gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
22225 Commits
842 Branches
432 MiB
 
 
 
 
 
 
Tree: 42aea0d8af
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '42aea0d8af'
${ noResults }
synapse/tests/handlers/test_cas.py

217 lines
7.3 KiB
Raw Blame History 

  1. #  Copyright 2020 The Matrix.org Foundation C.I.C.

  2. #

  3. #  Licensed under the Apache License, Version 2.0 (the "License");

  4. #  you may not use this file except in compliance with the License.

  5. #  You may obtain a copy of the License at

  6. #

  7. #      http://www.apache.org/licenses/LICENSE-2.0

  8. #

  9. #  Unless required by applicable law or agreed to in writing, software

  10. #  distributed under the License is distributed on an "AS IS" BASIS,

  11. #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  12. #  See the License for the specific language governing permissions and

  13. #  limitations under the License.

  14. from typing import Any, Dict

  15. from unittest.mock import Mock

  16. 

  17. from twisted.test.proto_helpers import MemoryReactor

  18. 

  19. from synapse.handlers.cas import CasResponse

  20. from synapse.server import HomeServer

  21. from synapse.util import Clock

  22. 

  23. from tests.test_utils import simple_async_mock

  24. from tests.unittest import HomeserverTestCase, override_config

  25. 

  26. # These are a few constants that are used as config parameters in the tests.

  27. BASE_URL = "https://synapse/"

  28. SERVER_URL = "https://issuer/"

  29. 

  30. 

  31. class CasHandlerTestCase(HomeserverTestCase):

  32.     def default_config(self) -> Dict[str, Any]:

  33.         config = super().default_config()

  34.         config["public_baseurl"] = BASE_URL

  35.         cas_config = {

  36.             "enabled": True,

  37.             "server_url": SERVER_URL,

  38.             "service_url": BASE_URL,

  39.         }

  40. 

  41.         # Update this config with what's in the default config so that

  42.         # override_config works as expected.

  43.         cas_config.update(config.get("cas_config", {}))

  44.         config["cas_config"] = cas_config

  45. 

  46.         return config

  47. 

  48.     def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:

  49.         hs = self.setup_test_homeserver()

  50. 

  51.         self.handler = hs.get_cas_handler()

  52. 

  53.         # Reduce the number of attempts when generating MXIDs.

  54.         sso_handler = hs.get_sso_handler()

  55.         sso_handler._MAP_USERNAME_RETRIES = 3

  56. 

  57.         return hs

  58. 

  59.     def test_map_cas_user_to_user(self) -> None:

  60.         """Ensure that mapping the CAS user returned from a provider to an MXID works properly."""

  61. 

  62.         # stub out the auth handler

  63.         auth_handler = self.hs.get_auth_handler()

  64.         auth_handler.complete_sso_login = simple_async_mock()  # type: ignore[assignment]

  65. 

  66.         cas_response = CasResponse("test_user", {})

  67.         request = _mock_request()

  68.         self.get_success(

  69.             self.handler._handle_cas_response(request, cas_response, "redirect_uri", "")

  70.         )

  71. 

  72.         # check that the auth handler got called as expected

  73.         auth_handler.complete_sso_login.assert_called_once_with(

  74.             "@test_user:test",

  75.             "cas",

  76.             request,

  77.             "redirect_uri",

  78.             None,

  79.             new_user=True,

  80.             auth_provider_session_id=None,

  81.         )

  82. 

  83.     def test_map_cas_user_to_existing_user(self) -> None:

  84.         """Existing users can log in with CAS account."""

  85.         store = self.hs.get_datastores().main

  86.         self.get_success(

  87.             store.register_user(user_id="@test_user:test", password_hash=None)

  88.         )

  89. 

  90.         # stub out the auth handler

  91.         auth_handler = self.hs.get_auth_handler()

  92.         auth_handler.complete_sso_login = simple_async_mock()  # type: ignore[assignment]

  93. 

  94.         # Map a user via SSO.

  95.         cas_response = CasResponse("test_user", {})

  96.         request = _mock_request()

  97.         self.get_success(

  98.             self.handler._handle_cas_response(request, cas_response, "redirect_uri", "")

  99.         )

  100. 

