Coverage for cc_modules/tests/cc_pyramid_tests.py: 32%

44 statements  

« prev     ^ index     » next       coverage.py v7.6.10, created at 2025-01-30 13:48 +0000

1""" 

2camcops_server/cc_modules/tests/cc_pyramid_tests.py 

3 

4=============================================================================== 

5 

6 Copyright (C) 2012, University of Cambridge, Department of Psychiatry. 

7 Created by Rudolf Cardinal (rnc1001@cam.ac.uk). 

8 

9 This file is part of CamCOPS. 

10 

11 CamCOPS is free software: you can redistribute it and/or modify 

12 it under the terms of the GNU General Public License as published by 

13 the Free Software Foundation, either version 3 of the License, or 

14 (at your option) any later version. 

15 

16 CamCOPS is distributed in the hope that it will be useful, 

17 but WITHOUT ANY WARRANTY; without even the implied warranty of 

18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 

19 GNU General Public License for more details. 

20 

21 You should have received a copy of the GNU General Public License 

22 along with CamCOPS. If not, see <https://www.gnu.org/licenses/>. 

23 

24=============================================================================== 

25 

26""" 

27 

28from pyramid.security import Authenticated, Everyone 

29 

30from camcops_server.cc_modules.cc_constants import MfaMethod 

31from camcops_server.cc_modules.cc_pyramid import ( 

32 CamcopsAuthenticationPolicy, 

33 Permission, 

34) 

35from camcops_server.cc_modules.cc_testfactories import ( 

36 GroupFactory, 

37 UserFactory, 

38 UserGroupMembershipFactory, 

39) 

40from camcops_server.cc_modules.cc_unittest import DemoRequestTestCase 

41 

42 

43class CamcopsAuthenticationPolicyTests(DemoRequestTestCase): 

44 def test_principals_for_no_user(self) -> None: 

45 self.req._debugging_user = None 

46 self.assertEqual( 

47 CamcopsAuthenticationPolicy.effective_principals(self.req), 

48 [Everyone], 

49 ) 

50 

51 def test_principals_for_authenticated_user(self) -> None: 

52 user = self.req._debugging_user = UserFactory() 

53 self.assertIn( 

54 Authenticated, 

55 CamcopsAuthenticationPolicy.effective_principals(self.req), 

56 ) 

57 self.assertIn( 

58 f"u:{user.id}", 

59 CamcopsAuthenticationPolicy.effective_principals(self.req), 

60 ) 

61 

62 def test_principals_when_user_must_change_pasword(self) -> None: 

63 user = self.req._debugging_user = UserFactory( 

64 when_agreed_terms_of_use=self.req.now, 

65 must_change_password=True, 

66 ) 

67 group = GroupFactory() 

68 UserGroupMembershipFactory( 

69 user_id=user.id, group_id=group.id, may_use_webviewer=True 

70 ) 

71 

72 self.assertIn( 

73 Permission.MUST_CHANGE_PASSWORD, 

74 CamcopsAuthenticationPolicy.effective_principals(self.req), 

75 ) 

76 

77 def test_principals_when_user_must_set_up_mfa(self) -> None: 

78 user = self.req._debugging_user = UserFactory( 

79 mfa_method=MfaMethod.NO_MFA, when_agreed_terms_of_use=self.req.now 

80 ) 

81 group = GroupFactory() 

82 UserGroupMembershipFactory( 

83 user_id=user.id, group_id=group.id, may_use_webviewer=True 

84 ) 

85 

86 self.req.config.mfa_methods = [MfaMethod.HOTP_EMAIL] 

87 self.assertIn( 

88 Permission.MUST_SET_MFA, 

89 CamcopsAuthenticationPolicy.effective_principals(self.req), 

90 ) 

91 

92 def test_principals_when_user_must_agree_terms(self) -> None: 

93 user = self.req._debugging_user = UserFactory( 

94 when_agreed_terms_of_use=None 

95 ) 

96 group = GroupFactory() 

97 UserGroupMembershipFactory( 

98 user_id=user.id, group_id=group.id, may_use_webviewer=True 

99 ) 

100 

101 self.assertIn( 

102 Permission.MUST_AGREE_TERMS, 

103 CamcopsAuthenticationPolicy.effective_principals(self.req), 

104 ) 

105 

106 def test_principals_when_everything_ok(self) -> None: 

107 user = self.req._debugging_user = UserFactory( 

108 mfa_method=MfaMethod.NO_MFA, when_agreed_terms_of_use=self.req.now 

109 ) 

110 group = GroupFactory() 

111 UserGroupMembershipFactory( 

112 user_id=user.id, group_id=group.id, may_use_webviewer=True 

113 ) 

114 

115 self.req.config.mfa_methods = [MfaMethod.NO_MFA] 

116 self.assertIn( 

117 Permission.HAPPY, 

118 CamcopsAuthenticationPolicy.effective_principals(self.req), 

119 ) 

120 

121 def test_principals_for_superuser(self) -> None: 

122 self.req._debugging_user = UserFactory(superuser=True) 

123 

124 self.assertIn( 

125 Permission.SUPERUSER, 

126 CamcopsAuthenticationPolicy.effective_principals(self.req), 

127 ) 

128 

129 def test_principals_for_groupadmin(self) -> None: 

130 user = self.req._debugging_user = UserFactory() 

131 group = GroupFactory() 

132 UserGroupMembershipFactory( 

133 user_id=user.id, group_id=group.id, groupadmin=True 

134 ) 

135 

136 self.req._debugging_user = user 

137 self.assertIn( 

138 Permission.GROUPADMIN, 

139 CamcopsAuthenticationPolicy.effective_principals(self.req), 

140 )