From f1ce2f97a6d8d938fbfe800ffda6820ac0af0850 Mon Sep 17 00:00:00 2001
From: Marco Ciotola <848222@stud.unive.it>
Date: Tue, 3 Mar 2020 16:11:56 +0100
Subject: [PATCH] [auth] enforce AUTH_ENABLED_SYSTEMS
add password and facebook auth systems to make tests work
---
helios/models.py | 2 +-
helios/tests.py | 8 ++++++++
helios_auth/__init__.py | 4 ++--
helios_auth/auth_systems/__init__.py | 8 ++++----
helios_auth/models.py | 10 +++++-----
helios_auth/urls.py | 6 +++---
settings.py | 8 +++++---
7 files changed, 28 insertions(+), 18 deletions(-)
diff --git a/helios/models.py b/helios/models.py
index 25ecae3..128105d 100644
--- a/helios/models.py
+++ b/helios/models.py
@@ -481,7 +481,7 @@ class Election(HeliosModel):
#if self.voter_set.count() == 0:
# return
- auth_systems = copy.copy(settings.AUTH_ENABLED_AUTH_SYSTEMS)
+ auth_systems = copy.copy(settings.AUTH_ENABLED_SYSTEMS)
voter_types = [r['user__user_type'] for r in self.voter_set.values('user__user_type').distinct() if
r['user__user_type'] is not None]
diff --git a/helios/tests.py b/helios/tests.py
index a5b1a02..60103c8 100644
--- a/helios/tests.py
+++ b/helios/tests.py
@@ -3,6 +3,7 @@ Unit Tests for Helios
"""
import datetime
+import logging
import re
import uuid
from urllib.parse import urlencode
@@ -151,6 +152,13 @@ class ElectionModelTests(TestCase):
def test_facebook_eligibility(self):
self.election.eligibility = [{'auth_system': 'facebook', 'constraint':[{'group': {'id': '123', 'name':'Fake Group'}}]}]
+ import settings
+ fb_enabled = 'facebook' in settings.AUTH_ENABLED_SYSTEMS
+ if not fb_enabled:
+ logging.error("'facebook' not enabled for auth, cannot its constraints.")
+ self.assertFalse(self.election.user_eligible_p(self.fb_user))
+ return
+
# without openreg, this should be false
self.assertFalse(self.election.user_eligible_p(self.fb_user))
diff --git a/helios_auth/__init__.py b/helios_auth/__init__.py
index 2c9c090..d5e23fa 100644
--- a/helios_auth/__init__.py
+++ b/helios_auth/__init__.py
@@ -5,6 +5,6 @@ TEMPLATE_BASE = settings.AUTH_TEMPLATE_BASE or "helios_auth/templates/base.html"
# enabled auth systems
from . import auth_systems
-ENABLED_AUTH_SYSTEMS = settings.AUTH_ENABLED_AUTH_SYSTEMS or list(auth_systems.AUTH_SYSTEMS.keys())
-DEFAULT_AUTH_SYSTEM = settings.AUTH_DEFAULT_AUTH_SYSTEM or None
+ENABLED_AUTH_SYSTEMS = settings.AUTH_ENABLED_SYSTEMS or list(auth_systems.AUTH_SYSTEMS.keys())
+DEFAULT_AUTH_SYSTEM = settings.AUTH_DEFAULT_SYSTEM or None
diff --git a/helios_auth/auth_systems/__init__.py b/helios_auth/auth_systems/__init__.py
index 07ebaa8..e9dc976 100644
--- a/helios_auth/auth_systems/__init__.py
+++ b/helios_auth/auth_systems/__init__.py
@@ -1,8 +1,8 @@
from django.conf import settings
-_enabled = settings.AUTH_ENABLED_AUTH_SYSTEMS or None
+_enabled = settings.AUTH_ENABLED_SYSTEMS or None
def _is_enabled(system):
- return _enabled is not None or system in _enabled
+ return _enabled is None or system in _enabled
AUTH_SYSTEMS = {}
@@ -43,7 +43,7 @@ if _is_enabled('clever'):
#AUTH_SYSTEMS['live'] = live
def can_check_constraint(auth_system):
- return hasattr(AUTH_SYSTEMS[auth_system], 'check_constraint')
+ return auth_system in AUTH_SYSTEMS and hasattr(AUTH_SYSTEMS[auth_system], 'check_constraint')
def can_list_categories(auth_system):
- return hasattr(AUTH_SYSTEMS[auth_system], 'list_categories')
+ return auth_system in AUTH_SYSTEMS and hasattr(AUTH_SYSTEMS[auth_system], 'list_categories')
diff --git a/helios_auth/models.py b/helios_auth/models.py
index d4e3a32..15fa025 100644
--- a/helios_auth/models.py
+++ b/helios_auth/models.py
@@ -8,7 +8,7 @@ Ben Adida
"""
from django.db import models
-from .auth_systems import AUTH_SYSTEMS
+from .auth_systems import can_check_constraint, AUTH_SYSTEMS
from .jsonfield import JSONField
@@ -115,12 +115,12 @@ class User(models.Model):
