forked from zulip/zulip
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test-backend: Raise zerver/views/auth.py test coverage to 100%.
- Loading branch information
1 parent
fe32137
commit 1c0d58f
Showing
3 changed files
with
69 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -701,6 +701,15 @@ def test_log_into_subdomain(self): | |
| user_profile = get_user_profile_by_email('[email protected]') | ||
| self.assertEqual(get_session_dict_user(self.client.session), user_profile.id) | ||
|
|
||
| # If authenticate_remote_user detects a subdomain mismatch, then | ||
| # the result should redirect to the login page. | ||
| with mock.patch( | ||
| 'zerver.views.auth.authenticate_remote_user', | ||
| return_value=(None, {'invalid_subdomain': True})): | ||
| result = self.client_get('/accounts/login/subdomain/') | ||
| self.assertEqual(result.status_code, 302) | ||
| self.assertTrue(result['Location'].endswith, '?subdomain=1') | ||
|
|
||
| def test_user_cannot_log_into_nonexisting_realm(self): | ||
| # type: () -> None | ||
| token_response = ResponseMock(200, {'access_token': "unique_token"}) | ||
|
|
@@ -956,6 +965,45 @@ def test_wrong_password(self): | |
| password="wrong")) | ||
| self.assert_json_error(result, "Your username or password is incorrect.", 403) | ||
|
|
||
| @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.GoogleMobileOauth2Backend',)) | ||
| def test_google_oauth2_token_success(self): | ||
| # type: () -> None | ||
| with mock.patch( | ||
| 'apiclient.sample_tools.client.verify_id_token', | ||
| return_value={ | ||
| "email_verified": True, | ||
| "email": "[email protected]", | ||
| }): | ||
| result = self.client_post("/api/v1/fetch_api_key", | ||
| dict(username="google-oauth2-token", | ||
| password="token")) | ||
| self.assert_json_success(result) | ||
|
|
||
| @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.GoogleMobileOauth2Backend',)) | ||
| def test_google_oauth2_token_failure(self): | ||
| # type: () -> None | ||
| result = self.client_post("/api/v1/fetch_api_key", | ||
| dict(username="google-oauth2-token", | ||
| password="token")) | ||
| self.assert_json_error(result, "Your username or password is incorrect.", 403) | ||
|
|
||
| @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.GoogleMobileOauth2Backend',)) | ||
| def test_google_oauth2_token_unregistered(self): | ||
| # type: () -> None | ||
| with mock.patch( | ||
| 'apiclient.sample_tools.client.verify_id_token', | ||
| return_value={ | ||
| "email_verified": True, | ||
| "email": "[email protected]", | ||
| }): | ||
| result = self.client_post("/api/v1/fetch_api_key", | ||
| dict(username="google-oauth2-token", | ||
| password="token")) | ||
| self.assert_json_error( | ||
| result, | ||
| "This user is not registered; do so from a browser.", | ||
| 403) | ||
|
|
||
| def test_password_auth_disabled(self): | ||
| # type: () -> None | ||
| with mock.patch('zproject.backends.password_auth_enabled', return_value=False): | ||
|
|
@@ -1149,6 +1197,16 @@ def test_login_success(self): | |
| self.assertEqual(result.status_code, 302) | ||
| self.assertEqual(get_session_dict_user(self.client.session), user_profile.id) | ||
|
|
||
| def test_login_with_subdomain(self): | ||
| # type: () -> None | ||
| email = '[email protected]' | ||
| user_profile = get_user_profile_by_email(email) | ||
| data = {'direct_email': email} | ||
| with self.settings(REALMS_HAVE_SUBDOMAINS=True): | ||
| result = self.client_post('/accounts/login/local/', data) | ||
| self.assertEqual(result.status_code, 302) | ||
| self.assertEqual(get_session_dict_user(self.client.session), user_profile.id) | ||
|
|
||
| def test_login_failure(self): | ||
| # type: () -> None | ||
| email = '[email protected]' | ||
|
|
@@ -1320,6 +1378,15 @@ def test_login_failure_when_user_does_not_exist(self): | |
| self.assertEqual(result.status_code, 302) # This should ideally be not 200. | ||
| self.assertIs(get_session_dict_user(self.client.session), None) | ||
|
|
||
| # The /accounts/login/jwt/ endpoint should also handle the case | ||
| # where the authentication attempt throws UserProfile.DoesNotExist. | ||
| with mock.patch( | ||
| 'zerver.views.auth.authenticate', | ||
| side_effect=UserProfile.DoesNotExist("Do not exist")): | ||
| result = self.client_post('/accounts/login/jwt/', data) | ||
| self.assertEqual(result.status_code, 302) # This should ideally be not 200. | ||
| self.assertIs(get_session_dict_user(self.client.session), None) | ||
|
|
||
| def test_login_failure_due_to_wrong_subdomain(self): | ||
| # type: () -> None | ||
| payload = {'user': 'hamlet', 'realm': 'zulip.com'} | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters