Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

subdomains: Update AuthBackendTest for subdomains always on. 

This is separate from the main subdomains commit mainly for
readability of the history.
This commit is contained in:
Tim Abbott 2017-09-15 12:51:45 -07:00
parent 26a5332828
commit 95a0a4a06f
2 changed files with 28 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tools/test-backend
View File

@ -90,6 +90,7 @@ not_yet_fully_covered = {
'zerver/lib/push_notifications.py', 'zerver/lib/push_notifications.py',
'zerver/lib/upload.py', 'zerver/lib/upload.py',
'zerver/models.py', 'zerver/models.py',
'zproject/backends.py',
# Webhook integrations with incomplete coverage # Webhook integrations with incomplete coverage
'zerver/webhooks/basecamp/view.py', 'zerver/webhooks/basecamp/view.py',
'zerver/webhooks/beanstalk/view.py', 'zerver/webhooks/beanstalk/view.py',

150
zerver/tests/test_auth_backends.py
View File

@ -72,13 +72,13 @@ class AuthBackendTest(ZulipTestCase):
return username return username
@override_settings(REALMS_HAVE_SUBDOMAINS=True)
def verify_backend(self, backend, good_kwargs=None, bad_kwargs=None): def verify_backend(self, backend, good_kwargs=None, bad_kwargs=None):
# type: (Any, Optional[Dict[str, Any]], Optional[Dict[str, Any]]) -> None # type: (Any, Optional[Dict[str, Any]], Optional[Dict[str, Any]]) -> None
user_profile = self.example_user('hamlet') user_profile = self.example_user('hamlet')
if good_kwargs is None: assert good_kwargs is not None
good_kwargs = {}
# If bad_kwargs was specified, verify auth fails in that case # If bad_kwargs was specified, verify auth fails in that case
if bad_kwargs is not None: if bad_kwargs is not None:
@ -149,13 +149,6 @@ class AuthBackendTest(ZulipTestCase):
password = "testpassword" password = "testpassword"
user_profile.set_password(password) user_profile.set_password(password)
user_profile.save() user_profile.save()
self.setup_subdomain(user_profile)
self.verify_backend(EmailAuthBackend(),
bad_kwargs=dict(username=username,
password=''),
good_kwargs=dict(username=username,
password=password))
with mock.patch('zproject.backends.email_auth_enabled', with mock.patch('zproject.backends.email_auth_enabled',
return_value=False), \ return_value=False), \
@ -168,32 +161,15 @@ class AuthBackendTest(ZulipTestCase):
self.assertEqual(user, None) self.assertEqual(user, None)
self.assertTrue(return_data['email_auth_disabled']) self.assertTrue(return_data['email_auth_disabled'])
# Subdomain is ignored when feature is not enabled
self.verify_backend(EmailAuthBackend(), self.verify_backend(EmailAuthBackend(),
good_kwargs=dict(password=password, good_kwargs=dict(password=password,
username=username, username=username,
realm_subdomain='acme', realm_subdomain='zulip',
return_data=dict())) return_data=dict()),
bad_kwargs=dict(password=password,
with self.settings(REALMS_HAVE_SUBDOMAINS=True): username=username,
# With subdomains, authenticating with the right subdomain realm_subdomain='acme',
# works; using the wrong subdomain doesn't return_data=dict()))
self.verify_backend(EmailAuthBackend(),
good_kwargs=dict(password=password,
username=username,
realm_subdomain='zulip',
return_data=dict()),
bad_kwargs=dict(password=password,
username=username,
realm_subdomain='acme',
return_data=dict()))
# Things work normally in the event that we're using a
# non-subdomain login page, even if subdomains are enabled
self.verify_backend(EmailAuthBackend(),
bad_kwargs=dict(password="wrong",
username=username),
good_kwargs=dict(password=password,
username=username))
def test_email_auth_backend_disabled_password_auth(self): def test_email_auth_backend_disabled_password_auth(self):
# type: () -> None # type: () -> None
@ -233,23 +209,11 @@ class AuthBackendTest(ZulipTestCase):
backend = GoogleMobileOauth2Backend() backend = GoogleMobileOauth2Backend()
