🚚(backend) create a dedicated authentication package

Prepare adding advanced authentication features. Create a dedicated authentication Python package within the core app. This code organization will be more extensible.
2024-04-09 23:33:30 +02:00
parent 004a4edfe7
commit 5f7e3e620a
5 changed files with 5 additions and 5 deletions
--- a/src/backend/core/tests/authentication/init.py
+++ b/src/backend/core/tests/authentication/init.py
--- a/src/backend/core/tests/authentication/test_backends.py
+++ b/src/backend/core/tests/authentication/test_backends.py
@@ -0,0 +1,101 @@
+"""Unit tests for the Authentication Backends."""
+
+from django.core.exceptions import SuspiciousOperation
+
+import pytest
+
+from core import models
+from core.authentication.backends import OIDCAuthenticationBackend
+from core.factories import UserFactory
+
+pytestmark = pytest.mark.django_db
+
+
+def test_authentication_getter_existing_user_no_email(
+    django_assert_num_queries, monkeypatch
+):
+    """
+    If an existing user matches the user's info sub, the user should be returned.
+    """
+
+    klass = OIDCAuthenticationBackend()
+    db_user = UserFactory()
+
+    def get_userinfo_mocked(*args):
+        return {"sub": db_user.sub}
+
+    monkeypatch.setattr(OIDCAuthenticationBackend, "get_userinfo", get_userinfo_mocked)
+
+    with django_assert_num_queries(1):
+        user = klass.get_or_create_user(
+            access_token="test-token", id_token=None, payload=None
+        )
+
+    assert user == db_user
+
+
+def test_authentication_getter_new_user_no_email(monkeypatch):
+    """
+    If no user matches the user's info sub, a user should be created.
+    User's info doesn't contain an email, created user's email should be empty.
+    """
+    klass = OIDCAuthenticationBackend()
+
+    def get_userinfo_mocked(*args):
+        return {"sub": "123"}
+
+    monkeypatch.setattr(OIDCAuthenticationBackend, "get_userinfo", get_userinfo_mocked)
+
+    user = klass.get_or_create_user(
+        access_token="test-token", id_token=None, payload=None
+    )
+
+    assert user.sub == "123"
+    assert user.email is None
+    assert user.password == "!"
+    assert models.User.objects.count() == 1
+
+
+def test_authentication_getter_new_user_with_email(monkeypatch):
+    """
+    If no user matches the user's info sub, a user should be created.
+    User's email and name should be set on the identity.
+    The "email" field on the User model should not be set as it is reserved for staff users.
+    """
+    klass = OIDCAuthenticationBackend()
+
+    email = "impress@example.com"
+
+    def get_userinfo_mocked(*args):
+        return {"sub": "123", "email": email, "first_name": "John", "last_name": "Doe"}
+
+    monkeypatch.setattr(OIDCAuthenticationBackend, "get_userinfo", get_userinfo_mocked)
+
+    user = klass.get_or_create_user(
+        access_token="test-token", id_token=None, payload=None
+    )
+
+    assert user.sub == "123"
+    assert user.email == email
+    assert user.password == "!"
+    assert models.User.objects.count() == 1
+
+
+def test_models_oidc_user_getter_invalid_token(django_assert_num_queries, monkeypatch):
+    """The user's info doesn't contain a sub."""
+    klass = OIDCAuthenticationBackend()
+
+    def get_userinfo_mocked(*args):
+        return {
+            "test": "123",
+        }
+
+    monkeypatch.setattr(OIDCAuthenticationBackend, "get_userinfo", get_userinfo_mocked)
+
+    with django_assert_num_queries(0), pytest.raises(
+        SuspiciousOperation,
+        match="User info contained no recognizable user identification",
+    ):
+        klass.get_or_create_user(access_token="test-token", id_token=None, payload=None)
+
+    assert models.User.objects.exists() is False