Added a few unit tests for user authentication.

Far from complete, and we need a way to mock the Blender ID server, so that we can auth against a well-known, fake set of users.
2016-03-04 14:47:48 +01:00 · 2016-03-04 14:47:48 +01:00 · 7ca22691eb
commit 7ca22691eb
parent 1e141492a3
2 changed files with 24 additions and 1 deletions
--- a/pillar/application/utils/authentication.py
+++ b/pillar/application/utils/authentication.py
@ -125,6 +125,13 @@ def validate_token():


 def make_unique_username(email):
+    """Creates a unique username from the email address.
+
+    @param email: the email address
+    @returns: the new username
+    @rtype: str
+    """
+
    username = email.split('@')[0]
    # Check for min length of username (otherwise validation fails)
    username = "___{0}".format(username) if len(username) < 3 else username
--- a/pillar/tests/test_auth.py
+++ b/pillar/tests/test_auth.py
@ -1,5 +1,6 @@
 import unittest
 import os
+import base64

 TEST_EMAIL_USER = 'koro'
 TEST_EMAIL_ADDRESS = '%s@testing.blender.org' % TEST_EMAIL_USER
@ -7,7 +8,15 @@ TEST_EMAIL_ADDRESS = '%s@testing.blender.org' % TEST_EMAIL_USER
 os.environ['MONGO_DBNAME'] = 'unittest'
 os.environ['EVE_SETTINGS'] = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'settings.py')

+
 from application import app
+from application.utils.authentication import make_unique_username, validate_token
+
+
+def make_header(username, password=''):
+    """Returns a Basic HTTP Authentication header value."""
+
+    return 'basic ' + base64.b64encode('%s:%s' % (username, password))


 class FlaskrTestCase(unittest.TestCase):
@ -18,7 +27,6 @@ class FlaskrTestCase(unittest.TestCase):
        pass

    def test_make_unique_username(self):
-        from application.utils.authentication import make_unique_username

        with app.test_request_context():
            # Delete the user we want to test for
@ -48,3 +56,11 @@ class FlaskrTestCase(unittest.TestCase):
                self.assertEqual('%s1' % TEST_EMAIL_USER, make_unique_username(TEST_EMAIL_ADDRESS))
            finally:
                users.delete_many({'username': TEST_EMAIL_USER})
+
+    def test_validate_token__not_logged_in(self):
+        with app.test_request_context():
+            self.assertFalse(validate_token())
+
+    def test_validate_token__unknown_token(self):
+        with app.test_request_context(headers={'Authorization': make_header('unknowntoken')}):
+            self.assertFalse(validate_token())