mirror of
https://github.com/paperless-ngx/paperless-ngx.git
synced 2025-04-02 13:45:10 -05:00
144 lines
3.9 KiB
Python
144 lines
3.9 KiB
Python
import os
|
|
from unittest import mock
|
|
|
|
from django.contrib.auth.models import User
|
|
from django.test import override_settings
|
|
from rest_framework import status
|
|
from rest_framework.test import APITestCase
|
|
|
|
from documents.tests.utils import DirectoriesMixin
|
|
from paperless.settings import _parse_remote_user_settings
|
|
|
|
|
|
class TestRemoteUser(DirectoriesMixin, APITestCase):
|
|
def setUp(self):
|
|
super().setUp()
|
|
|
|
self.user = User.objects.create_superuser(
|
|
username="temp_admin",
|
|
)
|
|
|
|
def test_remote_user(self):
|
|
"""
|
|
GIVEN:
|
|
- Configured user
|
|
- Remote user auth is enabled
|
|
WHEN:
|
|
- Call is made to root
|
|
THEN:
|
|
- Call succeeds
|
|
"""
|
|
|
|
with mock.patch.dict(
|
|
os.environ,
|
|
{
|
|
"PAPERLESS_ENABLE_HTTP_REMOTE_USER": "True",
|
|
},
|
|
):
|
|
_parse_remote_user_settings()
|
|
|
|
response = self.client.get("/documents/")
|
|
|
|
self.assertEqual(
|
|
response.status_code,
|
|
status.HTTP_302_FOUND,
|
|
)
|
|
|
|
response = self.client.get(
|
|
"/documents/",
|
|
headers={
|
|
"Remote-User": self.user.username,
|
|
},
|
|
)
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
def test_remote_user_api(self):
|
|
"""
|
|
GIVEN:
|
|
- Configured user
|
|
- Remote user auth is enabled for the API
|
|
WHEN:
|
|
- API call is made to get documents
|
|
THEN:
|
|
- Call succeeds
|
|
"""
|
|
|
|
with mock.patch.dict(
|
|
os.environ,
|
|
{
|
|
"PAPERLESS_ENABLE_HTTP_REMOTE_USER_API": "True",
|
|
},
|
|
):
|
|
_parse_remote_user_settings()
|
|
|
|
response = self.client.get("/api/documents/")
|
|
|
|
# 403 testing locally, 401 on ci...
|
|
self.assertIn(
|
|
response.status_code,
|
|
[status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN],
|
|
)
|
|
|
|
response = self.client.get(
|
|
"/api/documents/",
|
|
headers={
|
|
"Remote-User": self.user.username,
|
|
},
|
|
)
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
@override_settings(
|
|
REST_FRAMEWORK={
|
|
"DEFAULT_AUTHENTICATION_CLASSES": [
|
|
"rest_framework.authentication.BasicAuthentication",
|
|
"rest_framework.authentication.TokenAuthentication",
|
|
"rest_framework.authentication.SessionAuthentication",
|
|
],
|
|
},
|
|
)
|
|
def test_remote_user_api_disabled(self):
|
|
"""
|
|
GIVEN:
|
|
- Configured user
|
|
- Remote user auth enabled for frontend but disabled for the API
|
|
- Note that REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] is set in settings.py in production
|
|
WHEN:
|
|
- API call is made to get documents
|
|
THEN:
|
|
- Call fails
|
|
"""
|
|
response = self.client.get(
|
|
"/api/documents/",
|
|
headers={
|
|
"Remote-User": self.user.username,
|
|
},
|
|
)
|
|
|
|
self.assertIn(
|
|
response.status_code,
|
|
[status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN],
|
|
)
|
|
|
|
def test_remote_user_header_setting(self):
|
|
"""
|
|
GIVEN:
|
|
- Remote user header name is set
|
|
WHEN:
|
|
- Settings are parsed
|
|
THEN:
|
|
- Correct header name is returned
|
|
"""
|
|
|
|
with mock.patch.dict(
|
|
os.environ,
|
|
{
|
|
"PAPERLESS_ENABLE_HTTP_REMOTE_USER": "True",
|
|
"PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME": "HTTP_FOO",
|
|
},
|
|
):
|
|
header_name = _parse_remote_user_settings()
|
|
|
|
self.assertEqual(header_name, "HTTP_FOO")
|