canaille-globuzma/tests/oidc/test_client_admin.py

import datetime

from canaille.app import models
from werkzeug.security import gen_salt


def test_no_logged_no_access(testclient):
    testclient.get("/admin/client", status=403)


def test_no_admin_no_access(testclient, logged_user):
    testclient.get("/admin/client", status=403)


def test_invalid_client_edition(testclient, logged_admin):
    testclient.get("/admin/client/edit/invalid", status=404)


def test_client_list(testclient, client, logged_admin):
    res = testclient.get("/admin/client")
    res.mustcontain(client.client_name)


def test_client_list_pagination(testclient, logged_admin, client, other_client):
    res = testclient.get("/admin/client")
    res.mustcontain("2 items")
    clients = []
    for _ in range(25):
        client = models.Client(client_id=gen_salt(48), client_name=gen_salt(48))
        client.save()
        clients.append(client)

    res = testclient.get("/admin/client")
    res.mustcontain("27 items")
    client_name = res.pyquery(
        ".clients tbody tr:nth-of-type(1) td:nth-of-type(2) a"
    ).text()
    assert client_name

    form = res.forms["tableform"]
    res = form.submit(name="form", value="2")
    assert client_name not in res.pyquery(
        ".clients tbody tr td:nth-of-type(2) a"
    ).text().split(" ")
    for client in clients:
        client.delete()

    res = testclient.get("/admin/client")
    res.mustcontain("2 items")


def test_client_list_bad_pages(testclient, logged_admin):
    res = testclient.get("/admin/client")
    form = res.forms["tableform"]
    testclient.post(
        "/admin/client",
        {"csrf_token": form["csrf_token"].value, "page": "2"},
        status=404,
    )

    res = testclient.get("/admin/client")
    form = res.forms["tableform"]
    testclient.post(
        "/admin/client",
        {"csrf_token": form["csrf_token"].value, "page": "-1"},
        status=404,
    )


def test_client_list_search(testclient, logged_admin, client, other_client):
    res = testclient.get("/admin/client")
    res.mustcontain("2 items")
    res.mustcontain(client.client_name)
    res.mustcontain(other_client.client_name)

    form = res.forms["search"]
    form["query"] = "other"
    res = form.submit()

    res.mustcontain("1 item")
    res.mustcontain(other_client.client_name)
    res.mustcontain(no=client.client_name)


def test_client_add(testclient, logged_admin):
    res = testclient.get("/admin/client/add")
    data = {
        "client_name": "foobar",
        "contacts-0": "foo@bar.com",
        "client_uri": "https://foo.bar",
        "redirect_uris-0": "https://foo.bar/callback",
        "grant_types": ["password", "authorization_code"],
        "scope": "openid profile",
        "response_types": ["code", "token"],
        "token_endpoint_auth_method": "none",
        "logo_uri": "https://foo.bar/logo.png",
        "tos_uri": "https://foo.bar/tos",
        "policy_uri": "https://foo.bar/policy",
        "software_id": "software",
        "software_version": "1",
        "jwk": "jwk",
        "jwks_uri": "https://foo.bar/jwks.json",
        "audience": [],
        "preconsent": False,
        "post_logout_redirect_uris-0": "https://foo.bar/disconnected",
    }
    for k, v in data.items():
        res.form[k].force_value(v)

    res = res.form.submit(status=302, name="action", value="add")
    res = res.follow(status=200)

    client_id = res.forms["readonly"]["client_id"].value
    client = models.Client.get(client_id=client_id)

