gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23004 Commits
842 Branches
311 MiB
 
 
 
 
 
 
Tree: a8a46b1336
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a8a46b1336'
${ noResults }
synapse/tests/handlers/test_cas.py

216 lines
7.2 KiB
Raw Blame History 

  1. #  Copyright 2020 The Matrix.org Foundation C.I.C.

  2. #

  3. #  Licensed under the Apache License, Version 2.0 (the "License");

  4. #  you may not use this file except in compliance with the License.

  5. #  You may obtain a copy of the License at

  6. #

  7. #      http://www.apache.org/licenses/LICENSE-2.0

  8. #

  9. #  Unless required by applicable law or agreed to in writing, software

  10. #  distributed under the License is distributed on an "AS IS" BASIS,

  11. #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  12. #  See the License for the specific language governing permissions and

  13. #  limitations under the License.

  14. from typing import Any, Dict

  15. from unittest.mock import AsyncMock, Mock

  16. 

  17. from twisted.test.proto_helpers import MemoryReactor

  18. 

  19. from synapse.handlers.cas import CasResponse

  20. from synapse.server import HomeServer

  21. from synapse.util import Clock

  22. 

  23. from tests.unittest import HomeserverTestCase, override_config

  24. 

  25. # These are a few constants that are used as config parameters in the tests.

  26. BASE_URL = "https://synapse/"

  27. SERVER_URL = "https://issuer/"

  28. 

  29. 

  30. class CasHandlerTestCase(HomeserverTestCase):

  31.     def default_config(self) -> Dict[str, Any]:

  32.         config = super().default_config()

  33.         config["public_baseurl"] = BASE_URL

  34.         cas_config = {

  35.             "enabled": True,

  36.             "server_url": SERVER_URL,

  37.             "service_url": BASE_URL,

  38.         }

  39. 

  40.         # Update this config with what's in the default config so that

  41.         # override_config works as expected.

  42.         cas_config.update(config.get("cas_config", {}))

  43.         config["cas_config"] = cas_config

  44. 

  45.         return config

  46. 

  47.     def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:

  48.         hs = self.setup_test_homeserver()

  49. 

  50.         self.handler = hs.get_cas_handler()

  51. 

  52.         # Reduce the number of attempts when generating MXIDs.

  53.         sso_handler = hs.get_sso_handler()

  54.         sso_handler._MAP_USERNAME_RETRIES = 3

  55. 

  56.         return hs

  57. 

  58.     def test_map_cas_user_to_user(self) -> None:

  59.         """Ensure that mapping the CAS user returned from a provider to an MXID works properly."""

  60. 

  61.         # stub out the auth handler

  62.         auth_handler = self.hs.get_auth_handler()

  63.         auth_handler.complete_sso_login = AsyncMock()  # type: ignore[assignment]

  64. 

  65.         cas_response = CasResponse("test_user", {})

  66.         request = _mock_request()

  67.         self.get_success(

  68.             self.handler._handle_cas_response(request, cas_response, "redirect_uri", "")

  69.         )

  70. 

  71.         # check that the auth handler got called as expected

  72.         auth_handler.complete_sso_login.assert_called_once_with(

  73.             "@test_user:test",

  74.             "cas",

  75.             request,

  76.             "redirect_uri",

  77.             None,

  78.             new_user=True,

  79.             auth_provider_session_id=None,

  80.         )

  81. 

  82.     def test_map_cas_user_to_existing_user(self) -> None:

  83.         """Existing users can log in with CAS account."""

  84.         store = self.hs.get_datastores().main

  85.         self.get_success(

  86.             store.register_user(user_id="@test_user:test", password_hash=None)

  87.         )

  88. 

  89.         # stub out the auth handler

  90.         auth_handler = self.hs.get_auth_handler()

  91.         auth_handler.complete_sso_login = AsyncMock()  # type: ignore[assignment]

  92. 

  93.         # Map a user via SSO.

  94.         cas_response = CasResponse("test_user", {})

  95.         request = _mock_request()

  96.         self.get_success(

  97.             self.handler._handle_cas_response(request, cas_response, "redirect_uri", "")

  98.         )

  99. 

