canaille-globuzma/tests/oidc/test_code_admin.py

from canaille.oidc.models import AuthorizationCode
from werkzeug.security import gen_salt


def test_no_logged_no_access(testclient):
    testclient.get("/admin/authorization", status=403)


def test_no_admin_no_access(testclient, logged_user):
    testclient.get("/admin/authorization", status=403)


def test_authorizaton_list(testclient, authorization, logged_admin):
    res = testclient.get("/admin/authorization")
    res.mustcontain(authorization.authorization_code_id)


def test_authorization_list_pagination(testclient, logged_admin, client):
    res = testclient.get("/admin/authorization")
    res.mustcontain("0 items")
    authorizations = []
    for _ in range(26):
        code = AuthorizationCode(
            authorization_code_id=gen_salt(48), client=client, subject=client
        )
        code.save()
        authorizations.append(code)

    res = testclient.get("/admin/authorization")
    res.mustcontain("26 items")
    authorization_code_id = res.pyquery(
        ".codes tbody tr:nth-of-type(1) td:nth-of-type(1) a"
    ).text()
    assert authorization_code_id

    form = res.forms["next"]
    form["page"] = 2
    res = form.submit()
    assert authorization_code_id not in res.pyquery(
        ".codes tbody tr td:nth-of-type(1) a"
    ).text().split(" ")
    for authorization in authorizations:
        authorization.delete()

    res = testclient.get("/admin/authorization")
    res.mustcontain("0 items")


def test_authorization_list_bad_pages(testclient, logged_admin):
    res = testclient.get("/admin/authorization")
    form = res.forms["next"]
    testclient.post(
        "/admin/authorization",
        {"csrf_token": form["csrf_token"].value, "page": "2"},
        status=404,
    )

    res = testclient.get("/admin/authorization")
    form = res.forms["next"]
    testclient.post(
        "/admin/authorization",
        {"csrf_token": form["csrf_token"].value, "page": "-1"},
        status=404,
    )


def test_authorization_list_search(testclient, logged_admin, client):
    id1 = gen_salt(48)
    auth1 = AuthorizationCode(authorization_code_id=id1, client=client, subject=client)
    auth1.save()

    id2 = gen_salt(48)
    auth2 = AuthorizationCode(authorization_code_id=id2, client=client, subject=client)
    auth2.save()

    res = testclient.get("/admin/authorization")
    res.mustcontain("2 items")
    res.mustcontain(id1)
    res.mustcontain(id2)

    form = res.forms["search"]
    form["query"] = id1
    res = form.submit()

    res.mustcontain("1 items")
    res.mustcontain(id1)
    res.mustcontain(no=id2)


def test_authorizaton_view(testclient, authorization, logged_admin):
    res = testclient.get("/admin/authorization/" + authorization.authorization_code_id)
    for attr in authorization.may() + authorization.must():
        res.mustcontain(attr)
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`from canaille.oidc.models import AuthorizationCode`
			`from werkzeug.security import gen_salt`


Token list and auth code list views 2020-08-26 14:27:08 +00:00			`def test_no_logged_no_access(testclient):`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00			`testclient.get("/admin/authorization", status=403)`
Token list and auth code list views 2020-08-26 14:27:08 +00:00

			`def test_no_admin_no_access(testclient, logged_user):`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00			`testclient.get("/admin/authorization", status=403)`
Token list and auth code list views 2020-08-26 14:27:08 +00:00

			`def test_authorizaton_list(testclient, authorization, logged_admin):`
Draft for a 'my accesses' page 2020-08-26 15:23:53 +00:00			`res = testclient.get("/admin/authorization")`
Unit tests use WebTest .mustcontain method when possible 2023-03-16 15:25:14 +00:00			`res.mustcontain(authorization.authorization_code_id)`
Token list and auth code list views 2020-08-26 14:27:08 +00:00

Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`def test_authorization_list_pagination(testclient, logged_admin, client):`
			`res = testclient.get("/admin/authorization")`
Unit tests use WebTest .mustcontain method when possible 2023-03-16 15:25:14 +00:00			`res.mustcontain("0 items")`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`authorizations = []`
			`for _ in range(26):`
			`code = AuthorizationCode(`
			`authorization_code_id=gen_salt(48), client=client, subject=client`
			`)`
			`code.save()`
			`authorizations.append(code)`

			`res = testclient.get("/admin/authorization")`
Unit tests use WebTest .mustcontain method when possible 2023-03-16 15:25:14 +00:00			`res.mustcontain("26 items")`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`authorization_code_id = res.pyquery(`
			`".codes tbody tr:nth-of-type(1) td:nth-of-type(1) a"`
			`).text()`
			`assert authorization_code_id`

Fixed unit tests 2023-03-09 19:46:04 +00:00			`form = res.forms["next"]`
			`form["page"] = 2`
			`res = form.submit()`
			`assert authorization_code_id not in res.pyquery(`
			`".codes tbody tr td:nth-of-type(1) a"`
			`).text().split(" ")`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`for authorization in authorizations:`
			`authorization.delete()`

			`res = testclient.get("/admin/authorization")`
Unit tests use WebTest .mustcontain method when possible 2023-03-16 15:25:14 +00:00			`res.mustcontain("0 items")`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00

			`def test_authorization_list_bad_pages(testclient, logged_admin):`
			`res = testclient.get("/admin/authorization")`
Fixed unit tests 2023-03-09 19:46:04 +00:00			`form = res.forms["next"]`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`testclient.post(`
			`"/admin/authorization",`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`{"csrf_token": form["csrf_token"].value, "page": "2"},`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`status=404,`
			`)`

			`res = testclient.get("/admin/authorization")`
Fixed unit tests 2023-03-09 19:46:04 +00:00			`form = res.forms["next"]`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`testclient.post(`
			`"/admin/authorization",`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`{"csrf_token": form["csrf_token"].value, "page": "-1"},`
Every list of items is paginated server-side. 2023-02-25 17:11:19 +00:00			`status=404,`
			`)`


Table search implementation 2023-03-07 17:29:18 +00:00			`def test_authorization_list_search(testclient, logged_admin, client):`
			`id1 = gen_salt(48)`
			`auth1 = AuthorizationCode(authorization_code_id=id1, client=client, subject=client)`
			`auth1.save()`

			`id2 = gen_salt(48)`
			`auth2 = AuthorizationCode(authorization_code_id=id2, client=client, subject=client)`
			`auth2.save()`

			`res = testclient.get("/admin/authorization")`
Unit tests use WebTest .mustcontain method when possible 2023-03-16 15:25:14 +00:00			`res.mustcontain("2 items")`
			`res.mustcontain(id1)`
			`res.mustcontain(id2)`
Table search implementation 2023-03-07 17:29:18 +00:00
			`form = res.forms["search"]`
			`form["query"] = id1`
			`res = form.submit()`

Unit tests use WebTest .mustcontain method when possible 2023-03-16 15:25:14 +00:00			`res.mustcontain("1 items")`
			`res.mustcontain(id1)`
			`res.mustcontain(no=id2)`
Table search implementation 2023-03-07 17:29:18 +00:00

Token list and auth code list views 2020-08-26 14:27:08 +00:00			`def test_authorizaton_view(testclient, authorization, logged_admin):`
AuthorizationCode and Token have a new id parameter 2022-02-16 17:00:30 +00:00			`res = testclient.get("/admin/authorization/" + authorization.authorization_code_id)`
Delayed LDAPObject may and must initialization 2023-03-07 23:53:27 +00:00			`for attr in authorization.may() + authorization.must():`
Unit tests use WebTest .mustcontain method when possible 2023-03-16 15:25:14 +00:00			`res.mustcontain(attr)`