Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(147)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/chromium_rietveld/tests/test_auth_utils.py

Issue 2075803002: [Rietveld] Allow whitelisted email accounts to access Rietveld. (Closed) Base URL: https://chromium.googlesource.com/infra/infra.git@master
Patch Set: Support emails in all domains instead of just App Engine service accounts. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « appengine/chromium_rietveld/codereview/views.py ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/usr/bin/env python 1 #!/usr/bin/env python
2 # Copyright 2013 Google Inc. 2 # Copyright 2013 Google Inc.
3 # 3 #
4 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License. 5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at 6 # You may obtain a copy of the License at
7 # 7 #
8 # http://www.apache.org/licenses/LICENSE-2.0 8 # http://www.apache.org/licenses/LICENSE-2.0
9 # 9 #
10 # Unless required by applicable law or agreed to in writing, software 10 # Unless required by applicable law or agreed to in writing, software
(...skipping 21 matching lines...) Expand all
32 32
33 33
34 TEST_EMAIL = 'foo@example.com' 34 TEST_EMAIL = 'foo@example.com'
35 EMAIL_SCOPE = auth_utils.EMAIL_SCOPE 35 EMAIL_SCOPE = auth_utils.EMAIL_SCOPE
36 CLIENT_ID = 'dummy21.apps.googleusercontent.com' 36 CLIENT_ID = 'dummy21.apps.googleusercontent.com'
37 OTHER_CLIENT_IDS = [ 37 OTHER_CLIENT_IDS = [
38 'dummy34.apps.googleusercontent.com', 38 'dummy34.apps.googleusercontent.com',
39 'dummy55.apps.googleusercontent.com', 39 'dummy55.apps.googleusercontent.com',
40 'dummy89.apps.googleusercontent.com', 40 'dummy89.apps.googleusercontent.com',
41 ] 41 ]
42 WHILTELISTED_EMAILS = [
43 'dummy1@appspot.gserviceaccount.com',
44 ]
42 45
43 46
44 47
45 class TestAuthUtils(TestCase): 48 class TestAuthUtils(TestCase):
46 49
47 def setUp(self): 50 def setUp(self):
48 super(TestAuthUtils, self).setUp() 51 super(TestAuthUtils, self).setUp()
49 # User service stub used in TestAuthUtils, this protobuf service 52 # User service stub used in TestAuthUtils, this protobuf service
50 # includes the OAuth API. 53 # includes the OAuth API.
51 self.oauth_login(TEST_EMAIL) 54 self.oauth_login(TEST_EMAIL)
52 55
53 auth_utils.SecretKey.set_config(CLIENT_ID, 'dummy.secret', 56 auth_utils.SecretKey.set_config(CLIENT_ID, 'dummy.secret',
54 OTHER_CLIENT_IDS) 57 OTHER_CLIENT_IDS, WHILTELISTED_EMAILS)
55 58
56 def tearDown(self): 59 def tearDown(self):
57 super(TestAuthUtils, self).tearDown() 60 super(TestAuthUtils, self).tearDown()
58 self.oauth_logout() 61 self.oauth_logout()
59 62
60 def cookie_login(self, email, is_admin=False): 63 def cookie_login(self, email, is_admin=False):
61 """Logs in Cookie user identified by email.""" 64 """Logs in Cookie user identified by email."""
62 self.login(email) 65 self.login(email)
63 os.environ['USER_IS_ADMIN'] = '1' if is_admin else '0' 66 os.environ['USER_IS_ADMIN'] = '1' if is_admin else '0'
64 67
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after
182 # Is an admin 185 # Is an admin
183 self.oauth_login(oauth_mail, is_admin=True) 186 self.oauth_login(oauth_mail, is_admin=True)
184 self.assertTrue(auth_utils.is_current_user_admin()) 187 self.assertTrue(auth_utils.is_current_user_admin())
185 188
186 def test_is_current_user_admin_both_cookie_and_oauth_user(self): 189 def test_is_current_user_admin_both_cookie_and_oauth_user(self):
187 self.cookie_login('foo@bar.com', is_admin=True) 190 self.cookie_login('foo@bar.com', is_admin=True)
188 self.oauth_login('oauth@mail.com', is_admin=True) 191 self.oauth_login('oauth@mail.com', is_admin=True)
189 192
190 self.assertTrue(auth_utils.is_current_user_admin()) 193 self.assertTrue(auth_utils.is_current_user_admin())
191 194
195 def test_is_current_user_oauth_but_not_whitelisted_email(self):
196 self.cookie_logout()
197 self.oauth_login('not-whitelisted@appspot.gserviceaccount.com',
198 is_admin=False, client_id='anonymous')
199 self.assertIsNone(auth_utils.get_current_rietveld_oauth_user())
200
201 def test_is_current_user_oauth_and_whitelisted_email(self):
202 for email in WHILTELISTED_EMAILS:
203 self.cookie_logout()
204 self.oauth_logout()
205 self.oauth_login(email, is_admin=False, client_id='anonymous')
206 oauth_user = auth_utils.get_current_rietveld_oauth_user()
207 self.assertIsNotNone(oauth_user)
208 self.assertEqual(email, oauth_user.email())
209
192 210
193 if __name__ == '__main__': 211 if __name__ == '__main__':
194 unittest.main() 212 unittest.main()
OLDNEW
« no previous file with comments | « appengine/chromium_rietveld/codereview/views.py ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698