From 855c0bc3c4878a50977fd4da768ba6437a81d259 Mon Sep 17 00:00:00 2001 From: dandds Date: Thu, 9 Aug 2018 10:09:30 -0400 Subject: [PATCH] tests for AuthenticationContext --- atst/domain/authnid/__init__.py | 6 +- .../authnid/test_authentication_context.py | 92 +++++++++++++++++++ 2 files changed, 95 insertions(+), 3 deletions(-) create mode 100644 tests/domain/authnid/test_authentication_context.py diff --git a/atst/domain/authnid/__init__.py b/atst/domain/authnid/__init__.py index 93ca7f99..80d645b8 100644 --- a/atst/domain/authnid/__init__.py +++ b/atst/domain/authnid/__init__.py @@ -7,7 +7,9 @@ class AuthenticationContext(): def __init__(self, crl_validator, auth_status, sdn, cert): if None in locals().values(): - raise UnauthenticatedError("Missing required authentication context components") + raise UnauthenticatedError( + "Missing required authentication context components" + ) self.crl_validator = crl_validator self.auth_status = auth_status @@ -15,7 +17,6 @@ class AuthenticationContext(): self.cert = cert.encode() self._parsed_sdn = None - def authenticate(self): if not self.auth_status == "SUCCESS": raise UnauthenticatedError("SSL/TLS client authentication failed") @@ -25,7 +26,6 @@ class AuthenticationContext(): return True - def get_user(self): try: return Users.get_by_dod_id(self.parsed_sdn["dod_id"]) diff --git a/tests/domain/authnid/test_authentication_context.py b/tests/domain/authnid/test_authentication_context.py new file mode 100644 index 00000000..f2a359af --- /dev/null +++ b/tests/domain/authnid/test_authentication_context.py @@ -0,0 +1,92 @@ +import pytest + +from atst.domain.authnid import AuthenticationContext +from atst.domain.exceptions import UnauthenticatedError, NotFoundError +from atst.domain.users import Users + +from tests.mocks import DOD_SDN_INFO, DOD_SDN, FIXTURE_EMAIL_ADDRESS +from tests.factories import UserFactory + +CERT = open("tests/fixtures/{}.crt".format(FIXTURE_EMAIL_ADDRESS)).read() + + +class MockCRLValidator(): + + def __init__(self, value): + self.value = value + + def validate(self, cert): + return self.value + + +def test_can_authenticate(): + auth_context = AuthenticationContext( + MockCRLValidator(True), "SUCCESS", DOD_SDN, CERT + ) + assert auth_context.authenticate() + + +def test_unsuccessful_status(): + auth_context = AuthenticationContext( + MockCRLValidator(True), "FAILURE", DOD_SDN, CERT + ) + with pytest.raises(UnauthenticatedError) as excinfo: + assert auth_context.authenticate() + + (message,) = excinfo.value.args + assert "client authentication" in message + + +def test_crl_check_fails(): + auth_context = AuthenticationContext( + MockCRLValidator(False), "SUCCESS", DOD_SDN, CERT + ) + with pytest.raises(UnauthenticatedError) as excinfo: + assert auth_context.authenticate() + + (message,) = excinfo.value.args + assert "CRL check" in message + + +def test_bad_sdn(): + auth_context = AuthenticationContext( + MockCRLValidator(True), "SUCCESS", "abc123", CERT + ) + with pytest.raises(UnauthenticatedError) as excinfo: + auth_context.get_user() + + (message,) = excinfo.value.args + assert "SDN" in message + + +def test_user_exists(): + user = UserFactory.create(**DOD_SDN_INFO) + auth_context = AuthenticationContext( + MockCRLValidator(True), "SUCCESS", DOD_SDN, CERT + ) + auth_user = auth_context.get_user() + + assert auth_user == user + + +def test_creates_user(): + # check user does not exist + with pytest.raises(NotFoundError): + Users.get_by_dod_id(DOD_SDN_INFO["dod_id"]) + + auth_context = AuthenticationContext( + MockCRLValidator(True), "SUCCESS", DOD_SDN, CERT + ) + user = auth_context.get_user() + assert user.dod_id == DOD_SDN_INFO["dod_id"] + assert user.email == FIXTURE_EMAIL_ADDRESS + + +def test_user_cert_has_no_email(): + cert = open("ssl/client-certs/atat.mil.crt").read() + auth_context = AuthenticationContext( + MockCRLValidator(True), "SUCCESS", DOD_SDN, cert + ) + user = auth_context.get_user() + + assert user.email == None