2021-12-20 22:57:27 +00:00
|
|
|
from urllib.parse import parse_qs
|
|
|
|
from urllib.parse import urlsplit
|
|
|
|
|
2020-08-21 09:11:39 +00:00
|
|
|
from authlib.jose import jwt
|
2022-01-11 18:49:06 +00:00
|
|
|
from canaille.oidc.models import AuthorizationCode
|
|
|
|
from canaille.oidc.models import Token
|
2020-08-20 14:02:14 +00:00
|
|
|
|
|
|
|
|
2020-08-21 09:11:39 +00:00
|
|
|
def test_oauth_hybrid(testclient, slapd_connection, user, client):
|
2020-08-20 14:02:14 +00:00
|
|
|
res = testclient.get(
|
|
|
|
"/oauth/authorize",
|
|
|
|
params=dict(
|
2020-08-21 08:06:53 +00:00
|
|
|
response_type="code token",
|
2022-01-11 16:57:58 +00:00
|
|
|
client_id=client.client_id,
|
2020-08-20 14:02:14 +00:00
|
|
|
scope="openid profile",
|
|
|
|
nonce="somenonce",
|
|
|
|
),
|
2020-10-30 22:41:02 +00:00
|
|
|
status=200,
|
2020-08-20 14:02:14 +00:00
|
|
|
)
|
2020-10-30 22:41:02 +00:00
|
|
|
assert "text/html" == res.content_type, res.json
|
2020-08-20 14:02:14 +00:00
|
|
|
|
2023-05-11 13:33:34 +00:00
|
|
|
res.form["login"] = user.user_name[0]
|
2020-08-20 14:02:14 +00:00
|
|
|
res.form["password"] = "correct horse battery staple"
|
2020-10-30 22:41:02 +00:00
|
|
|
res = res.form.submit(status=302)
|
2020-08-20 14:02:14 +00:00
|
|
|
|
2020-10-30 22:41:02 +00:00
|
|
|
res = res.follow(status=200)
|
|
|
|
assert "text/html" == res.content_type, res.json
|
2020-08-20 14:02:14 +00:00
|
|
|
|
2020-10-30 22:41:02 +00:00
|
|
|
res = res.form.submit(name="answer", value="accept", status=302)
|
2020-08-20 14:02:14 +00:00
|
|
|
|
2022-01-11 16:57:58 +00:00
|
|
|
assert res.location.startswith(client.redirect_uris[0])
|
2020-08-21 08:06:53 +00:00
|
|
|
params = parse_qs(urlsplit(res.location).fragment)
|
|
|
|
|
2020-08-20 14:02:14 +00:00
|
|
|
code = params["code"][0]
|
2022-05-08 14:31:17 +00:00
|
|
|
authcode = AuthorizationCode.get(code=code)
|
2020-08-20 14:02:14 +00:00
|
|
|
assert authcode is not None
|
|
|
|
|
2020-08-21 08:06:53 +00:00
|
|
|
access_token = params["access_token"][0]
|
2022-05-08 14:31:17 +00:00
|
|
|
token = Token.get(access_token=access_token)
|
2020-08-20 14:02:14 +00:00
|
|
|
assert token is not None
|
|
|
|
|
2020-09-25 09:26:41 +00:00
|
|
|
res = testclient.get(
|
2020-10-30 18:19:34 +00:00
|
|
|
"/oauth/userinfo",
|
|
|
|
headers={"Authorization": f"Bearer {access_token}"},
|
|
|
|
status=200,
|
2020-09-25 09:26:41 +00:00
|
|
|
)
|
2022-12-24 00:44:16 +00:00
|
|
|
assert res.json["name"] == "John (johnny) Doe"
|
2020-08-21 09:11:39 +00:00
|
|
|
|
|
|
|
|
2021-10-13 09:52:02 +00:00
|
|
|
def test_oidc_hybrid(
|
|
|
|
testclient, slapd_connection, logged_user, client, keypair, other_client
|
|
|
|
):
|
2020-08-21 09:11:39 +00:00
|
|
|
res = testclient.get(
|
|
|
|
"/oauth/authorize",
|
|
|
|
params=dict(
|
|
|
|
response_type="code id_token token",
|
2022-01-11 16:57:58 +00:00
|
|
|
client_id=client.client_id,
|
2020-08-21 09:11:39 +00:00
|
|
|
scope="openid profile",
|
|
|
|
nonce="somenonce",
|
|
|
|
),
|
|
|
|
)
|
2020-10-30 22:41:02 +00:00
|
|
|
assert "text/html" == res.content_type, res.json
|
2020-08-21 09:11:39 +00:00
|
|
|
|
2020-10-30 22:41:02 +00:00
|
|
|
res = res.form.submit(name="answer", value="accept", status=302)
|
2020-08-21 09:11:39 +00:00
|
|
|
|
2022-01-11 16:57:58 +00:00
|
|
|
assert res.location.startswith(client.redirect_uris[0])
|
2020-08-21 09:11:39 +00:00
|
|
|
params = parse_qs(urlsplit(res.location).fragment)
|
|
|
|
|
|
|
|
code = params["code"][0]
|
2022-05-08 14:31:17 +00:00
|
|
|
authcode = AuthorizationCode.get(code=code)
|
2020-08-21 09:11:39 +00:00
|
|
|
assert authcode is not None
|
|
|
|
|
|
|
|
access_token = params["access_token"][0]
|
2022-05-08 14:31:17 +00:00
|
|
|
token = Token.get(access_token=access_token)
|
2020-08-21 09:11:39 +00:00
|
|
|
assert token is not None
|
|
|
|
|
|
|
|
id_token = params["id_token"][0]
|
2020-08-28 14:07:39 +00:00
|
|
|
claims = jwt.decode(id_token, keypair[1])
|
2023-02-05 17:57:18 +00:00
|
|
|
assert logged_user.user_name[0] == claims["sub"]
|
|
|
|
assert logged_user.formatted_name[0] == claims["name"]
|
2022-01-11 16:57:58 +00:00
|
|
|
assert [client.client_id, other_client.client_id] == claims["aud"]
|
2020-08-21 09:11:39 +00:00
|
|
|
|
2020-09-25 09:26:41 +00:00
|
|
|
res = testclient.get(
|
2020-10-30 18:19:34 +00:00
|
|
|
"/oauth/userinfo",
|
|
|
|
headers={"Authorization": f"Bearer {access_token}"},
|
|
|
|
status=200,
|
2020-09-25 09:26:41 +00:00
|
|
|
)
|
2022-12-24 00:44:16 +00:00
|
|
|
assert res.json["name"] == "John (johnny) Doe"
|