Add ldap bind auth method and CAS_TGT_VALIDITY parameter. Fix #18

2016-10-07 15:22:49 +02:00
parent e77dbbcd03
commit f1fed48b21
12 changed files with 289 additions and 9 deletions
--- a/cas_server/tests/auth.py
+++ b/cas_server/tests/auth.py
@ -0,0 +1,29 @@
+# -*- coding: utf-8 -*-
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for
+# more details.
+#
+# You should have received a copy of the GNU General Public License version 3
+# along with this program; if not, write to the Free Software Foundation, Inc., 51
+# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# (c) 2016 Valentin Samir
+
+from cas_server import auth
+
+
+class TestCachedAttributesAuthUser(auth.TestAuthUser):
+    """
+        A test authentication class only working for one unique user.
+
+        :param unicode username: A username, stored in the :attr:`username<AuthUser.username>`
+            class attribute. The uniq valid value is ``settings.CAS_TEST_USER``.
+    """
+    def attributs(self):
+        """
+            The user attributes.
+
+            :raises NotImplementedError: as this class do not support fetching user attributes
+        """
+        raise NotImplementedError()
--- a/cas_server/tests/mixin.py
+++ b/cas_server/tests/mixin.py
@ -185,6 +185,17 @@ class UserModels(object):
        ).update(date=new_date)
        return client

+    @staticmethod
+    def tgt_expired_user(sec):
+        """return a user logged since sec seconds"""
+        client = get_auth_client()
+        new_date = timezone.now() - timedelta(seconds=(sec))
+        models.User.objects.filter(
+            username=settings.CAS_TEST_USER,
+            session_key=client.session.session_key
+        ).update(last_login=new_date)
+        return client
+
    @staticmethod
    def get_user(client):
        """return the user associated with an authenticated client"""
--- a/cas_server/tests/test_models.py
+++ b/cas_server/tests/test_models.py
@ -114,6 +114,24 @@ class FederateSLOTestCase(TestCase, UserModels):
                models.FederateSLO.objects.get(username="test1@example.com")


+@override_settings(CAS_AUTH_CLASS='cas_server.auth.TestAuthUser')
+class UserAttributesTestCase(TestCase, UserModels):
+    """test for the user attributes cache model"""
+    def test_clean_old_entries(self):
+        """test the clean_old_entries methode"""
+        client = get_auth_client()
+        user = self.get_user(client)
+        models.UserAttributes.objects.create(username=settings.CAS_TEST_USER)
+
+        # test that attribute cache is removed for non existant users
+        self.assertEqual(len(models.UserAttributes.objects.all()), 1)
+        models.UserAttributes.clean_old_entries()
+        self.assertEqual(len(models.UserAttributes.objects.all()), 1)
+        user.delete()
+        models.UserAttributes.clean_old_entries()
+        self.assertEqual(len(models.UserAttributes.objects.all()), 0)
+
+
@override_settings(CAS_AUTH_CLASS='cas_server.auth.TestAuthUser')
 class UserTestCase(TestCase, UserModels):
    """tests for the user models"""
@ -144,6 +162,24 @@ class UserTestCase(TestCase, UserModels):
        # assert the user has being well delete
        self.assertEqual(len(models.User.objects.all()), 0)

+    @override_settings(CAS_TGT_VALIDITY=3600)
+    def test_clean_old_entries_tgt_expired(self):
+        """test clean_old_entiers with CAS_TGT_VALIDITY set"""
+        # get an authenticated client
+        client = self.tgt_expired_user(settings.CAS_TGT_VALIDITY + 60)
+        # assert the user exists before being cleaned
+        self.assertEqual(len(models.User.objects.all()), 1)
+        # assert the last lofin date is before the expiry date
+        self.assertTrue(
+            self.get_user(client).last_login < (
+                timezone.now() - timedelta(seconds=settings.CAS_TGT_VALIDITY)
+            )
+        )
+        # delete old inactive users
+        models.User.clean_old_entries()
+        # assert the user has being well delete
+        self.assertEqual(len(models.User.objects.all()), 0)
+
    def test_clean_deleted_sessions(self):
        """test clean_deleted_sessions"""
        # get an authenticated client
@ -177,6 +213,24 @@ class UserTestCase(TestCase, UserModels):
        self.assertFalse(models.ServiceTicket.objects.all())
        self.assertTrue(client2.session.get("authenticated"))

+    @override_settings(CAS_AUTH_CLASS='cas_server.tests.auth.TestCachedAttributesAuthUser')
+    def test_cached_attributs(self):
+        """
+            Test gettting user attributes from cache for auth method that do not support direct
+            fetch (link the ldap bind auth methode)
+        """
+        client = get_auth_client()
+        user = self.get_user(client)
+        # if no cache is defined, the attributes are empty
+        self.assertEqual(user.attributs, {})
+        user_attr = models.UserAttributes.objects.create(username=settings.CAS_TEST_USER)
+        # if a cache is defined but without atrributes, also empty
+        self.assertEqual(user.attributs, {})
+        user_attr.attributs = settings.CAS_TEST_ATTRIBUTES
+        user_attr.save()
+        # attributes are what is found in the cache
+        self.assertEqual(user.attributs, settings.CAS_TEST_ATTRIBUTES)
+

@override_settings(CAS_AUTH_CLASS='cas_server.auth.TestAuthUser')
 class TicketTestCase(TestCase, UserModels, BaseServicePattern):