From 28ee2a1f9af28c65716ad68120e757768345bf53 Mon Sep 17 00:00:00 2001 From: Katie Smith Date: Mon, 17 May 2021 12:35:43 +0100 Subject: [PATCH] Add tests for GET webauthn_begin_authentication --- .../main/views/test_webauthn_credentials.py | 59 ++++++++++++++++--- 1 file changed, 51 insertions(+), 8 deletions(-) diff --git a/tests/app/main/views/test_webauthn_credentials.py b/tests/app/main/views/test_webauthn_credentials.py index 4bfbfa904..9c958a404 100644 --- a/tests/app/main/views/test_webauthn_credentials.py +++ b/tests/app/main/views/test_webauthn_credentials.py @@ -159,20 +159,63 @@ def test_complete_register_handles_missing_state( assert cbor.decode(response.data) == 'No registration in progress' -def test_begin_authentication_returns_encoded_options(client): - pass +def test_begin_authentication_forbidden_for_non_platform_admins(client, api_user_active, mock_get_user): + # mock_get_user returns api_user_active so changes to the api user will reflect + api_user_active['auth_type'] = 'webauthn_auth' + + with client.session_transaction() as session: + session['user_details'] = {'id': '1'} + + response = client.get(url_for('main.webauthn_begin_authentication')) + assert response.status_code == 403 -def test_begin_authentication_includes_existing_credentials(client): - pass +def test_begin_authentication_forbidden_for_users_without_webauthn(client, mocker, platform_admin_user): + mocker.patch('app.user_api_client.get_user', return_value=platform_admin_user) + + with client.session_transaction() as session: + session['user_details'] = {'id': '1'} + + response = client.get(url_for('main.webauthn_begin_authentication')) + assert response.status_code == 403 -def test_begin_authentication_stores_state_in_session(client): - pass +def test_begin_authentication_returns_encoded_options(client, mocker, webauthn_credential, platform_admin_user): + platform_admin_user['auth_type'] = 'webauthn_auth' + mocker.patch('app.user_api_client.get_user', return_value=platform_admin_user) + + with client.session_transaction() as session: + session['user_details'] = {'id': platform_admin_user['id']} + + get_creds_mock = mocker.patch( + 'app.user_api_client.get_webauthn_credentials_for_user', + return_value=[webauthn_credential] + ) + response = client.get(url_for('main.webauthn_begin_authentication')) + + decoded_data = cbor.decode(response.data) + allowed_credentials = decoded_data['publicKey']['allowCredentials'] + + assert len(allowed_credentials) == 1 + assert decoded_data['publicKey']['timeout'] == 30000 + get_creds_mock.assert_called_once_with(platform_admin_user['id']) -def test_complete_authentication_logs_user_in(client): - pass +def test_begin_authentication_stores_state_in_session(client, mocker, webauthn_credential, platform_admin_user): + platform_admin_user['auth_type'] = 'webauthn_auth' + mocker.patch('app.user_api_client.get_user', return_value=platform_admin_user) + + with client.session_transaction() as session: + session['user_details'] = {'id': platform_admin_user['id']} + + mocker.patch( + 'app.user_api_client.get_webauthn_credentials_for_user', + return_value=[webauthn_credential] + ) + client.get(url_for('main.webauthn_begin_authentication')) + + with client.session_transaction() as session: + assert 'challenge' in session['webauthn_authentication_state'] def test_complete_authentication_403s_if_key_isnt_in_users_credentials(client):