2015-06-12 21:57:11 +00:00
|
|
|
from __future__ import absolute_import
|
|
|
|
from .init import *
|
|
|
|
|
|
|
|
from django.test import RequestFactory
|
|
|
|
|
|
|
|
import os
|
|
|
|
import pytest
|
|
|
|
|
|
|
|
from cas_server.views import LoginView
|
|
|
|
from cas_server import models
|
|
|
|
|
|
|
|
from .dummy import *
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_login_view_post_goodpass_goodlt():
|
|
|
|
factory = RequestFactory()
|
|
|
|
request = factory.post('/login', {'username':'test', 'password':'test', 'lt':'LT-random'})
|
|
|
|
request.session = DummySession()
|
|
|
|
|
2015-11-20 16:38:03 +00:00
|
|
|
request.session['lt'] = ['LT-random']
|
2015-06-12 21:57:11 +00:00
|
|
|
|
|
|
|
request.session["username"] = os.urandom(20)
|
|
|
|
request.session["warn"] = os.urandom(20)
|
|
|
|
|
|
|
|
login = LoginView()
|
|
|
|
login.init_post(request)
|
|
|
|
|
|
|
|
ret = login.process_post(pytest=True)
|
|
|
|
|
|
|
|
assert ret == LoginView.USER_LOGIN_OK
|
|
|
|
assert request.session.get("authenticated") == True
|
|
|
|
assert request.session.get("username") == "test"
|
|
|
|
assert request.session.get("warn") == False
|
|
|
|
|
|
|
|
def test_login_view_post_badlt():
|
|
|
|
factory = RequestFactory()
|
|
|
|
request = factory.post('/login', {'username':'test', 'password':'test', 'lt':'LT-random1'})
|
|
|
|
request.session = DummySession()
|
|
|
|
|
2015-11-20 16:38:03 +00:00
|
|
|
request.session['lt'] = ['LT-random2']
|
2015-06-12 21:57:11 +00:00
|
|
|
|
|
|
|
authenticated = os.urandom(20)
|
|
|
|
username = os.urandom(20)
|
|
|
|
warn = os.urandom(20)
|
|
|
|
|
|
|
|
request.session["authenticated"] = authenticated
|
|
|
|
request.session["username"] = username
|
|
|
|
request.session["warn"] = warn
|
|
|
|
|
|
|
|
login = LoginView()
|
|
|
|
login.init_post(request)
|
|
|
|
|
|
|
|
ret = login.process_post(pytest=True)
|
|
|
|
|
|
|
|
assert ret == LoginView.INVALID_LOGIN_TICKET
|
|
|
|
assert request.session.get("authenticated") == authenticated
|
|
|
|
assert request.session.get("username") == username
|
|
|
|
assert request.session.get("warn") == warn
|
|
|
|
|
|
|
|
def test_login_view_post_badpass_good_lt():
|
|
|
|
factory = RequestFactory()
|
|
|
|
request = factory.post('/login', {'username':'test', 'password':'badpassword', 'lt':'LT-random'})
|
|
|
|
request.session = DummySession()
|
|
|
|
|
2015-11-20 16:38:03 +00:00
|
|
|
request.session['lt'] = ['LT-random']
|
2015-06-12 21:57:11 +00:00
|
|
|
|
|
|
|
login = LoginView()
|
|
|
|
login.init_post(request)
|
|
|
|
ret = login.process_post()
|
|
|
|
|
|
|
|
assert ret == LoginView.USER_LOGIN_FAILURE
|
|
|
|
assert not request.session.get("authenticated")
|
|
|
|
assert not request.session.get("username")
|
|
|
|
assert not request.session.get("warn")
|
|
|
|
|
|
|
|
|
|
|
|
def test_view_login_get_unauth():
|
|
|
|
factory = RequestFactory()
|
|
|
|
request = factory.post('/login')
|
|
|
|
