From ff605a8ca2a1116eb2dbcc03bd01454f445c2f78 Mon Sep 17 00:00:00 2001
From: Emmanuel Raviart <eraviart@entrouvert.com>
Date: Fri, 6 Aug 2004 21:38:01 +0000
Subject: Added tests for forceAuthn. Light will still be green.

---
 python/tests/login_tests.py | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

(limited to 'python/tests/login_tests.py')

diff --git a/python/tests/login_tests.py b/python/tests/login_tests.py
index ff25037d..75b00aad 100644
--- a/python/tests/login_tests.py
+++ b/python/tests/login_tests.py
@@ -197,6 +197,41 @@ class LoginTestCase(unittest.TestCase):
             principal, 'GET', '/loginUsingRedirect?isPassive=1'))
         self.failUnlessEqual(httpResponse.statusCode, 401)
 
+    def test06(self):
+        """Testing forceAuthn flag."""
+
+        internet = Internet()
+        idpSite = self.generateIdpSite(internet)
+        spSite = self.generateSpSite(internet)
+        spSite.idpSite = idpSite
+        principal = Principal(internet, 'Romain Chantereau')
+        principal.keyring[idpSite.url] = 'Chantereau'
+        principal.keyring[spSite.url] = 'Romain'
+
+        httpResponse = spSite.doHttpRequest(HttpRequest(
+            principal, 'GET', '/loginUsingRedirect?forceAuthn=1'))
+        self.failUnlessEqual(httpResponse.statusCode, 200)
+        httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/logoutUsingSoap'))
+        self.failUnlessEqual(httpResponse.statusCode, 200)
+
+        # Ask user to reauthenticate while he is already logged.
+        httpResponse = spSite.doHttpRequest(HttpRequest(
+            principal, 'GET', '/loginUsingRedirect?forceAuthn=1'))
+        self.failUnlessEqual(httpResponse.statusCode, 200)
+        del principal.keyring[idpSite.url] # Ensure user can't authenticate.
+        httpResponse = spSite.doHttpRequest(HttpRequest(
+            principal, 'GET', '/loginUsingRedirect?forceAuthn=1'))
+        self.failUnlessEqual(httpResponse.statusCode, 401)
+        httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/logoutUsingSoap'))
+        self.failUnlessEqual(httpResponse.statusCode, 200)
+
+        # Force authentication, but user won't authenticate.
+        httpResponse = spSite.doHttpRequest(HttpRequest(
+            principal, 'GET', '/loginUsingRedirect?forceAuthn=1'))
+        self.failUnlessEqual(httpResponse.statusCode, 401)
+        httpResponse = spSite.doHttpRequest(HttpRequest(principal, 'GET', '/logoutUsingSoap'))
+        self.failUnlessEqual(httpResponse.statusCode, 401)
+
 ##     def test06(self):
 ##         """Service provider LECP login."""
 
-- 
cgit