payload = dict(email_verified=True, payload = dict(email_verified=True,
email=email) email=email)
self.setup_subdomain(user_profile)
with mock.patch('apiclient.sample_tools.client.verify_id_token', return_value=payload):
self.verify_backend(backend)
# With REALMS_HAVE_SUBDOMAINS off, subdomain is ignored
with mock.patch('apiclient.sample_tools.client.verify_id_token', return_value=payload): with mock.patch('apiclient.sample_tools.client.verify_id_token', return_value=payload):
self.verify_backend(backend, self.verify_backend(backend,
good_kwargs=dict(realm_subdomain='acme')) good_kwargs=dict(realm_subdomain="zulip"),
bad_kwargs=dict(realm_subdomain='acme'))
with self.settings(REALMS_HAVE_SUBDOMAINS=True):
# With subdomains, authenticating with the right subdomain
# works; using the wrong subdomain doesn't
with mock.patch('apiclient.sample_tools.client.verify_id_token', return_value=payload):
self.verify_backend(backend,
good_kwargs=dict(realm_subdomain="zulip"),
bad_kwargs=dict(realm_subdomain='acme'))
# Verify valid_attestation parameter is set correctly # Verify valid_attestation parameter is set correctly
unverified_payload = dict(email_verified=False) unverified_payload = dict(email_verified=False)
@ -291,51 +255,17 @@ class AuthBackendTest(ZulipTestCase):
return_value=dict(full_name=['Hamlet']))): return_value=dict(full_name=['Hamlet']))):
self.assertIsNone(backend.authenticate(email, password)) self.assertIsNone(backend.authenticate(email, password))
# For this backend, we mock the internals of django_auth_ldap
with mock.patch('django_auth_ldap.backend._LDAPUser._authenticate_user_dn'), (
mock.patch('django_auth_ldap.backend._LDAPUser._check_requirements')), (
mock.patch('django_auth_ldap.backend._LDAPUser._get_user_attrs',
return_value=dict(full_name=['Hamlet']))):
self.verify_backend(backend, good_kwargs=dict(username=username,
password=password))
with mock.patch('django_auth_ldap.backend._LDAPUser._authenticate_user_dn'), ( with mock.patch('django_auth_ldap.backend._LDAPUser._authenticate_user_dn'), (
mock.patch('django_auth_ldap.backend._LDAPUser._check_requirements')), ( mock.patch('django_auth_ldap.backend._LDAPUser._check_requirements')), (
mock.patch('django_auth_ldap.backend._LDAPUser._get_user_attrs', mock.patch('django_auth_ldap.backend._LDAPUser._get_user_attrs',
return_value=dict(full_name=['Hamlet']))): return_value=dict(full_name=['Hamlet']))):
self.verify_backend(backend, self.verify_backend(backend,
bad_kwargs=dict(username=username,
password=password,
realm_subdomain='acme'),
good_kwargs=dict(username=username, good_kwargs=dict(username=username,
password=password, password=password,
realm_subdomain='acme')) realm_subdomain='zulip'))
with self.settings(REALMS_HAVE_SUBDOMAINS=True):
# With subdomains, authenticating with the right subdomain
# works; using the wrong subdomain doesn't
with mock.patch('django_auth_ldap.backend._LDAPUser._authenticate_user_dn'), (
mock.patch('django_auth_ldap.backend._LDAPUser._check_requirements')), (
mock.patch('django_auth_ldap.backend._LDAPUser._get_user_attrs',
return_value=dict(full_name=['Hamlet']))):
self.verify_backend(backend,
bad_kwargs=dict(username=username,
password=password,
realm_subdomain='acme'),
good_kwargs=dict(username=username,
password=password,
realm_subdomain='zulip'))
with self.settings(REALMS_HAVE_SUBDOMAINS=True):
# With subdomains, authenticating with the right subdomain
# works; using the wrong subdomain doesn't
with mock.patch('django_auth_ldap.backend._LDAPUser._authenticate_user_dn'), (
mock.patch('django_auth_ldap.backend._LDAPUser._check_requirements')), (
mock.patch('zproject.backends.get_realm', side_effect=Realm.DoesNotExist)), (
mock.patch('django_auth_ldap.backend._LDAPUser._get_user_attrs',
return_value=dict(full_name=['Hamlet']))):
user = backend.authenticate(email,