  100.         # check that the auth handler got called as expected

  101.         auth_handler.complete_sso_login.assert_called_once_with(

  102.             "@test_user:test",

  103.             "cas",

  104.             request,

  105.             "redirect_uri",

  106.             None,

  107.             new_user=False,

  108.             auth_provider_session_id=None,

  109.         )

  110. 

  111.         # Subsequent calls should map to the same mxid.

  112.         auth_handler.complete_sso_login.reset_mock()

  113.         self.get_success(

  114.             self.handler._handle_cas_response(request, cas_response, "redirect_uri", "")

  115.         )

  116.         auth_handler.complete_sso_login.assert_called_once_with(

  117.             "@test_user:test",

  118.             "cas",

  119.             request,

  120.             "redirect_uri",

  121.             None,

  122.             new_user=False,

  123.             auth_provider_session_id=None,

  124.         )

  125. 

  126.     def test_map_cas_user_to_invalid_localpart(self) -> None:

  127.         """CAS automaps invalid characters to base-64 encoding."""

  128. 

  129.         # stub out the auth handler

  130.         auth_handler = self.hs.get_auth_handler()

  131.         auth_handler.complete_sso_login = AsyncMock()  # type: ignore[assignment]

  132. 

  133.         cas_response = CasResponse("föö", {})

  134.         request = _mock_request()

  135.         self.get_success(

  136.             self.handler._handle_cas_response(request, cas_response, "redirect_uri", "")

  137.         )

  138. 

  139.         # check that the auth handler got called as expected

  140.         auth_handler.complete_sso_login.assert_called_once_with(

  141.             "@f=c3=b6=c3=b6:test",

  142.             "cas",

  143.             request,

  144.             "redirect_uri",

  145.             None,

  146.             new_user=True,

  147.             auth_provider_session_id=None,

  148.         )

  149. 

  150.     @override_config(

  151.         {

  152.             "cas_config": {

  153.                 "required_attributes": {"userGroup": "staff", "department": None}

  154.             }

  155.         }

  156.     )

  157.     def test_required_attributes(self) -> None:

  158.         """The required attributes must be met from the CAS response."""

  159. 

  160.         # stub out the auth handler

  161.         auth_handler = self.hs.get_auth_handler()

  162.         auth_handler.complete_sso_login = AsyncMock()  # type: ignore[assignment]

  163. 

  164.         # The response doesn't have the proper userGroup or department.

  165.         cas_response = CasResponse("test_user", {})

  166.         request = _mock_request()

  167.         self.get_success(

  168.             self.handler._handle_cas_response(request, cas_response, "redirect_uri", "")

  169.         )

  170.         auth_handler.complete_sso_login.assert_not_called()

  171. 

  172.         # The response doesn't have any department.

  173.         cas_response = CasResponse("test_user", {"userGroup": ["staff"]})

  174.         request.reset_mock()

  175.         self.get_success(

  176.             self.handler._handle_cas_response(request, cas_response, "redirect_uri", "")

  177.         )

  178.         auth_handler.complete_sso_login.assert_not_called()

  179. 

  180.         # Add the proper attributes and it should succeed.

  181.         cas_response = CasResponse(

  182.             "test_user", {"userGroup": ["staff", "admin"], "department": ["sales"]}

  183.         )

  184.         request.reset_mock()

  185.         self.get_success(

  186.             self.handler._handle_cas_response(request, cas_response, "redirect_uri", "")

  187.         )

  188. 

  189.         # check that the auth handler got called as expected

  190.         auth_handler.complete_sso_login.assert_called_once_with(

  191.             "@test_user:test",

  192.             "cas",

  193.             request,

  194.             "redirect_uri",

  195.             None,

  196.             new_user=True,

  197.             auth_provider_session_id=None,

  198.         )

  199. 

  200. 

  201. def _mock_request() -> Mock:

  202.     """Returns a mock which will stand in as a SynapseRequest"""

  203.     mock = Mock(

  204.         spec=[

  205.             "finish",

  206.             "getClientAddress",

  207.             "getHeader",

  208.             "setHeader",

  209.             "setResponseCode",

  210.             "write",

  211.         ]

  212.     )

  213.     # `_disconnected` musn't be another `Mock`, otherwise it will be truthy.

  214.     mock._disconnected = False

  215.     return mock