    assert client.client_name == "foobar"
    assert client.contacts == ["foo@bar.com"]
    assert client.client_uri == "https://foo.bar"
    assert client.redirect_uris == ["https://foo.bar/callback"]
    assert client.grant_types == ["password", "authorization_code"]
    assert client.scope == ["openid", "profile"]
    assert client.response_types == ["code", "token"]
    assert client.token_endpoint_auth_method == "none"
    assert client.logo_uri == "https://foo.bar/logo.png"
    assert client.tos_uri == "https://foo.bar/tos"
    assert client.policy_uri == "https://foo.bar/policy"
    assert client.software_id == "software"
    assert client.software_version == "1"
    assert client.jwk == "jwk"
    assert client.jwks_uri == "https://foo.bar/jwks.json"
    assert client.audience == [client]
    assert not client.preconsent
    assert client.post_logout_redirect_uris == ["https://foo.bar/disconnected"]

    client.delete()


def test_add_missing_fields(testclient, logged_admin):
    res = testclient.get("/admin/client/add")
    res = res.form.submit(status=200, name="action", value="edit")
    assert (
        "error",
        "The client has not been added. Please check your information.",
    ) in res.flashes


def test_client_edit(testclient, client, logged_admin, other_client):
    res = testclient.get("/admin/client/edit/" + client.client_id)
    data = {
        "client_name": "foobar",
        "contacts-0": "foo@bar.com",
        "client_uri": "https://foo.bar",
        "redirect_uris-0": "https://foo.bar/callback",
        "grant_types": ["password", "authorization_code"],
        "scope": "openid profile",
        "response_types": ["code", "token"],
        "token_endpoint_auth_method": "none",
        "logo_uri": "https://foo.bar/logo.png",
        "tos_uri": "https://foo.bar/tos",
        "policy_uri": "https://foo.bar/policy",
        "software_id": "software",
        "software_version": "1",
        "jwk": "jwk",
        "jwks_uri": "https://foo.bar/jwks.json",
        "audience": [client.id, other_client.id],
        "preconsent": True,
        "post_logout_redirect_uris-0": "https://foo.bar/disconnected",
    }
    for k, v in data.items():
        res.forms["clientaddform"][k].force_value(v)
    res = res.forms["clientaddform"].submit(status=302, name="action", value="edit")

    assert (
        "error",
        "The client has not been edited. Please check your information.",
    ) not in res.flashes
    assert ("success", "The client has been edited.") in res.flashes

    client.reload()

    assert client.client_name == "foobar"
    assert client.contacts == ["foo@bar.com"]
    assert client.client_uri == "https://foo.bar"
    assert client.redirect_uris == [
        "https://foo.bar/callback",
        "https://mydomain.tld/redirect2",
    ]
    assert client.grant_types == ["password", "authorization_code"]
    assert client.scope == ["openid", "profile"]
    assert client.response_types == ["code", "token"]
    assert client.token_endpoint_auth_method == "none"
    assert client.logo_uri == "https://foo.bar/logo.png"
    assert client.tos_uri == "https://foo.bar/tos"
    assert client.policy_uri == "https://foo.bar/policy"
    assert client.software_id == "software"
    assert client.software_version == "1"
    assert client.jwk == "jwk"
    assert client.jwks_uri == "https://foo.bar/jwks.json"
    assert client.audience == [client, other_client]
    assert not client.preconsent
    assert client.post_logout_redirect_uris == ["https://foo.bar/disconnected"]


def test_client_edit_missing_fields(testclient, client, logged_admin, other_client):
    res = testclient.get("/admin/client/edit/" + client.client_id)
    res.forms["clientaddform"]["client_name"] = ""
    res = res.forms["clientaddform"].submit(name="action", value="edit")
    assert (
        "error",
        "The client has not been edited. Please check your information.",
    ) in res.flashes
    client.reload()
    assert client.client_name


def test_client_delete(testclient, logged_admin):
    client = models.Client(client_id="client_id")
    client.save()
    token = models.Token(
        token_id="id",
        client=client,
        issue_datetime=datetime.datetime.now(datetime.timezone.utc),
    )
    token.save()
    consent = models.Consent(
        consent_id="consent_id", subject=logged_admin, client=client, scope="openid"
    )
    consent.save()
    models.AuthorizationCode(authorization_code_id="id", client=client, subject=client)

