Skip to content
Snippets Groups Projects
Commit fe4510dc authored by Tanner Prestegard's avatar Tanner Prestegard Committed by GraceDB
Browse files

Fix unit tests to work with new AuthGroup implementation

parent cff55b4d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
gracedb/core/tests/utils.py
+ 44
13
View file @ fe4510dc
......@@ -5,12 +5,15 @@ import shutil
from django.conf import settings
from django.test import TestCase, override_settings
from django.contrib.auth import get_user_model
from django.contrib.auth.models import Group, Permission
from django.contrib.auth.models import Permission
from django.contrib.contenttypes.models import ContentType
from guardian.conf import settings as guardian_settings
from guardian.models import GroupObjectPermission, UserObjectPermission
from events.models import Tag
from ligoauth.models import AuthGroup
# Set up user model
UserModel = get_user_model()
......@@ -60,8 +63,11 @@ class InternalGroupAndUserSetup(TestCase):
super(InternalGroupAndUserSetup, cls).setUpTestData()
# Get or create internal group
cls.internal_group, _ = Group.objects.get_or_create(
cls.internal_group, created = AuthGroup.objects.get_or_create(
name=settings.LVC_GROUP)
if created:
cls.internal_group.ldap_name = 'internal_ldap_group'
cls.internal_group.save(update_fields=['ldap_name'])
# Get or create user
cls.internal_user, _ = UserModel.objects.get_or_create(
......@@ -104,12 +110,20 @@ class LvemGroupAndUserSetup(TestCase):
super(LvemGroupAndUserSetup, cls).setUpTestData()
# Get or create LV-EM group
cls.lvem_group, _ = Group.objects.get_or_create(
cls.lvem_group, created = AuthGroup.objects.get_or_create(
name=settings.LVEM_GROUP)
if created:
cls.lvem_group.ldap_name = 'lvem_ldap_group'
cls.lvem_group.save(update_fields=['ldap_name'])
# Get or create LV-EM observers group
cls.lvem_obs_group, _ = Group.objects.get_or_create(
lvem_obs_tag, _ = Tag.objects.get_or_create(name='lvem')
cls.lvem_obs_group, created = AuthGroup.objects.get_or_create(
name=settings.LVEM_OBSERVERS_GROUP)
if created:
cls.lvem_obs_group.ldap_name = 'lvem_observers_ldap_group'
cls.lvem_obs_group.tag = lvem_obs_tag
cls.lvem_obs_group.save(update_fields=['ldap_name', 'tag'])
# Get or create user
cls.lvem_user, _ = UserModel.objects.get_or_create(
......@@ -133,7 +147,7 @@ class SupereventManagersGroupAndUserSetup(TestCase):
super(SupereventManagersGroupAndUserSetup, cls).setUpTestData()
# Get or create superevent managers
cls.sm_group, _ = Group.objects.get_or_create(
cls.sm_group, _ = AuthGroup.objects.get_or_create(
name='superevent_managers')
# Get or create user
......@@ -144,8 +158,11 @@ class SupereventManagersGroupAndUserSetup(TestCase):
cls.sm_group.user_set.add(cls.sm_user)
# Also add user to internal group
internal_group, _ = Group.objects.get_or_create(
internal_group, created = AuthGroup.objects.get_or_create(
name=settings.LVC_GROUP)
if created:
internal_group.ldap_name = 'internal_ldap_group'
internal_group.save(update_fields=['ldap_name'])
internal_group.user_set.add(cls.sm_user)
# Get permissions
......@@ -179,7 +196,7 @@ class AccessManagersGroupAndUserSetup(TestCase):
super(AccessManagersGroupAndUserSetup, cls).setUpTestData()
# Get or create access managers
cls.am_group, _ = Group.objects.get_or_create(
cls.am_group, _ = AuthGroup.objects.get_or_create(
name='access_managers')
# Get or create user
......@@ -190,8 +207,11 @@ class AccessManagersGroupAndUserSetup(TestCase):
cls.am_group.user_set.add(cls.am_user)
# Also add user to internal group
internal_group, _ = Group.objects.get_or_create(
internal_group, created = AuthGroup.objects.get_or_create(
name=settings.LVC_GROUP)
if created:
internal_group.ldap_name = 'internal_ldap_group'
internal_group.save(update_fields=['ldap_name'])
internal_group.user_set.add(cls.am_user)
# Get permissions
......@@ -222,14 +242,18 @@ class SignoffGroupsAndUsersSetup(TestCase):
super(SignoffGroupsAndUsersSetup, cls).setUpTestData()
# Internal group, used later
internal_group, _ = Group.objects.get_or_create(
internal_group, created = AuthGroup.objects.get_or_create(
name=settings.LVC_GROUP)
if created:
internal_group.ldap_name = 'internal_ldap_group'
internal_group.save(update_fields=['ldap_name'])
# Get or create IFO control room groups and users, and add perms
ifos = ['H1', 'L1', 'V1']
for ifo in ifos:
