2012-06-08 00:08:47 +08:00
|
|
|
from __future__ import unicode_literals
|
2015-01-28 20:35:27 +08:00
|
|
|
|
2012-10-06 12:43:29 +08:00
|
|
|
from datetime import date
|
2012-06-08 00:08:47 +08:00
|
|
|
|
2015-02-12 03:38:52 +08:00
|
|
|
from django.contrib.auth import (
|
|
|
|
|
BACKEND_SESSION_KEY, SESSION_KEY, authenticate, get_user,
|
|
|
|
|
)
|
2013-05-18 19:46:31 +08:00
|
|
|
from django.contrib.auth.backends import ModelBackend
|
2015-01-28 20:35:27 +08:00
|
|
|
from django.contrib.auth.hashers import MD5PasswordHasher
|
|
|
|
|
from django.contrib.auth.models import AnonymousUser, Group, Permission, User
|
2015-02-11 21:24:42 +08:00
|
|
|
from django.contrib.auth.tests.custom_user import CustomUser, ExtensionUser
|
2009-12-10 09:05:35 +08:00
|
|
|
from django.contrib.contenttypes.models import ContentType
|
2012-11-18 03:24:54 +08:00
|
|
|
from django.core.exceptions import ImproperlyConfigured, PermissionDenied
|
2013-05-18 19:46:31 +08:00
|
|
|
from django.http import HttpRequest
|
2015-04-18 05:38:20 +08:00
|
|
|
from django.test import (
|
|
|
|
|
SimpleTestCase, TestCase, modify_settings, override_settings,
|
|
|
|
|
)
|
2013-07-23 21:41:09 +08:00
|
|
|
|
2015-02-12 03:38:52 +08:00
|
|
|
from .models import CustomPermissionsUser, UUIDUser
|
2015-02-11 21:24:42 +08:00
|
|
|
|
2013-07-23 21:41:09 +08:00
|
|
|
|
|
|
|
|
class CountingMD5PasswordHasher(MD5PasswordHasher):
|
|
|
|
|
"""Hasher that counts how many times it computes a hash."""
|
|
|
|
|
|
|
|
|
|
calls = 0
|
|
|
|
|
|
|
|
|
|
def encode(self, *args, **kwargs):
|
|
|
|
|
type(self).calls += 1
|
|
|
|
|
return super(CountingMD5PasswordHasher, self).encode(*args, **kwargs)
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
|
|
2012-10-06 12:43:29 +08:00
|
|
|
class BaseModelBackendTest(object):
|
|
|
|
|
"""
|
|
|
|
|
A base class for tests that need to validate the ModelBackend
|
|
|
|
|
with different User models. Subclasses should define a class
|
|
|
|
|
level UserModel attribute, and a create_users() method to
|
|
|
|
|
construct two users for test purposes.
|
|
|
|
|
"""
|
2009-12-10 09:05:35 +08:00
|
|
|
backend = 'django.contrib.auth.backends.ModelBackend'
|
|
|
|
|
|
|
|
|
|
def setUp(self):
|
2015-02-04 22:56:55 +08:00
|
|
|
self.patched_settings = modify_settings(
|
|
|
|
|
AUTHENTICATION_BACKENDS={'append': self.backend},
|
|
|
|
|
)
|
|
|
|
|
self.patched_settings.enable()
|
2012-10-06 12:43:29 +08:00
|
|
|
self.create_users()
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
|
def tearDown(self):
|
2015-02-04 22:56:55 +08:00
|
|
|
self.patched_settings.disable()
|
2011-01-14 00:22:03 +08:00
|
|
|
# The custom_perms test messes with ContentTypes, which will
|
|
|
|
|
# be cached; flush the cache to ensure there are no side effects
|
|
|
|
|
# Refs #14975, #14925
|
|
|
|
|
ContentType.objects.clear_cache()
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
|
def test_has_perm(self):
|
2013-01-22 19:47:34 +08:00
|
|
|
user = self.UserModel._default_manager.get(pk=self.user.pk)
|
2009-12-10 09:05:35 +08:00
|
|
|
self.assertEqual(user.has_perm('auth.test'), False)
|
2014-06-14 22:55:52 +08:00
|
|
|
|
2009-12-10 09:05:35 +08:00
|
|
|
user.is_staff = True
|
|
|
|
|
user.save()
|
|
|
|
|
self.assertEqual(user.has_perm('auth.test'), False)
|
2014-06-14 22:55:52 +08:00
|
|
|
|
2009-12-10 09:05:35 +08:00
|
|
|
user.is_superuser = True
|
|
|
|
|
user.save()
|
|
|
|
|
self.assertEqual(user.has_perm('auth.test'), True)
|
2014-06-14 22:55:52 +08:00
|
|
|
|
2010-01-11 00:51:13 +08:00
|
|
|
user.is_staff = True
|
|
|
|
|
user.is_superuser = True
|
|
|
|
|
user.is_active = False
|
|
|
|
|
user.save()
|
|
|
|
|
self.assertEqual(user.has_perm('auth.test'), False)
