Merge lp:~roadmr/canonical-identity-provider/revert-r1586 into lp:canonical-identity-provider/release
- revert-r1586
- Merge into trunk
Proposed by
Daniel Manrique
Status: | Merged |
---|---|
Approved by: | Daniel Manrique |
Approved revision: | no longer in the source branch. |
Merge reported by: | Otto Co-Pilot |
Merged at revision: | not available |
Proposed branch: | lp:~roadmr/canonical-identity-provider/revert-r1586 |
Merge into: | lp:canonical-identity-provider/release |
Diff against target: |
594 lines (+67/-234) 2 files modified
src/ubuntu_sso_saml/processors.py (+13/-38) src/ubuntu_sso_saml/tests/test_processors.py (+54/-196) |
To merge this branch: | bzr merge lp:~roadmr/canonical-identity-provider/revert-r1586 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Ricardo Kirkner (community) | Approve | ||
Review via email: mp+334679@code.launchpad.net |
Commit message
Revert r1586 because it broke non-Canonical logins to support.
Mechanical revert by bzr merge -r 1586..1585 ./
Description of the change
Revert r1586 because it broke non-Canonical logins to support.
Mechanical revert by bzr merge -r 1586..1585 ./
To post a comment you must log in.
Revision history for this message
Ricardo Kirkner (ricardokirkner) : | # |
review:
Approve
Revision history for this message
Otto Co-Pilot (otto-copilot) wrote : | # |
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'src/ubuntu_sso_saml/processors.py' |
2 | --- src/ubuntu_sso_saml/processors.py 2017-11-10 23:02:24 +0000 |
3 | +++ src/ubuntu_sso_saml/processors.py 2017-12-04 16:27:44 +0000 |
4 | @@ -30,7 +30,7 @@ |
5 | user, _ = email.split('@') |
6 | return '.' in user and '+' not in user |
7 | |
8 | - def _get_preferred_email(self, account): |
9 | + def _get_canonical_email(self, account): |
10 | preferred = account.preferredemail.email |
11 | if (self._is_canonical_email(preferred) and |
12 | self._is_long_form_email(preferred)): |
13 | @@ -59,7 +59,7 @@ |
14 | if trust_root is not None: |
15 | rpconfig = OpenIDRPConfig.objects.for_url(trust_root) |
16 | if rpconfig is not None and rpconfig.prefer_canonical_email: |
17 | - canonical_email = self._get_preferred_email(account) |
18 | + canonical_email = self._get_canonical_email(account) |
19 | if canonical_email is not None: |
20 | preferred = canonical_email |
21 | |
22 | @@ -105,12 +105,12 @@ |
23 | 'saml_url', |
24 | 'https://saml.salesforce.com') |
25 | |
26 | - def _get_preferred_email(self, account): |
27 | + def _get_canonical_email(self, account): |
28 | """ |
29 | For the SalesForce portal, use email+portal@canonical.com. |
30 | """ |
31 | email = super(SalesForceAttributeProcessor, |
32 | - self)._get_preferred_email(account) |
33 | + self)._get_canonical_email(account) |
34 | if email is not None: |
35 | username, domain = email.split('@') |
36 | pattern = self._sp_config.get('email_pattern', |
37 | @@ -269,40 +269,15 @@ |
38 | acs_url = self._request_params.get('ACS_URL') |
39 | return get_config_for_acs(acs_url) |
40 | |
41 | - def _get_preferred_email(self, account): |
42 | - """Return the user's preferred email, with some overrides. |
43 | - |
44 | - Note we don't always honor the account's "preferred" address. |
45 | - |
46 | - From CanonicalOverrides, whichever matches first of: |
47 | - 1- If the account's preferred address is @canonical.com and in |
48 | - long-form, use that. |
49 | - 2- If the account has *any* long-form @canonical.com address, use that. |
50 | - 3- If the account's preferred e-mail is any @canonical.com, use that. |
51 | - (but note we don't override-prefer non-long-form @canonical.com) |
52 | - |
