My apologies if this isn't the appropriate place for this. I searched the readmes and documentation for any sort of mailing list for general issues like this and didn't find anything. I attempted to email the lead maintainers named in the documentation but am not sure if the email actually went through. If there's a more appropriate place for me to post this please let me know.
Our group (USGS ASL) maintains a number of django projects for maintaining things like inventory and experiment results. We've been using the django internal authentication methods for restricting access to most stuff that can write data, and we've got a number of test cases to ensure that only users with correct privileges and that are logged in can access them.
We've recently gotten a mandate to switch to Azure SSO for all our projects, and so I've begun using this OIDC library to integrate into the project. I would like to continue to test the authentication process for these sites, but because we're overriding the default django auth process with this one, those test cases currently have issues.
The question then, is how do we perform some kind of authentication or mock authentication that can verify that the user can reach the authentication-blocked parts of our websites? I've looked over the test cases in the repository and I've seen ones that test token generation and parse the actual website json to try to fill in a login form that way, but I have't seen something that attempts to do a more pythonic test for checking that authentication does allow access. Presumably we'll have to rely on python3 mock tools, though I'm not sure if we would still need to create a test user account and what the best way of doing that would be, especially since we don't have direct control over the Azure deployment (that's a different group) and thus can't be guaranteed to be able to use it with our current CI setup. Ultimately we want to mock as much of the authentication process as possible to access anything with the @login_required decorator.
Any advice on this would be greatly appreciated, thanks!
My apologies if this isn't the appropriate place for this. I searched the readmes and documentation for any sort of mailing list for general issues like this and didn't find anything. I attempted to email the lead maintainers named in the documentation but am not sure if the email actually went through. If there's a more appropriate place for me to post this please let me know.
Our group (USGS ASL) maintains a number of django projects for maintaining things like inventory and experiment results. We've been using the django internal authentication methods for restricting access to most stuff that can write data, and we've got a number of test cases to ensure that only users with correct privileges and that are logged in can access them.
We've recently gotten a mandate to switch to Azure SSO for all our projects, and so I've begun using this OIDC library to integrate into the project. I would like to continue to test the authentication process for these sites, but because we're overriding the default django auth process with this one, those test cases currently have issues.
The question then, is how do we perform some kind of authentication or mock authentication that can verify that the user can reach the authentication-blocked parts of our websites? I've looked over the test cases in the repository and I've seen ones that test token generation and parse the actual website json to try to fill in a login form that way, but I have't seen something that attempts to do a more pythonic test for checking that authentication does allow access. Presumably we'll have to rely on python3 mock tools, though I'm not sure if we would still need to create a test user account and what the best way of doing that would be, especially since we don't have direct control over the Azure deployment (that's a different group) and thus can't be guaranteed to be able to use it with our current CI setup. Ultimately we want to mock as much of the authentication process as possible to access anything with the
@login_required
decorator.Any advice on this would be greatly appreciated, thanks!