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
|
def test_custom_perms(self):
|
2013-01-22 19:47:34 +08:00
|
|
|
user = self.UserModel._default_manager.get(pk=self.user.pk)
|
2012-10-06 12:43:29 +08:00
|
|
|
content_type = ContentType.objects.get_for_model(Group)
|
2009-12-10 09:05:35 +08:00
|
|
|
perm = Permission.objects.create(name='test', content_type=content_type, codename='test')
|
|
|
|
|
user.user_permissions.add(perm)
|
|
|
|
|
|
|
|
|
|
# reloading user to purge the _perm_cache
|
2013-01-22 19:47:34 +08:00
|
|
|
user = self.UserModel._default_manager.get(pk=self.user.pk)
|
2014-09-26 20:31:50 +08:00
|
|
|
self.assertEqual(user.get_all_permissions() == {'auth.test'}, True)
|
|
|
|
|
self.assertEqual(user.get_group_permissions(), set())
|
2009-12-10 09:05:35 +08:00
|
|
|
self.assertEqual(user.has_module_perms('Group'), False)
|
|
|
|
|
self.assertEqual(user.has_module_perms('auth'), True)
|
2014-06-14 22:55:52 +08:00
|
|
|
|
2009-12-10 09:05:35 +08:00
|
|
|
perm = Permission.objects.create(name='test2', content_type=content_type, codename='test2')
|
|
|
|
|
user.user_permissions.add(perm)
|
|
|
|
|
perm = Permission.objects.create(name='test3', content_type=content_type, codename='test3')
|
|
|
|
|
user.user_permissions.add(perm)
|
2013-01-22 19:47:34 +08:00
|
|
|
user = self.UserModel._default_manager.get(pk=self.user.pk)
|
2014-09-26 20:31:50 +08:00
|
|
|
self.assertEqual(user.get_all_permissions(), {'auth.test2', 'auth.test', 'auth.test3'})
|
2009-12-10 09:05:35 +08:00
|
|
|
self.assertEqual(user.has_perm('test'), False)
|
|
|
|
|
self.assertEqual(user.has_perm('auth.test'), True)
|
|
|
|
|
self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), True)
|
2014-06-14 22:55:52 +08:00
|
|
|
|
2009-12-10 09:05:35 +08:00
|
|
|
perm = Permission.objects.create(name='test_group', content_type=content_type, codename='test_group')
|
|
|
|
|
group = Group.objects.create(name='test_group')
|
|
|
|
|
group.permissions.add(perm)
|
|
|
|
|
user.groups.add(group)
|
2013-01-22 19:47:34 +08:00
|
|
|
user = self.UserModel._default_manager.get(pk=self.user.pk)
|
2014-09-26 20:31:50 +08:00
|
|
|
exp = {'auth.test2', 'auth.test', 'auth.test3', 'auth.test_group'}
|
2009-12-10 09:05:35 +08:00
|
|
|
self.assertEqual(user.get_all_permissions(), exp)
|
2014-09-26 20:31:50 +08:00
|
|
|
self.assertEqual(user.get_group_permissions(), {'auth.test_group'})
|
2009-12-10 09:05:35 +08:00
|
|
|
self.assertEqual(user.has_perms(['auth.test3', 'auth.test_group']), True)
|
|
|
|
|
|
|
|
|
|
user = AnonymousUser()
|
|
|
|
|
self.assertEqual(user.has_perm('test'), False)
|
|
|
|
|
self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), False)
|
|
|
|
|
|
2009-12-31 06:12:57 +08:00
|
|
|
def test_has_no_object_perm(self):
|
|
|
|
|
"""Regressiontest for #12462"""
|
2013-01-22 19:47:34 +08:00
|
|
|
user = self.UserModel._default_manager.get(pk=self.user.pk)
|
2012-10-06 12:43:29 +08:00
|
|
|
content_type = ContentType.objects.get_for_model(Group)
|
2009-12-31 06:12:57 +08:00
|
|
|
perm = Permission.objects.create(name='test', content_type=content_type, codename='test')
|
|
|
|
|
user.user_permissions.add(perm)
|
|
|
|
|
|
|
|
|
|
self.assertEqual(user.has_perm('auth.test', 'object'), False)
|
2014-09-26 20:31:50 +08:00
|
|
|
self.assertEqual(user.get_all_permissions('object'), set())
|
2009-12-31 06:12:57 +08:00
|
|
|
self.assertEqual(user.has_perm('auth.test'), True)
|
2014-09-26 20:31:50 +08:00
|
|
|
self.assertEqual(user.get_all_permissions(), {'auth.test'})
|
2009-12-31 06:12:57 +08:00
|
|
|
|
2014-06-24 19:09:38 +08:00
|
|
|
def test_anonymous_has_no_permissions(self):
|
|
|
|
|
"""
|
|
|
|
|
#17903 -- Anonymous users shouldn't have permissions in
|
|
|
|
|
ModelBackend.get_(all|user|group)_permissions().