# Create groups and usres
g, _ = Group.objects.get_or_create(name=(ifo + '_control_room'))
g, _ = AuthGroup.objects.get_or_create(
name=(ifo + '_control_room'))
user, _ = UserModel.objects.get_or_create(username=(ifo + '.user'))
user.groups.add(g)
setattr(cls, ifo + '_user', user)
......@@ -244,7 +268,10 @@ class SignoffGroupsAndUsersSetup(TestCase):
g.permissions.add(*p)
# Same for em advocates
g, _ = Group.objects.get_or_create(name='em_advocates')
g, created = AuthGroup.objects.get_or_create(name='em_advocates')
if created:
g.ldap_name = 'em_advocates_ldap_group'
g.save(update_fields=['ldap_name'])
user, _ = UserModel.objects.get_or_create(username='em.advocate')
user.groups.add(g)
cls.adv_user = user
......@@ -269,7 +296,7 @@ class SignoffGroupsAndUsersSetup(TestCase):
'delete_signoff',
]
for grp_name in grps:
group = Group.objects.get(name=grp_name)
group = AuthGroup.objects.get(name=grp_name)
perms = Permission.objects.filter(
content_type__app_label='superevents',
codename__in=permission_codenames)
......@@ -288,8 +315,12 @@ class PublicGroupSetup(TestCase):
super(PublicGroupSetup, cls).setUpTestData()
# Get or create public group
cls.public_group, _ = Group.objects.get_or_create(
public_tag, _ = Tag.objects.get_or_create(name='public')
cls.public_group, created = AuthGroup.objects.get_or_create(
name=settings.PUBLIC_GROUP)
if created:
cls.public_group.tag = public_tag
cls.public_group.save(update_fields=['tag'])
# Create guardian AnonymousUser and add to group
anonymous_user, _ = UserModel.objects.get_or_create(username=
......
gracedb/ligoauth/tests/test_middleware.py
+ 83
49
View file @ fe4510dc
from django.conf import settings
from django.contrib.auth.models import Group as DjangoGroup, User, AnonymousUser
from django.contrib.auth.models import User, AnonymousUser
from django.contrib.auth.middleware import AuthenticationMiddleware
from django.core.exceptions import ImproperlyConfigured
from django.test import RequestFactory
......@@ -8,7 +8,7 @@ from django.urls import reverse
from user_sessions.middleware import SessionMiddleware
from ligoauth.models import RobotUser
from ligoauth.models import RobotUser, AuthGroup
from ligoauth.middleware import (
ControlRoomMiddleware, ShibbolethWebAuthMiddleware,
)
......@@ -44,7 +44,7 @@ class TestControlRoomMiddlewareHomeView(GraceDbTestBase):
super(TestControlRoomMiddlewareHomeView, cls).setUpTestData()
# Create control room group
cls.control_room_group, _ = DjangoGroup.objects.get_or_create(
cls.control_room_group, _ = AuthGroup.objects.get_or_create(
name=cls.ifo.lower() + '_control_room')
def test_internal_user_in_control_room(self):
......@@ -145,7 +145,7 @@ class TestControlRoomMiddleware(GraceDbTestBase):
super(TestControlRoomMiddleware, cls).setUpTestData()
# Create control room group
cls.control_room_group, _ = DjangoGroup.objects.get_or_create(
cls.control_room_group, _ = AuthGroup.objects.get_or_create(
name=cls.ifo.lower() + '_control_room')
def test_internal_user_in_control_room(self):
......@@ -161,14 +161,16 @@ class TestControlRoomMiddleware(GraceDbTestBase):
request = self.mw_instance.process_request(request)
# Test request after processing
self.assertIn(self.control_room_group, request.user.groups.all())
self.assertTrue(request.user.groups.filter(
pk=self.control_room_group.pk).exists())
# Process response (fake response object since it's not used at all
# in ControlRoomMiddleware.process_response)
response = self.mw_instance.process_response(request, None)
# User not in control room group after response cycle processing
self.assertNotIn(self.control_room_group, request.user.groups.all())
self.assertFalse(request.user.groups.filter(
pk=self.control_room_group.pk).exists())
def test_internal_user_non_control_room(self):
"""
......@@ -185,14 +187,16 @@ class TestControlRoomMiddleware(GraceDbTestBase):
request = self.mw_instance.process_request(request)
# Test request after processing
self.assertNotIn(self.control_room_group, request.user.groups.all())
self.assertFalse(request.user.groups.filter(
pk=self.control_room_group.pk).exists())
# Process response (fake response object since it's not used at all
# in ControlRoomMiddleware.process_response)
response = self.mw_instance.process_response(request, None)
# User not in control room group after response cycle processing
self.assertNotIn(self.control_room_group, request.user.groups.all())