53 | - And from this method, if none of the previous ones matched: |
54 | - 4- If the account has a preferred email address, use that. |
55 | - |
56 | - Rules 3 and 4 overlap because 3 is a subset of 4 (if you don't have a |
57 | - long-form email address, we honor whichever address is preferred, |
58 | - canonical.com or not) |
59 | - |
60 | - """ |
61 | - # get possible @canonical.com address |
62 | - email = super(CanonicalProcessor, self)._get_preferred_email(account) |
63 | - if email is None: |
64 | - # user did not have a @canonical.com address |
65 | - email = account.preferredemail.email |
66 | + def _get_canonical_email(self, account): |
67 | + email = super(CanonicalProcessor, self)._get_canonical_email(account) |
68 | + if email is not None: |
69 | + sp_config = self.get_config() |
70 | + username, domain = email.split('@') |
71 | + email = sp_config.email_pattern.format( |
72 | + username=username, domain=domain) |
73 | return email |
74 | |
75 | - def _format_email(self, email): |
76 | - sp_config = self.get_config() |
77 | - username, domain = email.split('@') |
78 | - mangled_email = sp_config.email_pattern.format( |
79 | - username=username, domain=domain) |
80 | - return mangled_email |
81 | - |
82 | # saml2idp.base.Processor interface |
83 | |
84 | def _build_assertion(self): |
85 | @@ -333,11 +308,11 @@ |
86 | sp_config = self.get_config() |
87 | if sp_config is not None: |
88 | if sp_config.prefer_canonical_email: |
89 | - canonical_email = self._get_preferred_email(account) |
90 | + canonical_email = self._get_canonical_email(account) |
91 | if canonical_email is not None: |
92 | preferred = canonical_email |
93 | |
94 | - self._subject = self._format_email(preferred) |
95 | + self._subject = preferred |
96 | |
97 | def _format_assertion(self): |
98 | sp_config = self.get_config() |
99 | |
100 | === modified file 'src/ubuntu_sso_saml/tests/test_processors.py' |
101 | --- src/ubuntu_sso_saml/tests/test_processors.py 2017-11-21 23:11:27 +0000 |
102 | +++ src/ubuntu_sso_saml/tests/test_processors.py 2017-12-04 16:27:44 +0000 |
103 | @@ -129,16 +129,6 @@ |
104 | def get_request_data(self): |
105 | return self.REQUEST_DATA |
106 | |
107 | - def assert_email_in(self, email, response): |
108 | - # This is defined as an assertion to allow classes to override it |
109 | - # in order to check for possibly postprocessed e-mail. |
110 | - self.assertIn(email, response) |
111 | - |
112 | - def assert_email_not_in(self, email, response): |
113 | - # This is defined as an assertion to allow classes to override it |
114 | - # in order to check for possibly postprocessed e-mail. |
115 | - self.assertNotIn(email, response) |
116 | - |
117 | |
118 | class CanonicalProcessorBaseTestCase(BaseProcessorTestCase): |
119 | |
120 | @@ -239,7 +229,7 @@ |
121 | samlresponse = get_saml_response(response) |
122 | |
123 | # Assert: |
124 | - self.assert_email_in(self.login_email, samlresponse) |
125 | + self.assertIn(self.login_email, samlresponse) |
126 | |
127 | def test_user_has_different_preferred_email(self): |
128 | """ User's preferred email is not being passed as SAML identifier. """ |
129 | @@ -273,7 +263,7 @@ |
130 | samlresponse = get_saml_response(response) |
131 | |
132 | # Assert: |
133 | - self.assert_email_in(alternate_email, samlresponse) |
134 | + self.assertIn(alternate_email, samlresponse) |
135 | |
136 | def test_user_not_2f_but_no_rpconfig(self): |
137 | data = self.get_request_data() |
138 | @@ -326,7 +316,7 @@ |
139 | samlresponse = self.do_saml_request() |
140 | # verify @canonical.com email address is returned despite it's not the |
141 | # preferredemail |