# from here on we know we match the auth system, but do we match one of the constraints?
- auth_system = AUTH_SYSTEMS[self.user_type]
-
# does the auth system allow for checking a constraint?
- if not hasattr(auth_system, 'check_constraint'):
+ if not can_check_constraint(self.user_type):
return False
-
+
+ auth_system = AUTH_SYSTEMS[self.user_type]
+
for constraint in eligibility_case['constraint']:
# do we match on this constraint?
if auth_system.check_constraint(constraint=constraint, user = self):
diff --git a/helios_auth/urls.py b/helios_auth/urls.py
index 43f552d..9fbc158 100644
--- a/helios_auth/urls.py
+++ b/helios_auth/urls.py
@@ -7,7 +7,7 @@ Ben Adida (ben@adida.net)
from django.conf.urls import url
-from settings import AUTH_ENABLED_AUTH_SYSTEMS
+from settings import AUTH_ENABLED_SYSTEMS
from . import views, url_names
urlpatterns = [
@@ -22,11 +22,11 @@ urlpatterns = [
]
# password auth
-if 'password' in AUTH_ENABLED_AUTH_SYSTEMS:
+if 'password' in AUTH_ENABLED_SYSTEMS:
from .auth_systems.password import urlpatterns as password_patterns
urlpatterns.extend(password_patterns)
# twitter
-if 'twitter' in AUTH_ENABLED_AUTH_SYSTEMS:
+if 'twitter' in AUTH_ENABLED_SYSTEMS:
from .auth_systems.twitter import urlpatterns as twitter_patterns
urlpatterns.extend(twitter_patterns)
diff --git a/settings.py b/settings.py
index 13b9069..c5bf2c2 100644
--- a/settings.py
+++ b/settings.py
@@ -211,9 +211,11 @@ HELIOS_VOTERS_EMAIL = True
HELIOS_PRIVATE_DEFAULT = False
# authentication systems enabled
-#AUTH_ENABLED_AUTH_SYSTEMS = ['password','facebook','twitter', 'google', 'yahoo']
-AUTH_ENABLED_AUTH_SYSTEMS = get_from_env('AUTH_ENABLED_AUTH_SYSTEMS', 'google').split(",")
-AUTH_DEFAULT_AUTH_SYSTEM = get_from_env('AUTH_DEFAULT_AUTH_SYSTEM', None)
+# AUTH_ENABLED_SYSTEMS = ['password','facebook','twitter', 'google', 'yahoo']
+AUTH_ENABLED_SYSTEMS = get_from_env('AUTH_ENABLED_SYSTEMS',
+ get_from_env('AUTH_ENABLED_AUTH_SYSTEMS', 'password,google,facebook')
+ ).split(",")
+AUTH_DEFAULT_SYSTEM = get_from_env('AUTH_DEFAULT_SYSTEM', get_from_env('AUTH_DEFAULT_AUTH_SYSTEM', None))
# google
GOOGLE_CLIENT_ID = get_from_env('GOOGLE_CLIENT_ID', '')
--
GitLab