50 |
50 |
|
51 |
51 |
|
52 |
52 |
def test_provision_user(tenant):
|
|
53 |
import lasso
|
|
54 |
from authentic2.saml.models import LibertyProvider
|
|
55 |
|
53 |
56 |
with patch('hobo.agent.authentic2.apps.notify_agents') as notify_agents:
|
54 |
57 |
with tenant_context(tenant):
|
55 |
|
role = Role.objects.create(name='coin', ou=get_default_ou())
|
|
58 |
service = LibertyProvider.objects.create(ou=get_default_ou(), name='provider',
|
|
59 |
entity_id='http://provider.com',
|
|
60 |
protocol_conformance=lasso.PROTOCOL_SAML_2_0)
|
|
61 |
role = Role.objects.create(name='coin', service=service, ou=get_default_ou())
|
|
62 |
role.attributes.create(kind='string', name='is_superuser', value='true')
|
56 |
63 |
notify_agents.reset_mock()
|
57 |
64 |
User = get_user_model()
|
58 |
65 |
attribute = Attribute.objects.create(label='Code postal', name='code_postal',
|
... | ... | |
71 |
78 |
'issuer', 'audience', '@type', 'objects', 'full'])
|
72 |
79 |
assert arg['issuer'] == \
|
73 |
80 |
'http://%s/idp/saml2/metadata' % tenant.domain_url
|
74 |
|
assert arg['audience'] == []
|
|
81 |
assert arg['audience'] == ['http://provider.com']
|
75 |
82 |
assert arg['@type'] == 'provision'
|
76 |
83 |
assert arg['full'] is False
|
77 |
84 |
objects = arg['objects']
|
... | ... | |
82 |
89 |
assert isinstance(data, list)
|
83 |
90 |
assert len(data) == 1
|
84 |
91 |
for o in data:
|
85 |
|
assert set(o.keys()) == set(['uuid', 'username', 'first_name',
|
|
92 |
assert set(o.keys()) == set(['uuid', 'username', 'first_name', 'is_superuser',
|
86 |
93 |
'last_name', 'email', 'roles'])
|
87 |
94 |
assert o['uuid'] == user.uuid
|
88 |
95 |
assert o['username'] == user.username
|
... | ... | |
90 |
97 |
assert o['last_name'] == user.last_name
|
91 |
98 |
assert o['email'] == user.email
|
92 |
99 |
assert o['roles'] == []
|
|
100 |
assert o['is_superuser'] is False
|
93 |
101 |
|
94 |
102 |
notify_agents.reset_mock()
|
95 |
103 |
attribute.set_value(user, '13400')
|
|
104 |
user.is_superuser = True
|
|
105 |
user.save()
|
96 |
106 |
|
97 |
|
assert notify_agents.call_count == 1
|
|
107 |
assert notify_agents.call_count == 2
|
98 |
108 |
arg = notify_agents.call_args
|
99 |
109 |
assert arg == call(ANY)
|
100 |
110 |
arg = arg[0][0]
|
... | ... | |
103 |
113 |
'issuer', 'audience', '@type', 'objects', 'full'])
|
104 |
114 |
assert arg['issuer'] == \
|
105 |
115 |
'http://%s/idp/saml2/metadata' % tenant.domain_url
|
106 |
|
assert arg['audience'] == []
|
|
116 |
assert arg['audience'] == ['http://provider.com']
|
107 |
117 |
assert arg['@type'] == 'provision'
|
108 |
118 |
assert arg['full'] is False
|
109 |
119 |
objects = arg['objects']
|
... | ... | |
115 |
125 |
assert len(data) == 1
|
116 |
126 |
for o in data:
|
117 |
127 |
assert set(o.keys()) == set(['code_postal', 'uuid', 'username', 'first_name',
|
118 |
|
'last_name', 'email', 'roles'])
|
|
128 |
'is_superuser', 'last_name', 'email', 'roles'])
|
119 |
129 |
assert o['uuid'] == user.uuid
|
120 |
130 |
assert o['username'] == user.username
|
121 |
131 |
assert o['first_name'] == user.first_name
|
... | ... | |
123 |
133 |
assert o['email'] == user.email
|
124 |
134 |
assert o['roles'] == []
|
125 |
135 |
assert o['code_postal'] == '13400'
|
|
136 |
assert o['is_superuser'] is True
|
126 |
137 |
|
127 |
138 |
notify_agents.reset_mock()
|
128 |
139 |
AttributeValue.objects.get().delete()
|
... | ... | |
136 |
147 |
'issuer', 'audience', '@type', 'objects', 'full'])
|
137 |
148 |
assert arg['issuer'] == \
|
138 |
149 |
'http://%s/idp/saml2/metadata' % tenant.domain_url
|
139 |
|