    res = testclient.get("/admin/client/edit/" + client.client_id)
    res = res.forms["clientaddform"].submit(name="action", value="confirm-delete")
    res = res.form.submit(name="action", value="delete")
    res = res.follow()

    assert not models.Client.get()
    assert not models.Token.get()
    assert not models.AuthorizationCode.get()
    assert not models.Consent.get()


def test_client_delete_invalid_client(testclient, logged_admin, client):
    res = testclient.get(f"/admin/client/edit/{client.client_id}")
    testclient.post(
        "/admin/client/edit/invalid",
        {
            "action": "delete",
            "csrf_token": res.forms["clientaddform"]["csrf_token"].value,
        },
        status=404,
    )


def test_client_edit_preauth(testclient, client, logged_admin, other_client):
    assert not client.preconsent

    res = testclient.get("/admin/client/edit/" + client.client_id)
    res.forms["clientaddform"]["preconsent"] = True
    res = res.forms["clientaddform"].submit(name="action", value="edit")

    assert ("success", "The client has been edited.") in res.flashes
    client.reload()
    assert client.preconsent

    res = testclient.get("/admin/client/edit/" + client.client_id)
    res.forms["clientaddform"]["preconsent"] = False
    res = res.forms["clientaddform"].submit(name="action", value="edit")

    assert ("success", "The client has been edited.") in res.flashes
    client.reload()
    assert not client.preconsent


def test_client_edit_invalid_uri(testclient, client, logged_admin, other_client):
    res = testclient.get("/admin/client/edit/" + client.client_id)
    res.forms["clientaddform"]["client_uri"] = "invalid"
    res = res.forms["clientaddform"].submit(status=200, name="action", value="edit")
    assert (
        "error",
        "The client has not been edited. Please check your information.",
    ) in res.flashes
    res.mustcontain("This is not a valid URL")
Client deletion also delete related objects 2023-01-30 18:58:00 +00:00			`import datetime`

Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`from canaille.app import models`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`from werkzeug.security import gen_salt`
Client unit tests 2020-08-26 13:37:15 +00:00

			`def test_no_logged_no_access(testclient):`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00			`testclient.get("/admin/client", status=403)`
Client unit tests 2020-08-26 13:37:15 +00:00

			`def test_no_admin_no_access(testclient, logged_user):`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00			`testclient.get("/admin/client", status=403)`
Client unit tests 2020-08-26 13:37:15 +00:00

Implemented client pre-authorization 2021-10-20 10:05:08 +00:00			`def test_invalid_client_edition(testclient, logged_admin):`
			`testclient.get("/admin/client/edit/invalid", status=404)`


Client unit tests 2020-08-26 13:37:15 +00:00			`def test_client_list(testclient, client, logged_admin):`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00			`res = testclient.get("/admin/client")`
Unit tests use WebTest .mustcontain method when possible 2023-03-16 15:25:14 +00:00			`res.mustcontain(client.client_name)`
Client unit tests 2020-08-26 13:37:15 +00:00

Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`def test_client_list_pagination(testclient, logged_admin, client, other_client):`
			`res = testclient.get("/admin/client")`
Unit tests use WebTest .mustcontain method when possible 2023-03-16 15:25:14 +00:00			`res.mustcontain("2 items")`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`clients = []`
			`for _ in range(25):`
Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`client = models.Client(client_id=gen_salt(48), client_name=gen_salt(48))`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`client.save()`
			`clients.append(client)`