142 | - self.assert_email_in('first.last@canonical.com', samlresponse) |
143 | + self.assertIn('first.last@canonical.com', samlresponse) |
144 | self.assertNotEqual('first.last@canonical.com', preferred) |
145 | |
146 | def test_canonical_email_is_preferred_despite_case(self): |
147 | @@ -336,7 +326,7 @@ |
148 | samlresponse = self.do_saml_request() |
149 | # verify @canonical.com email address is returned despite it's not the |
150 | # preferredemail |
151 | - self.assert_email_in(email, samlresponse) |
152 | + self.assertIn(email, samlresponse) |
153 | self.assertNotEqual(email, preferred) |
154 | |
155 | def test_only_long_form_canonical_email_is_preferred(self): |
156 | @@ -353,8 +343,8 @@ |
157 | samlresponse = self.do_saml_request() |
158 | # verify @canonical.com email address is returned despite it's not the |
159 | # preferredemail |
160 | - self.assert_email_in('first.last@canonical.com', samlresponse) |
161 | - self.assert_email_not_in(email, samlresponse) |
162 | + self.assertIn('first.last@canonical.com', samlresponse) |
163 | + self.assertNotIn(email, samlresponse) |
164 | |
165 | def test_canonical_email_is_not_preferred(self): |
166 | self.setup_saml_sp(prefer_canonical_email=False) |
167 | @@ -362,7 +352,7 @@ |
168 | samlresponse = self.do_saml_request() |
169 | # verify @canonical.com email address is *not* returned despite because |
170 | # the flag was not set |
171 | - self.assert_email_in(preferred, samlresponse) |
172 | + self.assertIn(preferred, samlresponse) |
173 | self.assertNotEqual('first.last@canonical.com', preferred) |
174 | |
175 | def test_canonical_email_without_rpconfig(self): |
176 | @@ -374,7 +364,7 @@ |
177 | samlresponse = self.do_saml_request() |
178 | # verify @canonical.com email address is *not* returned despite because |
179 | # the flag was not set |
180 | - self.assert_email_in(preferred, samlresponse) |
181 | + self.assertIn(preferred, samlresponse) |
182 | self.assertNotEqual('first.last@canonical.com', preferred) |
183 | |
184 | def test_short_form_canonical_email_ignored(self): |
185 | @@ -397,7 +387,7 @@ |
186 | |
187 | samlresponse = self.do_saml_request() |
188 | # verify @canonical.com email address is *not* returned |
189 | - self.assert_email_in(preferred, samlresponse) |
190 | + self.assertIn(preferred, samlresponse) |
191 | self.assertNotEqual('first.last@canonical.com', preferred) |
192 | self.assertNotEqual('test@canonical.com', preferred) |
193 | |
194 | @@ -417,7 +407,7 @@ |
195 | username=preferred, password=DEFAULT_USER_PASSWORD) |
196 | |
197 | samlresponse = self.do_saml_request() |
198 | - self.assert_email_in(preferred, samlresponse) |
199 | + self.assertIn(preferred, samlresponse) |
200 | |
201 | def test_multiple_long_form_canonical_emails(self): |
202 | self.setup_saml_sp(prefer_canonical_email=True) |
203 | @@ -436,8 +426,8 @@ |
204 | samlresponse = self.do_saml_request() |
205 | # verify @canonical.com email address is returned despite it's not the |
206 | # preferredemail |
207 | - self.assert_email_in('other.name@canonical.com', samlresponse) |
208 | - self.assert_email_not_in('first.last@canonical.com', samlresponse) |
209 | + self.assertIn('other.name@canonical.com', samlresponse) |
210 | + self.assertNotIn('first.last@canonical.com', samlresponse) |
211 | |
212 | |
213 | class GoogleAppsAssertionCanonicalProcessorTestCase( |
214 | @@ -464,17 +454,6 @@ |
215 | REQUEST_DATA = salesforce.REQUEST_DATA |
216 | PROCESSOR = 'ubuntu_sso_saml.processors.SalesForceAttributeProcessor' |
217 | |
218 | - # These are used only for asserting the expected address appears in the |
219 | - # final saml response. They contain the mangling (+portal, .hr) because |