request.session = DummySession()
|
|
|
|
|
|
|
|
login = LoginView()
|
|
|
|
login.init_get(request)
|
|
|
|
ret = login.process_get()
|
|
|
|
|
|
|
|
assert ret == LoginView.USER_NOT_AUTHENTICATED
|
|
|
|
|
|
|
|
login = LoginView()
|
|
|
|
response = login.get(request)
|
|
|
|
|
|
|
|
assert response.status_code == 200
|
|
|
|
|
|
|
|
@pytest.mark.django_db
|
2015-06-21 16:56:16 +00:00
|
|
|
@dummy_user(username="test", session_key="test_session")
|
2015-06-12 21:57:11 +00:00
|
|
|
def test_view_login_get_auth():
|
|
|
|
factory = RequestFactory()
|
|
|
|
request = factory.post('/login')
|
|
|
|
request.session = DummySession()
|
|
|
|
|
|
|
|
request.session["authenticated"] = True
|
|
|
|
request.session["username"] = "test"
|
|
|
|
request.session["warn"] = False
|
|
|
|
|
|
|
|
login = LoginView()
|
|
|
|
login.init_get(request)
|
|
|
|
ret = login.process_get()
|
|
|
|
|
|
|
|
assert ret == LoginView.USER_AUTHENTICATED
|
|
|
|
|
|
|
|
login = LoginView()
|
|
|
|
response = login.get(request)
|
|
|
|
|
|
|
|
assert response.status_code == 200
|
|
|
|
|
|
|
|
@pytest.mark.django_db
|
2015-06-21 16:56:16 +00:00
|
|
|
@dummy_service_pattern()
|
|
|
|
@dummy_user(username="test", session_key="test_session")
|
|
|
|
@dummy_ticket(models.ServiceTicket, 'https://www.example.com', "ST-random")
|
2015-06-12 21:57:11 +00:00
|
|
|
def test_view_login_get_auth_service():
|
|
|
|
factory = RequestFactory()
|
|
|
|
request = factory.post('/login?service=https://www.example.com')
|
|
|
|
request.session = DummySession()
|
|
|
|
|
|
|
|
request.session["authenticated"] = True
|
|
|
|
request.session["username"] = "test"
|
|
|
|
request.session["warn"] = False
|
|
|
|
|
|
|
|
login = LoginView()
|
|
|
|
login.init_get(request)
|
|
|
|
ret = login.process_get()
|
|
|
|
|
|
|
|
assert ret == LoginView.USER_AUTHENTICATED
|
|
|
|
|
|
|
|
login = LoginView()
|
|
|
|
response = login.get(request)
|
|
|
|
|
|
|
|
assert response.status_code == 302
|
|
|
|
assert response['Location'].startswith('https://www.example.com?ticket=ST-')
|
|
|
|
|
|
|
|
@pytest.mark.django_db
|
2015-06-21 16:56:16 +00:00
|
|
|
@dummy_service_pattern()
|
|
|
|
@dummy_user(username="test", session_key="test_session")
|
|
|
|
@dummy_ticket(models.ServiceTicket, 'https://www.example.com', "ST-random")
|
2015-06-12 21:57:11 +00:00
|
|
|
def test_view_login_get_auth_service_warn():
|
|
|
|
factory = RequestFactory()
|
|
|
|
request = factory.post('/login?service=https://www.example.com')
|
|
|
|
request.session = DummySession()
|
|
|
|
|
|
|
|
request.session["authenticated"] = True
|
|
|
|
request.session["username"] = "test"
|
|
|
|
request.session["warn"] = True
|
|
|
|
|
|
|
|
login = LoginView()
|
|
|
|
login.init_get(request)
|
|
|
|
ret = login.process_get()
|
|
|
|
|
|
|
|
assert ret == LoginView.USER_AUTHENTICATED
|
|
|
|
|
|
|
|
login = LoginView()
|
|
|
|
response = login.get(request)
|
|
|
|
|
|
|
|
assert response.status_code == 200
|