Skip to content
Snippets Groups Projects
Normal view Permalink
test_authentication.py 2.19 KiB
Newer Older
  • Learn to ignore specific revisions
    • Eliot Berriot's avatar
    See #75: initial subsonic implementation that works with http://p.subfireplayer.net
    Eliot Berriot committed
    1 
    import binascii
    Eliot Berriot's avatar
    Fix #218: Ensure inactive users cannot get auth tokens  
    Eliot Berriot committed
    2
    Eliot Berriot's avatar
    See #297: sorted imports  
    Eliot Berriot committed
    3 
    import pytest
    Eliot Berriot's avatar
    Fix #218: Ensure inactive users cannot get auth tokens  
    Eliot Berriot committed
    4 
    from rest_framework import exceptions
    Eliot Berriot's avatar
    See #75: initial subsonic implementation that works with http://p.subfireplayer.net
    Eliot Berriot committed
    5 6 7 8 9 
    
from funkwhale_api.subsonic import authentication


def test_auth_with_salt(api_request, factories):
    Eliot Berriot's avatar
    Blacked the code  
    Eliot Berriot committed
    10 11 12 
        salt = "salt"
    user = factories["users.User"]()
    user.subsonic_api_token = "password"
    Eliot Berriot's avatar
    See #75: initial subsonic implementation that works with http://p.subfireplayer.net
    Eliot Berriot committed
    13 
        user.save()
    Eliot Berriot's avatar
    Blacked the code  
    Eliot Berriot committed
    14 15 
        token = authentication.get_token(salt, "password")
    request = api_request.get("/", {"t": token, "s": salt, "u": user.username})
    Eliot Berriot's avatar
    See #75: initial subsonic implementation that works with http://p.subfireplayer.net
    Eliot Berriot committed
    16 17 18 19 20 21 22 23 
    
    authenticator = authentication.SubsonicAuthentication()
    u, _ = authenticator.authenticate(request)

    assert user == u


def test_auth_with_password_hex(api_request, factories):
    Eliot Berriot's avatar
    Blacked the code  
    Eliot Berriot committed
    24 25 
        user = factories["users.User"]()
    user.subsonic_api_token = "password"
    Eliot Berriot's avatar
    See #75: initial subsonic implementation that works with http://p.subfireplayer.net
    Eliot Berriot committed
    26 
        user.save()
    Eliot Berriot's avatar
    Blacked the code  
    Eliot Berriot committed
    27 28 29 30 31 32 33 34 35 36 37 
        request = api_request.get(
        "/",
        {
            "u": user.username,
            "p": "enc:{}".format(
                binascii.hexlify(user.subsonic_api_token.encode("utf-8")).decode(
                    "utf-8"
                )
            ),
        },
    )
    Eliot Berriot's avatar
    See #75: initial subsonic implementation that works with http://p.subfireplayer.net
    Eliot Berriot committed
    38 39 40 41 42 43 44 45 
    
    authenticator = authentication.SubsonicAuthentication()
    u, _ = authenticator.authenticate(request)

    assert user == u


def test_auth_with_password_cleartext(api_request, factories):
    Eliot Berriot's avatar
    Blacked the code  
    Eliot Berriot committed
    46 47 
        user = factories["users.User"]()
    user.subsonic_api_token = "password"
    Eliot Berriot's avatar
    See #75: initial subsonic implementation that works with http://p.subfireplayer.net
    Eliot Berriot committed
    48 
        user.save()
    Eliot Berriot's avatar
    Blacked the code  
    Eliot Berriot committed
    49 
        request = api_request.get("/", {"u": user.username, "p": "password"})
    Eliot Berriot's avatar
    See #75: initial subsonic implementation that works with http://p.subfireplayer.net
    Eliot Berriot committed
    50 51 52 53 54 
    
    authenticator = authentication.SubsonicAuthentication()
    u, _ = authenticator.authenticate(request)

    assert user == u
    Eliot Berriot's avatar
    Fix #218: Ensure inactive users cannot get auth tokens  
    Eliot Berriot committed
    55 56 57 
    

def test_auth_with_inactive_users(api_request, factories):
    Eliot Berriot's avatar
    Blacked the code  
    Eliot Berriot committed
    58 59 
        user = factories["users.User"](is_active=False)
    user.subsonic_api_token = "password"
    Eliot Berriot's avatar
    Fix #218: Ensure inactive users cannot get auth tokens  
    Eliot Berriot committed
    60 
        user.save()
    Eliot Berriot's avatar
    Blacked the code  
    Eliot Berriot committed
    61 
        request = api_request.get("/", {"u": user.username, "p": "password"})
    Eliot Berriot's avatar
    Fix #218: Ensure inactive users cannot get auth tokens  
    Eliot Berriot committed
    62 63 64 65 
    
    authenticator = authentication.SubsonicAuthentication()
    with pytest.raises(exceptions.AuthenticationFailed):
        authenticator.authenticate(request)
    Eliot Berriot's avatar
    Fix #339: Subsonic API login is now case insensitive  
    Eliot Berriot committed
    66 67 68 69 70 71 72 73 74 75 76 77 
    

def test_auth_case_insensitive(api_request, factories):
    user = factories["users.User"](username="Hello")
    user.subsonic_api_token = "password"
    user.save()
    request = api_request.get("/", {"u": "hello", "p": "password"})

    authenticator = authentication.SubsonicAuthentication()
    u, _ = authenticator.authenticate(request)

    assert user == u