0001-misc-add-journal-event-type-for-access-denied-event-.patch
| src/authentic2/journal_event_types.py | ||
|---|---|---|
| 329 | 329 |
return _('unauthorization of single sign on with "{service}"').format(service=service_name)
|
| 330 | 330 | |
| 331 | 331 | |
| 332 |
class UserServiceSSODenied(EventTypeWithService): |
|
| 333 |
name = 'user.service.sso.denial' |
|
| 334 |
label = _('was denied single-sign-on')
|
|
| 335 | ||
| 336 |
@classmethod |
|
| 337 |
def record(cls, user, session, service, **kwargs): |
|
| 338 |
super().record(user=user, session=session, service=service, data=kwargs) |
|
| 339 | ||
| 340 |
@classmethod |
|
| 341 |
def get_message(cls, event, context): |
|
| 342 |
service_name = cls.get_service_name(event) |
|
| 343 |
return _('was denied single sign on with "{service}"').format(service=service_name)
|
|
| 344 | ||
| 345 | ||
| 332 | 346 |
class UserEmailChangeRequest(EventTypeDefinition): |
| 333 | 347 |
name = 'user.email.change.request' |
| 334 | 348 |
label = _('email change request')
|
| src/authentic2/utils/misc.py | ||
|---|---|---|
| 1082 | 1082 | |
| 1083 | 1083 |
def unauthorized_view(request, service): |
| 1084 | 1084 |
context = {'callback_url': service.unauthorized_url or reverse('auth_homepage')}
|
| 1085 |
request.journal.record('user.service.sso.denial', service=service)
|
|
| 1085 | 1086 |
return render(request, 'authentic2/unauthorized.html', context=context) |
| 1086 | 1087 | |
| 1087 | 1088 | |
| tests/test_idp_cas.py | ||
|---|---|---|
| 27 | 27 |
from authentic2_idp_cas import constants |
| 28 | 28 |
from authentic2_idp_cas.models import Attribute, Service, Ticket |
| 29 | 29 | |
| 30 |
from .utils import Authentic2TestCase |
|
| 30 |
from .utils import Authentic2TestCase, assert_event
|
|
| 31 | 31 | |
| 32 | 32 |
CAS_NAMESPACES = {
|
| 33 | 33 |
'cas': constants.CAS_NAMESPACE, |
| ... | ... | |
| 138 | 138 |
follow=False, |
| 139 | 139 |
) |
| 140 | 140 |
response = client.get(response.url) |
| 141 |
assert_event( |
|
| 142 |
'user.service.sso.denial', |
|
| 143 |
session=client.session, |
|
| 144 |
user=self.user, |
|
| 145 |
service=self.service, |
|
| 146 |
) |
|
| 141 | 147 |
self.assertIn('https://casclient.com/loser/', force_text(response.content))
|
| 142 | 148 | |
| 143 | 149 |
def test_role_access_control_granted(self): |
| tests/test_idp_saml2.py | ||
|---|---|---|
| 612 | 612 |
scenario.launch_authn_request() |
| 613 | 613 |
scenario.login(user=user) |
| 614 | 614 |
assert scenario.idp_response.pyquery('a[href="%s"]' % 'https://whatever.com/loser/').text() == 'Back'
|
| 615 |
utils.assert_event( |
|
| 616 |
'user.service.sso.denial', |
|
| 617 |
session=app.session, |
|
| 618 |
user=user, |
|
| 619 |
service=scenario.sp.provider, |
|
| 620 |
) |
|
| 615 | 621 | |
| 616 | 622 | |
| 617 | 623 |
def test_sso_redirect_artifact_login_hints(app, user, keys): |
| tests/test_manager_journal.py | ||
|---|---|---|
| 268 | 268 |
) |
| 269 | 269 | |
| 270 | 270 |
make("user.service.sso.refusal", user=user, session=session1, service=service)
|
| 271 |
make("user.service.sso.denial", user=user, session=session1, service=service)
|
|
| 271 | 272 | |
| 272 | 273 |
# verify we created at least one event for each type |
| 273 | 274 |
assert set(Event.objects.values_list("type__name", flat=True)) == set(_registry)
|
| ... | ... | |
| 591 | 592 |
'type': 'user.service.sso.refusal', |
| 592 | 593 |
'user': 'Johnny doe', |
| 593 | 594 |
}, |
| 595 |
{
|
|
| 596 |
'message': 'was denied single sign on with "service"', |
|
| 597 |
'timestamp': 'Jan. 2, 2020, 9 p.m.', |
|
| 598 |
'type': 'user.service.sso.denial', |
|
| 599 |
'user': 'Johnny doe', |
|
| 600 |
}, |
|
| 594 | 601 |
] |
| 595 | 602 | |
| 596 | 603 |
agent_page = response.click('agent', index=1)
|
| ... | ... | |
| 805 | 812 |
'type': 'user.service.sso.refusal', |
| 806 | 813 |
'user': 'Johnny doe', |
| 807 | 814 |
}, |
| 815 |
{
|
|
| 816 |
'message': 'was denied single sign on with "service"', |
|
| 817 |
'timestamp': 'Jan. 2, 2020, 9 p.m.', |
|
| 818 |
'type': 'user.service.sso.denial', |
|
| 819 |
'user': 'Johnny doe', |
|
| 820 |
}, |
|
| 808 | 821 |
] |
| 809 | 822 | |
| 810 | 823 | |
| ... | ... | |
| 1029 | 1042 | |
| 1030 | 1043 |
response.form.set('search', 'session:1234')
|
| 1031 | 1044 |
response = response.form.submit() |
| 1032 |
assert len(response.pyquery('tbody tr')) == 12
|
|
| 1045 |
assert len(response.pyquery('tbody tr')) == 13
|
|
| 1033 | 1046 |
assert all( |
| 1034 | 1047 |
text_content(node) == 'Johnny doe' |
| 1035 | 1048 |
for node in response.pyquery('tbody tr td.journal-list--user-column')
|
| 1036 |
- |
|