2022-01-11 18:49:06 +00:00
|
|
|
from canaille.oidc.models import Token
|
2020-08-19 07:09:22 +00:00
|
|
|
|
2021-12-20 22:57:27 +00:00
|
|
|
from . import client_credentials
|
|
|
|
|
|
2020-08-19 07:09:22 +00:00
|
|
|
|
2022-05-19 10:36:39 +00:00
|
|
|
def test_password_flow_basic(testclient, user, client):
|
2020-08-19 07:09:22 +00:00
|
|
|
res = testclient.post(
|
|
|
|
|
"/oauth/token",
|
2020-08-19 08:28:28 +00:00
|
|
|
params=dict(
|
2020-08-19 07:09:22 +00:00
|
|
|
grant_type="password",
|
2021-12-06 14:40:30 +00:00
|
|
|
username="John (johnny) Doe",
|
2020-08-19 11:49:38 +00:00
|
|
|
password="correct horse battery staple",
|
2022-07-07 14:05:34 +00:00
|
|
|
scope="openid profile groups",
|
2020-08-19 07:09:22 +00:00
|
|
|
),
|
2020-08-19 08:28:28 +00:00
|
|
|
headers={"Authorization": f"Basic {client_credentials(client)}"},
|
2020-10-30 18:19:34 +00:00
|
|
|
status=200,
|
2020-08-19 07:09:22 +00:00
|
|
|
)
|
|
|
|
|
|
2021-06-03 15:24:36 +00:00
|
|
|
assert res.json["scope"] == "openid profile groups"
|
2020-08-19 07:09:22 +00:00
|
|
|
assert res.json["token_type"] == "Bearer"
|
|
|
|
|
access_token = res.json["access_token"]
|
|
|
|
|
|
2022-05-08 14:31:17 +00:00
|
|
|
token = Token.get(access_token=access_token)
|
2020-08-19 08:28:28 +00:00
|
|
|
assert token is not None
|
|
|
|
|
|
2020-09-25 09:26:41 +00:00
|
|
|
res = testclient.get(
|
2020-10-30 18:19:34 +00:00
|
|
|
"/oauth/userinfo",
|
|
|
|
|
headers={"Authorization": f"Bearer {access_token}"},
|
|
|
|
|
status=200,
|
2020-09-25 09:26:41 +00:00
|
|
|
)
|
2021-09-28 07:30:41 +00:00
|
|
|
assert {
|
2021-12-06 14:40:30 +00:00
|
|
|
"name": "John (johnny) Doe",
|
2021-09-28 07:30:41 +00:00
|
|
|
"sub": "user",
|
|
|
|
|
"family_name": "Doe",
|
|
|
|
|
"groups": [],
|
|
|
|
|
} == res.json
|
2021-11-21 12:23:08 +00:00
|
|
|
|
|
|
|
|
|
2022-05-19 10:36:39 +00:00
|
|
|
def test_password_flow_post(testclient, user, client):
|
2022-01-11 16:57:58 +00:00
|
|
|
client.token_endpoint_auth_method = "client_secret_post"
|
2022-05-08 14:31:17 +00:00
|
|
|
client.save()
|
2021-11-21 12:23:08 +00:00
|
|
|
|
|
|
|
|
res = testclient.post(
|
|
|
|
|
"/oauth/token",
|
|
|
|
|
params=dict(
|
|
|
|
|
grant_type="password",
|
2021-12-06 14:40:30 +00:00
|
|
|
username="John (johnny) Doe",
|
2021-11-21 12:23:08 +00:00
|
|
|
password="correct horse battery staple",
|
2022-07-07 14:05:34 +00:00
|
|
|
scope="openid profile groups",
|
2022-01-11 16:57:58 +00:00
|
|
|
client_id=client.client_id,
|
2022-10-17 15:49:52 +00:00
|
|
|
client_secret=client.client_secret,
|
2021-11-21 12:23:08 +00:00
|
|
|
),
|
|
|
|
|
status=200,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
assert res.json["scope"] == "openid profile groups"
|
|
|
|
|
assert res.json["token_type"] == "Bearer"
|
|
|
|
|
access_token = res.json["access_token"]
|
|
|
|
|
|
2022-05-08 14:31:17 +00:00
|
|
|
token = Token.get(access_token=access_token)
|
2021-11-21 12:23:08 +00:00
|
|
|
assert token is not None
|
|
|
|
|
|
|
|
|
|
res = testclient.get(
|
|
|
|
|
"/oauth/userinfo",
|
|
|
|
|
headers={"Authorization": f"Bearer {access_token}"},
|
|
|
|
|
status=200,
|
|
|
|
|
)
|
|
|
|
|
assert {
|
2021-12-06 14:40:30 +00:00
|
|
|
"name": "John (johnny) Doe",
|
2021-11-21 12:23:08 +00:00
|
|
|
"sub": "user",
|
|
|
|
|
"family_name": "Doe",
|
|
|
|
|
"groups": [],
|
|
|
|
|
} == res.json
|