			`res = testclient.get("/admin/client")`
Unit tests use WebTest .mustcontain method when possible 2023-03-16 15:25:14 +00:00			`res.mustcontain("27 items")`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`client_name = res.pyquery(`
			`".clients tbody tr:nth-of-type(1) td:nth-of-type(2) a"`
			`).text()`
			`assert client_name`

tests: fix CI 2023-08-31 20:34:12 +00:00			`form = res.forms["tableform"]`
			`res = form.submit(name="form", value="2")`
Fixed unit tests 2023-03-09 19:46:04 +00:00			`assert client_name not in res.pyquery(`
			`".clients tbody tr td:nth-of-type(2) a"`
			`).text().split(" ")`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`for client in clients:`
			`client.delete()`

			`res = testclient.get("/admin/client")`
Unit tests use WebTest .mustcontain method when possible 2023-03-16 15:25:14 +00:00			`res.mustcontain("2 items")`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00

			`def test_client_list_bad_pages(testclient, logged_admin):`
			`res = testclient.get("/admin/client")`
tests: fix CI 2023-08-31 20:34:12 +00:00			`form = res.forms["tableform"]`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`testclient.post(`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`"/admin/client",`
			`{"csrf_token": form["csrf_token"].value, "page": "2"},`
			`status=404,`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`)`

			`res = testclient.get("/admin/client")`
tests: fix CI 2023-08-31 20:34:12 +00:00			`form = res.forms["tableform"]`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`testclient.post(`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`"/admin/client",`
			`{"csrf_token": form["csrf_token"].value, "page": "-1"},`
			`status=404,`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`)`


Table search implementation 2023-03-07 17:29:18 +00:00			`def test_client_list_search(testclient, logged_admin, client, other_client):`
			`res = testclient.get("/admin/client")`
Unit tests use WebTest .mustcontain method when possible 2023-03-16 15:25:14 +00:00			`res.mustcontain("2 items")`
			`res.mustcontain(client.client_name)`
			`res.mustcontain(other_client.client_name)`
Table search implementation 2023-03-07 17:29:18 +00:00
			`form = res.forms["search"]`
			`form["query"] = "other"`
			`res = form.submit()`

Pagination pluralization 2023-06-30 15:42:16 +00:00			`res.mustcontain("1 item")`
Unit tests use WebTest .mustcontain method when possible 2023-03-16 15:25:14 +00:00			`res.mustcontain(other_client.client_name)`
			`res.mustcontain(no=client.client_name)`
Table search implementation 2023-03-07 17:29:18 +00:00

Avoid slapd_connection fixture in tests 2022-05-19 10:36:39 +00:00			`def test_client_add(testclient, logged_admin):`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00			`res = testclient.get("/admin/client/add")`
Client unit tests 2020-08-26 13:37:15 +00:00			`data = {`