|
|
|
|
|
"""
|
|
|
|
|
backend = ModelBackend()
|
|
|
|
|
|
|
|
|
|
user = self.UserModel._default_manager.get(pk=self.user.pk)
|
|
|
|
|
content_type = ContentType.objects.get_for_model(Group)
|
|
|
|
|
user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user')
|
|
|
|
|
group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group')
|
|
|
|
|
user.user_permissions.add(user_perm)
|
|
|
|
|
|
|
|
|
|
group = Group.objects.create(name='test_group')
|
|
|
|
|
user.groups.add(group)
|
|
|
|
|
group.permissions.add(group_perm)
|
|
|
|
|
|
2014-09-26 20:31:50 +08:00
|
|
|
self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'})
|
|
|
|
|
self.assertEqual(backend.get_user_permissions(user), {'auth.test_user', 'auth.test_group'})
|
|
|
|
|
self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'})
|
2014-06-24 19:09:38 +08:00
|
|
|
|
|
|
|
|
user.is_anonymous = lambda: True
|
|
|
|
|
|
|
|
|
|
self.assertEqual(backend.get_all_permissions(user), set())
|
|
|
|
|
self.assertEqual(backend.get_user_permissions(user), set())
|
|
|
|
|
self.assertEqual(backend.get_group_permissions(user), set())
|
|
|
|
|
|
2014-06-14 22:58:16 +08:00
|
|
|
def test_inactive_has_no_permissions(self):
|
|
|
|
|
"""
|
|
|
|
|
#17903 -- Inactive users shouldn't have permissions in
|
|
|
|
|
ModelBackend.get_(all|user|group)_permissions().
|
|
|
|
|
"""
|
|
|
|
|
backend = ModelBackend()
|
|
|
|
|
|
|
|
|
|
user = self.UserModel._default_manager.get(pk=self.user.pk)
|
|
|
|
|
content_type = ContentType.objects.get_for_model(Group)
|
|
|
|
|
user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user')
|
|
|
|
|
group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group')
|
|
|
|
|
user.user_permissions.add(user_perm)
|
|
|
|
|
|
|
|
|
|
group = Group.objects.create(name='test_group')
|
|
|
|
|
user.groups.add(group)
|
|
|
|
|
group.permissions.add(group_perm)
|
|
|
|
|
|
2014-09-26 20:31:50 +08:00
|
|
|
self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'})
|
|
|
|
|
self.assertEqual(backend.get_user_permissions(user), {'auth.test_user', 'auth.test_group'})
|
|
|
|
|
self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'})
|
2014-06-14 22:58:16 +08:00
|
|
|
|
|
|
|
|
user.is_active = False
|
|
|
|
|
user.save()
|
|
|
|
|
|
|
|
|
|
self.assertEqual(backend.get_all_permissions(user), set())
|
|
|
|
|
self.assertEqual(backend.get_user_permissions(user), set())
|
|
|
|
|
self.assertEqual(backend.get_group_permissions(user), set())
|
|
|
|
|
|
2010-12-04 13:59:56 +08:00
|
|
|
def test_get_all_superuser_permissions(self):
|
2013-07-23 21:41:09 +08:00
|
|
|
"""A superuser has all permissions. Refs #14795."""
|
2013-01-22 19:47:34 +08:00
|
|
|
user = self.UserModel._default_manager.get(pk=self.superuser.pk)
|
2010-12-04 13:59:56 +08:00
|
|
|
self.assertEqual(len(user.get_all_permissions()), len(Permission.objects.all()))
|
2009-12-31 06:12:57 +08:00
|
|
|
|
2015-02-10 22:17:08 +08:00
|
|
|
@override_settings(PASSWORD_HASHERS=['auth_tests.test_auth_backends.CountingMD5PasswordHasher'])
|
2013-07-23 21:41:09 +08:00
|
|
|
def test_authentication_timing(self):
|
|
|
|
|
"""Hasher is run once regardless of whether the user exists. Refs #20760."""
|
2013-07-30 22:14:53 +08:00
|
|
|
# Re-set the password, because this tests overrides PASSWORD_HASHERS
|
|
|
|
|
self.user.set_password('test')
|
|
|
|
|
self.user.save()
|
|
|
|
|
|
2013-07-23 21:41:09 +08:00
|
|
|
CountingMD5PasswordHasher.calls = 0
|
|
|
|
|
username = getattr(self.user, self.UserModel.USERNAME_FIELD)
|
|
|
|
|
authenticate(username=username, password='test')
|
|
|
|
|
self.assertEqual(CountingMD5PasswordHasher.calls, 1)
|
|
|
|
|
|
|
|
|
|
CountingMD5PasswordHasher.calls = 0
|
|
|
|
|
authenticate(username='no_such_user', password='test')
|
|
|
|
|
self.assertEqual(CountingMD5PasswordHasher.calls, 1)
|
|
|
|
|
|
2012-10-06 12:43:29 +08:00
|
|
|
|
|
|
|
|
class ModelBackendTest(BaseModelBackendTest, TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests for the ModelBackend using the default User model.