220 | - # our assert_email_in doesn't apply that, and also because the e-mail |
221 | - # pattern doesn't change so we know it a priori. |
222 | - long_form_canonical_email = 'first.last+portal@canonical.com' |
223 | - long_form_canonical_email_uppercase = 'FIRST.LAST+portal@CANONICAL.COM' |
224 | - short_form_canonical_email = "test+portal@canonical.com" |
225 | - alternative_canonical_email = "other.name+portal@canonical.com" |
226 | - short_form_canonical_email_custom_pattern = "test@hr.canonical.com" |
227 | - long_form_canonical_email_custom_pattern = "first.last@hr.canonical.com" |
228 | - |
229 | def setUp(self, *args, **kwargs): |
230 | super(SalesForcePortalAssertionTestCase, self).setUp(*args, **kwargs) |
231 | target = 'https://somesite.salesforce.com/%(target)s' |
232 | @@ -503,23 +482,23 @@ |
233 | self.setup_saml_sp(prefer_canonical_email=True) |
234 | preferred = self.setup_saml_emails() |
235 | samlresponse = self.do_saml_request() |
236 | - self.assert_email_in(self.long_form_canonical_email, samlresponse) |
237 | + self.assertIn('first.last+portal@canonical.com', samlresponse) |
238 | self.assertNotEqual('first.last+portal@canonical.com', preferred) |
239 | |
240 | def test_canonical_email_is_preferred_despite_case(self): |
241 | email = 'FIRST.LAST@CANONICAL.COM' |
242 | + portal_email = 'FIRST.LAST+portal@CANONICAL.COM' |
243 | self.setup_saml_sp(prefer_canonical_email=True) |
244 | preferred = self.setup_saml_emails(email=email) |
245 | samlresponse = self.do_saml_request() |
246 | # verify @canonical.com email address is returned despite it's not the |
247 | # preferredemail |
248 | - self.assert_email_in( |
249 | - self.long_form_canonical_email_uppercase, samlresponse) |
250 | - self.assertNotEqual( |
251 | - self.long_form_canonical_email_uppercase, preferred) |
252 | + self.assertIn(portal_email, samlresponse) |
253 | + self.assertNotEqual(portal_email, preferred) |
254 | |
255 | def test_only_long_form_canonical_email_is_preferred(self): |
256 | email = self.login_email |
257 | + portal_email = 'first.last+portal@canonical.com' |
258 | # add non-preferred long form email address |
259 | EmailAddress.objects.create( |
260 | account=self.account, email='first.last+alias@canonical.com', |
261 | @@ -532,32 +511,28 @@ |
262 | samlresponse = self.do_saml_request() |
263 | # verify @canonical.com email address is returned despite it's not the |
264 | # preferredemail |
265 | - self.assert_email_in(self.long_form_canonical_email, samlresponse) |
266 | - self.assertNotEqual(self.long_form_canonical_email, preferred) |
267 | + self.assertIn(portal_email, samlresponse) |
268 | + self.assertNotEqual(portal_email, preferred) |
269 | |
270 | def test_non_canonical_email(self): |
271 | - samlresponse = self._test_non_canonical_email() |
272 | + # prepare account for SAML |
273 | + account = self.factory.make_account() |
274 | + preferred = account.preferredemail.email |
275 | + self.factory.add_account_to_team(account, self.saml2team) |
276 | + self.setup_saml_sp(prefer_canonical_email=True) |
277 | + |
278 | + # make sure account has only one email |
279 | + assert account.emailaddress_set.count() == 1 |
280 | + # and it's not a @canonical.com one |
281 | + assert '@canonical.com' not in preferred |
282 | + |
283 | + assert self.client.login( |
284 | + username=preferred, password=DEFAULT_USER_PASSWORD) |
285 | + |
286 | + samlresponse = self.do_saml_request() |
287 | + self.assertIn(preferred, samlresponse) |
288 | self.assertNotIn('+portal@', samlresponse) |
289 | |
290 | - def _test_non_canonical_email(self): |
291 | - # prepare account for SAML |
