4b486de40c7fb08b0dc3c00a4e750b91b84be71d
[django-cas-provider.git] / cas_provider / tests.py
1 from cas_provider.models import ServiceTicket
2 from cas_provider.views import _cas2_sucess_response, _cas2_error_response, \
3     INVALID_TICKET
4 from django.contrib.auth.models import User
5 from django.core.urlresolvers import reverse
6 from django.test import TestCase
7 from urlparse import urlparse
8 from django.conf import settings
9
10
11 class ViewsTest(TestCase):
12
13     fixtures = ['cas_users.json', ]
14
15     def setUp(self):
16         self.service = 'http://example.com/'
17
18
19     def test_succeessful_login(self):
20         response = self._login_user('root', '123')
21         self._validate_cas1(response, True)
22
23         response = self.client.get(reverse('cas_login'), {'service': self.service}, follow=False)
24         self.assertEqual(response.status_code, 302)
25         self.assertTrue(response['location'].startswith('%s?ticket=' % self.service))
26
27         response = self.client.get(reverse('cas_login'), follow=False)
28         self.assertEqual(response.status_code, 302)
29         self.assertTrue(response['location'].startswith('http://testserver/'))
30
31         response = self.client.get(response['location'], follow=False)
32         self.assertIn(response.status_code, [302, 200])
33
34         response = self.client.get(reverse('cas_login'), {'service': self.service, 'warn': True}, follow=False)
35         self.assertEqual(response.status_code, 200)
36         self.assertTemplateUsed(response, 'cas/warn.html')
37
38
39     def _cas_logout(self):
40         response = self.client.get(reverse('cas_logout'), follow=False)
41         self.assertEqual(response.status_code, 200)
42
43
44     def test_logout(self):
45         response = self._login_user('root', '123')
46         self._validate_cas1(response, True)
47
48         self._cas_logout()
49
50         response = self.client.get(reverse('cas_login'), follow=False)
51         self.assertEqual(response.status_code, 200)
52         self.assertEqual(response.context['user'].is_anonymous(), True)
53
54
55     def test_broken_pwd(self):
56         self._fail_login('root', '321')
57
58     def test_broken_username(self):
59         self._fail_login('notroot', '123')
60
61     def test_nonactive_user_login(self):
62         self._fail_login('nonactive', '123')
63
64     def test_cas2_success_validate(self):
65         response = self._login_user('root', '123')
66         response = self._validate_cas2(response, True)
67         user = User.objects.get(username=self.username)
68         self.assertEqual(response.content, _cas2_sucess_response(user).content)
69
70     def test_cas2_custom_attrs(self):
71         settings.CAS_CUSTOM_ATTRIBUTES_CALLBACK = cas_mapping
72         response = self._login_user('editor', '123')
73
74         response = self._validate_cas2(response, True)
75         self.assertEqual(response.content, '''<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">'''
76             '''<cas:authenticationSuccess>'''
77                 '''<cas:user>editor</cas:user>'''
78                 '''<cas:attributes>'''
79                     '''<cas:attraStyle>Jasig</cas:attraStyle>'''
80                     '''<cas:group>editor</cas:group>'''
81                     '''<cas:is_staff>True</cas:is_staff>'''
82                     '''<cas:is_active>True</cas:is_active>'''
83                     '''<cas:email>editor@exapmle.com</cas:email>'''
84                 '''</cas:attributes>'''
85             '''</cas:authenticationSuccess>'''
86         '''</cas:serviceResponse>''')
87
88         self._cas_logout()
89         response = self._login_user('editor', '123')
90         settings.CAS_CUSTOM_ATTRIBUTES_FORMATER = 'cas_provider.attribute_formatters.ruby_cas'
91         response = self._validate_cas2(response, True)
92         self.assertEqual(response.content, '''<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">'''
93             '''<cas:authenticationSuccess>'''
94                 '''<cas:user>editor</cas:user>'''
95                 '''<cas:attraStyle>RubyCAS</cas:attraStyle>'''
96                 '''<cas:group>editor</cas:group>'''
97                 '''<cas:is_staff>True</cas:is_staff>'''
98                 '''<cas:is_active>True</cas:is_active>'''
99                 '''<cas:email>editor@exapmle.com</cas:email>'''
100             '''</cas:authenticationSuccess>'''
101         '''</cas:serviceResponse>''')
102
103         self._cas_logout()
104         response = self._login_user('editor', '123')
105         settings.CAS_CUSTOM_ATTRIBUTES_FORMATER = 'cas_provider.attribute_formatters.name_value'
106         response = self._validate_cas2(response, True)