password=password,
realm_subdomain='zulip')
self.assertEqual(user, None)
def test_devauth_backend(self): def test_devauth_backend(self):
# type: () -> None # type: () -> None
@ -345,62 +275,36 @@ class AuthBackendTest(ZulipTestCase):
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipRemoteUserBackend',)) @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipRemoteUserBackend',))
def test_remote_user_backend(self): def test_remote_user_backend(self):
# type: () -> None # type: () -> None
self.setup_subdomain(self.example_user('hamlet'))
username = self.get_username() username = self.get_username()
self.verify_backend(ZulipRemoteUserBackend(), self.verify_backend(ZulipRemoteUserBackend(),
good_kwargs=dict(remote_user=username, good_kwargs=dict(remote_user=username,
realm_subdomain='acme')) realm_subdomain='zulip'),
bad_kwargs=dict(remote_user=username,
with self.settings(REALMS_HAVE_SUBDOMAINS=True): realm_subdomain='acme'))
# With subdomains, authenticating with the right subdomain
# works; using the wrong subdomain doesn't
self.verify_backend(ZulipRemoteUserBackend(),
good_kwargs=dict(remote_user=username,
realm_subdomain='zulip'),
bad_kwargs=dict(remote_user=username,
realm_subdomain='acme'))
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipRemoteUserBackend',)) @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipRemoteUserBackend',))
@override_settings(SSO_APPEND_DOMAIN='zulip.com')
def test_remote_user_backend_sso_append_domain(self): def test_remote_user_backend_sso_append_domain(self):
# type: () -> None # type: () -> None
self.setup_subdomain(self.example_user('hamlet'))
username = self.get_username(email_to_username) username = self.get_username(email_to_username)
with self.settings(SSO_APPEND_DOMAIN='zulip.com'): self.verify_backend(ZulipRemoteUserBackend(),
self.verify_backend(ZulipRemoteUserBackend(), good_kwargs=dict(remote_user=username,
good_kwargs=dict(remote_user=username, realm_subdomain='zulip'),
realm_subdomain='acme')) bad_kwargs=dict(remote_user=username,
realm_subdomain='acme'))
with self.settings(REALMS_HAVE_SUBDOMAINS=True):
# With subdomains, authenticating with the right subdomain
# works; using the wrong subdomain doesn't
with self.settings(SSO_APPEND_DOMAIN='zulip.com'):
self.verify_backend(ZulipRemoteUserBackend(),
good_kwargs=dict(remote_user=username,
realm_subdomain='zulip'),
bad_kwargs=dict(remote_user=username,
realm_subdomain='acme'))
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.GitHubAuthBackend',)) @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.GitHubAuthBackend',))
def test_github_backend(self): def test_github_backend(self):
# type: () -> None # type: () -> None
user = self.example_user('hamlet') user = self.example_user('hamlet')
email = user.email email = user.email
self.setup_subdomain(user)
good_kwargs = dict(response=dict(email=email), return_data=dict(), good_kwargs = dict(response=dict(email=email), return_data=dict(),
realm_subdomain='acme') realm_subdomain='zulip')
bad_kwargs = dict(response=dict(email=email), return_data=dict(),
realm_subdomain='acme')
self.verify_backend(GitHubAuthBackend(), self.verify_backend(GitHubAuthBackend(),
good_kwargs=good_kwargs, good_kwargs=good_kwargs,
bad_kwargs=dict()) bad_kwargs=bad_kwargs)
with self.settings(REALMS_HAVE_SUBDOMAINS=True):
# With subdomains, authenticating with the right subdomain
# works; using the wrong subdomain doesn't
good_kwargs = dict(response=dict(email=email), return_data=dict(),
realm_subdomain='zulip')
bad_kwargs = dict(response=dict(email=email), return_data=dict(),
realm_subdomain='acme')
self.verify_backend(GitHubAuthBackend(),
good_kwargs=good_kwargs,
bad_kwargs=bad_kwargs)
class SocialAuthMixinTest(ZulipTestCase): class SocialAuthMixinTest(ZulipTestCase):
def test_social_auth_mixing(self): def test_social_auth_mixing(self):