dethos
/
django-cryptolock
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

MoneroAddressBackend now handles extra keyword arguments that might be provided. Also added more tests

This commit is contained in:
Gonçalo Valério 2020-01-06 17:24:27 +00:00
parent 57efe853e0
commit 1de5510680
3 changed files with 82 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
HISTORY.rst
View File

@ -11,6 +11,8 @@ History
* Update quickstart guide. * Update quickstart guide.
* Update instructions to contribute to the project. * Update instructions to contribute to the project.
* Add ``DJCL`` namespace to all related settings. * Add ``DJCL`` namespace to all related settings.
* MoneroAddressBackend is now executed when more parameters are added to the
``authenticate`` function.
0.0.1 (2019-11-25) 0.0.1 (2019-11-25)
++++++++++++++++++ ++++++++++++++++++

5
django_cryptolock/backends.py
View File

@ -14,7 +14,9 @@ User = get_user_model()
class MoneroAddressBackend(ModelBackend): class MoneroAddressBackend(ModelBackend):
"""Custom Monero-Cryptolock authentication backend.""" """Custom Monero-Cryptolock authentication backend."""
def authenticate(self, request, address=None, challenge=None, signature=None): def authenticate(
self, request, address=None, challenge=None, signature=None, **kwargs
):
"""Validates the provided signature for the given address and challenge. """Validates the provided signature for the given address and challenge.
This method currently relies on Wallet RPC access to verify the signature, This method currently relies on Wallet RPC access to verify the signature,
@ -29,7 +31,6 @@ class MoneroAddressBackend(ModelBackend):
) )
if not stored_address: if not stored_address:
return None return None
try: try:
is_valid = verify_signature(address, challenge, signature) is_valid = verify_signature(address, challenge, signature)
except JSONRPCException: except JSONRPCException:

77
tests/test_backends.py Normal file
View File

@ -0,0 +1,77 @@
from unittest.mock import MagicMock, patch
from django.contrib.auth import authenticate
from django.contrib.auth import get_user_model
from django.core.exceptions import PermissionDenied
import pytest
from model_mommy import mommy
from django_cryptolock.models import Address
VALID_ADDRESS = "46fYuhPAdsxMbEeMg97LhSbFPamdiCw7C6b19VEcZSmV6xboWFZuZQ9MTbj1wLszhUExHi63CMtsWjDTrRDqegZiPVebgYq"
User = get_user_model()
pytestmark = pytest.mark.django_db
DUMMY_CREDS = {"username": "test", "password": "insecure"}
@pytest.fixture
def existing_user():
return User.objects.create_user(**DUMMY_CREDS)
def test_monero_backend_receives_insuficient_data(existing_user):
user = authenticate(MagicMock(), username="test")
assert user is None
def test_monero_backend_lets_the_next_backend_to_be_used(existing_user):
user = authenticate(MagicMock(), **DUMMY_CREDS)
assert user is not None
def test_monero_backend_does_not_find_address(existing_user):
user = authenticate(
MagicMock(), address=VALID_ADDRESS, challeng="1", signature="somesig"
)
assert user is None
def test_monero_backend_cannot_connect_to_RPC(existing_user):
mommy.make(Address, address=VALID_ADDRESS, user=existing_user)
user = authenticate(
MagicMock(),
address=VALID_ADDRESS,
challenge="1",
signature="invalid sig",
**DUMMY_CREDS
)
assert user is None
def test_monero_backend_invalid_signature(existing_user):
mommy.make(Address, address=VALID_ADDRESS, user=existing_user)
with patch("django_cryptolock.backends.verify_signature") as verify_mock:
verify_mock.return_value = False
user = authenticate(
MagicMock(), address=VALID_ADDRESS, challenge="1", signature="invalid sig"
)
assert user is None
def test_monero_backed_valid_signature(existing_user):
mommy.make(Address, address=VALID_ADDRESS, user=existing_user)
with patch("django_cryptolock.backends.verify_signature") as verify_mock:
verify_mock.return_value = True
user = authenticate(
MagicMock(), address=VALID_ADDRESS, challenge="1", signature="valid sig"
)
assert user == existing_user