2023-01-30 18:58:00 +00:00
|
|
|
import datetime
|
|
|
|
|
|
2023-02-25 17:11:19 +00:00
|
|
|
from werkzeug.security import gen_salt
|
2020-08-26 13:37:15 +00:00
|
|
|
|
2024-03-15 18:58:06 +00:00
|
|
|
from canaille.app import models
|
|
|
|
|
|
2020-08-26 13:37:15 +00:00
|
|
|
|
|
|
|
|
def test_no_logged_no_access(testclient):
|
2020-08-26 15:23:53 +00:00
|
|
|
testclient.get("/admin/client", status=403)
|
2020-08-26 13:37:15 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_no_admin_no_access(testclient, logged_user):
|
2020-08-26 15:23:53 +00:00
|
|
|
testclient.get("/admin/client", status=403)
|
2020-08-26 13:37:15 +00:00
|
|
|
|
|
|
|
|
|
2021-10-20 10:05:08 +00:00
|
|
|
def test_invalid_client_edition(testclient, logged_admin):
|
|
|
|
|
testclient.get("/admin/client/edit/invalid", status=404)
|
|
|
|
|
|
|
|
|
|
|
2020-08-26 13:37:15 +00:00
|
|
|
def test_client_list(testclient, client, logged_admin):
|
2020-08-26 15:23:53 +00:00
|
|
|
res = testclient.get("/admin/client")
|
2023-03-16 15:25:14 +00:00
|
|
|
res.mustcontain(client.client_name)
|
2020-08-26 13:37:15 +00:00
|
|
|
|
|
|
|
|
|
2024-04-14 18:31:43 +00:00
|
|
|
def test_client_list_pagination(
|
|
|
|
|
testclient, logged_admin, client, trusted_client, backend
|
|
|
|
|
):
|
2023-02-25 17:11:19 +00:00
|
|
|
res = testclient.get("/admin/client")
|
2023-03-16 15:25:14 +00:00
|
|
|
res.mustcontain("2 items")
|
2023-02-25 17:11:19 +00:00
|
|
|
clients = []
|
|
|
|
|
for _ in range(25):
|
2023-04-09 09:37:04 +00:00
|
|
|
client = models.Client(client_id=gen_salt(48), client_name=gen_salt(48))
|
2024-04-14 18:31:43 +00:00
|
|
|
backend.save(client)
|
2023-02-25 17:11:19 +00:00
|
|
|
clients.append(client)
|
|
|
|
|
|
|
|
|
|
res = testclient.get("/admin/client")
|
2023-03-16 15:25:14 +00:00
|
|
|
res.mustcontain("27 items")
|
2023-02-25 17:11:19 +00:00
|
|
|
client_name = res.pyquery(
|
|
|
|
|
".clients tbody tr:nth-of-type(1) td:nth-of-type(2) a"
|
|
|
|
|
).text()
|
|
|
|
|
assert client_name
|
|
|
|
|
|
2023-08-31 20:34:12 +00:00
|
|
|
form = res.forms["tableform"]
|
|
|
|
|
res = form.submit(name="form", value="2")
|
2023-03-09 19:46:04 +00:00
|
|
|
assert client_name not in res.pyquery(
|
|
|
|
|
".clients tbody tr td:nth-of-type(2) a"
|
|
|
|
|
).text().split(" ")
|
2023-02-25 17:11:19 +00:00
|
|
|
for client in clients:
|
2024-04-14 18:37:52 +00:00
|
|
|
backend.delete(client)
|
2023-02-25 17:11:19 +00:00
|
|
|
|
|
|
|
|
res = testclient.get("/admin/client")
|
2023-03-16 15:25:14 +00:00
|
|
|
res.mustcontain("2 items")
|
2023-02-25 17:11:19 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_client_list_bad_pages(testclient, logged_admin):
|
|
|
|
|
res = testclient.get("/admin/client")
|
2023-08-31 20:34:12 +00:00
|
|
|
form = res.forms["tableform"]
|
2023-02-25 17:11:19 +00:00
|
|
|
testclient.post(
|
2023-03-28 18:30:29 +00:00
|
|
|
"/admin/client",
|
|
|
|
|
{"csrf_token": form["csrf_token"].value, "page": "2"},
|
|
|
|
|
status=404,
|
2023-02-25 17:11:19 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
res = testclient.get("/admin/client")
|
2023-08-31 20:34:12 +00:00
|
|
|
form = res.forms["tableform"]
|
2023-02-25 17:11:19 +00:00
|
|
|
testclient.post(
|
2023-03-28 18:30:29 +00:00
|
|
|
"/admin/client",
