canaille-globuzma/tests/oidc/conftest.py

import datetime

import pytest
from canaille.oidc.models import AuthorizationCode
from canaille.oidc.models import Client
from canaille.oidc.models import Consent
from canaille.oidc.models import Token
from werkzeug.security import gen_salt


@pytest.fixture
def client(app, slapd_connection, other_client):
    c = Client(
        client_id=gen_salt(24),
        name="Some client",
        contact="contact@mydomain.tld",
        uri="https://mydomain.tld",
        redirect_uris=[
            "https://mydomain.tld/redirect1",
            "https://mydomain.tld/redirect2",
        ],
        logo_uri="https://mydomain.tld/logo.png",
        issue_date=datetime.datetime.now(),
        secret=gen_salt(48),
        grant_type=[
            "password",
            "authorization_code",
            "implicit",
            "hybrid",
            "refresh_token",
        ],
        response_type=["code", "token", "id_token"],
        scope=["openid", "profile", "groups"],
        tos_uri="https://mydomain.tld/tos",
        policy_uri="https://mydomain.tld/policy",
        jwk_uri="https://mydomain.tld/jwk",
        token_endpoint_auth_method="client_secret_basic",
    )
    c.audience = [c.dn, other_client.dn]
    c.save(slapd_connection)

    return c


@pytest.fixture
def other_client(app, slapd_connection):
    c = Client(
        client_id=gen_salt(24),
        name="Some other client",
        contact="contact@myotherdomain.tld",
        uri="https://myotherdomain.tld",
        redirect_uris=[
            "https://myotherdomain.tld/redirect1",
            "https://myotherdomain.tld/redirect2",
        ],
        logo_uri="https://myotherdomain.tld/logo.png",
        issue_date=datetime.datetime.now(),
        secret=gen_salt(48),
        grant_type=[
            "password",
            "authorization_code",
            "implicit",
            "hybrid",
            "refresh_token",
        ],
        response_type=["code", "token", "id_token"],
        scope=["openid", "profile", "groups"],
        tos_uri="https://myotherdomain.tld/tos",
        policy_uri="https://myotherdomain.tld/policy",
        jwk_uri="https://myotherdomain.tld/jwk",
        token_endpoint_auth_method="client_secret_basic",
    )
    c.audience = [c.dn]
    c.save(slapd_connection)

    return c


@pytest.fixture
def authorization(app, slapd_connection, user, client):
    a = AuthorizationCode(
        authorization_code_id=gen_salt(48),
        code="my-code",
        client=client.dn,
        subject=user.dn,
        redirect_uri="https://foo.bar/callback",
        response_type="code",
        scope="openid profile",
        nonce="nonce",
        issue_date=datetime.datetime(2020, 1, 1),
        lifetime="3600",
        challenge="challenge",
        challenge_method="method",
        revokation="",
    )
    a.save(slapd_connection)
    return a


@pytest.fixture
def token(slapd_connection, client, user):
    t = Token(
        token_id=gen_salt(48),
        access_token=gen_salt(48),
        audience=[client.dn],
        client=client.dn,
        subject=user.dn,
        token_type=None,
        refresh_token=gen_salt(48),
        scope="openid profile",
        issue_date=datetime.datetime.now(),
        lifetime=str(3600),
    )
    t.save(slapd_connection)
    return t


@pytest.fixture
def consent(slapd_connection, client, user):
    t = Consent(
        client=client.dn,
        subject=user.dn,
        scope=["openid", "profile"],
        issue_date=datetime.datetime.now(),
    )
    t.save(slapd_connection)
    return t


@pytest.fixture(autouse=True)
def cleanups(slapd_connection):
    yield
    try:
        for consent in Consent.filter(conn=slapd_connection):
            consent.delete(conn=slapd_connection)
    except Exception:
        pass
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`import datetime`

			`import pytest`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`from canaille.oidc.models import AuthorizationCode`
			`from canaille.oidc.models import Client`
			`from canaille.oidc.models import Consent`
			`from canaille.oidc.models import Token`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`from werkzeug.security import gen_salt`


