Merge branch 'master' into ui/input-field-frontend-validation

tests/domain/authnid/test_authentication_context.py

@@ -0,0 +1,92 @@
+import pytest
+
+from atst.domain.authnid import AuthenticationContext
+from atst.domain.exceptions import UnauthenticatedError, NotFoundError
+from atst.domain.users import Users
+
+from tests.mocks import DOD_SDN_INFO, DOD_SDN, FIXTURE_EMAIL_ADDRESS
+from tests.factories import UserFactory
+
+CERT = open("tests/fixtures/{}.crt".format(FIXTURE_EMAIL_ADDRESS)).read()
+
+
+class MockCRLValidator():
+
+    def __init__(self, value):
+        self.value = value
+
+    def validate(self, cert):
+        return self.value
+
+
+def test_can_authenticate():
+    auth_context = AuthenticationContext(
+        MockCRLValidator(True), "SUCCESS", DOD_SDN, CERT
+    )
+    assert auth_context.authenticate()
+
+
+def test_unsuccessful_status():
+    auth_context = AuthenticationContext(
+        MockCRLValidator(True), "FAILURE", DOD_SDN, CERT
+    )
+    with pytest.raises(UnauthenticatedError) as excinfo:
+        assert auth_context.authenticate()
+
+    (message,) = excinfo.value.args
+    assert "client authentication" in message
+
+
+def test_crl_check_fails():
+    auth_context = AuthenticationContext(
+        MockCRLValidator(False), "SUCCESS", DOD_SDN, CERT
+    )
+    with pytest.raises(UnauthenticatedError) as excinfo:
+        assert auth_context.authenticate()
+
+    (message,) = excinfo.value.args
+    assert "CRL check" in message
+
+
+def test_bad_sdn():
+    auth_context = AuthenticationContext(
+        MockCRLValidator(True), "SUCCESS", "abc123", CERT
+    )
+    with pytest.raises(UnauthenticatedError) as excinfo:
+        auth_context.get_user()
+
+    (message,) = excinfo.value.args
+    assert "SDN" in message
+
+
+def test_user_exists():
+    user = UserFactory.create(**DOD_SDN_INFO)
+    auth_context = AuthenticationContext(
+        MockCRLValidator(True), "SUCCESS", DOD_SDN, CERT
+    )
+    auth_user = auth_context.get_user()
+
+    assert auth_user == user
+
+
+def test_creates_user():
+    # check user does not exist
+    with pytest.raises(NotFoundError):
+        Users.get_by_dod_id(DOD_SDN_INFO["dod_id"])
+
+    auth_context = AuthenticationContext(
+        MockCRLValidator(True), "SUCCESS", DOD_SDN, CERT
+    )
+    user = auth_context.get_user()
+    assert user.dod_id == DOD_SDN_INFO["dod_id"]
+    assert user.email == FIXTURE_EMAIL_ADDRESS
+
+
+def test_user_cert_has_no_email():
+    cert = open("ssl/client-certs/atat.mil.crt").read()
+    auth_context = AuthenticationContext(
+        MockCRLValidator(True), "SUCCESS", DOD_SDN, cert
+    )
+    user = auth_context.get_user()
+
+    assert user.email == None

tests/domain/authnid/test_crl.py

@@ -4,7 +4,7 @@ import re
 import os
 import shutil
 from OpenSSL import crypto, SSL
-from atst.domain.authnid.crl.validator import Validator
+from atst.domain.authnid.crl import Validator
 import atst.domain.authnid.crl.util as util
 
 

tests/domain/authnid/test_utils.py

@@ -1,16 +1,39 @@
 import pytest
 import atst.domain.authnid.utils as utils
-from tests.mocks import DOD_SDN
+from tests.mocks import DOD_SDN, FIXTURE_EMAIL_ADDRESS
 
 
 def test_parse_sdn():
     parsed = utils.parse_sdn(DOD_SDN)
-    assert parsed.get('first_name') == 'ART'
-    assert parsed.get('last_name') == 'GARFUNKEL'
-    assert parsed.get('dod_id') == '5892460358'
+    assert parsed.get("first_name") == "ART"
+    assert parsed.get("last_name") == "GARFUNKEL"
+    assert parsed.get("dod_id") == "5892460358"
+
 
 def test_parse_bad_sdn():
     with pytest.raises(ValueError):
-        utils.parse_sdn('this has nothing to do with anything')
+        utils.parse_sdn("this has nothing to do with anything")
     with pytest.raises(ValueError):
         utils.parse_sdn(None)
+
+
+def test_parse_email_cert():
+    cert_file = open("tests/fixtures/{}.crt".format(FIXTURE_EMAIL_ADDRESS), "rb").read()
+    email = utils.email_from_certificate(cert_file)
+    assert email == FIXTURE_EMAIL_ADDRESS
+
+
+def test_parse_cert_with_no_email():
+    cert_file = open("tests/fixtures/no-email.crt", "rb").read()
+    with pytest.raises(ValueError) as excinfo:
+        email = utils.email_from_certificate(cert_file)
+    (message,) = excinfo.value.args
+    assert "email" in message
+
+
+def test_parse_cert_with_no_san():
+    cert_file = open("tests/fixtures/no-san.crt", "rb").read()
+    with pytest.raises(ValueError) as excinfo:
+        email = utils.email_from_certificate(cert_file)
+    (message,) = excinfo.value.args
+    assert "subjectAltName" in message