canaille-globuzma/tests/oidc/test_client_admin.py

from canaille.oidc.models import Client


def test_no_logged_no_access(testclient):
    testclient.get("/admin/client", status=403)


def test_no_admin_no_access(testclient, logged_user):
    testclient.get("/admin/client", status=403)


def test_invalid_client_edition(testclient, logged_admin):
    testclient.get("/admin/client/edit/invalid", status=404)


def test_client_list(testclient, client, logged_admin):
    res = testclient.get("/admin/client")
    assert client.name in res.text


def test_client_add(testclient, logged_admin):
    res = testclient.get("/admin/client/add")
    data = {
        "name": "foobar",
        "contact": "foo@bar.com",
        "uri": "https://foo.bar",
        "redirect_uris": ["https:/foo.bar/callback"],
        "grant_type": ["password", "authorization_code"],
        "scope": "openid profile",
        "response_type": ["code", "token"],
        "token_endpoint_auth_method": "none",
        "logo_uri": "https://foo.bar/logo.png",
        "tos_uri": "https://foo.bar/tos",
        "policy_uri": "https://foo.bar/policy",
        "software_id": "software",
        "software_version": "1",
        "jwk": "jwk",
        "jwk_uri": "https://foo.bar/jwks.json",
        "audience": [],
        "preconsent": False,
        "post_logout_redirect_uris": ["https://foo.bar/disconnected"],
    }
    for k, v in data.items():
        res.form[k].force_value(v)

    res = res.form.submit(status=302, name="action", value="edit")
    res = res.follow(status=200)

    client_id = res.forms["readonly"]["client_id"].value
    client = Client.get(client_id)
    data["audience"] = [client.dn]
    for k, v in data.items():
        client_value = getattr(client, k)
        if k == "scope":
            assert v == " ".join(client_value)
        elif k == "preconsent":
            assert v is False
        else:
            assert v == client_value


def test_client_edit(testclient, client, logged_admin, other_client):
    res = testclient.get("/admin/client/edit/" + client.client_id)
    data = {
        "name": "foobar",
        "contact": "foo@bar.com",
        "uri": "https://foo.bar",
        "redirect_uris": ["https:/foo.bar/callback"],
        "grant_type": ["password", "authorization_code"],
        "scope": "openid profile",
        "response_type": ["code", "token"],
        "token_endpoint_auth_method": "none",
        "logo_uri": "https://foo.bar/logo.png",
        "tos_uri": "https://foo.bar/tos",
        "policy_uri": "https://foo.bar/policy",
        "software_id": "software",
        "software_version": "1",
        "jwk": "jwk",
        "jwk_uri": "https://foo.bar/jwks.json",
        "audience": [client.dn, other_client.dn],
        "preconsent": True,
        "post_logout_redirect_uris": ["https://foo.bar/disconnected"],
    }
    for k, v in data.items():
        res.forms["clientadd"][k].force_value(v)
    res = res.forms["clientadd"].submit(status=200, name="action", value="edit")

    assert (
        "The client has not been edited. Please check your information." not in res.text
    )

    client = Client.get(client.dn)
    for k, v in data.items():
        client_value = getattr(client, k)
        if k == "scope":
            assert v == " ".join(client_value)
        elif k == "preconsent":
            assert v is True
        else:
            assert v == client_value

    res.forms["clientadd"].submit(status=302, name="action", value="delete").follow(
        status=200
    )
    assert Client.get(client.client_id) is None
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`from canaille.oidc.models import Client`
Client unit tests 2020-08-26 13:37:15 +00:00

			`def test_no_logged_no_access(testclient):`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00			`testclient.get("/admin/client", status=403)`
Client unit tests 2020-08-26 13:37:15 +00:00

			`def test_no_admin_no_access(testclient, logged_user):`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00			`testclient.get("/admin/client", status=403)`
Client unit tests 2020-08-26 13:37:15 +00:00

Implemented client pre-authorization 2021-10-20 10:05:08 +00:00			`def test_invalid_client_edition(testclient, logged_admin):`
			`testclient.get("/admin/client/edit/invalid", status=404)`


Client unit tests 2020-08-26 13:37:15 +00:00			`def test_client_list(testclient, client, logged_admin):`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00			`res = testclient.get("/admin/client")`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`assert client.name in res.text`
Client unit tests 2020-08-26 13:37:15 +00:00