|
|
|
|
|
{"csrf_token": form["csrf_token"].value, "page": "-1"},
|
|
|
|
|
status=404,
|
2023-02-25 17:11:19 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2023-12-23 16:23:19 +00:00
|
|
|
def test_client_list_search(testclient, logged_admin, client, trusted_client):
|
2023-03-07 17:29:18 +00:00
|
|
|
res = testclient.get("/admin/client")
|
2023-03-16 15:25:14 +00:00
|
|
|
res.mustcontain("2 items")
|
|
|
|
|
res.mustcontain(client.client_name)
|
2023-12-23 16:23:19 +00:00
|
|
|
res.mustcontain(trusted_client.client_name)
|
2023-03-07 17:29:18 +00:00
|
|
|
|
|
|
|
|
form = res.forms["search"]
|
|
|
|
|
form["query"] = "other"
|
|
|
|
|
res = form.submit()
|
|
|
|
|
|
2023-06-30 15:42:16 +00:00
|
|
|
res.mustcontain("1 item")
|
2023-12-23 16:23:19 +00:00
|
|
|
res.mustcontain(trusted_client.client_name)
|
2023-03-16 15:25:14 +00:00
|
|
|
res.mustcontain(no=client.client_name)
|
2023-03-07 17:29:18 +00:00
|
|
|
|
|
|
|
|
|
2024-04-14 15:30:59 +00:00
|
|
|
def test_client_add(testclient, logged_admin, backend):
|
2020-08-26 15:23:53 +00:00
|
|
|
res = testclient.get("/admin/client/add")
|
2020-08-26 13:37:15 +00:00
|
|
|
data = {
|
2022-10-17 15:49:52 +00:00
|
|
|
"client_name": "foobar",
|
2024-11-20 22:30:44 +00:00
|
|
|
"contacts-0": "foo@bar.test",
|
|
|
|
|
"client_uri": "https://foobar.test",
|
|
|
|
|
"redirect_uris-0": "https://foobar.test/callback",
|
2022-10-17 15:49:52 +00:00
|
|
|
"grant_types": ["password", "authorization_code"],
|
2022-01-11 16:57:58 +00:00
|
|
|
"scope": "openid profile",
|
2022-10-17 15:49:52 +00:00
|
|
|
"response_types": ["code", "token"],
|
2022-01-11 16:57:58 +00:00
|
|
|
"token_endpoint_auth_method": "none",
|
2024-11-20 22:30:44 +00:00
|
|
|
"logo_uri": "https://foobar.test/logo.webp",
|
|
|
|
|
"tos_uri": "https://foobar.test/tos",
|
|
|
|
|
"policy_uri": "https://foobar.test/policy",
|
2022-01-11 16:57:58 +00:00
|
|
|
"software_id": "software",
|
|
|
|
|
"software_version": "1",
|
|
|
|
|
"jwk": "jwk",
|
2024-11-20 22:30:44 +00:00
|
|
|
"jwks_uri": "https://foobar.test/jwks.json",
|
2022-01-11 16:57:58 +00:00
|
|
|
"audience": [],
|
|
|
|
|
"preconsent": False,
|
2024-11-20 22:30:44 +00:00
|
|
|
"post_logout_redirect_uris-0": "https://foobar.test/disconnected",
|
2020-08-26 13:37:15 +00:00
|
|
|
}
|
|
|
|
|
for k, v in data.items():
|
2021-10-13 09:52:02 +00:00
|
|
|
res.form[k].force_value(v)
|
2020-08-26 13:37:15 +00:00
|
|
|
|
2023-06-22 09:39:50 +00:00
|
|
|
res = res.form.submit(status=302, name="action", value="add")
|
2020-10-30 22:41:02 +00:00
|
|
|
res = res.follow(status=200)
|
2020-08-26 13:37:15 +00:00
|
|
|
|
2022-01-11 16:57:58 +00:00
|
|
|
client_id = res.forms["readonly"]["client_id"].value
|
2024-04-14 15:30:59 +00:00
|
|
|
client = backend.get(models.Client, client_id=client_id)
|
2023-06-20 07:32:43 +00:00
|
|
|
|
|
|
|
|
assert client.client_name == "foobar"
|
2024-11-20 22:30:44 +00:00
|
|
|
assert client.contacts == ["foo@bar.test"]
|
|
|
|
|
assert client.client_uri == "https://foobar.test"
|
|
|
|
|
assert client.redirect_uris == ["https://foobar.test/callback"]
|
2023-06-20 07:32:43 +00:00
|
|
|
assert client.grant_types == ["password", "authorization_code"]
|
|
|
|
|
assert client.scope == ["openid", "profile"]
|
|
|