  101.         # check that the auth handler got called as expected

  102.         auth_handler.complete_sso_login.assert_called_once_with(

  103.             "@test_user:test",

  104.             "cas",

  105.             request,

  106.             "redirect_uri",

  107.             None,

  108.             new_user=False,

  109.             auth_provider_session_id=None,

  110.         )

  111. 

  112.         # Subsequent calls should map to the same mxid.

  113.         auth_handler.complete_sso_login.reset_mock()

  114.         self.get_success(

  115.             self.handler._handle_cas_response(request, cas_response, "redirect_uri", "")

  116.         )

  117.         auth_handler.complete_sso_login.assert_called_once_with(

  118.             "@test_user:test",

  119.             "cas",

  120.             request,

  121.             "redirect_uri",

  122.             None,

  123.             new_user=False,

  124.             auth_provider_session_id=None,

  125.         )

  126. 

  127.     def test_map_cas_user_to_invalid_localpart(self) -> None:

  128.         """CAS automaps invalid characters to base-64 encoding."""

  129. 

  130.         # stub out the auth handler

  131.         auth_handler = self.hs.get_auth_handler()

  132.         auth_handler.complete_sso_login = simple_async_mock()  # type: ignore[assignment]

  133. 

  134.         cas_response = CasResponse("föö", {})

  135.         request = _mock_request()

  136.         self.get_success(

  137.             self.handler._handle_cas_response(request, cas_response, "redirect_uri", "")

  138.         )

  139. 

  140.         # check that the auth handler got called as expected

  141.         auth_handler.complete_sso_login.assert_called_once_with(

  142.             "@f=c3=b6=c3=b6:test",

  143.             "cas",

  144.             request,

  145.             "redirect_uri",

  146.             None,

  147.             new_user=True,

  148.             auth_provider_session_id=None,

  149.         )

  150. 

  151.     @override_config(

  152.         {

  153.             "cas_config": {

  154.                 "required_attributes": {"userGroup": "staff", "department": None}

  155.             }

  156.         }

  157.     )

  158.     def test_required_attributes(self) -> None:

  159.         """The required attributes must be met from the CAS response."""

  160. 

  161.         # stub out the auth handler

  162.         auth_handler = self.hs.get_auth_handler()

  163.         auth_handler.complete_sso_login = simple_async_mock()  # type: ignore[assignment]

  164. 

  165.         # The response doesn't have the proper userGroup or department.

  166.         cas_response = CasResponse("test_user", {})

  167.         request = _mock_request()

  168.         self.get_success(

  169.             self.handler._handle_cas_response(request, cas_response, "redirect_uri", "")

  170.         )

  171.         auth_handler.complete_sso_login.assert_not_called()

  172. 

  173.         # The response doesn't have any department.

  174.         cas_response = CasResponse("test_user", {"userGroup": ["staff"]})

  175.         request.reset_mock()

  176.         self.get_success(

  177.             self.handler._handle_cas_response(request, cas_response, "redirect_uri", "")

  178.         )

  179.         auth_handler.complete_sso_login.assert_not_called()

  180. 

  181.         # Add the proper attributes and it should succeed.

  182.         cas_response = CasResponse(

  183.             "test_user", {"userGroup": ["staff", "admin"], "department": ["sales"]}

  184.         )

  185.         request.reset_mock()

  186.         self.get_success(

  187.             self.handler._handle_cas_response(request, cas_response, "redirect_uri", "")

  188.         )

  189. 

  190.         # check that the auth handler got called as expected

  191.         auth_handler.complete_sso_login.assert_called_once_with(

  192.             "@test_user:test",

  193.             "cas",

  194.             request,

  195.             "redirect_uri",

  196.             None,

  197.             new_user=True,

  198.             auth_provider_session_id=None,

  199.         )

  200. 

  201. 

  202. def _mock_request() -> Mock:

  203.     """Returns a mock which will stand in as a SynapseRequest"""

  204.     mock = Mock(

  205.         spec=[

  206.             "finish",

  207.             "getClientAddress",

  208.             "getHeader",

  209.             "setHeader",

  210.             "setResponseCode",

  211.             "write",

  212.         ]

  213.     )

  214.     # `_disconnected` musn't be another `Mock`, otherwise it will be truthy.

  215.     mock._disconnected = False

  216.     return mock