292 | - account = self.factory.make_account() |
293 | - preferred = account.preferredemail.email |
294 | - self.factory.add_account_to_team(account, self.saml2team) |
295 | - self.setup_saml_sp(prefer_canonical_email=True) |
296 | - |
297 | - # make sure account has only one email |
298 | - assert account.emailaddress_set.count() == 1 |
299 | - # and it's not a @canonical.com one |
300 | - assert '@canonical.com' not in preferred |
301 | - |
302 | - assert self.client.login( |
303 | - username=preferred, password=DEFAULT_USER_PASSWORD) |
304 | - |
305 | - samlresponse = self.do_saml_request() |
306 | - self.assert_email_in(preferred, samlresponse) |
307 | - return samlresponse |
308 | - |
309 | def test_multiple_long_form_canonical_emails(self): |
310 | self.setup_saml_sp(prefer_canonical_email=True) |
311 | self.setup_saml_emails() |
312 | @@ -575,9 +550,8 @@ |
313 | samlresponse = self.do_saml_request() |
314 | # verify @canonical.com email address is returned despite it's not the |
315 | # preferredemail |
316 | - self.assert_email_in(self.alternative_canonical_email, samlresponse) |
317 | - self.assert_email_not_in( |
318 | - 'first.last+portal@canonical.com', samlresponse) |
319 | + self.assertIn('other.name+portal@canonical.com', samlresponse) |
320 | + self.assertNotIn('first.last+portal@canonical.com', samlresponse) |
321 | |
322 | def test_portal_deeplink(self): |
323 | """Unable to produce a valid Portal Assertion. |
324 | @@ -611,7 +585,7 @@ |
325 | port_val = port_attr[0].find('attributevalue') |
326 | |
327 | # Assert: |
328 | - self.assert_email_in(self.login_email, samlresponse) |
329 | + self.assertIn(self.login_email, samlresponse) |
330 | self.assertEqual(relaystate, |
331 | 'https://somesite.salesforce.com/SOMETARGETID') |
332 | self.assertEqual(org_val.text, 'SAMPLE_ORG_ID') |
333 | @@ -653,7 +627,7 @@ |
334 | assert len(port_attr) == 0 |
335 | |
336 | # Assert: |
337 | - self.assert_email_in(self.login_email, samlresponse) |
338 | + self.assertIn(self.login_email, samlresponse) |
339 | self.assertEqual(relaystate, |
340 | 'https://somesite.salesforce.com/SOMETARGETID') |
341 | self.assertEqual(org_val.text, 'SAMPLE_ORG_ID') |
342 | @@ -678,8 +652,7 @@ |
343 | |
344 | samlresponse = self.do_saml_request() |
345 | # make sure the login email was transformed |
346 | - self.assert_email_in( |
347 | - self.long_form_canonical_email_custom_pattern, samlresponse) |
348 | + self.assertIn('first.last@hr.canonical.com', samlresponse) |
349 | |
350 | def test_custom_email_pattern_with_short_form_canonical_email(self): |
351 | # patch remote config |
352 | @@ -706,8 +679,7 @@ |
353 | |
354 | samlresponse = self.do_saml_request() |
355 | # make sure the login email was transformed |
356 | - self.assert_email_in( |
357 | - self.short_form_canonical_email_custom_pattern, samlresponse) |
358 | + self.assertIn('test@hr.canonical.com', samlresponse) |
359 | |
360 | def make_saml_request(self, acs_url=None, saml_url=None): |
361 | saml_request = self.REQUEST_DATA['SAMLRequest'] |
362 | @@ -776,15 +748,6 @@ |
363 | class SalesForcePortalAssertionCanonicalProcessorTestCase( |
364 | CanonicalProcessorBaseTestCase, SalesForcePortalAssertionTestCase): |
365 | |
366 | - # The e-mail addresses to verify don't need the e-mail pattern pre-applied |
367 | - # because it's applied consistently and checked by assert_email_in. |
368 | - long_form_canonical_email = 'first.last@canonical.com' |
369 | - long_form_canonical_email_uppercase = 'FIRST.LAST@CANONICAL.COM' |
370 | - short_form_canonical_email = "test@canonical.com" |
371 | - alternative_canonical_email = "other.name@canonical.com" |