Variable renaming 2022-10-17 15:49:52 +00:00			`"client_name": "foobar",`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`"contacts-0": "foo@bar.com",`
Variable renaming 2022-10-17 15:49:52 +00:00			`"client_uri": "https://foo.bar",`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`"redirect_uris-0": "https://foo.bar/callback",`
Variable renaming 2022-10-17 15:49:52 +00:00			`"grant_types": ["password", "authorization_code"],`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`"scope": "openid profile",`
Variable renaming 2022-10-17 15:49:52 +00:00			`"response_types": ["code", "token"],`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`"token_endpoint_auth_method": "none",`
			`"logo_uri": "https://foo.bar/logo.png",`
			`"tos_uri": "https://foo.bar/tos",`
			`"policy_uri": "https://foo.bar/policy",`
			`"software_id": "software",`
			`"software_version": "1",`
			`"jwk": "jwk",`
Variable renaming 2022-10-17 15:49:52 +00:00			`"jwks_uri": "https://foo.bar/jwks.json",`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`"audience": [],`
			`"preconsent": False,`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`"post_logout_redirect_uris-0": "https://foo.bar/disconnected",`
Client unit tests 2020-08-26 13:37:15 +00:00			`}`
			`for k, v in data.items():`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`res.form[k].force_value(v)`
Client unit tests 2020-08-26 13:37:15 +00:00
Implement multiple fields 2023-06-22 09:39:50 +00:00			`res = res.form.submit(status=302, name="action", value="add")`
Correctly use webtest 2020-10-30 22:41:02 +00:00			`res = res.follow(status=200)`
Client unit tests 2020-08-26 13:37:15 +00:00
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`client_id = res.forms["readonly"]["client_id"].value`
Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`client = models.Client.get(client_id=client_id)`
client admin test refactoring 2023-06-20 07:32:43 +00:00
			`assert client.client_name == "foobar"`
			`assert client.contacts == ["foo@bar.com"]`
			`assert client.client_uri == "https://foo.bar"`
			`assert client.redirect_uris == ["https://foo.bar/callback"]`
			`assert client.grant_types == ["password", "authorization_code"]`
			`assert client.scope == ["openid", "profile"]`
			`assert client.response_types == ["code", "token"]`
			`assert client.token_endpoint_auth_method == "none"`
			`assert client.logo_uri == "https://foo.bar/logo.png"`
			`assert client.tos_uri == "https://foo.bar/tos"`
			`assert client.policy_uri == "https://foo.bar/policy"`
			`assert client.software_id == "software"`
			`assert client.software_version == "1"`
			`assert client.jwk == "jwk"`
			`assert client.jwks_uri == "https://foo.bar/jwks.json"`
			`assert client.audience == [client]`
			`assert not client.preconsent`
			`assert client.post_logout_redirect_uris == ["https://foo.bar/disconnected"]`

