Skip to content

Commit 1852042

Browse files
777GE90777GE90
committed
Added more unit tests
1 parent 922258f commit 1852042

File tree

4 files changed

+326
-20
lines changed

4 files changed

+326
-20
lines changed

tests/mock_files/azure-openid-configuration-v2.json

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
{
2+
"authorization_endpoint": "https://login.microsoftonline.com/01234567-89ab-cdef-0123-456789abcdef/oauth2/v2.0/authorize",
3+
"token_endpoint": "https://login.microsoftonline.com/01234567-89ab-cdef-0123-456789abcdef/oauth2/v2.0/token",
4+
"token_endpoint_auth_methods_supported": [
5+
"client_secret_post",
6+
"private_key_jwt",
7+
"client_secret_basic"
8+
],
9+
"jwks_uri": "https://login.microsoftonline.com/common/discovery/keys",
10+
"response_modes_supported": [
11+
"query",
12+
"fragment",
13+
"form_post"
14+
],
15+
"subject_types_supported": [
16+
"pairwise"
17+
],
18+
"id_token_signing_alg_values_supported": [
19+
"RS256"
20+
],
21+
"http_logout_supported": true,
22+
"frontchannel_logout_supported": true,
23+
"end_session_endpoint": "https://login.microsoftonline.com/01234567-89ab-cdef-0123-456789abcdef/oauth2/v2.0/logout",
24+
"response_types_supported": [
25+
"code",
26+
"id_token",
27+
"code id_token",
28+
"token id_token",
29+
"token"
30+
],
31+
"scopes_supported": [
32+
"openid"
33+
],
34+
"issuer": "https://sts.windows.net/01234567-89ab-cdef-0123-456789abcdef/",
35+
"claims_supported": [
36+
"sub",
37+
"iss",
38+
"cloud_instance_name",
39+
"cloud_instance_host_name",
40+
"cloud_graph_host_name",
41+
"msgraph_host",
42+
"aud",
43+
"exp",
44+
"iat",
45+
"auth_time",
46+
"acr",
47+
"amr",
48+
"nonce",
49+
"email",
50+
"given_name",
51+
"family_name",
52+
"nickname"
53+
],
54+
"microsoft_multi_refresh_token": true,
55+
"check_session_iframe": "https://login.microsoftonline.com/01234567-89ab-cdef-0123-456789abcdef/oauth2/v2.0/checksession",
56+
"userinfo_endpoint": "https://login.microsoftonline.com/01234567-89ab-cdef-0123-456789abcdef/openid/userinfo",
57+
"tenant_region_scope": "EU",
58+
"cloud_instance_name": "microsoftonline.com",
59+
"cloud_graph_host_name": "graph.windows.net",
60+
"msgraph_host": "graph.microsoft.com",
61+
"rbac_url": "https://pas.windows.net"
62+
}

tests/test_authentication.py

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -164,6 +164,17 @@ def test_group_claim(self):
164164
self.assertEqual(user.email, "[email protected]")
165165
self.assertEqual(len(user.groups.all()), 0)
166166

167+
@mock_adfs("2016")
168+
def test_no_group_claim(self):
169+
backend = AdfsAuthCodeBackend()
170+
with patch("django_auth_adfs.backend.settings.GROUPS_CLAIM", None):
171+
user = backend.authenticate(self.request, authorization_code="dummycode")
172+
self.assertIsInstance(user, User)
173+
self.assertEqual(user.first_name, "John")
174+
self.assertEqual(user.last_name, "Doe")
175+
self.assertEqual(user.email, "[email protected]")
176+
self.assertEqual(len(user.groups.all()), 0)
177+
167178
@mock_adfs("2016", empty_keys=True)
168179
def test_empty_keys(self):
169180
backend = AdfsAuthCodeBackend()

tests/test_drf_integration.py

Lines changed: 56 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -162,7 +162,7 @@ def test_access_token_azure_guest_but_no_upn_but_no_guest_username_claim(self):
162162
with self.assertRaises(exceptions.AuthenticationFailed):
163163
self.drf_auth_class.authenticate(request)
164164

