SSLCertAuthBackend: make request mandatory.

django.contrib.auth is prepared to call backends which don't have
matching prototype. Therefore, with mandatory 'request' the backend
simply won't be called for non-SSL requests.

1 files changed, 4 insertions, 15 deletions

diff --git a/okupy/tests/unit/test_auth.py b/okupy/tests/unit/test_auth.py
index 1f3eb1d..5793d53 100644
--- a/okupy/tests/unit/test_auth.py
+++ b/okupy/tests/unit/test_auth.py
@@ -4,7 +4,6 @@ from mockldap import MockLdap
 
 from django.conf import settings
 from django.contrib.auth import authenticate
-from django.test.utils import override_settings
 
 from .. import vars
 from ...common.test_helpers import OkupyTestCase, set_request, ldap_users, set_search_seed
@@ -22,32 +21,26 @@ class AuthUnitTests(OkupyTestCase):
     def tearDown(self):
         self.mockldap.stop()
 
-    @override_settings(AUTHENTICATION_BACKENDS=(
-        'okupy.common.auth.SSLCertAuthBackend',))
     def test_valid_certificate_authenticates_alice(self):
         request = set_request(uri='/login')
         request.META['SSL_CLIENT_VERIFY'] = 'SUCCESS'
-        request.META['SSL_CLIENT_RAW_CERT'] = vars.test_certificate
+        request.META['SSL_CLIENT_RAW_CERT'] = vars.TEST_CERTIFICATE
 
         self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice@test.com', 'mail'))([ldap_users('alice')])
         u = authenticate(request=request)
         self.assertEqual(u.username, vars.LOGIN_ALICE['username'])
 
-    @override_settings(AUTHENTICATION_BACKENDS=(
-        'okupy.common.auth.SSLCertAuthBackend',))
     def test_second_email_authenticates_alice(self):
         request = set_request(uri='/login')
         request.META['SSL_CLIENT_VERIFY'] = 'SUCCESS'
         request.META['SSL_CLIENT_RAW_CERT'] = (
-            vars.test_certificate_with_two_email_addresses)
+            vars.TEST_CERTIFICATE_WITH_TWO_EMAIL_ADDRESSES)
 
         self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('test@test.com', 'mail'))([])
         self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice@test.com', 'mail'))([ldap_users('alice')])
         u = authenticate(request=request)
         self.assertEqual(u.username, vars.LOGIN_ALICE['username'])
 
-    @override_settings(AUTHENTICATION_BACKENDS=(
-        'okupy.common.auth.SSLCertAuthBackend',))
     def test_no_certificate_returns_none(self):
         request = set_request(uri='/login')
         request.META['SSL_CLIENT_VERIFY'] = 'NONE'
@@ -55,23 +48,19 @@ class AuthUnitTests(OkupyTestCase):
         u = authenticate(request=request)
         self.assertIs(u, None)
 
-    @override_settings(AUTHENTICATION_BACKENDS=(
-        'okupy.common.auth.SSLCertAuthBackend',))
     def test_failed_verification_returns_none(self):
         request = set_request(uri='/login')
         request.META['SSL_CLIENT_VERIFY'] = 'FAILURE'
-        request.META['SSL_CLIENT_RAW_CERT'] = vars.test_certificate
+        request.META['SSL_CLIENT_RAW_CERT'] = vars.TEST_CERTIFICATE
 
         self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice@test.com', 'mail'))([ldap_users('alice')])
         u = authenticate(request=request)
         self.assertIs(u, None)
 
-    @override_settings(AUTHENTICATION_BACKENDS=(
-        'okupy.common.auth.SSLCertAuthBackend',))
     def test_unmatched_email_returns_none(self):
         request = set_request(uri='/login')
         request.META['SSL_CLIENT_VERIFY'] = 'SUCCESS'
-        request.META['SSL_CLIENT_RAW_CERT'] = vars.test_certificate_wrong_email
+        request.META['SSL_CLIENT_RAW_CERT'] = vars.TEST_CERTIFICATE_WRONG_EMAIL
 
         self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('wrong@test.com', 'mail'))([])
         u = authenticate(request=request)