|
|
assert client.response_types == ["code", "token"]
|
|
|
|
|
assert client.token_endpoint_auth_method == "none"
|
2024-11-20 22:30:44 +00:00
|
|
|
assert client.logo_uri == "https://foobar.test/logo.webp"
|
|
|
|
|
assert client.tos_uri == "https://foobar.test/tos"
|
|
|
|
|
assert client.policy_uri == "https://foobar.test/policy"
|
2023-06-20 07:32:43 +00:00
|
|
|
assert client.software_id == "software"
|
|
|
|
|
assert client.software_version == "1"
|
|
|
|
|
assert client.jwk == "jwk"
|
2024-11-20 22:30:44 +00:00
|
|
|
assert client.jwks_uri == "https://foobar.test/jwks.json"
|
2023-06-20 07:32:43 +00:00
|
|
|
assert client.audience == [client]
|
|
|
|
|
assert not client.preconsent
|
2024-11-20 22:30:44 +00:00
|
|
|
assert client.post_logout_redirect_uris == ["https://foobar.test/disconnected"]
|
2023-06-20 07:32:43 +00:00
|
|
|
|
2024-04-14 18:37:52 +00:00
|
|
|
backend.delete(client)
|
2020-08-26 13:37:15 +00:00
|
|
|
|
|
|
|
|
|
2022-12-14 18:29:59 +00:00
|
|
|
def test_add_missing_fields(testclient, logged_admin):
|
|
|
|
|
res = testclient.get("/admin/client/add")
|
|
|
|
|
res = res.form.submit(status=200, name="action", value="edit")
|
2023-03-16 15:25:14 +00:00
|
|
|
assert (
|
|
|
|
|
"error",
|
|
|
|
|
"The client has not been added. Please check your information.",
|
|
|
|
|
) in res.flashes
|
2022-12-14 18:29:59 +00:00
|
|
|
|
|
|
|
|
|
2024-04-14 20:51:58 +00:00
|
|
|
def test_client_edit(testclient, client, logged_admin, trusted_client, backend):
|
2022-01-11 16:57:58 +00:00
|
|
|
res = testclient.get("/admin/client/edit/" + client.client_id)
|
2020-08-26 13:37:15 +00:00
|
|
|
data = {
|
2022-10-17 15:49:52 +00:00
|
|
|
"client_name": "foobar",
|
2024-11-20 22:30:44 +00:00
|
|
|
"contacts-0": "foo@bar.test",
|
|
|
|
|
"client_uri": "https://foobar.test",
|
|
|
|
|
"redirect_uris-0": "https://foobar.test/callback",
|
2022-10-17 15:49:52 +00:00
|
|
|
"grant_types": ["password", "authorization_code"],
|
2022-01-11 16:57:58 +00:00
|
|
|
"scope": "openid profile",
|
2022-10-17 15:49:52 +00:00
|
|
|
"response_types": ["code", "token"],
|
2022-01-11 16:57:58 +00:00
|
|
|
"token_endpoint_auth_method": "none",
|
2024-11-20 22:30:44 +00:00
|
|
|
"logo_uri": "https://foobar.test/logo.webp",
|
|
|
|
|
"tos_uri": "https://foobar.test/tos",
|
|
|
|
|
"policy_uri": "https://foobar.test/policy",
|
2022-01-11 16:57:58 +00:00
|
|
|
"software_id": "software",
|
|
|
|
|
"software_version": "1",
|
|
|
|
|
"jwk": "jwk",
|
2024-11-20 22:30:44 +00:00
|
|
|
"jwks_uri": "https://foobar.test/jwks.json",
|
2023-12-23 16:23:19 +00:00
|
|
|
"audience": [client.id, trusted_client.id],
|
2022-01-11 16:57:58 +00:00
|
|
|
"preconsent": True,
|
2024-11-20 22:30:44 +00:00
|
|
|
"post_logout_redirect_uris-0": "https://foobar.test/disconnected",
|
2020-08-26 13:37:15 +00:00
|
|
|
}
|
|
|
|
|
for k, v in data.items():
|
2023-03-29 22:40:25 +00:00
|
|
|
res.forms["clientaddform"][k].force_value(v)
|
|
|
|
|
res = res.forms["clientaddform"].submit(status=302, name="action", value="edit")
|
2020-08-26 13:37:15 +00:00
|
|
|
|
2021-10-13 09:52:02 +00:00
|
|
|
assert (
|
2023-01-28 18:02:00 +00:00
|
|
|
"error",
|
|
|
|
|
"The client has not been edited. Please check your information.",
|
|
|
|
|
) not in res.flashes
