Skip to content

test_sso_authentication#

test_sso_login#

Source code in tests/unit/apps/users/api/test_sso_authentication.py 
14
15
16
17
18
19
20
21
@pytest.mark.django_db
def test_sso_login(client, user, enable_sso):
    resp = client.get(reverse("login") + "?next=/v3/somewhere")
    assert resp.status_code == 302  # redirect
    assert (
        resp.url == "https://fake-sso/login"
        "?service=METAX&redirect_url=http%3A%2F%2Ftestserver%2Fv3%2Fsomewhere&language=en"
    )

test_sso_login_invalid_next#

Source code in tests/unit/apps/users/api/test_sso_authentication.py 
24
25
26
27
28
29
30
31
@pytest.mark.django_db
def test_sso_login_invalid_next(client, user, enable_sso):
    resp = client.get(reverse("login") + "?next=https://www.example.com")
    assert resp.status_code == 302  # redirect
    assert (
        resp.url == "https://fake-sso/login"
        "?service=METAX&redirect_url=http%3A%2F%2Ftestserver%2Fv3%2F&language=en"
    )

test_sso_login_disabled#

Source code in tests/unit/apps/users/api/test_sso_authentication.py 
34
35
36
37
38
@pytest.mark.django_db
def test_sso_login_disabled(client, disable_sso):
    resp = client.get(reverse("login"))
    assert resp.status_code == 405
    assert 'Method "GET" not allowed' in resp.data["detail"]

test_sso_misconfiguration#

Source code in tests/unit/apps/users/api/test_sso_authentication.py 
41
42
43
44
45
46
@pytest.mark.django_db
def test_sso_misconfiguration(client, enable_sso, settings):
    settings.SSO_SESSION_COOKIE = None
    resp = client.get(reverse("user"))
    assert resp.status_code == 403
    assert "invalid_sso_configuration" in resp.data["code"]

test_sso_logout#

Source code in tests/unit/apps/users/api/test_sso_authentication.py 
49
50
51
52
53
54
55
56
57
58
@pytest.mark.django_db
def test_sso_logout(client, user, enable_sso, sso_session_teppo, get_sso_token):
    token = get_sso_token(sso_session_teppo)
    client.cookies = SimpleCookie({django_settings.SSO_SESSION_COOKIE: token})
    resp = client.post(reverse("logout") + "?next=/somewhere")
    assert resp.status_code == 302  # redirect
    assert (
        resp.url == "https://fake-sso/logout"
        "?service=METAX&redirect_url=http%3A%2F%2Ftestserver%2Fv3%2F&language=en"
    )

test_sso_logout_sso_disabled#

Source code in tests/unit/apps/users/api/test_sso_authentication.py 
61
62
63
64
65
@pytest.mark.django_db
def test_sso_logout_sso_disabled(client, user, disable_sso):
    resp = client.post(reverse("logout"))
    assert resp.status_code == 302  # redirect
    assert resp.url == "/"

test_sso_user#

Source code in tests/unit/apps/users/api/test_sso_authentication.py 
68
69
70
71
72
73
74
75
@pytest.mark.django_db
def test_sso_user(client, user, enable_sso, sso_session_teppo, get_sso_token):
    token = get_sso_token(sso_session_teppo)
    client.cookies = SimpleCookie({django_settings.SSO_SESSION_COOKIE: token})
    resp = client.get(reverse("user"))
    assert resp.status_code == 200
    assert resp.data["username"] == sso_session_teppo["fairdata_user"]["id"]
    assert resp.data["csc_projects"] == ["fd_teppo3_project"]

test_sso_user_error#

Source code in tests/unit/apps/users/api/test_sso_authentication.py 
78
79
80
81
82
83
84
85
@pytest.mark.django_db
def test_sso_user_error(client, user, enable_sso, sso_session_teppo, get_sso_token):
    sso_session_teppo["fairdata_user"]["id"] = None
    token = get_sso_token(sso_session_teppo)
    client.cookies = SimpleCookie({django_settings.SSO_SESSION_COOKIE: token})
    resp = client.get(reverse("user"))
    assert resp.status_code == 403
    assert resp.data["code"] == "missing_fairdata_user_id"

test_sso_user_not_logged_in#

Source code in tests/unit/apps/users/api/test_sso_authentication.py 
88
89
90
91
92
@pytest.mark.django_db
def test_sso_user_not_logged_in(client, user, enable_sso):
    resp = client.get(reverse("user"))
    assert resp.status_code == 403
    assert resp.json()["detail"] == "Authentication credentials were not provided."

user_status_json#

Source code in tests/unit/apps/users/api/test_sso_authentication.py 
 95
 96
 97
 98
 99
100
101
102
103
104
105
def user_status_json(user, **kwargs):
    return {
        "id": str(user.id),
        "email": "test@example.com",
        "locked": False,
        "modified": "2023-12-14T05:57:11Z",
        "name": "Test User",
        "qvain_admin_organizations": [],
        "projects": [],
        **kwargs,
    }

test_sso_sync#

Source code in tests/unit/apps/users/api/test_sso_authentication.py 
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
def test_sso_sync(enable_sso, user_client, user, requests_mock):
    requests_mock.post(
        f"{django_settings.SSO_HOST}/user_status",
        json=user_status_json(user, projects=["user_project", "another_project"]),
    )

    user.fairdata_username = user.username  # make user a fairdata user

    # Recent sync, should not sync user on next request
    user.synced = timezone.now()
    user.save()

    res = user_client.get(reverse("user"))
    assert res.status_code == 200
    assert res.data["csc_projects"] == []

    # No previous sync, should sync user
    user.refresh_from_db()
    user.synced = None
    user.save()

    res = user_client.get(reverse("user"))
    assert res.status_code == 200
    assert res.data["csc_projects"] == ["user_project", "another_project"]

    requests_mock.post(
        f"{django_settings.SSO_HOST}/user_status",
        json=user_status_json(user, projects=["not_yet_synced_project"]),
    )

    # Long time since sync, should sync user
    user.refresh_from_db()
    user.synced = timezone.now() - timezone.timedelta(days=28)
    user.save()
    res = user_client.get(reverse("user"))
    assert res.status_code == 200
    assert res.data["csc_projects"] == ["not_yet_synced_project"]

test_sso_sync_locked_account#

Source code in tests/unit/apps/users/api/test_sso_authentication.py 
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
def test_sso_sync_locked_account(enable_sso, user_client, user, requests_mock):
    requests_mock.post(
        f"{django_settings.SSO_HOST}/user_status",
        json=user_status_json(user, locked=True),
    )
    user.fairdata_username = user.username  # make user a fairdata user
    user.save()

    # User should be locked on sync
    res = user_client.get(reverse("user"))
    assert res.status_code == 403
    assert res.json()["detail"] == "User account has been deactivated."

    # User should be unlocked on sync
    requests_mock.post(
        f"{django_settings.SSO_HOST}/user_status",
        json=user_status_json(user, locked=False),
    )
    res = user_client.get(reverse("user"))
    assert res.status_code == 200

test_sso_sync_disabled#

Source code in tests/unit/apps/users/api/test_sso_authentication.py 
169
170
171
172
173
174
175
176
177
178
179
180
def test_sso_sync_disabled(disable_sso, user_client, user, requests_mock):
    requests_mock.post(
        f"{django_settings.SSO_HOST}/user_status",
        json=user_status_json(user, projects=["notsyncing"]),
    )
    user.fairdata_username = user.username  # make user a fairdata user
    user.save()

    # Should not sync when sso is disabled
    res = user_client.get(reverse("user"))
    assert res.status_code == 200
    assert res.data["csc_projects"] == []