assert arg['audience'] == []
|
|
150 |
assert arg['audience'] == ['http://provider.com']
|
140 |
151 |
assert arg['@type'] == 'provision'
|
141 |
152 |
assert arg['full'] is False
|
142 |
153 |
objects = arg['objects']
|
... | ... | |
148 |
159 |
assert len(data) == 1
|
149 |
160 |
for o in data:
|
150 |
161 |
assert set(o.keys()) == set(['uuid', 'username', 'first_name',
|
151 |
|
'last_name', 'email', 'roles'])
|
|
162 |
'is_superuser', 'last_name', 'email', 'roles'])
|
152 |
163 |
assert o['uuid'] == user.uuid
|
153 |
164 |
assert o['username'] == user.username
|
154 |
165 |
assert o['first_name'] == user.first_name
|
155 |
166 |
assert o['last_name'] == user.last_name
|
156 |
167 |
assert o['email'] == user.email
|
157 |
168 |
assert o['roles'] == []
|
|
169 |
assert o['is_superuser'] is True
|
158 |
170 |
|
|
171 |
user.is_superuser = False
|
|
172 |
user.save()
|
159 |
173 |
notify_agents.reset_mock()
|
160 |
174 |
role.members.add(user)
|
161 |
175 |
|
... | ... | |
168 |
182 |
'issuer', 'audience', '@type', 'objects', 'full'])
|
169 |
183 |
assert arg['issuer'] == \
|
170 |
184 |
'http://%s/idp/saml2/metadata' % tenant.domain_url
|
171 |
|
assert arg['audience'] == []
|
|
185 |
assert arg['audience'] == ['http://provider.com']
|
172 |
186 |
assert arg['@type'] == 'provision'
|
173 |
187 |
assert arg['full'] is False
|
174 |
188 |
objects = arg['objects']
|
... | ... | |
180 |
194 |
assert len(data) == 1
|
181 |
195 |
for o in data:
|
182 |
196 |
assert set(o.keys()) == set(['uuid', 'username', 'first_name',
|
183 |
|
'last_name', 'email', 'roles'])
|
|
197 |
'is_superuser', 'last_name', 'email', 'roles'])
|
184 |
198 |
assert o['uuid'] == user.uuid
|
185 |
199 |
assert o['username'] == user.username
|
186 |
200 |
assert o['first_name'] == user.first_name
|
... | ... | |
191 |
205 |
'name': role.name,
|
192 |
206 |
'slug': role.slug
|
193 |
207 |
}]
|
|
208 |
assert o['is_superuser'] is True
|
194 |
209 |
|
195 |
210 |
notify_agents.reset_mock()
|
196 |
211 |
user.roles.remove(role)
|
... | ... | |
204 |
219 |
'issuer', 'audience', '@type', 'objects', 'full'])
|
205 |
220 |
assert arg['issuer'] == \
|
206 |
221 |
'http://%s/idp/saml2/metadata' % tenant.domain_url
|
207 |
|
assert arg['audience'] == []
|
|
222 |
assert arg['audience'] == ['http://provider.com']
|
208 |
223 |
assert arg['@type'] == 'provision'
|
209 |
224 |
assert arg['full'] is False
|
210 |
225 |
objects = arg['objects']
|
... | ... | |
216 |
231 |
assert len(data) == 1
|
217 |
232 |
for o in data:
|
218 |
233 |
assert set(o.keys()) == set(['uuid', 'username', 'first_name',
|
219 |
|
'last_name', 'email', 'roles'])
|
|
234 |
'is_superuser', 'last_name', 'email', 'roles'])
|
220 |
235 |
assert o['uuid'] == user.uuid
|
221 |
236 |
assert o['username'] == user.username
|
222 |
237 |
assert o['first_name'] == user.first_name
|
223 |
238 |
assert o['last_name'] == user.last_name
|
224 |
239 |
assert o['email'] == user.email
|
225 |
240 |
assert o['roles'] == []
|
|
241 |
assert o['is_superuser'] is False
|
226 |
242 |
notify_agents.reset_mock()
|
227 |
243 |
user.delete()
|
228 |
244 |
assert notify_agents.call_count == 1
|
... | ... | |
234 |
250 |
'issuer', 'audience', '@type', 'objects', 'full'])
|
235 |
251 |
assert arg['issuer'] == \
|
236 |
252 |
'http://%s/idp/saml2/metadata' % tenant.domain_url
|
237 |
|
assert arg['audience'] == []
|
|
253 |
assert arg['audience'] == ['http://provider.com']
|
238 |
254 |
assert arg['@type'] == 'deprovision'
|
239 |
255 |
assert arg['full'] is False
|
240 |
256 |
objects = arg['objects']
|
241 |
|
-
|