349

teams_response = teams.TeamsResponse.extractResponse(

1335

1362

display_id='http://example.com/identity')

1336

1363

1337

1364

response = self.client.post(self.login_url, self.openid_req_no_next)

1338

openid_request = self.provider.parseFormPost(response.content)

1365

openid_request = self.provider.parseFormPost(

1366

response.content.decode('utf-8'))

1339

1367

openid_response = openid_request.answer(True)

1340

1368

# Use a closure to test whether the signal handler was called.

1341

1369

self.signal_handler_called = False