107         self.assertEqual(response.content, '''<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">'''
108             '''<cas:authenticationSuccess>'''
109                 '''<cas:user>editor</cas:user>'''
110                     '''<cas:attribute name="attraStyle" value="Name-Value"/>'''
111                     '''<cas:attribute name="group" value="editor"/>'''
112                     '''<cas:attribute name="is_staff" value="True"/>'''
113                     '''<cas:attribute name="is_active" value="True"/>'''
114                     '''<cas:attribute name="email" value="editor@exapmle.com"/>'''
115             '''</cas:authenticationSuccess>'''
116         '''</cas:serviceResponse>''')
117
118
119     def test_cas2_fail_validate(self):
120         for user, pwd in (('root', '321'), ('notroot', '123'), ('nonactive', '123')):
121             response = self._login_user(user, pwd)
122             self._validate_cas2(response, False)
123
124
125     def _fail_login(self, username, password):
126         response = self._login_user(username, password)
127         self._validate_cas1(response, False)
128
129         response = self.client.get(reverse('cas_login'), {'service': self.service}, follow=False)
130         self.assertEqual(response.status_code, 200)
131         response = self.client.get(reverse('cas_login'), follow=False)
132         self.assertEqual(response.status_code, 200)
133
134
135
136     def _login_user(self, username, password):
137         self.username = username
138         response = self.client.get(reverse('cas_login'), {'service': self.service})
139         self.assertEqual(response.status_code, 200)
140         self.assertTemplateUsed(response, 'cas/login.html')
141         form = response.context['form']
142         service = form['service'].value()
143         return self.client.post(reverse('cas_login'), {
144             'username': username,
145             'password': password,
146             'lt': form['lt'].value(),
147             'service': service
148         }, follow=False)
149
150
151     def _validate_cas1(self, response, is_correct=True):
152         if is_correct:
153             self.assertEqual(response.status_code, 302)
154             self.assertTrue(response.has_header('location'))
155             location = urlparse(response['location'])
156             ticket = location.query.split('=')[1]
157
158             response = self.client.get(reverse('cas_validate'), {'ticket': ticket, 'service': self.service}, follow=False)
159             self.assertEqual(response.status_code, 200)
160             self.assertEqual(unicode(response.content), u'yes\n%s\n' % self.username)
161         else:
162             self.assertEqual(response.status_code, 200)
163             self.assertEqual(len(response.context['form'].errors), 1)
164
165             response = self.client.get(reverse('cas_validate'), {'ticket': 'ST-12312312312312312312312', 'service': self.service}, follow=False)
166             self.assertEqual(response.status_code, 200)
167             self.assertEqual(response.content, u'no\n\n')
168
169
170     def _validate_cas2(self, response, is_correct=True):
171         if is_correct:
172             self.assertEqual(response.status_code, 302)
173             self.assertTrue(response.has_header('location'))
174             location = urlparse(response['location'])
175             ticket = location.query.split('=')[1]
176
177             response = self.client.get(reverse('cas_service_validate'), {'ticket': ticket, 'service': self.service}, follow=False)
178             self.assertEqual(response.status_code, 200)
179         else:
180             self.assertEqual(response.status_code, 200)
181             self.assertEqual(len(response.context['form'].errors), 1)
182
183             response = self.client.get(reverse('cas_service_validate'), {'ticket': 'ST-12312312312312312312312', 'service': self.service}, follow=False)
184             self.assertEqual(response.status_code, 200)
185             self.assertEqual(response.content, _cas2_error_response(INVALID_TICKET).content)
186         return response
187
188
189 class ModelsTestCase(TestCase):
190
191     fixtures = ['cas_users.json', ]
192
193     def setUp(self):
194         self.user = User.objects.get(username='root')
195
196     def test_redirects(self):
197         ticket = ServiceTicket.objects.create(service='http://example.com', user=self.user)
198         self.assertEqual(ticket.get_redirect_url(), '%(service)s?ticket=%(ticket)s' % ticket.__dict__)
199
200
201 def cas_mapping(user):
202     return {
203         'is_staff': unicode(user.is_staff),
204         'is_active': unicode(user.is_active),
205         'email': user.email,
206         'group': [g.name for g in user.groups.all()]
207     }