|
|
|
|
|
"""
|
|
|
|
|
UserModel = User
|
|
|
|
|
|
|
|
|
|
def create_users(self):
|
2012-12-15 22:15:11 +08:00
|
|
|
self.user = User.objects.create_user(
|
2012-10-06 12:43:29 +08:00
|
|
|
username='test',
|
|
|
|
|
email='test@example.com',
|
|
|
|
|
password='test',
|
|
|
|
|
)
|
2012-12-15 22:15:11 +08:00
|
|
|
self.superuser = User.objects.create_superuser(
|
2012-10-06 12:43:29 +08:00
|
|
|
username='test2',
|
|
|
|
|
email='test2@example.com',
|
|
|
|
|
password='test',
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@override_settings(AUTH_USER_MODEL='auth.ExtensionUser')
|
|
|
|
|
class ExtensionUserModelBackendTest(BaseModelBackendTest, TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests for the ModelBackend using the custom ExtensionUser model.
|
|
|
|
|
|
|
|
|
|
This isn't a perfect test, because both the User and ExtensionUser are
|
|
|
|
|
synchronized to the database, which wouldn't ordinary happen in
|
|
|
|
|
production. As a result, it doesn't catch errors caused by the non-
|
|
|
|
|
existence of the User table.
|
|
|
|
|
|
|
|
|
|
The specific problem is queries on .filter(groups__user) et al, which
|
|
|
|
|
makes an implicit assumption that the user model is called 'User'. In
|
|
|
|
|
production, the auth.User table won't exist, so the requested join
|
|
|
|
|
won't exist either; in testing, the auth.User *does* exist, and
|
|
|
|
|
so does the join. However, the join table won't contain any useful
|
|
|
|
|
data; for testing, we check that the data we expect actually does exist.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
UserModel = ExtensionUser
|
|
|
|
|
|
|
|
|
|
def create_users(self):
|
2013-01-22 19:47:34 +08:00
|
|
|
self.user = ExtensionUser._default_manager.create_user(
|
2012-10-06 12:43:29 +08:00
|
|
|
username='test',
|
|
|
|
|
email='test@example.com',
|
|
|
|
|
password='test',
|
|
|
|
|
date_of_birth=date(2006, 4, 25)
|
|
|
|
|
)
|
2013-01-22 19:47:34 +08:00
|
|
|
self.superuser = ExtensionUser._default_manager.create_superuser(
|
2012-10-06 12:43:29 +08:00
|
|
|
username='test2',
|
|
|
|
|
email='test2@example.com',
|
2012-12-15 22:15:11 +08:00
|
|
|
password='test',
|
|
|
|
|
date_of_birth=date(1976, 11, 8)
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2015-10-27 06:43:42 +08:00
|
|
|
@override_settings(AUTH_USER_MODEL='auth_tests.CustomPermissionsUser')
|
2012-12-15 22:15:11 +08:00
|
|
|
class CustomPermissionsUserModelBackendTest(BaseModelBackendTest, TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests for the ModelBackend using the CustomPermissionsUser model.
|
|
|
|
|
|
|
|
|
|
As with the ExtensionUser test, this isn't a perfect test, because both
|
|
|
|
|
the User and CustomPermissionsUser are synchronized to the database,
|
|
|
|
|
which wouldn't ordinary happen in production.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
UserModel = CustomPermissionsUser
|
|
|
|
|
|
|
|
|
|
def create_users(self):
|
2013-01-22 19:47:34 +08:00
|
|
|
self.user = CustomPermissionsUser._default_manager.create_user(
|
2012-12-15 22:15:11 +08:00
|
|
|
email='test@example.com',
|
|
|
|
|
password='test',
|
|
|
|
|
date_of_birth=date(2006, 4, 25)
|
|
|
|
|
)
|
2013-01-22 19:47:34 +08:00
|
|
|
self.superuser = CustomPermissionsUser._default_manager.create_superuser(
|
2012-12-15 22:15:11 +08:00
|
|
|
email='test2@example.com',
|
2012-10-06 12:43:29 +08:00
|
|
|
password='test',
|
|
|
|
|
date_of_birth=date(1976, 11, 8)
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2013-02-07 06:25:51 +08:00
|
|
|
@override_settings(AUTH_USER_MODEL='auth.CustomUser')
|
|
|
|
|
class CustomUserModelBackendAuthenticateTest(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests that the model backend can accept a credentials kwarg labeled with
|
|
|
|
|
custom user model's USERNAME_FIELD.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
def test_authenticate(self):
|
|
|
|
|
test_user = CustomUser._default_manager.create_user(
|
|
|
|
|
email='test@example.com',
|
|
|
|
|
password='test',
|
|
|
|
|
date_of_birth=date(2006, 4, 25)
|
|
|
|
|
)
|
|
|
|
|
authenticated_user = authenticate(email='test@example.com', password='test')
|
|
|
|
|
self.assertEqual(test_user, authenticated_user)
|
|
|
|
|
|
|
|
|
|
|
2015-10-27 06:38:30 +08:00
|
|
|
@override_settings(AUTH_USER_MODEL='auth_tests.UUIDUser')
|
2015-02-12 03:38:52 +08:00
|
|
|
class UUIDUserTests(TestCase):
|
|
|
|
|
|
|
|
|
|
def test_login(self):
|
|
|
|
|
"""
|
|
|
|
|
A custom user with a UUID primary key should be able to login.
|
|
|
|
|
"""
|
|
|
|
|
user = UUIDUser.objects.create_user(username='uuid', password='test')
|
|
|
|
|
self.assertTrue(self.client.login(username='uuid', password='test'))
|
|
|
|
|
self.assertEqual(UUIDUser.objects.get(pk=self.client.session[SESSION_KEY]), user)
|
|
|
|
|
|
|
|
|
|
|
2009-12-10 09:05:35 +08:00
|
|
|
class TestObj(object):
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class SimpleRowlevelBackend(object):
|
|
|
|
|
def has_perm(self, user, perm, obj=None):
|
|
|
|
|
if not obj:
|
2012-10-06 12:43:29 +08:00
|
|
|
return # We only support row level perms
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
|
if isinstance(obj, TestObj):
|
|
|
|
|
if user.username == 'test2':
|
|
|
|
|
return True
|
2010-01-28 09:47:23 +08:00
|
|
|
elif user.is_anonymous() and perm == 'anon':
|
2009-12-10 09:05:35 +08:00
|
|
|
return True
|
2010-12-22 03:18:12 +08:00
|
|
|
elif not user.is_active and perm == 'inactive':
|
|
|
|
|
return True
|
2009-12-10 09:05:35 +08:00
|
|
|
return False
|
|
|
|
|
|
2010-01-28 09:47:23 +08:00
|
|
|
def has_module_perms(self, user, app_label):
|
2010-12-22 03:18:12 +08:00
|
|
|
if not user.is_anonymous() and not user.is_active:
|
|
|
|
|
return False
|
2010-01-28 09:47:23 +08:00
|
|
|
return app_label == "app1"
|
|
|
|
|
|
2009-12-10 09:05:35 +08:00
|
|
|
def get_all_permissions(self, user, obj=None):
|
|
|
|
|
if not obj:
|
2012-10-06 12:43:29 +08:00
|
|
|
return [] # We only support row level perms
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
|
if not isinstance(obj, TestObj):
|
|
|
|
|
return ['none']
|
|
|
|
|
|
2010-01-28 09:47:23 +08:00
|
|
|
if user.is_anonymous():
|
|
|
|
|
return ['anon']
|
2009-12-10 09:05:35 +08:00
|
|
|
if user.username == 'test2':
|
|
|
|
|
return ['simple', 'advanced']
|
|
|
|
|
else:
|
|
|
|
|
return ['simple']
|
|
|
|
|
|
|
|
|
|
def get_group_permissions(self, user, obj=None):
|
|
|
|
|
if not obj:
|
2012-10-06 12:43:29 +08:00
|
|
|
return # We only support row level perms
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
|
if not isinstance(obj, TestObj):
|
|
|
|
|
return ['none']
|
|
|
|
|
|
|
|
|
|
if 'test_group' in [group.name for group in user.groups.all()]:
|
|
|
|
|
return ['group_perm']
|
|
|
|
|
else:
|
|
|
|
|
return ['none']
|
|
|
|
|
|
|
|
|
|
|
2015-01-22 00:55:57 +08:00
|
|
|
@modify_settings(AUTHENTICATION_BACKENDS={
|
2015-02-10 22:17:08 +08:00
|
|
|
'append': 'auth_tests.test_auth_backends.SimpleRowlevelBackend',
|
2015-01-22 00:55:57 +08:00
|
|
|
})
|
2009-12-10 09:05:35 +08:00
|
|
|
class RowlevelBackendTest(TestCase):
|
2010-01-28 09:47:23 +08:00
|
|
|
"""
|
|
|
|
|
Tests for auth backend that supports object level permissions
|
|
|
|
|
"""
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
|
self.user1 = User.objects.create_user('test', 'test@example.com', 'test')
|
|
|
|
|
self.user2 = User.objects.create_user('test2', 'test2@example.com', 'test')
|
2010-01-28 09:47:23 +08:00
|
|
|
self.user3 = User.objects.create_user('test3', 'test3@example.com', 'test')
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
|
def tearDown(self):
|
2011-01-14 00:22:03 +08:00
|
|
|
# The get_group_permissions test messes with ContentTypes, which will
|
|
|
|
|
# be cached; flush the cache to ensure there are no side effects
|
|
|
|
|
# Refs #14975, #14925
|
|
|
|
|
ContentType.objects.clear_cache()
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
|
def test_has_perm(self):
|
|
|
|
|
self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
|
|
|
|
|
self.assertEqual(self.user2.has_perm('perm', TestObj()), True)
|
|
|
|
|
self.assertEqual(self.user2.has_perm('perm'), False)
|
|
|
|
|
self.assertEqual(self.user2.has_perms(['simple', 'advanced'], TestObj()), True)
|
|
|
|
|
self.assertEqual(self.user3.has_perm('perm', TestObj()), False)
|
|
|
|
|
self.assertEqual(self.user3.has_perm('anon', TestObj()), False)
|
|
|
|
|
self.assertEqual(self.user3.has_perms(['simple', 'advanced'], TestObj()), False)
|
|
|
|
|
|
|
|
|
|
def test_get_all_permissions(self):
|
2014-09-26 20:31:50 +08:00
|
|
|
self.assertEqual(self.user1.get_all_permissions(TestObj()), {'simple'})
|
|
|
|
|
self.assertEqual(self.user2.get_all_permissions(TestObj()), {'simple', 'advanced'})
|
|
|
|
|
self.assertEqual(self.user2.get_all_permissions(), set())
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
|
def test_get_group_permissions(self):
|
|
|
|
|
group = Group.objects.create(name='test_group')
|
2010-01-28 09:47:23 +08:00
|
|
|
self.user3.groups.add(group)
|
2014-09-26 20:31:50 +08:00
|
|
|
self.assertEqual(self.user3.get_group_permissions(TestObj()), {'group_perm'})
|
2010-01-28 09:47:23 +08:00
|
|
|
|
|
|
|
|
|
2015-01-22 00:55:57 +08:00
|
|
|
@override_settings(
|
2015-02-10 22:17:08 +08:00
|
|
|
AUTHENTICATION_BACKENDS=['auth_tests.test_auth_backends.SimpleRowlevelBackend'],
|
2015-01-22 00:55:57 +08:00
|
|
|
)
|
2015-04-18 05:38:20 +08:00
|
|
|
class AnonymousUserBackendTest(SimpleTestCase):
|
2010-01-28 09:47:23 +08:00
|
|
|
"""
|
2011-09-11 05:00:32 +08:00
|
|
|
Tests for AnonymousUser delegating to backend.
|
2010-01-28 09:47:23 +08:00
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
|
self.user1 = AnonymousUser()
|
|
|
|
|
|
|
|
|
|
def test_has_perm(self):
|
|
|
|
|
self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
|
|
|
|
|
self.assertEqual(self.user1.has_perm('anon', TestObj()), True)
|
|
|
|
|
|
|
|
|
|
def test_has_perms(self):
|
|
|
|
|
self.assertEqual(self.user1.has_perms(['anon'], TestObj()), True)
|
|
|
|
|
self.assertEqual(self.user1.has_perms(['anon', 'perm'], TestObj()), False)
|
|
|
|
|
|
|
|
|
|
def test_has_module_perms(self):
|
|
|
|
|
self.assertEqual(self.user1.has_module_perms("app1"), True)
|
|
|
|
|
self.assertEqual(self.user1.has_module_perms("app2"), False)
|
|
|
|
|
|
|
|
|
|
def test_get_all_permissions(self):
|
2014-09-26 20:31:50 +08:00
|
|
|
self.assertEqual(self.user1.get_all_permissions(TestObj()), {'anon'})
|
2010-01-28 09:47:23 +08:00
|
|
|
|
|
|
|
|
|
2012-04-01 00:03:09 +08:00
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=[])
|
2010-12-04 12:47:59 +08:00
|
|
|
class NoBackendsTest(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests that an appropriate error is raised if no auth backends are provided.
|
|
|
|
|
"""
|
|
|
|
|
def setUp(self):
|
|
|
|
|
self.user = User.objects.create_user('test', 'test@example.com', 'test')
|
|
|
|
|
|
|
|
|
|
def test_raises_exception(self):
|
|
|
|
|
self.assertRaises(ImproperlyConfigured, self.user.has_perm, ('perm', TestObj(),))
|
2010-12-22 03:18:12 +08:00
|
|
|
|
|
|
|
|
|
2015-02-10 22:17:08 +08:00
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=['auth_tests.test_auth_backends.SimpleRowlevelBackend'])
|
2010-12-22 03:18:12 +08:00
|
|
|
class InActiveUserBackendTest(TestCase):
|
|
|
|
|
"""
|
2014-05-29 08:39:14 +08:00
|
|
|
Tests for an inactive user
|
2010-12-22 03:18:12 +08:00
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
|
self.user1 = User.objects.create_user('test', 'test@example.com', 'test')
|
|
|
|
|
self.user1.is_active = False
|
|
|
|
|
self.user1.save()
|
|
|
|
|
|
|
|
|
|
def test_has_perm(self):
|
|
|
|
|
self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
|
|
|
|
|
self.assertEqual(self.user1.has_perm('inactive', TestObj()), True)
|
|
|
|
|
|
|
|
|
|
def test_has_module_perms(self):
|
|
|
|
|
self.assertEqual(self.user1.has_module_perms("app1"), False)
|
|
|
|
|
self.assertEqual(self.user1.has_module_perms("app2"), False)
|
2012-11-18 03:24:54 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class PermissionDeniedBackend(object):
|
|
|
|
|
"""
|
2014-05-09 04:06:46 +08:00
|
|
|
Always raises PermissionDenied in `authenticate`, `has_perm` and `has_module_perms`.
|
2012-11-18 03:24:54 +08:00
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
def authenticate(self, username=None, password=None):
|
|
|
|
|
raise PermissionDenied
|
|
|
|
|
|
2014-05-09 04:06:46 +08:00
|
|
|
def has_perm(self, user_obj, perm, obj=None):
|
|
|
|
|
raise PermissionDenied
|
|
|
|
|
|
|
|
|
|
def has_module_perms(self, user_obj, app_label):
|
|
|
|
|
raise PermissionDenied
|
|
|
|
|
|
2012-11-18 03:24:54 +08:00
|
|
|
|
|
|
|
|
class PermissionDeniedBackendTest(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests that other backends are not checked once a backend raises PermissionDenied
|
|
|
|
|
"""
|
2015-02-10 22:17:08 +08:00
|
|
|
backend = 'auth_tests.test_auth_backends.PermissionDeniedBackend'
|
2012-11-18 03:24:54 +08:00
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
|
self.user1 = User.objects.create_user('test', 'test@example.com', 'test')
|
|
|
|
|
self.user1.save()
|
|
|
|
|
|
2015-01-22 00:55:57 +08:00
|
|
|
@modify_settings(AUTHENTICATION_BACKENDS={'prepend': backend})
|
2012-11-18 03:24:54 +08:00
|
|
|
def test_permission_denied(self):
|
|
|
|
|
"user is not authenticated after a backend raises permission denied #2550"
|
|
|
|
|
self.assertEqual(authenticate(username='test', password='test'), None)
|
|
|
|
|
|
2015-01-22 00:55:57 +08:00
|
|
|
@modify_settings(AUTHENTICATION_BACKENDS={'append': backend})
|
2012-11-18 03:24:54 +08:00
|
|
|
def test_authenticates(self):
|
|
|
|
|
self.assertEqual(authenticate(username='test', password='test'), self.user1)
|
2013-05-18 19:46:31 +08:00
|
|
|
|
2015-01-22 00:55:57 +08:00
|
|
|
@modify_settings(AUTHENTICATION_BACKENDS={'prepend': backend})
|
2014-05-09 04:06:46 +08:00
|
|
|
def test_has_perm_denied(self):
|
|
|
|
|
content_type = ContentType.objects.get_for_model(Group)
|
|
|
|
|
perm = Permission.objects.create(name='test', content_type=content_type, codename='test')
|
|
|
|
|
self.user1.user_permissions.add(perm)
|
|
|
|
|
|
|
|
|
|
self.assertIs(self.user1.has_perm('auth.test'), False)
|
|
|
|
|
self.assertIs(self.user1.has_module_perms('auth'), False)
|
|
|
|
|
|
2015-01-22 00:55:57 +08:00
|
|
|
@modify_settings(AUTHENTICATION_BACKENDS={'append': backend})
|
2014-05-09 04:06:46 +08:00
|
|
|
def test_has_perm(self):
|
|
|
|
|
content_type = ContentType.objects.get_for_model(Group)
|
|
|
|
|
perm = Permission.objects.create(name='test', content_type=content_type, codename='test')
|
|
|
|
|
self.user1.user_permissions.add(perm)
|
|
|
|
|
|
|
|
|
|
self.assertIs(self.user1.has_perm('auth.test'), True)
|
|
|
|
|
self.assertIs(self.user1.has_module_perms('auth'), True)
|
|
|
|
|
|
2013-05-18 19:46:31 +08:00
|
|
|
|
|
|
|
|
class NewModelBackend(ModelBackend):
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class ChangedBackendSettingsTest(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests for changes in the settings.AUTHENTICATION_BACKENDS
|
|
|
|
|
"""
|
2015-02-10 22:17:08 +08:00
|
|
|
backend = 'auth_tests.test_auth_backends.NewModelBackend'
|
2013-05-18 19:46:31 +08:00
|
|
|
|
|
|
|
|
TEST_USERNAME = 'test_user'
|
|
|
|
|
TEST_PASSWORD = 'test_password'
|
|
|
|
|
TEST_EMAIL = 'test@example.com'
|
|
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
|
User.objects.create_user(self.TEST_USERNAME,
|
|
|
|
|
self.TEST_EMAIL,
|
|
|
|
|
self.TEST_PASSWORD)
|
|
|
|
|
|
2015-01-22 00:55:57 +08:00
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=[backend])
|
2013-05-18 19:46:31 +08:00
|
|
|
def test_changed_backend_settings(self):
|
|
|
|
|
"""
|
|
|
|
|
Tests that removing a backend configured in AUTHENTICATION_BACKENDS
|
|
|
|
|
make already logged-in users disconnect.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
# Get a session for the test user
|
|
|
|
|
self.assertTrue(self.client.login(
|
|
|
|
|
username=self.TEST_USERNAME,
|
|
|
|
|
password=self.TEST_PASSWORD)
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Prepare a request object
|
|
|
|
|
request = HttpRequest()
|
|
|
|
|
request.session = self.client.session
|
|
|
|
|
|
|
|
|
|
# Remove NewModelBackend
|
2015-01-22 00:55:57 +08:00
|
|
|
with self.settings(AUTHENTICATION_BACKENDS=[
|
|
|
|
|
'django.contrib.auth.backends.ModelBackend']):
|
2013-05-18 19:46:31 +08:00
|
|
|
# Get the user from the request
|
|
|
|
|
user = get_user(request)
|
|
|
|
|
|
|
|
|
|
# Assert that the user retrieval is successful and the user is
|
|
|
|
|
# anonymous as the backend is not longer available.
|
|
|
|
|
self.assertIsNotNone(user)
|
|
|
|
|
self.assertTrue(user.is_anonymous())
|
2013-08-23 23:49:42 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class TypeErrorBackend(object):
|
|
|
|
|
"""
|
|
|
|
|
Always raises TypeError.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
def authenticate(self, username=None, password=None):
|
|
|
|
|
raise TypeError
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class TypeErrorBackendTest(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests that a TypeError within a backend is propagated properly.
|
|
|
|
|
|
|
|
|
|
Regression test for ticket #18171
|
|
|
|
|
"""
|
2015-02-10 22:17:08 +08:00
|
|
|
backend = 'auth_tests.test_auth_backends.TypeErrorBackend'
|
2013-08-23 23:49:42 +08:00
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
|
self.user1 = User.objects.create_user('test', 'test@example.com', 'test')
|
|
|
|
|
|
2015-01-22 00:55:57 +08:00
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=[backend])
|
2013-08-23 23:49:42 +08:00
|
|
|
def test_type_error_raised(self):
|
|
|
|
|
self.assertRaises(TypeError, authenticate, username='test', password='test')
|
2013-11-15 03:55:13 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class ImproperlyConfiguredUserModelTest(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests that an exception from within get_user_model is propagated and doesn't
|
|
|
|
|
raise an UnboundLocalError.
|
|
|
|
|
|
|
|
|
|
Regression test for ticket #21439
|
|
|
|
|
"""
|
|
|
|
|
def setUp(self):
|
|
|
|
|
self.user1 = User.objects.create_user('test', 'test@example.com', 'test')
|
|
|
|
|
self.client.login(
|
|
|
|
|
username='test',
|
|
|
|
|
password='test'
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
@override_settings(AUTH_USER_MODEL='thismodel.doesntexist')
|
|
|
|
|
def test_does_not_shadow_exception(self):
|
|
|
|
|
# Prepare a request object
|
|
|
|
|
request = HttpRequest()
|
|
|
|
|
request.session = self.client.session
|
|
|
|
|
|
|
|
|
|
self.assertRaises(ImproperlyConfigured, get_user, request)
|
2014-11-27 17:35:10 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class ImportedModelBackend(ModelBackend):
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class ImportedBackendTests(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
#23925 - The backend path added to the session should be the same
|
|
|
|
|
as the one defined in AUTHENTICATION_BACKENDS setting.
|
|
|
|
|
"""
|
|
|
|
|
|
2015-02-10 22:17:08 +08:00
|
|
|
backend = 'auth_tests.backend_alias.ImportedModelBackend'
|
2014-11-27 17:35:10 +08:00
|
|
|
|
2015-01-22 00:55:57 +08:00
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=[backend])
|
2014-11-27 17:35:10 +08:00
|
|
|
def test_backend_path(self):
|
|
|
|
|
username = 'username'
|
|
|
|
|
password = 'password'
|
|
|
|
|
User.objects.create_user(username, 'email', password)
|
|
|
|
|
self.assertTrue(self.client.login(username=username, password=password))
|
|
|
|
|
request = HttpRequest()
|
|
|
|
|
request.session = self.client.session
|
|
|
|
|
self.assertEqual(request.session[BACKEND_SESSION_KEY], self.backend)
|
