Home Explore Help
Sign In
221V
/
Misago
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e57b6b4c62
Branches Tags
Misago
/
misago
/
admin
/
tests
/
test_authorization.py

test_authorization.py 3.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110 
  1. from time import time
    2. 

  2. from unittest.mock import Mock
    3. 

  3. 

  4. import pytest
    5. 

  5. from django.test import override_settings
    6. 

  6. 

  7. from ..auth import (
    8. 

  8.     TOKEN_KEY,
    9. 

  9.     UPDATED_KEY,
    10. 

  10.     authorize_admin,
    11. 

  11.     is_admin_authorized,
    12. 

  12.     remove_admin_authorization,
    13. 

  13.     update_admin_authorization,
    14. 

  14. )
    15. 

  15. 

  16. 

  17. @pytest.fixture
    18. 

  18. def admin_request(superuser):
    19. 

  19.     request = Mock(session={}, user=superuser)
    20. 

  20.     authorize_admin(request)
    21. 

  21.     return request
    22. 

  22. 

  23. 

  24. def test_authorizing_admin_updates_request_session(user):
    25. 

  25.     request = Mock(session={}, user=user)
    26. 

  26.     authorize_admin(request)
    27. 

  27.     assert request.session
    28. 

  28. 

  29. 

  30. def test_staff_user_can_be_authorized(staffuser):
    31. 

  31.     request = Mock(session={}, user=staffuser)
    32. 

  32.     authorize_admin(request)
    33. 

  33.     assert is_admin_authorized(request)
    34. 

  34. 

  35. 

  36. def test_non_staff_user_admin_authorization_is_never_valid(user):
    37. 

  37.     request = Mock(session={}, user=user)
    38. 

  38.     authorize_admin(request)
    39. 

  39.     assert not is_admin_authorized(request)
    40. 

  40. 

  41. 

  42. def test_anonymous_user_admin_authorization_is_never_valid(user, anonymous_user):
    43. 

  43.     request = Mock(session={}, user=user)
    44. 

  44.     authorize_admin(request)
    45. 

  45.     request.user = anonymous_user
    46. 

  46.     assert not is_admin_authorized(request)
    47. 

  47. 

  48. 

  49. def test_superuser_without_staff_flag_admin_authorization_is_never_valid(staffuser):
    50. 

  50.     request = Mock(session={}, user=staffuser)
    51. 

  51.     authorize_admin(request)
    52. 

  52.     request.user.is_staff = False
    53. 

  53.     assert not is_admin_authorized(request)
    54. 

  54. 

  55. 

  56. def test_admin_authorization_is_invalidated_by_user_pk_change(admin_request, superuser):
    57. 

  57.     admin_request.user.pk = superuser.pk + 1
    58. 

  58.     assert not is_admin_authorized(admin_request)
    59. 

  59. 

  60. 

  61. def test_admin_authorization_is_invalidated_by_user_email_change(admin_request):
    62. 

  62.     admin_request.user.email = "changed@example.com"
    63. 

  63.     assert not is_admin_authorized(admin_request)
    64. 

  64. 

  65. 

  66. def test_admin_authorization_is_invalidated_by_user_password_change(admin_request):
    67. 

  67.     admin_request.user.set_password("changed-password")
    68. 

  68.     assert not is_admin_authorized(admin_request)
    69. 

  69. 

  70. 

  71. def test_admin_authorization_is_invalidated_by_secret_key_change(admin_request):
    72. 

  72.     with override_settings(SECRET_KEY="changed-secret-key"):
    73. 

  73.         assert not is_admin_authorized(admin_request)
    74. 

  74. 

  75. 

  76. def test_admin_authorization_is_invalidated_by_token_change(admin_request):
    77. 

  77.     admin_request.session[TOKEN_KEY] = "authorization-token-changed"
    78. 

  78.     assert not is_admin_authorized(admin_request)
    79. 

  79. 

  80. 

  81. @override_settings(MISAGO_ADMIN_SESSION_EXPIRATION=5)
    82. 

  82. def test_admin_authorization_is_invalidated_by_token_expiration(admin_request):
    83. 

  83.     admin_request.session[UPDATED_KEY] = time() - 5 * 60 - 1
    84. 

  84.     assert not is_admin_authorized(admin_request)
    85. 

  85. 

  86. 

  87. def test_updating_authorization_extends_authorization_expiration_time(admin_request):
    88. 

  88.     admin_request.session[UPDATED_KEY] = 0
    89. 

  89.     update_admin_authorization(admin_request)
    90. 

  90.     assert admin_request.session[UPDATED_KEY]
    91. 

  91. 

  92. 

  93. def test_updating_authorization_validates_authorization(admin_request):
    94. 

  94.     admin_request.session[UPDATED_KEY] = 0
    95. 

  95.     update_admin_authorization(admin_request)
    96. 

  96.     assert is_admin_authorized(admin_request)
    97. 

  97. 

  98. 

  99. def test_removing_authorization_removes_autorization_from_request_session(
    100. 

  100.     admin_request,
    101. 

  101. ):
    102. 

  102.     admin_request.session[UPDATED_KEY] = 0
    103. 

  103.     remove_admin_authorization(admin_request)
    104. 

  104.     assert not admin_request.session
    105. 

  105. 

  106. 

  107. def test_removing_authorization_invalidates_autorization(admin_request):
    108. 

  108.     admin_request.session[UPDATED_KEY] = 0
    109. 

  109.     remove_admin_authorization(admin_request)
    110. 

  110.     assert not is_admin_authorized(admin_request)
    111.