self.assertFalse(request.user.groups.filter(
pk=self.control_room_group.pk).exists())
def test_inactive_internal_user_in_control_room(self):
"""
......@@ -209,20 +213,23 @@ class TestControlRoomMiddleware(GraceDbTestBase):
request.META['REMOTE_ADDR'] = settings.CONTROL_ROOM_IPS[self.ifo]
# User not in control room group before processing
self.assertNotIn(self.control_room_group, request.user.groups.all())
self.assertFalse(request.user.groups.filter(
pk=self.control_room_group.pk).exists())
# Process request
request = self.mw_instance.process_request(request)
# Test request after processing
self.assertIn(self.control_room_group, request.user.groups.all())
self.assertTrue(request.user.groups.filter(
pk=self.control_room_group.pk).exists())
# Process response (fake response object since it's not used at all
# in ControlRoomMiddleware.process_response)
response = self.mw_instance.process_response(request, None)
# User not in control room group after response cycle processing
self.assertNotIn(self.control_room_group, request.user.groups.all())
self.assertFalse(request.user.groups.filter(
pk=self.control_room_group.pk).exists())
class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
......@@ -254,7 +261,7 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
request = self.factory.get(self.url)
request.META.update(**{
settings.SHIB_USER_HEADER: self.internal_user.username,
settings.SHIB_GROUPS_HEADER: self.internal_group.name,
settings.SHIB_GROUPS_HEADER: self.internal_group.ldap_name,
})
# Necessary pre-processing middleware
SessionMiddleware().process_request(request)
......@@ -268,7 +275,8 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
self.assertEqual(request.user.backend,
'ligoauth.backends.ShibbolethRemoteUserBackend')
self.assertEqual(request.user, self.internal_user)
self.assertIn(self.internal_group, request.user.groups.all())
self.assertTrue(request.user.groups.filter(
pk=self.internal_group.pk).exists())
def test_user_authentication_other_url(self):
"""
......@@ -278,7 +286,7 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
request = self.factory.get(reverse('home'))
request.META.update(**{
settings.SHIB_USER_HEADER: self.internal_user.username,
settings.SHIB_GROUPS_HEADER: self.internal_group.name,
settings.SHIB_GROUPS_HEADER: self.internal_group.ldap_name,
})
SessionMiddleware().process_request(request)
AuthenticationMiddleware().process_request(request)
......@@ -295,7 +303,7 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
request = self.factory.get(self.url)
request.META.update(**{
settings.SHIB_USER_HEADER: self.lvem_user.username,
settings.SHIB_GROUPS_HEADER: self.lvem_obs_group.name,
settings.SHIB_GROUPS_HEADER: self.lvem_obs_group.ldap_name,
})
# Necessary pre-processing middleware
SessionMiddleware().process_request(request)
......@@ -308,8 +316,10 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
self.assertEqual(request.user.backend,
'ligoauth.backends.ShibbolethRemoteUserBackend')
self.assertEqual(request.user, self.lvem_user)
self.assertIn(self.lvem_obs_group, request.user.groups.all())
self.assertNotIn(self.internal_group, request.user.groups.all())
self.assertTrue(request.user.groups.filter(
pk=self.lvem_obs_group.pk).exists())
self.assertFalse(request.user.groups.filter(
pk=self.internal_group.pk).exists())
def test_public_authentication_post_login(self):
"""User can't be authenticated with no credentials at post-login"""
......@@ -335,7 +345,7 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
request = self.factory.get(self.url)
request.META.update(**{
settings.SHIB_USER_HEADER: new_user_dict['username'],
settings.SHIB_GROUPS_HEADER: self.internal_group.name,
settings.SHIB_GROUPS_HEADER: self.internal_group.ldap_name,
settings.SHIB_ATTRIBUTE_MAP['email']: new_user_dict['email'],
})
# Necessary pre-processing middleware
......@@ -349,11 +359,13 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
self.assertTrue(request.user.is_authenticated)
self.assertEqual(request.user.backend,
'ligoauth.backends.ShibbolethRemoteUserBackend')
self.assertIn(self.internal_group, request.user.groups.all())
self.assertTrue(request.user.groups.filter(
pk=self.internal_group.pk).exists())
# Make sure user information is correct
new_user = User.objects.get(username=new_user_dict['username'])
self.assertIn(self.internal_group, new_user.groups.all())
