10 |
10 |
from authentic2_idp_cas import constants
|
11 |
11 |
from authentic2.constants import AUTHENTICATION_EVENTS_SESSION_KEY, NONCE_FIELD_NAME
|
12 |
12 |
from authentic2.a2_rbac.utils import get_default_ou
|
|
13 |
from django_rbac.utils import get_role_model
|
13 |
14 |
|
14 |
15 |
from utils import Authentic2TestCase
|
15 |
16 |
|
... | ... | |
34 |
35 |
SERVICE2_URL = 'https://casclient2.com/service/'
|
35 |
36 |
PGT_URL = 'https://casclient.con/pgt/'
|
36 |
37 |
|
37 |
|
|
38 |
38 |
def setUp(self):
|
39 |
39 |
User = get_user_model()
|
|
40 |
Role = get_role_model()
|
40 |
41 |
self.user = User.objects.create_user(self.LOGIN,
|
41 |
42 |
password=self.PASSWORD, email=self.EMAIL,
|
42 |
43 |
first_name=self.FIRST_NAME, last_name=self.LAST_NAME)
|
... | ... | |
54 |
55 |
service=self.service2,
|
55 |
56 |
slug='username',
|
56 |
57 |
attribute_name='django_user_username')
|
|
58 |
self.authorized_role = Role.objects.create(name='rogue', ou=get_default_ou())
|
57 |
59 |
self.factory = RequestFactory()
|
58 |
60 |
|
59 |
61 |
def test_service_matching(self):
|
... | ... | |
78 |
80 |
constants.GATEWAY_PARAM: ''})
|
79 |
81 |
self.assertRedirectsComplex(response, self.URL)
|
80 |
82 |
|
|
83 |
def test_role_access_control_denied(self):
|
|
84 |
client = Client()
|
|
85 |
service = self.service
|
|
86 |
service.authorized_roles.add(self.authorized_role)
|
|
87 |
service.unauthorized_url = 'https://casclient.com/loser/'
|
|
88 |
service.save()
|
|
89 |
assert service.authorized_roles.exists() is True
|
|
90 |
response = client.get('/idp/cas/login', {constants.SERVICE_PARAM: self.URL})
|
|
91 |
location = response['Location']
|
|
92 |
query = urlparse.parse_qs(location.split('?')[1])
|
|
93 |
next_url, next_url_query = query['next'][0].split('?')
|
|
94 |
next_url_query = urlparse.parse_qs(next_url_query)
|
|
95 |
response = client.post(location, {'login-password-submit': '',
|
|
96 |
'username': self.LOGIN, 'password': self.PASSWORD}, follow=False)
|
|
97 |
response = client.get(response.url)
|
|
98 |
self.assertIn('https://casclient.com/loser/', response.content)
|
|
99 |
|
|
100 |
def test_role_access_control_granted(self):
|
|
101 |
client = Client()
|
|
102 |
service = self.service
|
|
103 |
service.authorized_roles.add(self.authorized_role)
|
|
104 |
get_user_model().objects.get(username=self.LOGIN).roles.add(self.authorized_role)
|
|
105 |
assert service.authorized_roles.exists() is True
|
|
106 |
response = client.get('/idp/cas/login', {constants.SERVICE_PARAM: self.URL})
|
|
107 |
location = response['Location']
|
|
108 |
query = urlparse.parse_qs(location.split('?')[1])
|
|
109 |
next_url, next_url_query = query['next'][0].split('?')
|
|
110 |
next_url_query = urlparse.parse_qs(next_url_query)
|
|
111 |
response = client.post(location, {'login-password-submit': '',
|
|
112 |
'username': self.LOGIN, 'password': self.PASSWORD}, follow=False)
|
|
113 |
response = client.get(response.url)
|
|
114 |
client = Client()
|
|
115 |
ticket_id = urlparse.parse_qs(response.url.split('?')[1])[constants.TICKET_PARAM][0]
|
|
116 |
response = client.get('/idp/cas/validate', {constants.TICKET_PARAM:
|
|
117 |
ticket_id, constants.SERVICE_PARAM: self.URL})
|
|
118 |
|
81 |
119 |
def test_login_validate(self):
|
82 |
120 |
response = self.client.get('/idp/cas/login', {constants.SERVICE_PARAM: self.URL})
|
83 |
121 |
self.assertEquals(response.status_code, 302)
|
84 |
|
-
|