|
1 | | -from mock import Mock, patch |
| 1 | +from mock import Mock, MagicMock, patch |
2 | 2 |
|
3 | 3 | import pytest |
4 | 4 |
|
5 | 5 | from nav.config import NAVConfigParser |
| 6 | +from nav.models.profiles import Account |
6 | 7 | from nav.web import auth |
7 | 8 | from nav.web.auth import ldap |
8 | 9 |
|
9 | 10 |
|
10 | | -LDAP_ACCOUNT = auth.Account(login='knight', ext_sync='ldap', password='shrubbery') |
| 11 | +LOCKED_ACCOUNT = auth.Account( |
| 12 | + login='galahad', |
| 13 | + ext_sync='ldap', |
| 14 | + password='shrubbery', |
| 15 | + locked=True, |
| 16 | +) |
| 17 | +ACTIVE_ACCOUNT = auth.Account( |
| 18 | + login='arthur', |
| 19 | + ext_sync='ldap', |
| 20 | + password='shrubbery', |
| 21 | + locked=False, |
| 22 | +) |
11 | 23 |
|
12 | 24 |
|
13 | 25 | class LdapTestConfig(NAVConfigParser): |
@@ -215,6 +227,51 @@ def test_no_admin_entitlement_option_should_make_no_admin_decision(user_zaphod): |
215 | 227 | assert u.is_admin() is None |
216 | 228 |
|
217 | 229 |
|
| 230 | +class TestLdapAuthenticate: |
| 231 | + @patch("nav.web.auth.ldap.available", new=False) |
| 232 | + def test_if_ldap_not_available_return_None(self, *_): |
| 233 | + result = ldap.authenticate('foo', 'bar') |
| 234 | + assert result is None |
| 235 | + |
| 236 | + @patch("nav.web.auth.ldap.available", new=True) |
| 237 | + @patch("nav.web.auth.ldap.get_ldap_user", return_value=False) |
| 238 | + @patch( |
| 239 | + "nav.web.auth.Account.objects.get", new=MagicMock(return_value=LOCKED_ACCOUNT) |
| 240 | + ) |
| 241 | + def test_locked_accounts_return_None(self, *_): |
| 242 | + result = ldap.authenticate('foo', 'bar') |
| 243 | + assert result is None |
| 244 | + |
| 245 | + @patch("nav.web.auth.ldap.available", new=True) |
| 246 | + @patch("nav.web.auth.ldap.get_ldap_user", return_value=False) |
| 247 | + @patch( |
| 248 | + "nav.web.auth.Account.objects.get", new=MagicMock(return_value=ACTIVE_ACCOUNT) |
| 249 | + ) |
| 250 | + @patch("nav.web.auth.Account.check_password", return_value=False) |
| 251 | + def test_active_account_with_wrong_password_return_None(self, *_): |
| 252 | + result = ldap.authenticate('foo', 'ni!') |
| 253 | + assert result is None |
| 254 | + |
| 255 | + @patch("nav.web.auth.ldap.available", new=True) |
| 256 | + @patch("nav.web.auth.ldap.get_ldap_user", return_value=False) |
| 257 | + @patch( |
| 258 | + "nav.web.auth.Account.objects.get", new=MagicMock(return_value=ACTIVE_ACCOUNT) |
| 259 | + ) |
| 260 | + @patch("nav.web.auth.Account.check_password", return_value=True) |
| 261 | + @patch("nav.web.auth.ldap.update_ldap_user", return_value=ACTIVE_ACCOUNT) |
| 262 | + def test_active_account_with_correct_password_return_account(self, *_): |
| 263 | + result = ldap.authenticate('foo', 'ni!') |
| 264 | + assert result == ACTIVE_ACCOUNT |
| 265 | + |
| 266 | + @patch("nav.web.auth.ldap.available", new=True) |
| 267 | + @patch("nav.web.auth.ldap.get_ldap_user", return_value=True) |
| 268 | + @patch("nav.web.auth.Account.objects.get", side_effect=Account.DoesNotExist()) |
| 269 | + @patch("nav.web.auth.ldap.autocreate_ldap_user", return_value=ACTIVE_ACCOUNT) |
| 270 | + def test_nonexisting_accounts_are_created(self, *_): |
| 271 | + result = ldap.authenticate('foo', 'ni!') |
| 272 | + assert result == ACTIVE_ACCOUNT |
| 273 | + |
| 274 | + |
218 | 275 | # |
219 | 276 | # Pytest fixtures |
220 | 277 | # |
|
0 commit comments