Introduce sso UserEnterpriseAuth model.

2026-04-11 04:59:22 -02:30 · 2017-05-18 15:38:32 -04:00
parent 8cf8e6c0c0
commit d314f83416
10 changed files with 139 additions and 70 deletions
--- a/awx/sso/tests/conftest.py
+++ b/awx/sso/tests/conftest.py
@@ -3,6 +3,7 @@ import pytest
 from django.contrib.auth.models import User

 from awx.sso.backends import TACACSPlusBackend
+from awx.sso.models import UserEnterpriseAuth


@pytest.fixture
@@ -10,6 +11,16 @@ def tacacsplus_backend():
    return TACACSPlusBackend()


+@pytest.fixture
+def existing_normal_user():
+    try:
+        user = User.objects.get(username="alice")
+    except User.DoesNotExist:
+        user = User(username="alice", password="password")
+        user.save()
+    return user
+
+
@pytest.fixture
 def existing_tacacsplus_user():
    try:
@@ -17,6 +28,8 @@ def existing_tacacsplus_user():
    except User.DoesNotExist:
        user = User(username="foo")
        user.save()
+        enterprise_auth = UserEnterpriseAuth(user=user, provider='tacacs+')
+        enterprise_auth.save()
    return user


--- a/awx/sso/tests/functional/test_get_or_set_enterprise_user.py
+++ b/awx/sso/tests/functional/test_get_or_set_enterprise_user.py
@@ -0,0 +1,38 @@
+# Python
+import pytest
+import mock
+
+# Tower
+from awx.sso.backends import _get_or_set_enterprise_user
+
+
+@pytest.mark.django_db
+def test_fetch_user_if_exist(existing_tacacsplus_user):
+    new_user = _get_or_set_enterprise_user("foo", "password", "tacacs+")
+    assert new_user == existing_tacacsplus_user
+
+
+@pytest.mark.django_db
+def test_create_user_if_not_exist(existing_tacacsplus_user):
+    with mock.patch('awx.sso.backends.logger') as mocked_logger:
+        new_user = _get_or_set_enterprise_user("bar", "password", "tacacs+")
+        mocked_logger.debug.assert_called_once_with(
+            u'Created enterprise user bar via TACACS+ backend.'
+        )
+        assert new_user != existing_tacacsplus_user
+
+
+@pytest.mark.django_db
+def test_created_user_has_no_usable_password():
+    new_user = _get_or_set_enterprise_user("bar", "password", "tacacs+")
+    assert not new_user.has_usable_password()
+
+
+@pytest.mark.django_db
+def test_non_enterprise_user_does_not_get_pass(existing_normal_user):
+    with mock.patch('awx.sso.backends.logger') as mocked_logger:
+        new_user = _get_or_set_enterprise_user("alice", "password", "tacacs+")
+        mocked_logger.warn.assert_called_once_with(
+            u'Enterprise user alice already defined in Tower.'
+        )
+        assert new_user is None
--- a/awx/sso/tests/functional/test_tacacsplus.py
+++ b/awx/sso/tests/functional/test_tacacsplus.py
@@ -1,24 +0,0 @@
-import pytest
-import mock
-
-
-@pytest.mark.django_db
-def test_fetch_user_if_exist(tacacsplus_backend, existing_tacacsplus_user):
-    new_user = tacacsplus_backend._get_or_set_user("foo", "password")
-    assert new_user == existing_tacacsplus_user
-
-
-@pytest.mark.django_db
-def test_create_user_if_not_exist(tacacsplus_backend, existing_tacacsplus_user):
-    with mock.patch('awx.sso.backends.logger') as mocked_logger:
-        new_user = tacacsplus_backend._get_or_set_user("bar", "password")
-        mocked_logger.debug.assert_called_once_with(
-            'Created TACACS+ user bar'
-        )
-        assert new_user != existing_tacacsplus_user
-
-
-@pytest.mark.django_db
-def test_created_user_has_no_usable_password(tacacsplus_backend):
-    new_user = tacacsplus_backend._get_or_set_user("bar", "password")
-    assert not new_user.has_usable_password()
--- a/awx/sso/tests/unit/test_tacacsplus.py
+++ b/awx/sso/tests/unit/test_tacacsplus.py
@@ -50,23 +50,6 @@ def test_client_return_invalid_fails_auth(tacacsplus_backend, feature_enabled):
        assert ret_user is None


-def test_user_with_password_fails_auth(tacacsplus_backend, feature_enabled):
-    auth = mock.MagicMock()
-    auth.valid = True
-    client = mock.MagicMock()
-    client.authenticate.return_value = auth
-    user = mock.MagicMock()
-    user.has_usable_password = mock.MagicMock(return_value=True)
-    with mock.patch('awx.sso.backends.django_settings') as settings,\
-            mock.patch('awx.sso.backends.feature_enabled', feature_enabled('enterprise_auth')),\
-            mock.patch('tacacs_plus.TACACSClient', return_value=client),\
-            mock.patch.object(tacacsplus_backend, '_get_or_set_user', return_value=user):
-        settings.TACACSPLUS_HOST = 'localhost'
-        settings.TACACSPLUS_AUTH_PROTOCOL = 'ascii'
-        ret_user = tacacsplus_backend.authenticate(u"user", u"pass")
-        assert ret_user is None
-
-
 def test_client_return_valid_passes_auth(tacacsplus_backend, feature_enabled):
    auth = mock.MagicMock()
    auth.valid = True
@@ -77,7 +60,7 @@ def test_client_return_valid_passes_auth(tacacsplus_backend, feature_enabled):
    with mock.patch('awx.sso.backends.django_settings') as settings,\
            mock.patch('awx.sso.backends.feature_enabled', feature_enabled('enterprise_auth')),\
            mock.patch('tacacs_plus.TACACSClient', return_value=client),\
-            mock.patch.object(tacacsplus_backend, '_get_or_set_user', return_value=user):
+            mock.patch('awx.sso.backends._get_or_set_enterprise_user', return_value=user):
        settings.TACACSPLUS_HOST = 'localhost'
        settings.TACACSPLUS_AUTH_PROTOCOL = 'ascii'
        ret_user = tacacsplus_backend.authenticate(u"user", u"pass")