mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-07-13 09:50:08 -04:00
Add tests for GET webauthn_begin_authentication
This commit is contained in:
@@ -159,20 +159,63 @@ def test_complete_register_handles_missing_state(
|
||||
assert cbor.decode(response.data) == 'No registration in progress'
|
||||
|
||||
|
||||
def test_begin_authentication_returns_encoded_options(client):
|
||||
pass
|
||||
def test_begin_authentication_forbidden_for_non_platform_admins(client, api_user_active, mock_get_user):
|
||||
# mock_get_user returns api_user_active so changes to the api user will reflect
|
||||
api_user_active['auth_type'] = 'webauthn_auth'
|
||||
|
||||
with client.session_transaction() as session:
|
||||
session['user_details'] = {'id': '1'}
|
||||
|
||||
response = client.get(url_for('main.webauthn_begin_authentication'))
|
||||
assert response.status_code == 403
|
||||
|
||||
|
||||
def test_begin_authentication_includes_existing_credentials(client):
|
||||
pass
|
||||
def test_begin_authentication_forbidden_for_users_without_webauthn(client, mocker, platform_admin_user):
|
||||
mocker.patch('app.user_api_client.get_user', return_value=platform_admin_user)
|
||||
|
||||
with client.session_transaction() as session:
|
||||
session['user_details'] = {'id': '1'}
|
||||
|
||||
response = client.get(url_for('main.webauthn_begin_authentication'))
|
||||
assert response.status_code == 403
|
||||
|
||||
|
||||
def test_begin_authentication_stores_state_in_session(client):
|
||||
pass
|
||||
def test_begin_authentication_returns_encoded_options(client, mocker, webauthn_credential, platform_admin_user):
|
||||
platform_admin_user['auth_type'] = 'webauthn_auth'
|
||||
mocker.patch('app.user_api_client.get_user', return_value=platform_admin_user)
|
||||
|
||||
with client.session_transaction() as session:
|
||||
session['user_details'] = {'id': platform_admin_user['id']}
|
||||
|
||||
get_creds_mock = mocker.patch(
|
||||
'app.user_api_client.get_webauthn_credentials_for_user',
|
||||
return_value=[webauthn_credential]
|
||||
)
|
||||
response = client.get(url_for('main.webauthn_begin_authentication'))
|
||||
|
||||
decoded_data = cbor.decode(response.data)
|
||||
allowed_credentials = decoded_data['publicKey']['allowCredentials']
|
||||
|
||||
assert len(allowed_credentials) == 1
|
||||
assert decoded_data['publicKey']['timeout'] == 30000
|
||||
get_creds_mock.assert_called_once_with(platform_admin_user['id'])
|
||||
|
||||
|
||||
def test_complete_authentication_logs_user_in(client):
|
||||
pass
|
||||
def test_begin_authentication_stores_state_in_session(client, mocker, webauthn_credential, platform_admin_user):
|
||||
platform_admin_user['auth_type'] = 'webauthn_auth'
|
||||
mocker.patch('app.user_api_client.get_user', return_value=platform_admin_user)
|
||||
|
||||
with client.session_transaction() as session:
|
||||
session['user_details'] = {'id': platform_admin_user['id']}
|
||||
|
||||
mocker.patch(
|
||||
'app.user_api_client.get_webauthn_credentials_for_user',
|
||||
return_value=[webauthn_credential]
|
||||
)
|
||||
client.get(url_for('main.webauthn_begin_authentication'))
|
||||
|
||||
with client.session_transaction() as session:
|
||||
assert 'challenge' in session['webauthn_authentication_state']
|
||||
|
||||
|
||||
def test_complete_authentication_403s_if_key_isnt_in_users_credentials(client):
|
||||
|
||||
Reference in New Issue
Block a user