62 |
62 |
assert '_auth_user_id' not in app.session
|
63 |
63 |
user2.is_active = False
|
64 |
64 |
user2.save()
|
65 |
65 |
with pytest.raises(AssertionError):
|
66 |
66 |
login(app, user1)
|
67 |
67 |
assert '_auth_user_id' not in app.session
|
68 |
68 |
|
69 |
69 |
|
70 |
|
def test_show_condition(db, app, settings, caplog):
|
|
70 |
@pytest.mark.parametrize('enabled', [False, True])
|
|
71 |
def test_show_condition(db, app, settings, caplog, enabled):
|
|
72 |
settings.A2_AUTH_PASSWORD_ENABLE = enabled
|
71 |
73 |
response = app.get('/login/')
|
72 |
|
assert 'name="login-password-submit"' in response
|
|
74 |
if enabled:
|
|
75 |
assert 'name="login-password-submit"' in response
|
|
76 |
else:
|
|
77 |
assert 'name="login-password-submit"' not in response
|
73 |
78 |
|
74 |
79 |
settings.AUTH_FRONTENDS_KWARGS = {'password': {'show_condition': 'False'}}
|
75 |
80 |
response = app.get('/login/')
|
76 |
81 |
# login form must not be displayed
|
77 |
82 |
assert 'name="login-password-submit"' not in response
|
78 |
83 |
assert len(caplog.records) == 0
|
79 |
84 |
# set a condition with error
|
80 |
|
with check_log(caplog, 'name \'unknown\' is not defined'):
|
81 |
|
settings.AUTH_FRONTENDS_KWARGS = {'password': {'show_condition': '\'admin\' in unknown'}}
|
82 |
|
response = app.get('/login/')
|
|
85 |
|
|
86 |
settings.AUTH_FRONTENDS_KWARGS = {'password': {'show_condition': '\'admin\' in unknown'}}
|
|
87 |
response = app.get('/login/')
|
|
88 |
if enabled:
|
|
89 |
assert 'name="login-password-submit"' in response
|
|
90 |
else:
|
83 |
91 |
assert 'name="login-password-submit"' not in response
|
|
92 |
assert len(caplog.records) == 0
|
84 |
93 |
|
85 |
94 |
|
86 |
|
def test_show_condition_service(db, app, settings):
|
|
95 |
@pytest.mark.parametrize('enabled', [False, True])
|
|
96 |
def test_show_condition_service(db, app, settings, enabled):
|
|
97 |
settings.A2_AUTH_PASSWORD_ENABLE = enabled
|
87 |
98 |
settings.AUTH_FRONTENDS_KWARGS = {'password': {'show_condition': 'service_slug == \'portal\''}}
|
88 |
99 |
response = app.get('/login/', params={'service': 'portal'})
|
89 |
|
assert 'name="login-password-submit"' not in response
|
|
100 |
if enabled:
|
|
101 |
assert 'name="login-password-submit"' in response
|
|
102 |
else:
|
|
103 |
assert 'name="login-password-submit"' not in response
|
90 |
104 |
|
91 |
105 |
# Create a service
|
92 |
106 |
models.Service.objects.create(name='Service', slug='portal')
|
93 |
107 |
response = app.get('/login/', params={'service': 'portal'})
|
94 |
|
assert 'name="login-password-submit"' in response
|
|
108 |
if enabled:
|
|
109 |
assert 'name="login-password-submit"' in response
|
|
110 |
else:
|
|
111 |
assert 'name="login-password-submit"' not in response
|
95 |
112 |
|
96 |
113 |
|
97 |
114 |
def test_show_condition_with_headers(app, settings):
|
98 |
115 |
settings.A2_AUTH_OIDC_ENABLE = False # prevent db access by OIDC frontend
|
99 |
116 |
settings.AUTH_FRONTENDS_KWARGS = {'password': {'show_condition': '\'X-Entrouvert\' in headers'}}
|
100 |
117 |
response = app.get('/login/')
|
101 |
118 |
assert 'name="login-password-submit"' not in response
|
102 |
119 |
response = app.get('/login/', headers={'x-entrouvert': '1'})
|
103 |
|
-
|