372 | - short_form_canonical_email_custom_pattern = "test@canonical.com" |
373 | - long_form_canonical_email_custom_pattern = "first.last@canonical.com" |
374 | - |
375 | def setup_saml_sp(self, **kwargs): |
376 | # define a default value for the email pattern if none is given |
377 | kwargs.setdefault('email_pattern', '{username}+portal@{domain}') |
378 | @@ -804,38 +767,6 @@ |
379 | SalesForcePortalAssertionCanonicalProcessorTestCase, |
380 | self).setup_saml_sp(**kwargs) |
381 | |
382 | - def assert_email_in(self, email, response): |
383 | - # Since this uses CanonicalProcessor, the email_pattern is applied |
384 | - # to all users, @canonical.com or not. |
385 | - |
386 | - # We always use the same remote. |
387 | - # This logic replicates what the CanonicalProcessor has in |
388 | - # _format_email. |
389 | - pattern = saml2idp_metadata.SAML2IDP_REMOTES['foobar']['email_pattern'] |
390 | - username, domain = email.split('@') |
391 | - mangled_email = pattern.format( |
392 | - username=username, domain=domain) |
393 | - |
394 | - self.assertIn(mangled_email, response) |
395 | - |
396 | - def assert_email_not_in(self, email, response): |
397 | - # Since this uses CanonicalProcessor, the email_pattern is applied |
398 | - # to all users, @canonical.com or not. |
399 | - |
400 | - # We always use the same remote. |
401 | - # This logic replicates what the CanonicalProcessor has in |
402 | - # _format_email. |
403 | - pattern = saml2idp_metadata.SAML2IDP_REMOTES['foobar']['email_pattern'] |
404 | - username, domain = email.split('@') |
405 | - mangled_email = pattern.format( |
406 | - username=username, domain=domain) |
407 | - |
408 | - self.assertNotIn(mangled_email, response) |
409 | - |
410 | - def test_non_canonical_email(self): |
411 | - self._test_non_canonical_email() |
412 | - # No need to check for absence of +portal@ |
413 | - |
414 | |
415 | class ExpensifyAssertionTestCase(GoogleAppsAssertionTestCase): |
416 | """Test SAML Assertions for an Expensify Service Point.""" |
417 | @@ -1268,7 +1199,7 @@ |
418 | self.assertNotIn('<saml:AudienceRestriction>', samlresponse) |
419 | |
420 | def assert_saml_response_email(self, samlresponse, email): |
421 | - self.assert_email_in(email, samlresponse) |
422 | + self.assertIn(email, samlresponse) |
423 | |
424 | def get_request_data(self, compressed=True): |
425 | data = dict(**self.REQUEST_DATA) |
426 | @@ -1353,39 +1284,6 @@ |
427 | self.assert_saml_response_email( |
428 | samlresponse, 'first.last+test@canonical.com') |
429 | |
430 | - def test_email_pattern_applied_canonical_email(self): |
431 | - # This simply tests application of the pattern for @canonical.com |
432 | - # addresses. This account has two of those. |
433 | - self.setup_saml_sp(email_pattern='{username}+test@{domain}', |
434 | - prefer_canonical_email=True, enabled=True) |
435 | - self.setup_saml_emails(email="first.last@canonical.com") |
436 | - |
437 | - samlresponse = self.do_saml_request() |
438 | - self.assert_successful_saml_response(samlresponse) |
439 | - self.assert_saml_response_email( |
440 | - samlresponse, 'first.last+test@canonical.com') |
441 | - |
442 | - def test_email_pattern_applied_non_canonical_email_only(self): |
443 | - # Tests application of the pattern for non-@canonical.com. |
444 | - # This account has 2 addresses, we also indirectly check that |
445 | - # when no @canonical.com addresses exist, the preferred one |
446 | - # is used. Scenario 4 of _get_preferred_email. |
447 | - self.setup_saml_sp(email_pattern='{username}+test@{domain}', |
448 | - prefer_canonical_email=True, enabled=True) |
