Changeset View
Changeset View
Standalone View
Standalone View
swh/deposit/tests/test_backend.py
- This file was added.
# Copyright (C) 2021 The Software Heritage developers | |||||
# See the AUTHORS file at the top-level directory of this distribution | |||||
# License: GNU General Public License version 3, or any later version | |||||
# See top-level LICENSE file for more information | |||||
import pytest | |||||
from rest_framework.exceptions import AuthenticationFailed | |||||
from swh.deposit.auth import KeycloakBasicAuthentication | |||||
from swh.deposit.tests.conftest import TEST_USER | |||||
REQUEST_OBJECT = "request-unused" | |||||
PASSWORD = "some-deposit-pass" | |||||
@pytest.fixture | |||||
def backend_success(mock_keycloakopenidconnect_ok, deposit_config, db): | |||||
"""Backend whose connection to keycloak will systematically succeed.""" | |||||
return KeycloakBasicAuthentication() | |||||
@pytest.fixture | |||||
def backend_failure(mock_keycloakopenidconnect_ko, deposit_config): | |||||
"""Backend whose connection to keycloak will systematically fail.""" | |||||
return KeycloakBasicAuthentication() | |||||
def test_backend_authentication_refused(backend_failure): | |||||
with pytest.raises(AuthenticationFailed): | |||||
backend_failure.authenticate_credentials( | |||||
TEST_USER["username"], PASSWORD, REQUEST_OBJECT | |||||
) | |||||
def test_backend_authentication_db_misconfigured(backend_success): | |||||
"""Keycloak configured ok, backend db misconfigured (missing user), this raises""" | |||||
with pytest.raises(AuthenticationFailed, match="Unknown"): | |||||
backend_success.authenticate_credentials( | |||||
TEST_USER["username"], PASSWORD, REQUEST_OBJECT | |||||
) | |||||
def test_backend_authentication_user_inactive(backend_success, deposit_user): | |||||
"""Keycloak configured ok, backend db configured, user inactive, this raises""" | |||||
deposit_user.is_active = False | |||||
deposit_user.save() | |||||
with pytest.raises(AuthenticationFailed, match="Deactivated"): | |||||
backend_success.authenticate_credentials( | |||||
deposit_user.username, PASSWORD, REQUEST_OBJECT | |||||
) | |||||
def test_backend_authentication_ok(backend_success, deposit_user): | |||||
"""Keycloak configured ok, backend db configured ok, user logs in | |||||
""" | |||||
user0, _ = backend_success.authenticate_credentials( | |||||
deposit_user.username, PASSWORD, REQUEST_OBJECT | |||||
) | |||||
assert user0 is not None | |||||
# A second authentication call should leverage the django cache feature. | |||||
user1, _ = backend_success.authenticate_credentials( | |||||
deposit_user.username, PASSWORD, REQUEST_OBJECT | |||||
) | |||||
assert user1 is not None | |||||
assert user0 == user1, "Should have been retrieved from the cache" |