richard
/
doccano
mirror of https://github.com/doccano/doccano.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2205 Commits
14 Branches
32 Tags
77 MiB
Tree: 3bfd5ac285
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3bfd5ac285'
${ noResults }
doccano/backend/server/tests/test_social_auth.py

169 lines
5.5 KiB
Raw Normal View History

Add option to read user admin status from Github
5 years ago
Add option to read user admin status from AAD
5 years ago
Add option to read user admin status from Github
5 years ago
Add tests
4 years ago
Add option to read user admin status from Github
5 years ago
Add option to read user admin status from AAD
5 years ago
Add tests
4 years ago
  1. from django.contrib.auth import get_user_model
  2. from django.test import TestCase, override_settings
  3. from social_core.backends.azuread_tenant import AzureADTenantOAuth2
  4. from social_core.backends.github import GithubOAuth2
  5. from social_core.backends.okta import OktaOAuth2
  6. from social_core.backends.okta_openidconnect import OktaOpenIdConnect
  7. from vcr_unittest import VCRMixin
  9. from .. import social_auth
  11. User = get_user_model()
  14. class VCRTestCase(VCRMixin, TestCase):
  15. @property
  16. def access_token(self):
  17. raise NotImplementedError()
  19. def _get_vcr(self, **kwargs):
  20. kwargs['decode_compressed_response'] = True
  21. kwargs['record_mode'] = 'none' if self.access_token == 'censored' else 'all'
  22. return super()._get_vcr(**kwargs)
  24. def _get_vcr_kwargs(self, **kwargs):
  25. kwargs['filter_headers'] = ['Authorization']
  26. return super()._get_vcr_kwargs(**kwargs)
  29. @override_settings(GITHUB_ADMIN_ORG_NAME='CatalystCode')
  30. @override_settings(GITHUB_ADMIN_TEAM_NAME='doccano-dev')
  31. class TestGithubSocialAuth(VCRTestCase):
  32. strategy = None
  33. backend = GithubOAuth2(strategy=strategy)
  34. access_token = 'censored'
  36. def test_fetch_permissions_is_admin(self):
  37. user = User()
  39. social_auth.fetch_github_permissions(
  40. strategy=self.strategy,
  41. details={'username': 'c-w'},
  42. user=user,
  43. backend=self.backend,
  44. response={'access_token': self.access_token},
  45. )
  47. self.assertTrue(user.is_superuser)
  49. def test_fetch_permissions_not_admin(self):
  50. user = User()
  52. social_auth.fetch_github_permissions(
  53. strategy=self.strategy,
  54. details={'username': 'hirosan'},
  55. user=user,
  56. backend=self.backend,
  57. response={'access_token': self.access_token},
  58. )
  60. self.assertFalse(user.is_superuser)
  63. @override_settings(SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY='aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa')
  64. @override_settings(SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET='bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb=')
  65. @override_settings(SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT='cccccccc-cccc-cccc-cccc-cccccccccccc')
  66. class TestAzureADTenantSocialAuth(VCRTestCase):
  67. strategy = None
  68. backend = AzureADTenantOAuth2(strategy=strategy)
  69. access_token = 'censored'
  71. @override_settings(AZUREAD_ADMIN_GROUP_ID='dddddddd-dddd-dddd-dddd-dddddddddddd')
  72. def test_fetch_permissions_is_admin(self):
  73. user = User()
  75. social_auth.fetch_azuread_permissions(
  76. strategy=self.strategy,
  77. details={},
  78. user=user,
  79. backend=self.backend,
  80. response={'access_token': self.access_token},
  81. )
  83. self.assertTrue(user.is_superuser)
  85. @override_settings(AZUREAD_ADMIN_GROUP_ID='eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee')
  86. def test_fetch_permissions_not_admin(self):
  87. user = User()
  89. social_auth.fetch_azuread_permissions(
  90. strategy=self.strategy,
  91. details={},
  92. user=user,
  93. backend=self.backend,
  94. response={'access_token': self.access_token},
  95. )
  97. self.assertFalse(user.is_superuser)
  100. @override_settings(SOCIAL_AUTH_OKTA_OAUTH2_KEY='0000000000aaaaaaaaaa') # nosec
  101. @override_settings(SOCIAL_AUTH_OKTA_OAUTH2_SECRET='bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb=') # nosec
  102. @override_settings(SOCIAL_AUTH_OKTA_OAUTH2_API_URL='https://dev-000000.okta.com/oauth2') # nosec
  103. @override_settings(OKTA_OAUTH2_ADMIN_GROUP_NAME='admin-group')
  104. class TestOktaOAuth2SocialAuth(VCRTestCase):
  105. strategy = None
  106. backend = OktaOAuth2(strategy=strategy)
  107. access_token = 'censored'
  109. def test_fetch_permissions_is_admin(self):
  110. user = User()
  112. social_auth.fetch_okta_oauth2_permissions(
  113. strategy=self.strategy,
  114. details={},
  115. user=user,
  116. backend=self.backend,
  117. response={'access_token': self.access_token},
  118. )
  120. self.assertTrue(user.is_superuser)
  122. def test_fetch_permissions_not_admin(self):
  123. user = User()
  125. social_auth.fetch_okta_oauth2_permissions(
  126. strategy=self.strategy,
  127. details={},
  128. user=user,
  129. backend=self.backend,
  130. response={'access_token': self.access_token},
  131. )
  133. self.assertFalse(user.is_superuser)
  136. @override_settings(SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY='0000000000aaaaaaaaaa') # nosec
  137. @override_settings(SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET='bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb=') # nosec
  138. @override_settings(SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL='https://dev-000000.okta.com/oauth2') # nosec
  139. @override_settings(OKTA_OPENIDCONNECT_ADMIN_GROUP_NAME='admin-group')
  140. class TestOktaOpenIdConnectSocialAuth(VCRTestCase):
  141. strategy = None
  142. backend = OktaOpenIdConnect(strategy=strategy)
  143. access_token = 'censored'
  145. def test_fetch_permissions_is_admin(self):
  146. user = User()
  148. social_auth.fetch_okta_openidconnect_permissions(
  149. strategy=self.strategy,
  150. details={},
  151. user=user,
  152. backend=self.backend,
  153. response={'access_token': self.access_token},
  154. )
  156. self.assertTrue(user.is_superuser)
  158. def test_fetch_permissions_not_admin(self):
  159. user = User()
  161. social_auth.fetch_okta_openidconnect_permissions(
  162. strategy=self.strategy,
  163. details={},
  164. user=user,
  165. backend=self.backend,
  166. response={'access_token': self.access_token},
  167. )
  169. self.assertFalse(user.is_superuser)