From 56aa99286f7252b6115e1e5746292ec5b722fcdc Mon Sep 17 00:00:00 2001 From: Hanne Moa Date: Fri, 10 Nov 2023 14:53:23 +0100 Subject: [PATCH] test remote-user --- python/nav/web/auth/remote_user.py | 2 +- tests/unittests/general/webfront_test.py | 48 +++++++++++++++++++++++- 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/python/nav/web/auth/remote_user.py b/python/nav/web/auth/remote_user.py index 896c1d14bc..84b76006b7 100644 --- a/python/nav/web/auth/remote_user.py +++ b/python/nav/web/auth/remote_user.py @@ -74,7 +74,7 @@ def authenticate(request): return autocreate_remote_user(username) # Bail out! _logger.info('User creation turned off, did not create "%s"', username) - return False + return None # Bail out! Potentially evil user if account.locked: diff --git a/tests/unittests/general/webfront_test.py b/tests/unittests/general/webfront_test.py index 325a87842e..44d0a6f4f5 100644 --- a/tests/unittests/general/webfront_test.py +++ b/tests/unittests/general/webfront_test.py @@ -5,6 +5,7 @@ import pytest import nav.web.auth.ldap +from nav.models.profiles import Account from nav.web import auth from nav.web.auth import remote_user from nav.web.auth.utils import ACCOUNT_ID_VAR @@ -50,7 +51,9 @@ def test_authenticate_should_return_false_when_ldap_says_no(self): class TestRemoteUserAuthenticate(object): - def test_authenticate_remote_user_should_return_account_if_header_set(self): + def test_authenticate_remote_user_should_return_account_if_header_set_and_account_exists( + self, + ): r = RequestFactory() request = r.get('/') request.META['REMOTE_USER'] = 'knight' @@ -61,6 +64,49 @@ def test_authenticate_remote_user_should_return_account_if_header_set(self): ): assert remote_user.authenticate(request) == REMOTE_USER_ACCOUNT + def test_authenticate_remote_user_should_return_account_if_header_set_and_account_exists_regardless_of_autocrate( + self, + ): + r = RequestFactory() + request = r.get('/') + request.META['REMOTE_USER'] = 'knight' + with patch("nav.web.auth.remote_user._config.getboolean", return_value=False): + with patch( + "nav.web.auth.Account.objects.get", + new=MagicMock(return_value=REMOTE_USER_ACCOUNT), + ): + assert remote_user.authenticate(request) == REMOTE_USER_ACCOUNT + + def test_authenticate_remote_user_should_not_return_account_if_header_set_and_autocreate_off_and_account_missing( + self, + ): + r = RequestFactory() + request = r.get('/') + request.META['REMOTE_USER'] = 'knight' + with patch("nav.web.auth.remote_user._config.getboolean", return_value=False): + with patch( + "nav.web.auth.Account.objects.get", + side_effect=Account.DoesNotExist, + ): + assert remote_user.authenticate(request) == None + + def test_authenticate_remote_user_should_call_create_account_if_header_set_and_autocreate_on_and_account_missing( + self, + ): + r = RequestFactory() + request = r.get('/') + request.META['REMOTE_USER'] = 'knight' + with patch("nav.web.auth.remote_user._config.getboolean", return_value=True): + with patch( + "nav.web.auth.Account.objects.get", + side_effect=Account.DoesNotExist, + ): + with patch( + "nav.web.auth.remote_user.autocreate_remote_user", + new=MagicMock(return_value=REMOTE_USER_ACCOUNT), + ): + assert remote_user.authenticate(request) == REMOTE_USER_ACCOUNT + def test_authenticate_remote_user_should_return_none_if_header_not_set(self): r = RequestFactory() request = r.get('/')