unit tests: removed useless try/except in oidc fixtures 2022-12-04 12:41:09 +00:00			`client.delete()`
Client unit tests 2020-08-26 13:37:15 +00:00

unit tests: client admin validation failures 2022-12-14 18:29:59 +00:00			`def test_add_missing_fields(testclient, logged_admin):`
			`res = testclient.get("/admin/client/add")`
			`res = res.form.submit(status=200, name="action", value="edit")`
Unit tests use WebTest .mustcontain method when possible 2023-03-16 15:25:14 +00:00			`assert (`
			`"error",`
			`"The client has not been added. Please check your information.",`
			`) in res.flashes`
unit tests: client admin validation failures 2022-12-14 18:29:59 +00:00

Avoid slapd_connection fixture in tests 2022-05-19 10:36:39 +00:00			`def test_client_edit(testclient, client, logged_admin, other_client):`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`res = testclient.get("/admin/client/edit/" + client.client_id)`
Client unit tests 2020-08-26 13:37:15 +00:00			`data = {`
Variable renaming 2022-10-17 15:49:52 +00:00			`"client_name": "foobar",`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`"contacts-0": "foo@bar.com",`
Variable renaming 2022-10-17 15:49:52 +00:00			`"client_uri": "https://foo.bar",`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`"redirect_uris-0": "https://foo.bar/callback",`
Variable renaming 2022-10-17 15:49:52 +00:00			`"grant_types": ["password", "authorization_code"],`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`"scope": "openid profile",`
Variable renaming 2022-10-17 15:49:52 +00:00			`"response_types": ["code", "token"],`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`"token_endpoint_auth_method": "none",`
			`"logo_uri": "https://foo.bar/logo.png",`
			`"tos_uri": "https://foo.bar/tos",`
			`"policy_uri": "https://foo.bar/policy",`
			`"software_id": "software",`
			`"software_version": "1",`
			`"jwk": "jwk",`
Variable renaming 2022-10-17 15:49:52 +00:00			`"jwks_uri": "https://foo.bar/jwks.json",`
Used 'id' instead of 'dn' 2023-02-05 18:08:25 +00:00			`"audience": [client.id, other_client.id],`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`"preconsent": True,`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`"post_logout_redirect_uris-0": "https://foo.bar/disconnected",`
Client unit tests 2020-08-26 13:37:15 +00:00			`}`
			`for k, v in data.items():`
OIDC client form renaming 2023-03-29 22:40:25 +00:00			`res.forms["clientaddform"][k].force_value(v)`
			`res = res.forms["clientaddform"].submit(status=302, name="action", value="edit")`
Client unit tests 2020-08-26 13:37:15 +00:00
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`assert (`
Checks flask flashed messages with flask_webtest Response.flashes 2023-01-28 18:02:00 +00:00			`"error",`
			`"The client has not been edited. Please check your information.",`
			`) not in res.flashes`
			`assert ("success", "The client has been edited.") in res.flashes`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00
Use LDAPObject.reload in tests instead of LDAPObject.get 2023-04-08 19:34:09 +00:00			`client.reload()`
client admin test refactoring 2023-06-20 07:32:43 +00:00
			`assert client.client_name == "foobar"`
			`assert client.contacts == ["foo@bar.com"]`
			`assert client.client_uri == "https://foo.bar"`
Implement multiple fields 2023-06-22 09:39:50 +00:00			`assert client.redirect_uris == [`
			`"https://foo.bar/callback",`
			`"https://mydomain.tld/redirect2",`
			`]`
client admin test refactoring 2023-06-20 07:32:43 +00:00			`assert client.grant_types == ["password", "authorization_code"]`
			`assert client.scope == ["openid", "profile"]`
			`assert client.response_types == ["code", "token"]`
			`assert client.token_endpoint_auth_method == "none"`
			`assert client.logo_uri == "https://foo.bar/logo.png"`
			`assert client.tos_uri == "https://foo.bar/tos"`
			`assert client.policy_uri == "https://foo.bar/policy"`
			`assert client.software_id == "software"`
			`assert client.software_version == "1"`
			`assert client.jwk == "jwk"`
			`assert client.jwks_uri == "https://foo.bar/jwks.json"`
			`assert client.audience == [client, other_client]`
			`assert not client.preconsent`
			`assert client.post_logout_redirect_uris == ["https://foo.bar/disconnected"]`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00
Fixed client preconsent disabling 2022-11-16 16:36:16 +00:00
unit tests: client admin validation failures 2022-12-14 18:29:59 +00:00			`def test_client_edit_missing_fields(testclient, client, logged_admin, other_client):`
			`res = testclient.get("/admin/client/edit/" + client.client_id)`
OIDC client form renaming 2023-03-29 22:40:25 +00:00			`res.forms["clientaddform"]["client_name"] = ""`
			`res = res.forms["clientaddform"].submit(name="action", value="edit")`
Unit tests use WebTest .mustcontain method when possible 2023-03-16 15:25:14 +00:00			`assert (`
			`"error",`
			`"The client has not been edited. Please check your information.",`
			`) in res.flashes`
unit tests: client admin validation failures 2022-12-14 18:29:59 +00:00			`client.reload()`
			`assert client.client_name`


