diff options
author | Michał Górny <mgorny@gentoo.org> | 2013-08-22 21:20:17 +0200 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2013-08-23 12:49:15 +0200 |
commit | 90aa5e39bb44bbc46ec52976879c7f13cbc329e1 (patch) | |
tree | 6a26d2404037505f60363d55397f048f47a1950f /okupy/tests/unit | |
parent | Add tests for SSL auth. (diff) | |
download | identity.gentoo.org-90aa5e39bb44bbc46ec52976879c7f13cbc329e1.tar.gz identity.gentoo.org-90aa5e39bb44bbc46ec52976879c7f13cbc329e1.tar.bz2 identity.gentoo.org-90aa5e39bb44bbc46ec52976879c7f13cbc329e1.zip |
SSLCertAuthBackend: make request mandatory.
django.contrib.auth is prepared to call backends which don't have
matching prototype. Therefore, with mandatory 'request' the backend
simply won't be called for non-SSL requests.
Diffstat (limited to 'okupy/tests/unit')
-rw-r--r-- | okupy/tests/unit/test_auth.py | 19 |
1 files changed, 4 insertions, 15 deletions
diff --git a/okupy/tests/unit/test_auth.py b/okupy/tests/unit/test_auth.py index 1f3eb1d..5793d53 100644 --- a/okupy/tests/unit/test_auth.py +++ b/okupy/tests/unit/test_auth.py @@ -4,7 +4,6 @@ from mockldap import MockLdap from django.conf import settings from django.contrib.auth import authenticate -from django.test.utils import override_settings from .. import vars from ...common.test_helpers import OkupyTestCase, set_request, ldap_users, set_search_seed @@ -22,32 +21,26 @@ class AuthUnitTests(OkupyTestCase): def tearDown(self): self.mockldap.stop() - @override_settings(AUTHENTICATION_BACKENDS=( - 'okupy.common.auth.SSLCertAuthBackend',)) def test_valid_certificate_authenticates_alice(self): request = set_request(uri='/login') request.META['SSL_CLIENT_VERIFY'] = 'SUCCESS' - request.META['SSL_CLIENT_RAW_CERT'] = vars.test_certificate + request.META['SSL_CLIENT_RAW_CERT'] = vars.TEST_CERTIFICATE self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice@test.com', 'mail'))([ldap_users('alice')]) u = authenticate(request=request) self.assertEqual(u.username, vars.LOGIN_ALICE['username']) - @override_settings(AUTHENTICATION_BACKENDS=( - 'okupy.common.auth.SSLCertAuthBackend',)) def test_second_email_authenticates_alice(self): request = set_request(uri='/login') request.META['SSL_CLIENT_VERIFY'] = 'SUCCESS' request.META['SSL_CLIENT_RAW_CERT'] = ( - vars.test_certificate_with_two_email_addresses) + vars.TEST_CERTIFICATE_WITH_TWO_EMAIL_ADDRESSES) self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('test@test.com', 'mail'))([]) self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice@test.com', 'mail'))([ldap_users('alice')]) u = authenticate(request=request) self.assertEqual(u.username, vars.LOGIN_ALICE['username']) - @override_settings(AUTHENTICATION_BACKENDS=( - 'okupy.common.auth.SSLCertAuthBackend',)) def test_no_certificate_returns_none(self): request = set_request(uri='/login') request.META['SSL_CLIENT_VERIFY'] = 'NONE' @@ -55,23 +48,19 @@ class AuthUnitTests(OkupyTestCase): u = authenticate(request=request) self.assertIs(u, None) - @override_settings(AUTHENTICATION_BACKENDS=( - 'okupy.common.auth.SSLCertAuthBackend',)) def test_failed_verification_returns_none(self): request = set_request(uri='/login') request.META['SSL_CLIENT_VERIFY'] = 'FAILURE' - request.META['SSL_CLIENT_RAW_CERT'] = vars.test_certificate + request.META['SSL_CLIENT_RAW_CERT'] = vars.TEST_CERTIFICATE self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice@test.com', 'mail'))([ldap_users('alice')]) u = authenticate(request=request) self.assertIs(u, None) - @override_settings(AUTHENTICATION_BACKENDS=( - 'okupy.common.auth.SSLCertAuthBackend',)) def test_unmatched_email_returns_none(self): request = set_request(uri='/login') request.META['SSL_CLIENT_VERIFY'] = 'SUCCESS' - request.META['SSL_CLIENT_RAW_CERT'] = vars.test_certificate_wrong_email + request.META['SSL_CLIENT_RAW_CERT'] = vars.TEST_CERTIFICATE_WRONG_EMAIL self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('wrong@test.com', 'mail'))([]) u = authenticate(request=request) |