From 70cc070b76e5232db94da859daf893b6eadc48b1 Mon Sep 17 00:00:00 2001
From: Peter Bengtsson <peterbe@mozilla.com>
Date: Mon, 12 Jun 2017 08:30:29 -0400
Subject: [PATCH] test cover authentication with falsy email, fixes #141 (#142)

---
 tests/test_auth.py | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/tests/test_auth.py b/tests/test_auth.py
index a7bbd50d..91c0d8a9 100644
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -198,9 +198,11 @@ def test_successful_authentication_new_user(self, token_mock, request_mock, algo
             'redirect_uri': 'http://testserver/callback/',
         }
         self.assertEqual(User.objects.all().count(), 0)
-        self.backend.authenticate(request=auth_request)
+        result = self.backend.authenticate(request=auth_request)
         self.assertEqual(User.objects.all().count(), 1)
         user = User.objects.all()[0]
+        self.assertEquals(user, result)
+
         self.assertEquals(user.email, 'email@example.com')
         self.assertEquals(user.username, 'username_algo')
 
@@ -213,6 +215,31 @@ def test_successful_authentication_new_user(self, token_mock, request_mock, algo
             headers={'Authorization': 'Bearer access_granted'}
         )
 
+    @patch('mozilla_django_oidc.auth.requests')
+    @patch('mozilla_django_oidc.auth.OIDCAuthenticationBackend.verify_token')
+    def test_successful_authentication_no_email(self, token_mock, request_mock):
+        """What happens if the auth "works" but it doesn't have an email?"""
+        auth_request = RequestFactory().get('/foo', {'code': 'foo',
+                                                     'state': 'bar'})
+        auth_request.session = {}
+
+        token_mock.return_value = True
+        get_json_mock = Mock()
+        get_json_mock.json.return_value = {
+            'nickname': 'a_username',
+            'email': ''
+        }
+        request_mock.get.return_value = get_json_mock
+        post_json_mock = Mock()
+        post_json_mock.json.return_value = {
+            'id_token': 'id_token',
+            'access_token': 'access_granted'
+        }
+        request_mock.post.return_value = post_json_mock
+        result = self.backend.authenticate(request=auth_request)
+        assert result is None
+        self.assertEqual(User.objects.all().count(), 0)
+
     def test_authenticate_no_code_no_state(self):
         """Test authenticate with wrong parameters."""