|
|
|
|
|
assert ("success", "The client has been edited.") in res.flashes
|
2021-10-13 09:52:02 +00:00
|
|
|
|
2024-04-14 20:51:58 +00:00
|
|
|
backend.reload(client)
|
2023-06-20 07:32:43 +00:00
|
|
|
|
|
|
|
|
assert client.client_name == "foobar"
|
2024-11-20 22:30:44 +00:00
|
|
|
assert client.contacts == ["foo@bar.test"]
|
|
|
|
|
assert client.client_uri == "https://foobar.test"
|
2023-06-22 09:39:50 +00:00
|
|
|
assert client.redirect_uris == [
|
2024-11-20 22:30:44 +00:00
|
|
|
"https://foobar.test/callback",
|
|
|
|
|
"https://mydomain.test/redirect2",
|
2023-06-22 09:39:50 +00:00
|
|
|
]
|
2023-06-20 07:32:43 +00:00
|
|
|
assert client.grant_types == ["password", "authorization_code"]
|
|
|
|
|
assert client.scope == ["openid", "profile"]
|
|
|
|
|
assert client.response_types == ["code", "token"]
|
|
|
|
|
assert client.token_endpoint_auth_method == "none"
|
2024-11-20 22:30:44 +00:00
|
|
|
assert client.logo_uri == "https://foobar.test/logo.webp"
|
|
|
|
|
assert client.tos_uri == "https://foobar.test/tos"
|
|
|
|
|
assert client.policy_uri == "https://foobar.test/policy"
|
2023-06-20 07:32:43 +00:00
|
|
|
assert client.software_id == "software"
|
|
|
|
|
assert client.software_version == "1"
|
|
|
|
|
assert client.jwk == "jwk"
|
2024-11-20 22:30:44 +00:00
|
|
|
assert client.jwks_uri == "https://foobar.test/jwks.json"
|
2023-12-23 16:23:19 +00:00
|
|
|
assert client.audience == [client, trusted_client]
|
2023-06-20 07:32:43 +00:00
|
|
|
assert not client.preconsent
|
2024-11-20 22:30:44 +00:00
|
|
|
assert client.post_logout_redirect_uris == ["https://foobar.test/disconnected"]
|
2020-11-23 16:32:40 +00:00
|
|
|
|
2022-11-16 16:36:16 +00:00
|
|
|
|
2024-04-14 20:51:58 +00:00
|
|
|
def test_client_edit_missing_fields(
|
|
|
|
|
testclient, client, logged_admin, trusted_client, backend
|
|
|
|
|
):
|
2022-12-14 18:29:59 +00:00
|
|
|
res = testclient.get("/admin/client/edit/" + client.client_id)
|
2023-03-29 22:40:25 +00:00
|
|
|
res.forms["clientaddform"]["client_name"] = ""
|
|
|
|
|
res = res.forms["clientaddform"].submit(name="action", value="edit")
|
2023-03-16 15:25:14 +00:00
|
|
|
assert (
|
|
|
|
|
"error",
|
|
|
|
|
"The client has not been edited. Please check your information.",
|
|
|
|
|
) in res.flashes
|
2024-04-14 20:51:58 +00:00
|
|
|
backend.reload(client)
|
2022-12-14 18:29:59 +00:00
|
|
|
assert client.client_name
|
|
|
|
|
|
|
|
|
|
|
2024-04-14 15:30:59 +00:00
|
|
|
def test_client_delete(testclient, logged_admin, backend):
|
2023-04-09 09:37:04 +00:00
|
|
|
client = models.Client(client_id="client_id")
|
2024-04-14 18:31:43 +00:00
|
|
|
backend.save(client)
|
2023-04-09 09:37:04 +00:00
|
|
|
token = models.Token(
|
2023-03-17 23:38:56 +00:00
|
|
|
token_id="id",
|
|
|
|
|
client=client,
|
2023-11-24 11:10:17 +00:00
|
|
|
subject=logged_admin,
|
|
|
|
|
issue_date=datetime.datetime.now(datetime.timezone.utc),
|
2023-01-30 18:58:00 +00:00
|
|
|
)
|
2024-04-14 18:31:43 +00:00
|
|
|
backend.save(token)
|
2023-04-09 09:37:04 +00:00
|
|
|
consent = models.Consent(
|
2023-11-24 11:10:17 +00:00
|
|
|
consent_id="consent_id", subject=logged_admin, client=client, scope=["openid"]
|
2023-03-09 23:38:16 +00:00
|
|
|
)
|
2024-04-14 18:31:43 +00:00
|
|
|
backend.save(consent)
