78 lines
2.2 KiB
Python
78 lines
2.2 KiB
Python
import binascii
|
|
|
|
import pytest
|
|
from rest_framework import exceptions
|
|
|
|
from funkwhale_api.subsonic import authentication
|
|
|
|
|
|
def test_auth_with_salt(api_request, factories):
|
|
salt = "salt"
|
|
user = factories["users.User"]()
|
|
user.subsonic_api_token = "password"
|
|
user.save()
|
|
token = authentication.get_token(salt, "password")
|
|
request = api_request.get("/", {"t": token, "s": salt, "u": user.username})
|
|
|
|
authenticator = authentication.SubsonicAuthentication()
|
|
u, _ = authenticator.authenticate(request)
|
|
|
|
assert user == u
|
|
|
|
|
|
def test_auth_with_password_hex(api_request, factories):
|
|
user = factories["users.User"]()
|
|
user.subsonic_api_token = "password"
|
|
user.save()
|
|
request = api_request.get(
|
|
"/",
|
|
{
|
|
"u": user.username,
|
|
"p": "enc:{}".format(
|
|
binascii.hexlify(user.subsonic_api_token.encode("utf-8")).decode(
|
|
"utf-8"
|
|
)
|
|
),
|
|
},
|
|
)
|
|
|
|
authenticator = authentication.SubsonicAuthentication()
|
|
u, _ = authenticator.authenticate(request)
|
|
|
|
assert user == u
|
|
|
|
|
|
def test_auth_with_password_cleartext(api_request, factories):
|
|
user = factories["users.User"]()
|
|
user.subsonic_api_token = "password"
|
|
user.save()
|
|
request = api_request.get("/", {"u": user.username, "p": "password"})
|
|
|
|
authenticator = authentication.SubsonicAuthentication()
|
|
u, _ = authenticator.authenticate(request)
|
|
|
|
assert user == u
|
|
|
|
|
|
def test_auth_with_inactive_users(api_request, factories):
|
|
user = factories["users.User"](is_active=False)
|
|
user.subsonic_api_token = "password"
|
|
user.save()
|
|
request = api_request.get("/", {"u": user.username, "p": "password"})
|
|
|
|
authenticator = authentication.SubsonicAuthentication()
|
|
with pytest.raises(exceptions.AuthenticationFailed):
|
|
authenticator.authenticate(request)
|
|
|
|
|
|
def test_auth_case_insensitive(api_request, factories):
|
|
user = factories["users.User"](username="Hello")
|
|
user.subsonic_api_token = "password"
|
|
user.save()
|
|
request = api_request.get("/", {"u": "hello", "p": "password"})
|
|
|
|
authenticator = authentication.SubsonicAuthentication()
|
|
u, _ = authenticator.authenticate(request)
|
|
|
|
assert user == u
|