0005-authentication-forms-add-user-phone-as-identifier-69.patch

Paul Marillonnet, 21 septembre 2022 09:34

Voir les différences: en ligne côte à côte

Subject: [PATCH 5/5] authentication/forms: add user phone as identifier
 (#69221)

 src/authentic2/app_settings.py            |  1 +
 src/authentic2/backends/models_backend.py |  6 ++++
 src/authentic2/forms/authentication.py    | 20 ++++++++++++-
 src/authentic2/views.py                   |  3 +-
 tests/conftest.py                         | 12 ++++++++
 tests/test_backends.py                    | 16 +++++++++++
 tests/test_login.py                       | 34 +++++++++++++++++++++++
 tests/test_user_manager.py                |  2 +-
 tests/utils.py                            | 30 ++++++++++++++++++--
 9 files changed, 118 insertions(+), 6 deletions(-)

src/authentic2/app_settings.py
291	291	A2_ACCOUNTS_URL=Setting(default=None, definition='IdP has no account page, redirect to this one.'),
292	292	A2_CACHE_ENABLED=Setting(default=True, definition='Disable all cache decorators for testing purpose.'),
293	293	A2_ACCEPT_EMAIL_AUTHENTICATION=Setting(default=True, definition='Enable authentication by email'),
	294	A2_ACCEPT_PHONE_AUTHENTICATION=Setting(default=False, definition='Enable authentication by phone'),
294	295	A2_EMAILS_IP_RATELIMIT=Setting(
295	296	default='10/h', definition='Maximum rate of email sendings triggered by the same IP address.'
296	297	),

                     queries.append(models.Q(**{'email__iexact': username}))
             except models.FieldDoesNotExist:
                 pass
             try:
                 if app_settings.A2_ACCEPT_PHONE_AUTHENTICATION and UserModel._meta.get_field('phone'):
                     # try with the phone number as user identifier
                     queries.append(models.Q(**{'phone': username}))
             except models.FieldDoesNotExist:
                 pass
             if realm is None:
                 queries.append(models.Q(**{username_field: username}))

     from django import forms
     from django.conf import settings
     from django.contrib.auth import forms as auth_forms
     from django.contrib.auth import get_user_model
     from django.forms.widgets import Media
     from django.utils import html
     from django.utils.encoding import force_text
     from django.utils.translation import ugettext
     from django.utils.translation import ugettext_lazy as _
     from authentic2.forms.fields import PasswordField
     from authentic2.forms.fields import PasswordField, PhoneField
     from authentic2.utils.lazy import lazy_label
     from .. import app_settings
-...
     class AuthenticationForm(auth_forms.AuthenticationForm):
         username = auth_forms.UsernameField(
             widget=forms.TextInput(attrs={'autofocus': True}),
             required=False,
+        )
         phone = PhoneField(
             label=_('Phone number'),
             help_text=_('Your mobile phone number if declared in your user account.'),
+        )
         password = PasswordField(label=_('Password'))
         remember_me = forms.BooleanField(
             initial=False,
-...
                 factor=app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_FACTOR,
+            )
             if not app_settings.A2_ACCEPT_PHONE_AUTHENTICATION or not get_user_model()._meta.get_field('phone'):
                 del self.fields['phone']
             if not self.authenticator.remember_me:
                 del self.fields['remember_me']
-...
             username = self.cleaned_data.get('username')
             password = self.cleaned_data.get('password')
             if app_settings.A2_ACCEPT_PHONE_AUTHENTICATION and get_user_model()._meta.get_field('phone'):
                 # Django's ModelBackend only understands a single field as 'username' identifier
                 # for authentication purposes.  In authentic it is already used for authn using the
                 # email address.  Below is the addition of the phone number as authn identifier.
                 self.cleaned_data['username'] = username = self.cleaned_data.get('phone')
             keys = None
             if username and password:
                 keys = self.exp_backoff_keys()

                 return response
             else:
                 username = form.cleaned_data.get('username', '').strip()
                 username = form.cleaned_data.get('username') or ''
                 username = username.strip()
                 if request.failed_logins:
                     for user, failure_data in request.failed_logins.items():
                         request.journal.record(

             last_name='Dôe',
             email='user@example.net',
             ou=get_default_ou(),
             phone='+33123456789',
+        )
     @pytest.fixture
     def nomail_user(db, ou1):
         return create_user(
             username='user',
             first_name='Jôhn',
             last_name='Dôe',
             ou=get_default_ou(),
             phone='+33123456789',
+        )

