from typing import cast
import pyotp
from django.http import HttpResponse
from django.urls import reverse
from rest_framework import status
from rest_framework.response import Response
from rest_framework.test import APIClient, APITestCase
from accounts.models import CustomUser, EmailAddress
class MfaAuthViewSetTestCase(APITestCase):
def setUp(self):
"""テスト用のユーザー、メールアドレスを設定します。
次のユーザー、とユーザーに紐づくメールアドレスを設定します。
User:
login_id: testuser
username: Test User
is_staff: True
is_active: True
is_superuser: False
is_mfa_enabled: False
password_changed: False
mail: [
test1@example.com, is_primary: True
test2@example.com, is_primary: False
]
"""
self.user = CustomUser.objects.create(
login_id="testuser",
username="Test User",
is_staff=True,
is_active=True,
is_superuser=False,
is_mfa_enabled=False,
password_changed=False,
)
self.user.set_password("password")
self.user.save()
self.email1 = EmailAddress.objects.create(
user=self.user,
email="test1@example.com",
is_primary=True,
)
self.email2 = EmailAddress.objects.create(
user=self.user,
email="test2@example.com",
is_primary=False,
)
# アクセストークンを取得する。
token_uri = reverse("token_obtain_pair")
response = self.client.post(
token_uri,
{"login_id": "testuser", "password": "password"},
format="json",
)
response = cast(HttpResponse, response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
response = cast(Response, response)
if response.data:
self.accessToken = response.data["access"]
self.client: APIClient = cast(APIClient, self.client)
self.client.credentials(HTTP_AUTHORIZATION="Bearer " + self.accessToken)
else:
raise Exception("Failed to get access token")
# MFA を有効にする
self.user.is_mfa_enabled = True
self.user.save()
def test_mfa_setup(self):
"""ユーザーの MFA を取得する。"""
# MFA 取得
setup_uri = reverse("mfa-setup")
response = self.client.get(setup_uri)
response = cast(HttpResponse, response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
response = cast(Response, response)
if not response.data:
self.fail("MFA setup failed")
otp_url = response.data["otp_url"]
qr_code = response.data["qr_code"]
self.assertTrue(otp_url.startswith(f"otpauth://totp/{self.user.login_id}?secret="))
self.assertIsNotNone(qr_code)
def test_mfa_verify_success(self):
"""MFA の検証が成功することをテスト"""
# MFA 取得 & 生成
setup_uri = reverse("mfa-setup")
response = self.client.get(setup_uri)
response = cast(HttpResponse, response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
response = cast(Response, response)
if not response.data:
self.fail("MFA setup failed")
otp_url = response.data["otp_url"]
qr_code = response.data["qr_code"]
self.assertTrue(otp_url.startswith(f"otpauth://totp/{self.user.login_id}?secret="))
self.assertIsNotNone(qr_code)
# 生成した TOTP URI から TOTP の値を取得する。
totp = pyotp.parse_uri(otp_url)
if type(totp) is not pyotp.TOTP:
self.fail("Invalid TOTP URI")
otp = totp.now()
# MFA を検証
verify_uri = reverse("mfa-verify")
response = self.client.post(verify_uri, {"otp": otp})
response = cast(HttpResponse, response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
response = cast(Response, response)
if not response.data:
self.fail("MFA failed")
self.assertEqual(response.data["message"], "MFA enabled successfully")
def test_mfa_verify_failure(self):
"""MFA の検証が失敗することをテスト"""
# MFA 取得 & 生成
otp = "123456"
# MFA を検証
verify_uri = reverse("mfa-verify")
response = self.client.post(verify_uri, {"otp": otp})
response = cast(HttpResponse, response)
print(f"{response}")
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