unit tests: client admin deletion 2022-12-13 18:14:25 +00:00			`def test_client_delete(testclient, logged_admin):`
Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`client = models.Client(client_id="client_id")`
unit tests: client admin deletion 2022-12-13 18:14:25 +00:00			`client.save()`
Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`token = models.Token(`
Properly handle LDAP date timezones 2023-03-17 23:38:56 +00:00			`token_id="id",`
			`client=client,`
			`issue_datetime=datetime.datetime.now(datetime.timezone.utc),`
Client deletion also delete related objects 2023-01-30 18:58:00 +00:00			`)`
			`token.save()`
Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`consent = models.Consent(`
Consent cn alias 2023-03-09 23:38:16 +00:00			`consent_id="consent_id", subject=logged_admin, client=client, scope="openid"`
			`)`
Client deletion also delete related objects 2023-01-30 18:58:00 +00:00			`consent.save()`
Use ruff linter 2023-05-25 11:37:58 +00:00			`models.AuthorizationCode(authorization_code_id="id", client=client, subject=client)`
unit tests: client admin deletion 2022-12-13 18:14:25 +00:00
			`res = testclient.get("/admin/client/edit/" + client.client_id)`
modals are HTML pages instead of JS elements This will help providing the very same user experience for users with and without javascript. We will still be able to re-enable javascript modals in the future, but this should be done from the ground up, HTML first and javascript after. 2023-07-06 16:43:37 +00:00			`res = res.forms["clientaddform"].submit(name="action", value="confirm-delete")`
			`res = res.form.submit(name="action", value="delete")`
			`res = res.follow()`
unit tests: client admin deletion 2022-12-13 18:14:25 +00:00
Moved every model import to canaille.models 2023-04-09 09:37:04 +00:00			`assert not models.Client.get()`
			`assert not models.Token.get()`
			`assert not models.AuthorizationCode.get()`
			`assert not models.Consent.get()`
Client deletion also delete related objects 2023-01-30 18:58:00 +00:00
unit tests: invalid client admin deletion 2022-12-14 20:03:35 +00:00
CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`def test_client_delete_invalid_client(testclient, logged_admin, client):`
			`res = testclient.get(f"/admin/client/edit/{client.client_id}")`
			`testclient.post(`
			`"/admin/client/edit/invalid",`
OIDC client form renaming 2023-03-29 22:40:25 +00:00			`{`
			`"action": "delete",`
			`"csrf_token": res.forms["clientaddform"]["csrf_token"].value,`
			`},`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`status=404,`
			`)`
unit tests: client admin deletion 2022-12-13 18:14:25 +00:00

Fixed client preconsent disabling 2022-11-16 16:36:16 +00:00			`def test_client_edit_preauth(testclient, client, logged_admin, other_client):`
			`assert not client.preconsent`

			`res = testclient.get("/admin/client/edit/" + client.client_id)`
OIDC client form renaming 2023-03-29 22:40:25 +00:00			`res.forms["clientaddform"]["preconsent"] = True`
			`res = res.forms["clientaddform"].submit(name="action", value="edit")`
Fixed client preconsent disabling 2022-11-16 16:36:16 +00:00
Checks flask flashed messages with flask_webtest Response.flashes 2023-01-28 18:02:00 +00:00			`assert ("success", "The client has been edited.") in res.flashes`
Use LDAPObject.reload in tests instead of LDAPObject.get 2023-04-08 19:34:09 +00:00			`client.reload()`
Fixed client preconsent disabling 2022-11-16 16:36:16 +00:00			`assert client.preconsent`

			`res = testclient.get("/admin/client/edit/" + client.client_id)`
OIDC client form renaming 2023-03-29 22:40:25 +00:00			`res.forms["clientaddform"]["preconsent"] = False`
			`res = res.forms["clientaddform"].submit(name="action", value="edit")`
Fixed client preconsent disabling 2022-11-16 16:36:16 +00:00
Checks flask flashed messages with flask_webtest Response.flashes 2023-01-28 18:02:00 +00:00			`assert ("success", "The client has been edited.") in res.flashes`
Use LDAPObject.reload in tests instead of LDAPObject.get 2023-04-08 19:34:09 +00:00			`client.reload()`
Fixed client preconsent disabling 2022-11-16 16:36:16 +00:00			`assert not client.preconsent`
Forms validate URIs 2023-03-29 18:14:28 +00:00

			`def test_client_edit_invalid_uri(testclient, client, logged_admin, other_client):`
			`res = testclient.get("/admin/client/edit/" + client.client_id)`
OIDC client form renaming 2023-03-29 22:40:25 +00:00			`res.forms["clientaddform"]["client_uri"] = "invalid"`
			`res = res.forms["clientaddform"].submit(status=200, name="action", value="edit")`
Forms validate URIs 2023-03-29 18:14:28 +00:00			`assert (`
			`"error",`
			`"The client has not been edited. Please check your information.",`
			`) in res.flashes`
			`res.mustcontain("This is not a valid URL")`