test_auth.py

#
from unittest import mock

from django.test import TestCase
from django.contrib.auth.models import User
from ivatar.ivataraccount.auth import FedoraOpenIdConnect
from ivatar.ivataraccount.models import ConfirmedEmail
from django.test import override_settings
#

Check that a Fedora user gets a ConfirmedEmail automatically.

@override_settings(SOCIAL_AUTH_FEDORA_OIDC_ENDPOINT="https://id.example.com/")
class AuthFedoraTestCase(TestCase):
    def _authenticate(self, response):
        backend = FedoraOpenIdConnect()
        pipeline = backend.strategy.get_pipeline(backend)
        return backend.pipeline(pipeline, response=response)

    def test_new_user(self):
#
        user = self._authenticate({"nickname": "testuser", "email": "test@example.com"})
        self.assertEqual(user.confirmedemail_set.count(), 1)
        self.assertEqual(user.confirmedemail_set.first().email, "test@example.com")
#

Check that ConfirmedEmails aren’t automatically created for untrusted backends.

    @mock.patch("ivatar.ivataraccount.auth.TRUST_EMAIL_FROM_SOCIAL_AUTH_BACKENDS", [])
    def test_new_user_untrusted_backend(self):
#
        user = self._authenticate({"nickname": "testuser", "email": "test@example.com"})
        self.assertEqual(user.confirmedemail_set.count(), 0)
#

Checks that existing users are found.

    def test_existing_user(self):
#
        user = User.objects.create_user(
            username="testuser",
            password="password",
            email="test@example.com",
            first_name="test",
            last_name="user",
        )
        auth_user = self._authenticate(
            {"nickname": "testuser", "email": "test@example.com"}
        )
        self.assertEqual(auth_user, user)
#

Only add ConfirmedEmails on account creation.

        self.assertEqual(auth_user.confirmedemail_set.count(), 0)
#

Check that the authenticating user is found using their ConfirmedEmail.

    def test_existing_user_with_confirmed_email(self):
#
        user = User.objects.create_user(
            username="testuser1",
            password="password",
            email="first@example.com",
            first_name="test",
            last_name="user",
        )
        ConfirmedEmail.objects.create_confirmed_email(user, "second@example.com", False)
        auth_user = self._authenticate(
            {"nickname": "testuser2", "email": "second@example.com"}
        )
        self.assertEqual(auth_user, user)
#

Check that ConfirmedEmail isn’t created twice.

    def test_existing_confirmed_email(self):
#
        user = User.objects.create_user(
            username="testuser",
            password="password",
            email="testuser@example.com",
            first_name="test",
            last_name="user",
        )
        ConfirmedEmail.objects.create_confirmed_email(user, user.email, False)
        auth_user = self._authenticate({"nickname": user.username, "email": user.email})
        self.assertEqual(auth_user, user)
        self.assertEqual(auth_user.confirmedemail_set.count(), 1)