Skip to content
Snippets Groups Projects
Verified Commit ec750b84 authored by Nik | Klampfradler's avatar Nik | Klampfradler
Browse files

Add tests to ensure LDAP authentication for vanished accoutns fails

parent 1d9fce28
No related branches found
No related tags found
No related merge requests found
Pipeline #47165 canceled
Stage: prepare
Stage: test
Stage: build
Stage: publish
Stage: docker
Stage: deploy
This commit is part of merge request !847. Comments created here will be created in the context of that merge request.
Hide whitespace changes
Inline Side-by-side
aleksis/core/tests/views/test_account.py
+ 44
0
Edit View file @ ec750b84
from django.conf import settings
from django.test import override_settings
from django.urls import reverse
import ldap
import pytest
from django_auth_ldap.config import LDAPSearch
from aleksis.core.models import UserAdditionalAttributes
pytestmark = pytest.mark.django_db
LDAP_BASE = "dc=example,dc=com"
LDAP_SETTINGS = {
"AUTH_LDAP_GLOBAL_OPTIONS": {
ldap.OPT_NETWORK_TIMEOUT: 1,
},
"AUTH_LDAP_USER_SEARCH": LDAPSearch(LDAP_BASE, ldap.SCOPE_SUBTREE),
}
def test_index_not_logged_in(client):
response = client.get("/")
......@@ -40,3 +53,34 @@ def test_logout(client, django_user_model):
assert response.status_code == 200
assert "Please login to see this page." in response.content.decode("utf-8")
@override_settings(
AUTHENTICATION_BACKENDS=[
"aleksis.core.util.ldap.LDAPBackend",
"django.contrib.auth.backends.ModelBackend",
],
AUTH_LDAP_SERVER_URI="ldap://[100::0]",
AUTH_LDAP_SET_USABLE_PASSWORD=True,
**LDAP_SETTINGS
)
def test_login_ldap_fail_if_previously_ldap_authenticated(client, django_user_model):
username = "foo"
password = "bar"
django_user_model.objects.create_user(username=username, password=password)
# Logging in with a fresh account should success
res = client.login(username=username, password=password)
assert res
client.get(reverse("logout"), follow=True)
# Logging in with a previously LDAP-authenticated account should fail
UserAdditionalAttributes.set_user_attribute(username, "ldap_authenticated", True)
res = client.login(username=username, password=password)
assert not res
# Explicitly noting account has not been used with LDAP should succeed
UserAdditionalAttributes.set_user_attribute(username, "ldap_authenticated", False)
res = client.login(username=username, password=password)
assert res
tox.ini
+ 1
1
Edit View file @ ec750b84
......@@ -9,7 +9,7 @@ whitelist_externals = poetry
skip_install = true
envdir = {toxworkdir}/globalenv
commands_pre =
poetry install
poetry install -E ldap
poetry run aleksis-admin yarn install
poetry run aleksis-admin collectstatic --no-input
commands =
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment