Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tree: e20d3965ae
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 124 lines (98 sloc) 4.281 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123
import json

from django import test
from django.conf import settings
from django.core.urlresolvers import reverse
from django.http import HttpRequest
from django.utils.importlib import import_module

import mock
from nose.tools import eq_

from webpay.auth.utils import client
from webpay.auth import views as auth_views


good_assertion = {u'status': u'okay',
                  u'audience': u'http://some.site',
                  u'expires': 1351707833170,
                  u'email': u'a@a.com',
                  u'issuer': u'login.persona.org'}


class SessionTestCase(test.TestCase):
    """
A wrapper around Django tests to provide a verify method for use
in testing.
"""

    def verify(self, uuid):
        # This is a rip off of the Django test client login.
        engine = import_module(settings.SESSION_ENGINE)

        # Create a fake request to store login details.
        request = HttpRequest()
        request.session = engine.SessionStore()

        request.session['uuid'] = uuid
        request.session.save()

        # Set the cookie to represent the session.
        session_cookie = settings.SESSION_COOKIE_NAME
        self.client.cookies[session_cookie] = request.session.session_key
        cookie_data = {
                'max-age': None,
                'path': '/',
                'domain': settings.SESSION_COOKIE_DOMAIN,
                'secure': settings.SESSION_COOKIE_SECURE or None,
                'expires': None,
        }
        self.client.cookies[session_cookie].update(cookie_data)

    def unverify(self):
        # Remove the browserid verification.
        del self.client.cookies[settings.SESSION_COOKIE_NAME]


@mock.patch.object(client, 'buyer_has_pin', lambda *args: False)
@mock.patch.object(settings, 'DOMAIN', 'web.pay')
class TestAuth(SessionTestCase):

    def setUp(self):
        self.url = reverse('auth.verify')

    @mock.patch('webpay.auth.views.verify_assertion')
    def test_good(self, verify_assertion):
        verify_assertion.return_value = good_assertion
        eq_(self.client.post(self.url, {'assertion': 'good'}).status_code, 200)

    @mock.patch('webpay.auth.views.verify_assertion')
    def test_session(self, verify_assertion):
        verify_assertion.return_value = good_assertion
        self.client.post(self.url, {'assertion': 'good'})
        assert self.client.session['uuid'].startswith('web.pay:')

    @mock.patch('webpay.auth.views.verify_assertion')
    def test_bad(self, verify_assertion):
        verify_assertion.return_value = False
        eq_(self.client.post(self.url, {'assertion': 'bad'}).status_code, 400)

    @mock.patch('webpay.auth.views.verify_assertion')
    def test_session_cleaned(self, verify_assertion):
        self.verify('a:b')
        verify_assertion.return_value = False
        eq_(self.client.post(self.url, {'assertion': 'bad'}).status_code, 400)
        eq_(self.client.session.get('uuid'), None)


@mock.patch.object(auth_views, 'verify_assertion', lambda *a: good_assertion)
class TestBuyerHasPin(SessionTestCase):

    def do_auth(self):
        res = self.client.post(reverse('auth.verify'), {'assertion': 'good'})
        eq_(res.status_code, 200, res)
        return json.loads(res.content)

    @mock.patch('lib.solitude.api.client.slumber')
    def test_no_user(self, slumber):
        slumber.generic.buyer.get.return_value = {
            'meta': {'total_count': 0}
        }
        data = self.do_auth()
        eq_(self.client.session.get('uuid_has_pin'), False)
        eq_(data['has_pin'], False)

    @mock.patch('lib.solitude.api.client.slumber')
    def test_user_no_pin(self, slumber):
        slumber.generic.buyer.get.return_value = {
            'meta': {'total_count': 1},
            'objects': [{'pin': False}]
        }
        self.do_auth()
        eq_(self.client.session.get('uuid_has_pin'), False)

    @mock.patch('lib.solitude.api.client.slumber')
    def test_user_with_pin(self, slumber):
        slumber.generic.buyer.get.return_value = {
            'meta': {'total_count': 1},
            'objects': [{'pin': True}]
        }
        data = self.do_auth()
        eq_(self.client.session.get('uuid_has_pin'), True)
        eq_(data['has_pin'], True)
        eq_(data['pin_create'], reverse('pin.create'))
Something went wrong with that request. Please try again.