Avoid slapd_connection fixture in tests 2022-05-19 10:36:39 +00:00			`def test_client_add(testclient, logged_admin):`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00			`res = testclient.get("/admin/client/add")`
Client unit tests 2020-08-26 13:37:15 +00:00			`data = {`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`"name": "foobar",`
			`"contact": "foo@bar.com",`
			`"uri": "https://foo.bar",`
			`"redirect_uris": ["https:/foo.bar/callback"],`
			`"grant_type": ["password", "authorization_code"],`
			`"scope": "openid profile",`
			`"response_type": ["code", "token"],`
			`"token_endpoint_auth_method": "none",`
			`"logo_uri": "https://foo.bar/logo.png",`
			`"tos_uri": "https://foo.bar/tos",`
			`"policy_uri": "https://foo.bar/policy",`
			`"software_id": "software",`
			`"software_version": "1",`
			`"jwk": "jwk",`
			`"jwk_uri": "https://foo.bar/jwks.json",`
			`"audience": [],`
			`"preconsent": False,`
Implemented RP-initiated logout 2022-05-20 12:07:56 +00:00			`"post_logout_redirect_uris": ["https://foo.bar/disconnected"],`
Client unit tests 2020-08-26 13:37:15 +00:00			`}`
			`for k, v in data.items():`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`res.form[k].force_value(v)`
Client unit tests 2020-08-26 13:37:15 +00:00
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00			`res = res.form.submit(status=302, name="action", value="edit")`
Correctly use webtest 2020-10-30 22:41:02 +00:00			`res = res.follow(status=200)`
Client unit tests 2020-08-26 13:37:15 +00:00
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`client_id = res.forms["readonly"]["client_id"].value`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`client = Client.get(client_id)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`data["audience"] = [client.dn]`
Client unit tests 2020-08-26 13:37:15 +00:00			`for k, v in data.items():`
			`client_value = getattr(client, k)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`if k == "scope":`
Client unit tests 2020-08-26 13:37:15 +00:00			`assert v == " ".join(client_value)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`elif k == "preconsent":`
Implemented client pre-authorization 2021-10-20 10:05:08 +00:00			`assert v is False`
Client unit tests 2020-08-26 13:37:15 +00:00			`else:`
			`assert v == client_value`


Avoid slapd_connection fixture in tests 2022-05-19 10:36:39 +00:00			`def test_client_edit(testclient, client, logged_admin, other_client):`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`res = testclient.get("/admin/client/edit/" + client.client_id)`
Client unit tests 2020-08-26 13:37:15 +00:00			`data = {`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`"name": "foobar",`
			`"contact": "foo@bar.com",`
			`"uri": "https://foo.bar",`
			`"redirect_uris": ["https:/foo.bar/callback"],`
			`"grant_type": ["password", "authorization_code"],`
			`"scope": "openid profile",`
			`"response_type": ["code", "token"],`
			`"token_endpoint_auth_method": "none",`
			`"logo_uri": "https://foo.bar/logo.png",`
			`"tos_uri": "https://foo.bar/tos",`
			`"policy_uri": "https://foo.bar/policy",`
			`"software_id": "software",`
			`"software_version": "1",`
			`"jwk": "jwk",`
			`"jwk_uri": "https://foo.bar/jwks.json",`
			`"audience": [client.dn, other_client.dn],`
			`"preconsent": True,`
Implemented RP-initiated logout 2022-05-20 12:07:56 +00:00			`"post_logout_redirect_uris": ["https://foo.bar/disconnected"],`
Client unit tests 2020-08-26 13:37:15 +00:00			`}`
			`for k, v in data.items():`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`res.forms["clientadd"][k].force_value(v)`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00			`res = res.forms["clientadd"].submit(status=200, name="action", value="edit")`
Client unit tests 2020-08-26 13:37:15 +00:00
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`assert (`
			`"The client has not been edited. Please check your information." not in res.text`
			`)`

Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`client = Client.get(client.dn)`
Client unit tests 2020-08-26 13:37:15 +00:00			`for k, v in data.items():`
			`client_value = getattr(client, k)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`if k == "scope":`
Client unit tests 2020-08-26 13:37:15 +00:00			`assert v == " ".join(client_value)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`elif k == "preconsent":`
Implemented client pre-authorization 2021-10-20 10:05:08 +00:00			`assert v is True`
Client unit tests 2020-08-26 13:37:15 +00:00			`else:`
			`assert v == client_value`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00
			`res.forms["clientadd"].submit(status=302, name="action", value="delete").follow(`
			`status=200`
			`)`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`assert Client.get(client.client_id) is None`