Test the CAS login view

This commit is contained in:
Martin Pépin 2020-05-17 21:34:43 +02:00
parent 6fdde55b0f
commit 68e43f488a
No known key found for this signature in database
GPG key ID: E7520278B1774448
3 changed files with 57 additions and 4 deletions

View file

@ -1,5 +1,5 @@
from unittest.mock import patch
from urllib.parse import quote as urlquote
from urllib.parse import quote
from django.conf import settings
from django.contrib.auth import get_user_model
@ -13,6 +13,34 @@ from authens.tests.cas_utils import FakeCASClient
UserModel = get_user_model()
class TestCASLoginView(TestCase):
def test_cas_login_redirect(self):
url = reverse("authens:login.cas")
abs_url = "http://testserver{}".format(url)
client = Client()
# User request without ticket: redirect to the CAS login page.
response = client.get(url)
self.assertRedirects(
response,
"https://cas.eleves.ens.fr/login?service={}".format(quote(abs_url)),
fetch_redirect_response=False,
)
@patch("authens.backends.get_cas_client")
def test_cas_login_with_ticket(self, mock_cas_client):
# Make `get_cas_client` return a dummy CAS client that skips ticket verification
# and always log in a user with CAS login 'johndoe'.
mock_cas_client.return_value = FakeCASClient("johndoe", 2019)
url = reverse("authens:login.cas")
client = Client()
# User request with a CAS ticket: validate the ticket.
response = client.get("{}?ticket=dummy-ticket".format(url), follow=True)
self.assertRedirects(response, settings.LOGIN_REDIRECT_URL)
class TestLogoutView(TestCase):
def test_regular_logout(self):
# Regular user (without a CAS account)
@ -48,7 +76,7 @@ class TestLogoutView(TestCase):
self.assertRedirects( # … and redirected to the CAS logout page.
response,
"https://cas.eleves.ens.fr/logout?service={}".format(
urlquote("http://testserver" + reverse("authens:login"))
quote("http://testserver/public")
),
fetch_redirect_response=False,
)

View file

@ -48,4 +48,5 @@ DATABASES = {"default": {"ENGINE": "django.db.backends.sqlite3"}}
ROOT_URLCONF = "tests.urls"
LOGIN_URL = reverse_lazy("authens:login")
LOGOUT_REDIRECT_URL = reverse_lazy("authens:login")
LOGIN_REDIRECT_URL = "/private"
LOGOUT_REDIRECT_URL = "/public"

View file

@ -1,4 +1,28 @@
from django.contrib.auth.decorators import login_required
from django.http import HttpResponse
from django.urls import include, path
urlpatterns = [path("authens/", include("authens.urls"))]
# ---
# Two tiny views to easily test user authentication.
# ---
def public_view(request):
return HttpResponse("OK")
@login_required
def private_view(request):
return HttpResponse("OK")
# ---
# Urls: expose authens' urls + the above views.
# ---
urlpatterns = [
path("public", public_view),
path("private", private_view),
path("authens/", include("authens.urls")),
]