From d00ae8576feb03bb58151381c83826339daa94be Mon Sep 17 00:00:00 2001 From: Leonardo Beroes Date: Wed, 29 Jan 2025 15:49:37 -0400 Subject: [PATCH] commit(test): Add test for enterprise SAML authentication MFE redirection logic This test validates the conditional redirection to the authentication microfrontend (MFE) for enterprise and SAML authentication scenarios. The test covers different combinations of: - Enterprise customer presence - Third-party authentication provider - SAML provider status - Redirection setting Ensures that enterprise customers with SAML providers are not redirected to the authentication MFE, while other scenarios follow the standard redirection rules. --- .../views/tests/test_logistration.py | 74 +++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/openedx/core/djangoapps/user_authn/views/tests/test_logistration.py b/openedx/core/djangoapps/user_authn/views/tests/test_logistration.py index 3220cd513974..5b387adaf8ca 100644 --- a/openedx/core/djangoapps/user_authn/views/tests/test_logistration.py +++ b/openedx/core/djangoapps/user_authn/views/tests/test_logistration.py @@ -648,6 +648,80 @@ def test_browser_language_dialent(self): assert response['Content-Language'] == 'es-es' + @ddt.data( + (None, None, None, True), + ({ + 'name': 'Test Enterprise', + 'uuid': 'test-uuid' + }, None, None, True), + ({ + 'name': 'Test Enterprise', + 'uuid': 'test-uuid' + }, 'test-provider', None, True), + ({ + 'name': 'Test Enterprise', + 'uuid': 'test-uuid' + }, 'test-provider', True, False), + ) + @ddt.unpack + @override_settings(FEATURES=FEATURES_WITH_AUTHN_MFE_ENABLED) + def test_enterprise_saml_redirection(self, enterprise_customer_data, provider_id, is_saml, should_redirect): + """ + Test that authentication MFE redirection respects the enterprise + SAML provider conditions. + In particular, verify that if we have an enterprise customer with a SAML-based tpa_hint_provider, + we do NOT redirect to the MFE, but handle the request in LMS. All other combinations should + redirect to the MFE when it's enabled. + """ + if provider_id and is_saml: + self.enable_saml() + self._configure_testshib_provider('TestShib', provider_id) + + with mock.patch( + 'openedx.core.djangoapps.user_authn.views.login_form.enterprise_customer_for_request') as mock_ec, \ + mock.patch( + 'openedx.core.djangoapps.user_authn.views.login_form.should_redirect_to_authn_microfrontend') as mock_should_redirect, \ + mock.patch( + 'openedx.core.djangoapps.user_authn.views.login_form.third_party_auth.utils.is_saml_provider') as mock_is_saml: + + mock_ec.return_value = enterprise_customer_data + mock_should_redirect.return_value = should_redirect + mock_is_saml.return_value = (True, None) if is_saml else (False, None) + + params = {} + if provider_id: + params['tpa_hint'] = provider_id + + if provider_id and is_saml: + pipeline_target = 'openedx.core.djangoapps.user_authn.views.login_form.third_party_auth.pipeline' + with mock.patch(pipeline_target + '.get') as mock_pipeline: + pipeline_data = { + 'backend': 'tpa-saml', + 'kwargs': { + 'response': { + 'idp_name': provider_id + }, + 'details': { + 'email': 'test@example.com', + 'fullname': 'Test User', + 'username': 'testuser' + } + } + } + mock_pipeline.return_value = pipeline_data + response = self.client.get(reverse('signin_user'), params) + else: + response = self.client.get(reverse('signin_user'), params) + + if should_redirect: + self.assertRedirects( + response, + settings.AUTHN_MICROFRONTEND_URL + '/login' + + ('?' + urlencode(params) if params else ''), + fetch_redirect_response=False + ) + else: + self.assertEqual(response.status_code, 200) + @skip_unless_lms class AccountCreationTestCaseWithSiteOverrides(SiteMixin, TestCase):