165-
@mock_adfs("azure")
165+
@mock_adfs("azure", requires_obo=True)
166166
def test_process_group_claim_from_ms_graph(self):
167167
access_token_header = "Bearer {}".format(self.access_token_azure_groups_in_claim_source)
168168
request = RequestFactory().get('/api', HTTP_AUTHORIZATION=access_token_header)
@@ -175,18 +175,61 @@ def test_process_group_claim_from_ms_graph(self):
175175
with patch('django_auth_adfs.backend.settings', Settings()):
176176
with patch("django_auth_adfs.config.settings", Settings()):
177177
with patch("django_auth_adfs.backend.provider_config", ProviderConfig()):
178-
with patch(
179-
"django_auth_adfs.backend.AdfsBaseBackend.get_obo_access_token",
180-
return_value="123456"
181-
):
182-
with patch(
183-
"django_auth_adfs.backend.AdfsBaseBackend.get_group_memberships_from_ms_graph",
184-
return_value=["group1", "group2"]
185-
):
186-
user, _ = self.drf_auth_class.authenticate(request)
187-
self.assertEqual(user.username, "testuser")
188-
self.assertEqual(user.groups.all()[0].name, "group1")
189-
self.assertEqual(user.groups.all()[1].name, "group2")
178+
user, _ = self.drf_auth_class.authenticate(request)
179+
self.assertEqual(user.username, "testuser")
180+
self.assertEqual(user.groups.all()[0].name, "group1")
181+
self.assertEqual(user.groups.all()[1].name, "group2")
182+
183+
@mock_adfs("azure", requires_obo=True, mfa_error=True)
184+
def test_get_obo_access_token_mfa_error(self):
185+
access_token_header = "Bearer {}".format(self.access_token_azure_groups_in_claim_source)
186+
request = RequestFactory().get('/api', HTTP_AUTHORIZATION=access_token_header)
187+
188+
from django_auth_adfs.config import django_settings
189+
settings = deepcopy(django_settings)
190+
del settings.AUTH_ADFS["SERVER"]
191+
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
192+
with patch("django_auth_adfs.config.django_settings", settings):
193+
with patch('django_auth_adfs.backend.settings', Settings()):
194+
with patch("django_auth_adfs.config.settings", Settings()):
195+
with patch("django_auth_adfs.backend.provider_config", ProviderConfig()):
196+
with self.assertRaises(AuthenticationFailed):
197+
self.drf_auth_class.authenticate(request)
198+
199+
@mock_adfs("azure", requires_obo=True, version='v2.0')
200+
def test_get_obo_access_token_version_2(self):
201+
access_token_header = "Bearer {}".format(self.access_token_azure_groups_in_claim_source)
202+
request = RequestFactory().get('/api', HTTP_AUTHORIZATION=access_token_header)
203+
204+
from django_auth_adfs.config import django_settings
205+
settings = deepcopy(django_settings)
206+
del settings.AUTH_ADFS["SERVER"]
207+
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
208+
settings.AUTH_ADFS["VERSION"] = 'v2.0'
209+
with patch("django_auth_adfs.config.django_settings", settings):
210+
with patch('django_auth_adfs.backend.settings', Settings()):
211+
with patch("django_auth_adfs.config.settings", Settings()):
212+
with patch("django_auth_adfs.backend.provider_config", ProviderConfig()):
213+
user, _ = self.drf_auth_class.authenticate(request)
214+
self.assertEqual(user.username, "testuser")
215+
self.assertEqual(user.groups.all()[0].name, "group1")
216+
self.assertEqual(user.groups.all()[1].name, "group2")
217+
218+
@mock_adfs("azure", requires_obo=True, missing_graph_group_perm=True)
219+
def test_missing_ms_graph_group_permission(self):
220+
access_token_header = "Bearer {}".format(self.access_token_azure_groups_in_claim_source)
221+
request = RequestFactory().get('/api', HTTP_AUTHORIZATION=access_token_header)
222+
223+
from django_auth_adfs.config import django_settings
224+
settings = deepcopy(django_settings)
225+
del settings.AUTH_ADFS["SERVER"]
226+
settings.AUTH_ADFS["TENANT_ID"] = "dummy_tenant_id"
227+
with patch("django_auth_adfs.config.django_settings", settings):
228+
with patch('django_auth_adfs.backend.settings', Settings()):
229+
with patch("django_auth_adfs.config.settings", Settings()):
230+
with patch("django_auth_adfs.backend.provider_config", ProviderConfig()):
231+
with self.assertRaises(AuthenticationFailed):
232+
self.drf_auth_class.authenticate(request)
190233

191234
@mock_adfs("2012")
192235
def test_access_token_exceptions(self):

0 commit comments

Comments
 (0)