self.assertTrue(new_user.groups.filter(
pk=self.internal_group.pk).exists())
self.assertEqual(new_user.username, new_user_dict['username'])
self.assertEqual(new_user.email, new_user_dict['email'])
......@@ -366,7 +378,7 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
request = self.factory.get(self.url)
request.META.update(**{
settings.SHIB_USER_HEADER: new_user_dict['username'],
settings.SHIB_GROUPS_HEADER: self.lvem_obs_group.name,
settings.SHIB_GROUPS_HEADER: self.lvem_obs_group.ldap_name,
settings.SHIB_ATTRIBUTE_MAP['email']: new_user_dict['email'],
})
# Necessary pre-processing middleware
......@@ -375,26 +387,30 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
self.mw_instance.process_request(request)
# Make sure user is authenticated and was authenticated by
# the shibboleth backend and that the internal group is
# the shibboleth backend and that the LV-EM observers group is
# attached to the user account
self.assertTrue(request.user.is_authenticated)
self.assertEqual(request.user.backend,
'ligoauth.backends.ShibbolethRemoteUserBackend')
self.assertIn(self.lvem_obs_group, request.user.groups.all())
self.assertTrue(request.user.groups.filter(
pk=self.lvem_obs_group.pk).exists())
# Make sure user information is correct
new_user = User.objects.get(username=new_user_dict['username'])
self.assertIn(self.lvem_obs_group, new_user.groups.all())
self.assertTrue(new_user.groups.filter(
pk=self.lvem_obs_group.pk).exists())
self.assertEqual(new_user.username, new_user_dict['username'])
self.assertEqual(new_user.email, new_user_dict['email'])
def test_group_addition(self):
"""Add a group for a user based on shib group header content"""
# Create new group for testing
new_group = DjangoGroup.objects.create(name='new_group')
new_group = AuthGroup.objects.create(name='new_group',
ldap_name='new_ldap_group')
# Compile group header
delim = ShibbolethWebAuthMiddleware.group_delimiter
groups_str = delim.join([self.internal_group.name, new_group.name])
groups_str = delim.join([self.internal_group.ldap_name,
new_group.ldap_name])
# Set up request
request = self.factory.get(self.url)
......@@ -405,7 +421,8 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
# Make sure user just has internal group initially
self.assertEqual(self.internal_user.groups.count(), 1)
self.assertIn(self.internal_group, self.internal_user.groups.all())
self.assertTrue(self.internal_user.groups.filter(
pk=self.internal_group.pk).exists())
# Necessary pre-processing middleware
SessionMiddleware().process_request(request)
......@@ -420,13 +437,16 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
self.assertEqual(request.user.backend,
'ligoauth.backends.ShibbolethRemoteUserBackend')
self.assertEqual(self.internal_user.groups.count(), 2)
self.assertIn(self.internal_group, self.internal_user.groups.all())
self.assertIn(new_group, self.internal_user.groups.all())
self.assertTrue(self.internal_user.groups.filter(
pk=self.internal_group.pk).exists())
self.assertTrue(self.internal_user.groups.filter(
pk=new_group.pk).exists())
def test_group_removal(self):
"""Remove a group for a user based on shib group header content"""
# Create new group, add to user
new_group = DjangoGroup.objects.create(name='new_group')
new_group = AuthGroup.objects.create(name='new_group',
ldap_name='new_ldap_group')
self.internal_user.groups.add(new_group)
# Set up request
......@@ -434,13 +454,15 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
request = self.factory.get(self.url)
request.META.update(**{
settings.SHIB_USER_HEADER: self.internal_user.username,
settings.SHIB_GROUPS_HEADER: self.internal_group.name,
settings.SHIB_GROUPS_HEADER: self.internal_group.ldap_name,
})
# Make sure user has both groups initially
self.assertEqual(self.internal_user.groups.count(), 2)
self.assertIn(self.internal_group, self.internal_user.groups.all())
self.assertIn(new_group, self.internal_user.groups.all())
self.assertTrue(self.internal_user.groups.filter(
pk=self.internal_group.pk).exists())
self.assertTrue(self.internal_user.groups.filter(
pk=new_group.pk).exists())
# Necessary pre-processing middleware
SessionMiddleware().process_request(request)
......@@ -455,8 +477,10 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
self.assertEqual(request.user.backend,
'ligoauth.backends.ShibbolethRemoteUserBackend')