449 | - self.login_email = 'first.last@bazquux.com' |
450 | - EmailAddress.objects.create( |
451 | - account=self.account, email=self.login_email, |
452 | - status=EmailStatus.PREFERRED) |
453 | - # Set up an additional non-canonical address |
454 | - self.setup_saml_emails(email="first.last@foobar.com") |
455 | - |
456 | - samlresponse = self.do_saml_request() |
457 | - self.assert_successful_saml_response(samlresponse) |
458 | - # Must get the preferred non-canonical email with the email_pattern |
459 | - # applied |
460 | - self.assert_saml_response_email( |
461 | - samlresponse, 'first.last+test@bazquux.com') |
462 | - |
463 | def test_disabled_db_spconfig_falls_back_to_settings(self): |
464 | # make sure there is an "old/custom" processor handling this request |
465 | self.ACS_URL = google_apps.GOOGLE_APPS_ACS |
466 | @@ -1418,34 +1316,13 @@ |
467 | response = client.post('/+saml', data=data, follow=False) |
468 | self.assertEqual(response.status_code, 302) |
469 | |
470 | - def test_long_canonical_email_is_used_when_preferred(self): |
471 | - # This account has 2 addresses, both @canonical.com, with the |
472 | - # long-form one being preferred. |
473 | - # This is scenario 1 of _get_preferred_email. |
474 | - self.setup_saml_sp(prefer_canonical_email=True) |
475 | - self.setup_saml_emails() |
476 | - # Flip preferredness |
477 | - short_email = EmailAddress.objects.get( |
478 | - account=self.account, email='test@canonical.com') |
479 | - short_email.status = EmailStatus.VALIDATED |
480 | - short_email.save() |
481 | - long_email = EmailAddress.objects.get( |
482 | - account=self.account, email='first.last@canonical.com') |
483 | - long_email.status = EmailStatus.PREFERRED |
484 | - long_email.save() |
485 | - samlresponse = self.do_saml_request() |
486 | - self.assert_email_in('first.last@canonical.com', samlresponse) |
487 | - |
488 | def test_canonical_email_is_preferred(self): |
489 | - # This account has 2 addresses, both @canonical.com. The short |
490 | - # one is marked as preferred, the long-form one is not. |
491 | - # This is scenario 2 of _get_preferred_email. |
492 | self.setup_saml_sp(prefer_canonical_email=True) |
493 | preferred = self.setup_saml_emails() |
494 | samlresponse = self.do_saml_request() |
495 | - # verify long-form@canonical.com email address is returned despite it's |
496 | - # not the preferredemail |
497 | - self.assert_email_in('first.last@canonical.com', samlresponse) |
498 | + # verify @canonical.com email address is returned despite it's not the |
499 | + # preferredemail |
500 | + self.assertIn('first.last@canonical.com', samlresponse) |
501 | self.assertNotEqual('first.last@canonical.com', preferred) |
502 | |
503 | def test_canonical_email_is_preferred_despite_case(self): |
504 | @@ -1455,7 +1332,7 @@ |
505 | samlresponse = self.do_saml_request() |
506 | # verify @canonical.com email address is returned despite it's not the |
507 | # preferredemail |
508 | - self.assert_email_in(email, samlresponse) |
509 | + self.assertIn(email, samlresponse) |
510 | self.assertNotEqual(email, preferred) |
511 | |
512 | def test_only_long_form_canonical_email_is_preferred(self): |
513 | @@ -1472,8 +1349,8 @@ |
514 | samlresponse = self.do_saml_request() |
515 | # verify @canonical.com email address is returned despite it's not the |
516 | # preferredemail |
517 | - self.assert_email_in('first.last@canonical.com', samlresponse) |
518 | - self.assert_email_not_in(email, samlresponse) |
519 | + self.assertIn('first.last@canonical.com', samlresponse) |
520 | + self.assertNotIn(email, samlresponse) |
521 | |
522 | def test_canonical_email_is_not_preferred(self): |
523 | self.setup_saml_sp(prefer_canonical_email=False) |
524 | @@ -1481,7 +1358,7 @@ |
525 | samlresponse = self.do_saml_request() |
526 | # verify @canonical.com email address is *not* returned despite because |
527 | # the flag was not set |
528 | - self.assert_email_in(preferred, samlresponse) |
529 | + self.assertIn(preferred, samlresponse) |
530 | self.assertNotEqual('first.last@canonical.com', preferred) |
531 | |
532 | def test_non_preferred_short_form_canonical_email_ignored(self): |
533 | @@ -1504,7 +1381,7 @@ |
534 | |
535 | samlresponse = self.do_saml_request() |
536 | # verify @canonical.com email address is *not* returned |
537 | - self.assert_email_in(preferred, samlresponse) |
538 | + self.assertIn(preferred, samlresponse) |
539 | self.assertNotEqual('first.last@canonical.com', preferred) |
540 | self.assertNotEqual('test@canonical.com', preferred) |
541 | |
542 | @@ -1528,31 +1405,12 @@ |
543 | |
544 | samlresponse = self.do_saml_request() |
545 | # verify @canonical.com email address is *not* returned |
546 | - self.assert_email_in(preferred, samlresponse) |
547 | + self.assertIn(preferred, samlresponse) |
548 | self.assertEqual('test@canonical.com', preferred) |
549 | self.assertNotEqual('first.last@canonical.com', preferred) |
550 | self.assertNotEqual('foo@foo.com', preferred) |
551 | |
552 | - def test_short_form_canonical_email_used_if_preferred(self): |
553 | - # This covers scenario 3 of _get_preferred_email. If the account has a |
554 | - # @canonical.com preferred address and no long-form @canonical.com, we |
555 | - # use the preferred @canonical.com address. |
556 | - # make sure the short email is the preferred address |
557 | - self.setup_saml_sp(prefer_canonical_email=True) |
558 | - preferred = self.setup_saml_emails('short@canonical.com') |
559 | - assert preferred == 'test@canonical.com' |
560 | - # Now the account has: |
561 | - # test@canonical.com PREFERRED, created by default by test setup |
562 | - # short@canonical.com VALIDATED |
563 | - |
564 | - samlresponse = self.do_saml_request() |
565 | - self.assert_email_in('test@canonical.com', samlresponse) |
566 | - self.assert_email_not_in('short@canonical.com', samlresponse) |
567 | - |
568 | def test_non_canonical_email(self): |
569 | - # This covers scenario 4 of _get_preferred_email. If the account |
570 | - # has no @canonical.com address, we return whichever one |
571 | - # is marked as preferred. |
572 | # prepare account for SAML |
573 | account = self.factory.make_account() |
574 | preferred = account.preferredemail.email |
575 | @@ -1568,7 +1426,7 @@ |
576 | username=preferred, password=DEFAULT_USER_PASSWORD) |
577 | |
578 | samlresponse = self.do_saml_request() |
579 | - self.assert_email_in(preferred, samlresponse) |
580 | + self.assertIn(preferred, samlresponse) |
581 | |
582 | def test_multiple_long_form_canonical_emails(self): |
583 | self.setup_saml_sp(prefer_canonical_email=True) |
584 | @@ -1587,8 +1445,8 @@ |
585 | samlresponse = self.do_saml_request() |
586 | # verify @canonical.com email address is returned despite it's not the |
587 | # preferredemail |
588 | - self.assert_email_in('other.name@canonical.com', samlresponse) |
589 | - self.assert_email_not_in('first.last@canonical.com', samlresponse) |
590 | + self.assertIn('other.name@canonical.com', samlresponse) |
591 | + self.assertNotIn('first.last@canonical.com', samlresponse) |
592 | |
593 | def test_validate_bogus_acs_domain(self): |
594 | self.setup_saml_sp(acs_domain='bogus.domain') |
Running landing tests failed /jenkins. ols.canonical. com/online- services/ job/canonical- identity- provider/ 30/
https:/