test remote-user

hmpf · Mar 1, 2024 · 56aa992 · 56aa992
1 parent 459cb29
commit 56aa992
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 2 deletions.
diff --git a/python/nav/web/auth/remote_user.py b/python/nav/web/auth/remote_user.py
@@ -74,7 +74,7 @@ def authenticate(request):
             return autocreate_remote_user(username)
         # Bail out!
         _logger.info('User creation turned off, did not create "%s"', username)
-        return False
+        return None
 
     # Bail out! Potentially evil user
     if account.locked:

diff --git a/tests/unittests/general/webfront_test.py b/tests/unittests/general/webfront_test.py
@@ -5,6 +5,7 @@
 import pytest
 
 import nav.web.auth.ldap
+from nav.models.profiles import Account
 from nav.web import auth
 from nav.web.auth import remote_user
 from nav.web.auth.utils import ACCOUNT_ID_VAR
@@ -50,7 +51,9 @@ def test_authenticate_should_return_false_when_ldap_says_no(self):
 
 
 class TestRemoteUserAuthenticate(object):
-    def test_authenticate_remote_user_should_return_account_if_header_set(self):
+    def test_authenticate_remote_user_should_return_account_if_header_set_and_account_exists(
+        self,
+    ):
         r = RequestFactory()
         request = r.get('/')
         request.META['REMOTE_USER'] = 'knight'
@@ -61,6 +64,49 @@ def test_authenticate_remote_user_should_return_account_if_header_set(self):
             ):
                 assert remote_user.authenticate(request) == REMOTE_USER_ACCOUNT
 
+    def test_authenticate_remote_user_should_return_account_if_header_set_and_account_exists_regardless_of_autocrate(
+        self,
+    ):
+        r = RequestFactory()
+        request = r.get('/')
+        request.META['REMOTE_USER'] = 'knight'
+        with patch("nav.web.auth.remote_user._config.getboolean", return_value=False):
+            with patch(
+                "nav.web.auth.Account.objects.get",
+                new=MagicMock(return_value=REMOTE_USER_ACCOUNT),
+            ):
+                assert remote_user.authenticate(request) == REMOTE_USER_ACCOUNT
+
+    def test_authenticate_remote_user_should_not_return_account_if_header_set_and_autocreate_off_and_account_missing(
+        self,
+    ):
+        r = RequestFactory()
+        request = r.get('/')
+        request.META['REMOTE_USER'] = 'knight'
+        with patch("nav.web.auth.remote_user._config.getboolean", return_value=False):
+            with patch(
+                "nav.web.auth.Account.objects.get",
+                side_effect=Account.DoesNotExist,
+            ):
+                assert remote_user.authenticate(request) == None
+
+    def test_authenticate_remote_user_should_call_create_account_if_header_set_and_autocreate_on_and_account_missing(
+        self,
+    ):
+        r = RequestFactory()
+        request = r.get('/')
+        request.META['REMOTE_USER'] = 'knight'
+        with patch("nav.web.auth.remote_user._config.getboolean", return_value=True):
+            with patch(
+                "nav.web.auth.Account.objects.get",
+                side_effect=Account.DoesNotExist,
+            ):
+                with patch(
+                    "nav.web.auth.remote_user.autocreate_remote_user",
+                    new=MagicMock(return_value=REMOTE_USER_ACCOUNT),
+                ):
+                    assert remote_user.authenticate(request) == REMOTE_USER_ACCOUNT
+
     def test_authenticate_remote_user_should_return_none_if_header_not_set(self):
         r = RequestFactory()
         request = r.get('/')