self.assertEqual(self.internal_user.groups.count(), 1)
self.assertIn(self.internal_group, self.internal_user.groups.all())
self.assertNotIn(new_group, self.internal_user.groups.all())
self.assertTrue(self.internal_user.groups.filter(
pk=self.internal_group.pk).exists())
self.assertFalse(request.user.groups.filter(
pk=new_group.pk).exists())
def test_robotuser_group_addition(self):
"""
......@@ -467,10 +491,12 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
r_user.groups.add(self.internal_group)
# Create new group for testing
new_group = DjangoGroup.objects.create(name='new_group')
new_group = AuthGroup.objects.create(name='new_group',
ldap_name='new_ldap_group')
# Compile group header
delim = ShibbolethWebAuthMiddleware.group_delimiter
groups_str = delim.join([self.internal_group.name, new_group.name])
groups_str = delim.join([self.internal_group.ldap_name,
new_group.ldap_name])
# Set up request
request = self.factory.get(self.url)
......@@ -481,7 +507,8 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
# Make sure user just has internal group initially
self.assertEqual(r_user.groups.count(), 1)
self.assertIn(self.internal_group, r_user.groups.all())
self.assertTrue(r_user.groups.filter(
pk=self.internal_group.pk).exists())
# Necessary pre-processing middleware
SessionMiddleware().process_request(request)
......@@ -496,8 +523,10 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
self.assertEqual(request.user.backend,
'ligoauth.backends.ShibbolethRemoteUserBackend')
self.assertEqual(r_user.groups.count(), 1)
self.assertIn(self.internal_group, r_user.groups.all())
self.assertNotIn(new_group, r_user.groups.all())
self.assertTrue(r_user.groups.filter(
pk=self.internal_group.pk).exists())
self.assertFalse(r_user.groups.filter(
pk=new_group.pk).exists())
def test_robotuser_group_removal(self):
"""
......@@ -506,8 +535,9 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
# Create a RobotUser and add to internal group
r_user = RobotUser.objects.create(username='robot.user')
r_user.groups.add(self.internal_group)
# Create new group and add robotusre
new_group = DjangoGroup.objects.create(name='new_group')
# Create new group and add robotuser
new_group = AuthGroup.objects.create(name='new_group',
ldap_name='new_ldap_group')
r_user.groups.add(new_group)
# Set up request
......@@ -515,13 +545,15 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
request = self.factory.get(self.url)
request.META.update(**{
settings.SHIB_USER_HEADER: r_user.username,
settings.SHIB_GROUPS_HEADER: self.internal_group.name,
settings.SHIB_GROUPS_HEADER: self.internal_group.ldap_name,
})
# Make sure user has both groups initially
self.assertEqual(r_user.groups.count(), 2)
self.assertIn(self.internal_group, r_user.groups.all())
self.assertIn(new_group, r_user.groups.all())
self.assertTrue(r_user.groups.filter(
pk=self.internal_group.pk).exists())
self.assertTrue(r_user.groups.filter(
pk=new_group.pk).exists())
# Necessary pre-processing middleware
SessionMiddleware().process_request(request)
......@@ -536,8 +568,10 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
self.assertEqual(request.user.backend,
'ligoauth.backends.ShibbolethRemoteUserBackend')
self.assertEqual(r_user.groups.count(), 2)
self.assertIn(self.internal_group, r_user.groups.all())
self.assertIn(new_group, r_user.groups.all())
self.assertTrue(r_user.groups.filter(
pk=self.internal_group.pk).exists())
self.assertTrue(r_user.groups.filter(
pk=new_group.pk).exists())
def test_user_update(self):
"""Test user information update in middleware"""
......@@ -549,7 +583,7 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
request = self.factory.get(self.url)
request.META.update(**{
settings.SHIB_USER_HEADER: self.internal_user.username,
settings.SHIB_GROUPS_HEADER: self.internal_group.name,
settings.SHIB_GROUPS_HEADER: self.internal_group.ldap_name,
settings.SHIB_ATTRIBUTE_MAP['email']: email2,
})
......@@ -587,7 +621,7 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
request = self.factory.get(self.url)
request.META.update(**{
settings.SHIB_USER_HEADER: self.internal_user.username,
settings.SHIB_GROUPS_HEADER: self.internal_group.name,
settings.SHIB_GROUPS_HEADER: self.internal_group.ldap_name,
})
# Necessary pre-processing middleware
SessionMiddleware().process_request(request)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment