canaille-globuzma/tests/oidc/conftest.py

import datetime

import pytest
from authlib.oidc.core.grants.util import generate_id_token
from canaille.oidc.models import AuthorizationCode
from canaille.oidc.models import Client
from canaille.oidc.models import Consent
from canaille.oidc.models import Token
from canaille.oidc.oauth import generate_user_info
from canaille.oidc.oauth import get_jwt_config
from werkzeug.security import gen_salt


@pytest.fixture
def client(testclient, other_client, slapd_connection):
    c = Client(
        client_id=gen_salt(24),
        client_name="Some client",
        contacts="contact@mydomain.tld",
        client_uri="https://mydomain.tld",
        redirect_uris=[
            "https://mydomain.tld/redirect1",
            "https://mydomain.tld/redirect2",
        ],
        logo_uri="https://mydomain.tld/logo.png",
        client_id_issued_at=datetime.datetime.now(),
        client_secret=gen_salt(48),
        grant_types=[
            "password",
            "authorization_code",
            "implicit",
            "hybrid",
            "refresh_token",
        ],
        response_types=["code", "token", "id_token"],
        scope=["openid", "email", "profile", "groups", "address", "phone"],
        tos_uri="https://mydomain.tld/tos",
        policy_uri="https://mydomain.tld/policy",
        jwks_uri="https://mydomain.tld/jwk",
        token_endpoint_auth_method="client_secret_basic",
        post_logout_redirect_uris=["https://mydomain.tld/disconnected"],
    )
    c.audience = [c.dn, other_client.dn]
    c.save()

    yield c
    try:
        c.delete()
    except:
        pass


@pytest.fixture
def other_client(testclient, slapd_connection):
    c = Client(
        client_id=gen_salt(24),
        client_name="Some other client",
        contacts="contact@myotherdomain.tld",
        client_uri="https://myotherdomain.tld",
        redirect_uris=[
            "https://myotherdomain.tld/redirect1",
            "https://myotherdomain.tld/redirect2",
        ],
        logo_uri="https://myotherdomain.tld/logo.png",
        client_id_issued_at=datetime.datetime.now(),
        client_secret=gen_salt(48),
        grant_types=[
            "password",
            "authorization_code",
            "implicit",
            "hybrid",
            "refresh_token",
        ],
        response_types=["code", "token", "id_token"],
        scope=["openid", "profile", "groups"],
        tos_uri="https://myotherdomain.tld/tos",
        policy_uri="https://myotherdomain.tld/policy",
        jwks_uri="https://myotherdomain.tld/jwk",
        token_endpoint_auth_method="client_secret_basic",
        post_logout_redirect_uris=["https://myotherdomain.tld/disconnected"],
    )
    c.audience = [c.dn]
    c.save()

    yield c
    try:
        c.delete()
    except:
        pass


@pytest.fixture
def authorization(testclient, user, client, slapd_connection):
    a = AuthorizationCode(
        authorization_code_id=gen_salt(48),
        code="my-code",
        client=client.dn,
        subject=user.dn,
        redirect_uri="https://foo.bar/callback",
        response_type="code",
        scope="openid profile",
        nonce="nonce",
        issue_date=datetime.datetime(2020, 1, 1),
        lifetime="3600",
        challenge="challenge",
        challenge_method="method",
        revokation="",
    )
    a.save()
    yield a
    try:
        a.delete()
    except:
        pass


@pytest.fixture
def token(testclient, client, user, slapd_connection):
    t = Token(
        token_id=gen_salt(48),
        access_token=gen_salt(48),
        audience=[client.dn],
        client=client.dn,
        subject=user.dn,
        token_type=None,
        refresh_token=gen_salt(48),
        scope="openid profile",
        issue_date=datetime.datetime.now(),
        lifetime=str(3600),
    )
    t.save()
    yield t
    try:
        t.delete()
    except:
        pass


@pytest.fixture
def id_token(testclient, client, user, slapd_connection):
    return generate_id_token(
        {},
        generate_user_info(user.dn, client.scope),
        aud=client.client_id,
        **get_jwt_config(None)
    )


@pytest.fixture
def consent(testclient, client, user, slapd_connection):
    t = Consent(
        client=client.dn,
        subject=user.dn,
        scope=["openid", "profile"],
        issue_date=datetime.datetime.now(),
    )
    t.save()
    yield t
    try:
        t.delete()
    except:
        pass
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`import datetime`

			`import pytest`
Implemented RP-initiated logout 2022-05-20 12:07:56 +00:00			`from authlib.oidc.core.grants.util import generate_id_token`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`from canaille.oidc.models import AuthorizationCode`
			`from canaille.oidc.models import Client`
			`from canaille.oidc.models import Consent`
			`from canaille.oidc.models import Token`
Refactoring: file renaming 2022-10-06 11:32:41 +00:00			`from canaille.oidc.oauth import generate_user_info`
			`from canaille.oidc.oauth import get_jwt_config`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`from werkzeug.security import gen_salt`


			`@pytest.fixture`
Get rid of autouse fixtures 2022-05-20 07:24:24 +00:00			`def client(testclient, other_client, slapd_connection):`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`c = Client(`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`client_id=gen_salt(24),`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_name="Some client",`
			`contacts="contact@mydomain.tld",`
			`client_uri="https://mydomain.tld",`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`redirect_uris=[`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`"https://mydomain.tld/redirect1",`
			`"https://mydomain.tld/redirect2",`
			`],`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`logo_uri="https://mydomain.tld/logo.png",`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_id_issued_at=datetime.datetime.now(),`
			`client_secret=gen_salt(48),`
			`grant_types=[`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`"password",`
			`"authorization_code",`
			`"implicit",`
			`"hybrid",`
			`"refresh_token",`
			`],`
Variable renaming 2022-10-17 15:49:52 +00:00			`response_types=["code", "token", "id_token"],`
Client only return the asked scopes 2022-07-07 14:05:34 +00:00			`scope=["openid", "email", "profile", "groups", "address", "phone"],`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`tos_uri="https://mydomain.tld/tos",`
			`policy_uri="https://mydomain.tld/policy",`
Variable renaming 2022-10-17 15:49:52 +00:00			`jwks_uri="https://mydomain.tld/jwk",`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`token_endpoint_auth_method="client_secret_basic",`
Implemented RP-initiated logout 2022-05-20 12:07:56 +00:00			`post_logout_redirect_uris=["https://mydomain.tld/disconnected"],`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`c.audience = [c.dn, other_client.dn]`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`c.save()`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00
Get rid of autouse fixtures 2022-05-20 07:24:24 +00:00			`yield c`
			`try:`
			`c.delete()`
			`except:`
			`pass`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00

			`@pytest.fixture`
Get rid of autouse fixtures 2022-05-20 07:24:24 +00:00			`def other_client(testclient, slapd_connection):`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`c = Client(`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`client_id=gen_salt(24),`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_name="Some other client",`
			`contacts="contact@myotherdomain.tld",`
			`client_uri="https://myotherdomain.tld",`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`redirect_uris=[`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`"https://myotherdomain.tld/redirect1",`
			`"https://myotherdomain.tld/redirect2",`
			`],`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`logo_uri="https://myotherdomain.tld/logo.png",`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_id_issued_at=datetime.datetime.now(),`
			`client_secret=gen_salt(48),`
			`grant_types=[`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`"password",`
			`"authorization_code",`
			`"implicit",`
			`"hybrid",`
			`"refresh_token",`
			`],`
Variable renaming 2022-10-17 15:49:52 +00:00			`response_types=["code", "token", "id_token"],`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`scope=["openid", "profile", "groups"],`
			`tos_uri="https://myotherdomain.tld/tos",`
			`policy_uri="https://myotherdomain.tld/policy",`
Variable renaming 2022-10-17 15:49:52 +00:00			`jwks_uri="https://myotherdomain.tld/jwk",`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`token_endpoint_auth_method="client_secret_basic",`
Implemented RP-initiated logout 2022-05-20 12:07:56 +00:00			`post_logout_redirect_uris=["https://myotherdomain.tld/disconnected"],`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`c.audience = [c.dn]`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`c.save()`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00
Get rid of autouse fixtures 2022-05-20 07:24:24 +00:00			`yield c`
			`try:`
			`c.delete()`
			`except:`
			`pass`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00

			`@pytest.fixture`
Get rid of autouse fixtures 2022-05-20 07:24:24 +00:00			`def authorization(testclient, user, client, slapd_connection):`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`a = AuthorizationCode(`
AuthorizationCode and Token have a new id parameter 2022-02-16 17:00:30 +00:00			`authorization_code_id=gen_salt(48),`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`code="my-code",`
			`client=client.dn,`
			`subject=user.dn,`
			`redirect_uri="https://foo.bar/callback",`
			`response_type="code",`
			`scope="openid profile",`
			`nonce="nonce",`
			`issue_date=datetime.datetime(2020, 1, 1),`
			`lifetime="3600",`
			`challenge="challenge",`
			`challenge_method="method",`
			`revokation="",`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`)`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`a.save()`
Get rid of autouse fixtures 2022-05-20 07:24:24 +00:00			`yield a`
			`try:`
			`a.delete()`
			`except:`
			`pass`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00

			`@pytest.fixture`
Get rid of autouse fixtures 2022-05-20 07:24:24 +00:00			`def token(testclient, client, user, slapd_connection):`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`t = Token(`
AuthorizationCode and Token have a new id parameter 2022-02-16 17:00:30 +00:00			`token_id=gen_salt(48),`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`access_token=gen_salt(48),`
			`audience=[client.dn],`
			`client=client.dn,`
			`subject=user.dn,`
			`token_type=None,`
			`refresh_token=gen_salt(48),`
			`scope="openid profile",`
			`issue_date=datetime.datetime.now(),`
			`lifetime=str(3600),`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`)`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`t.save()`
Get rid of autouse fixtures 2022-05-20 07:24:24 +00:00			`yield t`
			`try:`
			`t.delete()`
			`except:`
			`pass`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00

Implemented RP-initiated logout 2022-05-20 12:07:56 +00:00			`@pytest.fixture`
			`def id_token(testclient, client, user, slapd_connection):`
			`return generate_id_token(`
			`{},`
			`generate_user_info(user.dn, client.scope),`
			`aud=client.client_id,`
			`**get_jwt_config(None)`
			`)`


split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`@pytest.fixture`
Get rid of autouse fixtures 2022-05-20 07:24:24 +00:00			`def consent(testclient, client, user, slapd_connection):`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`t = Consent(`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`client=client.dn,`
			`subject=user.dn,`
			`scope=["openid", "profile"],`
			`issue_date=datetime.datetime.now(),`
split oidc tests from the rest 2022-01-11 18:42:26 +00:00			`)`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`t.save()`
Get rid of autouse fixtures 2022-05-20 07:24:24 +00:00			`yield t`
			`try:`
			`t.delete()`
			`except:`
			`pass`