			`@pytest.fixture`
			`def client(app, slapd_connection, other_client):`
			`c = Client(`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`client_id=gen_salt(24),`
			`name="Some client",`
			`contact="contact@mydomain.tld",`
			`uri="https://mydomain.tld",`
			`redirect_uris=[`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`"https://mydomain.tld/redirect1",`
			`"https://mydomain.tld/redirect2",`
			`],`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`logo_uri="https://mydomain.tld/logo.png",`
			`issue_date=datetime.datetime.now(),`
			`secret=gen_salt(48),`
			`grant_type=[`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`"password",`
			`"authorization_code",`
			`"implicit",`
			`"hybrid",`
			`"refresh_token",`
			`],`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`response_type=["code", "token", "id_token"],`
			`scope=["openid", "profile", "groups"],`
			`tos_uri="https://mydomain.tld/tos",`
			`policy_uri="https://mydomain.tld/policy",`
			`jwk_uri="https://mydomain.tld/jwk",`
			`token_endpoint_auth_method="client_secret_basic",`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`c.audience = [c.dn, other_client.dn]`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`c.save(slapd_connection)`

			`return c`


			`@pytest.fixture`
			`def other_client(app, slapd_connection):`
			`c = Client(`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`client_id=gen_salt(24),`
			`name="Some other client",`
			`contact="contact@myotherdomain.tld",`
			`uri="https://myotherdomain.tld",`
			`redirect_uris=[`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`"https://myotherdomain.tld/redirect1",`
			`"https://myotherdomain.tld/redirect2",`
			`],`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`logo_uri="https://myotherdomain.tld/logo.png",`
			`issue_date=datetime.datetime.now(),`
			`secret=gen_salt(48),`
			`grant_type=[`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`"password",`
			`"authorization_code",`
			`"implicit",`
			`"hybrid",`
			`"refresh_token",`
			`],`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`response_type=["code", "token", "id_token"],`
			`scope=["openid", "profile", "groups"],`
			`tos_uri="https://myotherdomain.tld/tos",`
			`policy_uri="https://myotherdomain.tld/policy",`
			`jwk_uri="https://myotherdomain.tld/jwk",`
			`token_endpoint_auth_method="client_secret_basic",`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`c.audience = [c.dn]`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`c.save(slapd_connection)`

			`return c`


			`@pytest.fixture`
			`def authorization(app, slapd_connection, user, client):`
			`a = AuthorizationCode(`
AuthorizationCode and Token have a new id parameter 2022-02-16 17:00:30 +00:00			`authorization_code_id=gen_salt(48),`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`code="my-code",`
			`client=client.dn,`
			`subject=user.dn,`
			`redirect_uri="https://foo.bar/callback",`
			`response_type="code",`
			`scope="openid profile",`
			`nonce="nonce",`
			`issue_date=datetime.datetime(2020, 1, 1),`
			`lifetime="3600",`
			`challenge="challenge",`
			`challenge_method="method",`
			`revokation="",`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`)`
			`a.save(slapd_connection)`
			`return a`


			`@pytest.fixture`
			`def token(slapd_connection, client, user):`
			`t = Token(`
AuthorizationCode and Token have a new id parameter 2022-02-16 17:00:30 +00:00			`token_id=gen_salt(48),`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`access_token=gen_salt(48),`
			`audience=[client.dn],`
			`client=client.dn,`
			`subject=user.dn,`
			`token_type=None,`
			`refresh_token=gen_salt(48),`
			`scope="openid profile",`
			`issue_date=datetime.datetime.now(),`
			`lifetime=str(3600),`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`)`
			`t.save(slapd_connection)`
			`return t`


			`@pytest.fixture`
			`def consent(slapd_connection, client, user):`
			`t = Consent(`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`client=client.dn,`
			`subject=user.dn,`
			`scope=["openid", "profile"],`
			`issue_date=datetime.datetime.now(),`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`)`
			`t.save(slapd_connection)`
			`return t`


			`@pytest.fixture(autouse=True)`
			`def cleanups(slapd_connection):`
			`yield`
			`try:`
			`for consent in Consent.filter(conn=slapd_connection):`
			`consent.delete(conn=slapd_connection)`
			`except Exception:`
			`pass`