|
2023-11-24 11:10:17 +00:00
|
|
|
authorization_code = models.AuthorizationCode(
|
|
|
|
|
authorization_code_id="id", client=client, subject=logged_admin
|
|
|
|
|
)
|
2024-04-14 18:31:43 +00:00
|
|
|
backend.save(authorization_code)
|
2022-12-13 18:14:25 +00:00
|
|
|
|
|
|
|
|
res = testclient.get("/admin/client/edit/" + client.client_id)
|
2023-07-06 16:43:37 +00:00
|
|
|
res = res.forms["clientaddform"].submit(name="action", value="confirm-delete")
|
|
|
|
|
res = res.form.submit(name="action", value="delete")
|
|
|
|
|
res = res.follow()
|
2022-12-13 18:14:25 +00:00
|
|
|
|
2024-04-14 15:30:59 +00:00
|
|
|
assert not backend.get(models.Client)
|
|
|
|
|
assert not backend.get(models.Token)
|
|
|
|
|
assert not backend.get(models.AuthorizationCode)
|
|
|
|
|
assert not backend.get(models.Consent)
|
2023-01-30 18:58:00 +00:00
|
|
|
|
2022-12-14 20:03:35 +00:00
|
|
|
|
2023-03-28 18:30:29 +00:00
|
|
|
def test_client_delete_invalid_client(testclient, logged_admin, client):
|
|
|
|
|
res = testclient.get(f"/admin/client/edit/{client.client_id}")
|
|
|
|
|
testclient.post(
|
|
|
|
|
"/admin/client/edit/invalid",
|
2023-03-29 22:40:25 +00:00
|
|
|
{
|
|
|
|
|
"action": "delete",
|
|
|
|
|
"csrf_token": res.forms["clientaddform"]["csrf_token"].value,
|
|
|
|
|
},
|
2023-03-28 18:30:29 +00:00
|
|
|
status=404,
|
|
|
|
|
)
|
2022-12-13 18:14:25 +00:00
|
|
|
|
|
|
|
|
|
2024-04-14 20:51:58 +00:00
|
|
|
def test_client_edit_preauth(testclient, client, logged_admin, trusted_client, backend):
|
2022-11-16 16:36:16 +00:00
|
|
|
assert not client.preconsent
|
|
|
|
|
|
|
|
|
|
res = testclient.get("/admin/client/edit/" + client.client_id)
|
2023-03-29 22:40:25 +00:00
|
|
|
res.forms["clientaddform"]["preconsent"] = True
|
|
|
|
|
res = res.forms["clientaddform"].submit(name="action", value="edit")
|
2022-11-16 16:36:16 +00:00
|
|
|
|
2023-01-28 18:02:00 +00:00
|
|
|
assert ("success", "The client has been edited.") in res.flashes
|
2024-04-14 20:51:58 +00:00
|
|
|
backend.reload(client)
|
2022-11-16 16:36:16 +00:00
|
|
|
assert client.preconsent
|
|
|
|
|
|
|
|
|
|
res = testclient.get("/admin/client/edit/" + client.client_id)
|
2023-03-29 22:40:25 +00:00
|
|
|
res.forms["clientaddform"]["preconsent"] = False
|
|
|
|
|
res = res.forms["clientaddform"].submit(name="action", value="edit")
|
2022-11-16 16:36:16 +00:00
|
|
|
|
2023-01-28 18:02:00 +00:00
|
|
|
assert ("success", "The client has been edited.") in res.flashes
|
2024-04-14 20:51:58 +00:00
|
|
|
backend.reload(client)
|
2022-11-16 16:36:16 +00:00
|
|
|
assert not client.preconsent
|
2023-03-29 18:14:28 +00:00
|
|
|
|
|
|
|
|
|
2023-12-23 16:23:19 +00:00
|
|
|
def test_client_edit_invalid_uri(testclient, client, logged_admin, trusted_client):
|
2023-03-29 18:14:28 +00:00
|
|
|
res = testclient.get("/admin/client/edit/" + client.client_id)
|
2023-03-29 22:40:25 +00:00
|
|
|
res.forms["clientaddform"]["client_uri"] = "invalid"
|
|
|
|
|
res = res.forms["clientaddform"].submit(status=200, name="action", value="edit")
|
2023-03-29 18:14:28 +00:00
|
|
|
assert (
|
|
|
|
|
"error",
|
|
|
|
|
"The client has not been edited. Please check your information.",
|
|
|
|
|
) in res.flashes
|
|
|
|
|
res.mustcontain("This is not a valid URL")
|