         assert not authenticate(username=user_ou1.username, password=user_ou1.username)
         assert is_user_authenticable(simple_user)
         assert not is_user_authenticable(user_ou1)
     def test_model_backend_phone_number(settings, db, simple_user, nomail_user, ou1):
         settings.A2_ACCEPT_PHONE_AUTHENTICATION = True
         assert authenticate(username=simple_user.phone, password=simple_user.username)
         assert is_user_authenticable(simple_user)
         assert authenticate(username=nomail_user.phone, password=nomail_user.username)
         assert is_user_authenticable(nomail_user)
     def test_model_backend_phone_number_email(settings, db, simple_user):
         settings.A2_ACCEPT_PHONE_AUTHENTICATION = True
         # user with both phone number and username can authenticate in two different ways
         assert authenticate(username=simple_user.username, password=simple_user.username)
         assert authenticate(username=simple_user.phone, password=simple_user.username)
         assert is_user_authenticable(simple_user)

         assert_event('user.logout', user=simple_user, session=session)
     def test_success_phone_authn_nomail_user(db, app, nomail_user, settings):
         settings.A2_ACCEPT_PHONE_AUTHENTICATION = True
         login(app, nomail_user, login='123456789', phone_authn=True)
         assert_event('user.login', user=nomail_user, session=app.session, how='password-on-https')
         session = app.session
         app.get('/logout/').form.submit()
         assert_event('user.logout', user=nomail_user, session=session)
     def test_success_phone_authn_simple_user(db, app, simple_user, settings):
         settings.A2_ACCEPT_PHONE_AUTHENTICATION = True
         login(app, simple_user, login='123456789', phone_authn=True)
         assert_event('user.login', user=simple_user, session=app.session, how='password-on-https')
         session = app.session
         app.get('/logout/').form.submit()
         assert_event('user.logout', user=simple_user, session=session)
     def test_failure(db, app, simple_user):
         login(app, simple_user, password='wrong', fail=True)
         assert_event('user.login.failure', user=simple_user, username=simple_user.username)
-...
         assert_event('user.login.failure', username='noone')
     def test_failure_no_means_of_authentication(db, app, nomail_user, settings):
         settings.A2_ACCEPT_PHONE_AUTHENTICATION = True
         nomail_user.username = None
         nomail_user.phone = None
         nomail_user.save()
         with pytest.raises(AssertionError):
             login(app, nomail_user)
             assert_event('user.login.failure', user=nomail_user, username=nomail_user.username)
         with pytest.raises(AssertionError):
             login(app, nomail_user, phone_authn=True)
             assert_event('user.login.failure', user=nomail_user, username=nomail_user.username)
     def test_login_inactive_user(db, app):
         user1 = User.objects.create(username='john.doe')
         user1.set_password('john.doe')

         other_user.roles.add(other_role)
         other_user.save()
         login(app, other_user, '/manage/', 'auietsrn')
         login(app, other_user, '/manage/', password='auietsrn')
         resp = app.get(reverse('a2-manager-user-detail', kwargs={'pk': simple_user.id}))
         assert '/manage/roles/%s/' % role1.pk in resp.text
         assert 'Role 1' in resp.text

     from authentic2.utils import misc as utils_misc
     def login(app, user, path=None, password=None, remember_me=None, args=None, kwargs=None, fail=False):
     def login(
         app,
         user,
         path=None,
         login=None,
         password=None,
         remember_me=None,
         phone_authn=False,
         args=None,
         kwargs=None,
         fail=False,
     ):
         if path:
             args = args or []
             kwargs = kwargs or {}
-...
             login_page = app.get(reverse('auth_login'))
         assert login_page.request.path == reverse('auth_login')
         form = login_page.form
         username = user.username if hasattr(user, 'username') else user
         form.set('username', username)
         if not phone_authn:
             if login:
                 username = login
             elif hasattr(user, 'username'):
                 username = user.username
             else:
                 username = user
             form.set('username', username)
         else:
             if login:
                 phone = login
             else:
                 phone = user.phone
             form.set('phone_0', '33')
             form.set('phone_1', phone)
         # password is supposed to be the same as username
         form.set('password', password or (user.clear_password if hasattr(user, 'clear_password') else username))
         if remember_me is not None:
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0005-authentication-forms-add-user-phone-as-identifier-69.patch