diff options
author | James Tait <james.tait@canonical.com> | 2013-06-21 15:05:18 +0100 |
---|---|---|
committer | James Tait <james.tait@canonical.com> | 2013-06-21 15:05:18 +0100 |
commit | fe9b4f33615652e3ba12cca9af054595f394fee8 (patch) | |
tree | 30ec9478bb54e74fbc052718a95911e6ff4c25ec | |
parent | fb446fbf45bedb6123639005a98c1b7098eb7751 (diff) | |
parent | cfb82d35b603979b98b3593e33bd8b7827128485 (diff) |
Merged origin/trunk into ax-email-verified.
-rw-r--r-- | django_openid_auth/tests/test_auth.py | 60 | ||||
-rw-r--r-- | django_openid_auth/tests/test_views.py | 48 | ||||
-rw-r--r-- | django_openid_auth/views.py | 25 |
3 files changed, 83 insertions, 50 deletions
diff --git a/django_openid_auth/tests/test_auth.py b/django_openid_auth/tests/test_auth.py index 635484b..cb4570b 100644 --- a/django_openid_auth/tests/test_auth.py +++ b/django_openid_auth/tests/test_auth.py @@ -192,37 +192,49 @@ class OpenIDBackendTests(TestCase): self.assertEqual("Some56789012345678901234567890", user.first_name) self.assertEqual("User56789012345678901234567890", user.last_name) - def test_update_user_openid_unverified(self): - response = self.make_response_ax() - user = User.objects.create_user('someuser', 'someuser@example.com', - password=None) + def make_user(self, username='someuser', email='someuser@example.com', + password=None): + user = User.objects.create_user(username, email, password=password) + return user + + def make_user_openid(self, user=None, + claimed_id='http://example.com/existing_identity', + display_id='http://example.com/existing_identity'): + if user is None: + user = self.make_user() user_openid, created = UserOpenID.objects.get_or_create( - user=user, - claimed_id='http://example.com/existing_identity', - display_id='http://example.com/existing_identity', - account_verified=False) - data = dict(first_name=u"Some56789012345678901234567890123", - last_name=u"User56789012345678901234567890123", - email=u"someotheruser@example.com", account_verified=False) + user=user, claimed_id=claimed_id, display_id=display_id) + return user_openid - self.backend.update_user_details(user_openid, data, response) - self.assertFalse(user_openid.account_verified) + def _test_account_verified(self, user_openid, verified, expected): + # set user's verification status + user_openid.account_verified = verified - def test_update_user_openid_verified(self): + # get a response including verification status response = self.make_response_ax() - user = User.objects.create_user('someuser', 'someuser@example.com', - password=None) - user_openid, created = UserOpenID.objects.get_or_create( - user=user, - claimed_id='http://example.com/existing_identity', - display_id='http://example.com/existing_identity', - account_verified=False) data = dict(first_name=u"Some56789012345678901234567890123", last_name=u"User56789012345678901234567890123", - email=u"someotheruser@example.com", account_verified=True) - + email=u"someotheruser@example.com", account_verified=expected) self.backend.update_user_details(user_openid, data, response) - self.assertTrue(user_openid.account_verified) + + # refresh object from the database + user_openid = UserOpenID.objects.get(pk=user_openid.pk) + # check the verification status + self.assertEqual(user_openid.account_verified, expected) + self.assertEqual(user_openid.user.has_perm( + 'django_openid_auth.account_verified'), expected) + + def test_update_user_openid_unverified(self): + user_openid = self.make_user_openid() + + for verified in (False, True): + self._test_account_verified(user_openid, verified, expected=False) + + def test_update_user_openid_verified(self): + user_openid = self.make_user_openid() + + for verified in (False, True): + self._test_account_verified(user_openid, verified, expected=True) def test_extract_user_details_name_with_trailing_space(self): response = self.make_response_ax(fullname="SomeUser ") diff --git a/django_openid_auth/tests/test_views.py b/django_openid_auth/tests/test_views.py index 6c21036..3ebe34e 100644 --- a/django_openid_auth/tests/test_views.py +++ b/django_openid_auth/tests/test_views.py @@ -153,7 +153,7 @@ class DummyDjangoRequest(object): def build_absolute_uri(self): return self.META['SCRIPT_NAME'] + self.request_path - + def _combined_request(self): request = {} request.update(self.POST) @@ -430,7 +430,7 @@ class RelyingPartyTests(TestCase): settings.OPENID_PHYSICAL_MULTIFACTOR_REQUIRED = True preferred_auth = pape.AUTH_MULTI_FACTOR_PHYSICAL self.provider.type_uris.append(pape.ns_uri) - + openid_req = {'openid_identifier': 'http://example.com/identity', 'next': '/getuser/'} response = self.client.post('/openid/login/', openid_req) @@ -480,7 +480,7 @@ class RelyingPartyTests(TestCase): query = self.parse_query_string(response.request['QUERY_STRING']) self.assertTrue('openid.pape.auth_policies' in query) - self.assertEqual(query['openid.pape.auth_policies'], + self.assertEqual(query['openid.pape.auth_policies'], quote_plus(preferred_auth)) response = self.client.get('/getuser/') @@ -509,7 +509,7 @@ class RelyingPartyTests(TestCase): Consumer.complete = mock_complete user = User.objects.create_user('testuser', 'test@example.com') - useropenid = UserOpenID( + useropenid = UserOpenID( user=user, claimed_id='http://example.com/identity', display_id='http://example.com/identity', @@ -565,7 +565,7 @@ class RelyingPartyTests(TestCase): Consumer.complete = mock_complete user = User.objects.create_user('testuser', 'test@example.com') - useropenid = UserOpenID( + useropenid = UserOpenID( user=user, claimed_id='http://example.com/identity', display_id='http://example.com/identity', @@ -965,7 +965,7 @@ class RelyingPartyTests(TestCase): self.assertTrue(isinstance(exception, (RequiredAttributeNotReturned, MissingUsernameViolation))) return HttpResponse('Test Failure Override', status=200) settings.OPENID_RENDER_FAILURE = mock_login_failure_handler - + # Posting in an identity URL begins the authentication request: response = self.client.post('/openid/login/', {'openid_identifier': 'http://example.com/identity', @@ -983,7 +983,7 @@ class RelyingPartyTests(TestCase): 'email': 'foo@example.com'}) openid_response.addExtension(sreg_response) response = self.complete(openid_response) - + # Status code should be 200, since we over-rode the login_failure handler self.assertEquals(200, response.status_code) self.assertContains(response, 'Test Failure Override') @@ -1062,7 +1062,7 @@ class RelyingPartyTests(TestCase): 'email': 'foo@example.com'}) openid_response.addExtension(sreg_response) response = self.complete(openid_response) - + # Status code should be 200, since we over-rode the login_failure handler self.assertEquals(200, response.status_code) self.assertContains(response, 'Test Failure Override') @@ -1164,14 +1164,14 @@ class RelyingPartyTests(TestCase): self.assertEqual(['email', 'language'], sreg_request.required) self.assertEqual(['fullname', 'nickname'], sreg_request.optional) - def check_login_attribute_exchange(self, validation_type, is_verified): + def check_login_attribute_exchange(self, validation_type, is_verified, + request_account_verified=True): settings.OPENID_UPDATE_DETAILS_FROM_SREG = True user = User.objects.create_user('testuser', 'someone@example.com') useropenid = UserOpenID( user=user, claimed_id='http://example.com/identity', - display_id='http://example.com/identity', - account_verified=False) + display_id='http://example.com/identity') useropenid.save() # Configure the provider to advertise attribute exchange @@ -1208,8 +1208,10 @@ class RelyingPartyTests(TestCase): self.assertTrue(fetch_request.has_key( 'http://schema.openid.net/namePerson/friendly')) # Account verification: - self.assertTrue(fetch_request.has_key( - 'http://ns.login.ubuntu.com/2013/validation/account')) + self.assertEqual( + fetch_request.has_key( + 'http://ns.login.ubuntu.com/2013/validation/account'), + request_account_verified) # Build up a response including AX data. openid_response = openid_request.answer(True) @@ -1248,27 +1250,35 @@ class RelyingPartyTests(TestCase): user_openid = UserOpenID.objects.get(user=user) self.assertEqual(user_openid.account_verified, is_verified) - def test_login_attribute_exchange_with_validation(self): + def test_login_attribute_exchange_with_verification(self): settings.OPENID_VALID_VERIFICATION_SCHEMES = { self.provider.endpoint_url: ('token_via_email',), } self.check_login_attribute_exchange('token_via_email', is_verified=True) - def test_login_attribute_exchange_without_validation(self): + def test_login_attribute_exchange_without_verification(self): settings.OPENID_VALID_VERIFICATION_SCHEMES = { self.provider.endpoint_url: ('token_via_email',), } self.check_login_attribute_exchange(None, is_verified=False) - def test_login_attribute_exchange_unrecognised_validation(self): + def test_login_attribute_exchange_without_account_verified(self): + # don't request account_verified attribute in AX request (as there are + # no valid verificatation schemes defined) + # and check account verification status is left unmodified + # (it's set to False by default for a new user) + self.check_login_attribute_exchange(None, is_verified=False, + request_account_verified=False) + + def test_login_attribute_exchange_unrecognised_verification(self): settings.OPENID_VALID_VERIFICATION_SCHEMES = { self.provider.endpoint_url: ('token_via_email',), } self.check_login_attribute_exchange('unrecognised_scheme', is_verified=False) - def test_login_attribute_exchange_different_default_validation(self): + def test_login_attribute_exchange_different_default_verification(self): settings.OPENID_VALID_VERIFICATION_SCHEMES = { None: ('token_via_email', 'sms'), 'http://otherprovider/': ('unrecognised_scheme',), @@ -1276,7 +1286,7 @@ class RelyingPartyTests(TestCase): self.check_login_attribute_exchange('unrecognised_scheme', is_verified=False) - def test_login_attribute_exchange_matched_default_validation(self): + def test_login_attribute_exchange_matched_default_verification(self): settings.OPENID_VALID_VERIFICATION_SCHEMES = { None: ('token_via_email',), 'http://otherprovider/': ('unrecognised_scheme',), @@ -1449,7 +1459,7 @@ class RelyingPartyTests(TestCase): self.assertTrue(self.signal_handler_called) openid_login_complete.disconnect(login_callback) - + class HelperFunctionsTest(TestCase): def test_sanitise_redirect_url(self): settings.ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = [ diff --git a/django_openid_auth/views.py b/django_openid_auth/views.py index 244d9a8..50d74e8 100644 --- a/django_openid_auth/views.py +++ b/django_openid_auth/views.py @@ -169,7 +169,6 @@ def login_begin(request, template_name='openid/login.html', redirect_field_name: redirect_to }, context_instance=RequestContext(request)) - error = None consumer = make_consumer(request) try: openid_request = consumer.begin(openid_url) @@ -180,7 +179,8 @@ def login_begin(request, template_name='openid/login.html', # Request some user details. If the provider advertises support # for attribute exchange, use that. - if openid_request.endpoint.supportsType(ax.AXMessage.ns_uri): + endpoint = openid_request.endpoint + if endpoint.supportsType(ax.AXMessage.ns_uri): fetch_request = ax.FetchRequest() # We mark all the attributes as required, since Google ignores # optional attributes. We request both the full name and @@ -198,10 +198,21 @@ def login_begin(request, template_name='openid/login.html', ('http://schema.openid.net/contact/email', 'old_email'), ('http://schema.openid.net/namePerson', 'old_fullname'), ('http://schema.openid.net/namePerson/friendly', - 'old_nickname'), - ('http://ns.login.ubuntu.com/2013/validation/account', - 'account_verified')]: + 'old_nickname')]: fetch_request.add(ax.AttrInfo(attr, alias=alias, required=True)) + + # conditionally require account_verified attribute + verification_scheme_map = getattr( + settings, 'OPENID_VALID_VERIFICATION_SCHEMES', {}) + valid_schemes = verification_scheme_map.get( + endpoint.server_url, verification_scheme_map.get(None, ())) + if valid_schemes: + # there are valid schemes configured for this endpoint, so + # request account_verified status + fetch_request.add(ax.AttrInfo( + 'http://ns.login.ubuntu.com/2013/validation/account', + alias='account_verified', required=True)) + openid_request.addExtension(fetch_request) else: sreg_required_fields = [] @@ -216,7 +227,7 @@ def login_begin(request, template_name='openid/login.html', openid_request.addExtension( sreg.SRegRequest(optional=sreg_optional_fields, required=sreg_required_fields)) - + if getattr(settings, 'OPENID_PHYSICAL_MULTIFACTOR_REQUIRED', False): preferred_auth = [ pape.AUTH_MULTI_FACTOR_PHYSICAL, @@ -273,7 +284,7 @@ def login_complete(request, redirect_field_name=REDIRECT_FIELD_NAME, user = authenticate(openid_response=openid_response) except DjangoOpenIDException, e: return render_failure(request, e.message, exception=e) - + if user is not None: if user.is_active: auth_login(request, user) |