canaille-globuzma/tests/conftest.py

import datetime
import ldap.ldapobject
import os
import pytest
import slapdtest
from cryptography.hazmat.primitives import serialization as crypto_serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.backends import default_backend as crypto_default_backend
from flask_webtest import TestApp
from werkzeug.security import gen_salt
from canaille import create_app
from canaille.models import User, Client, Token, AuthorizationCode, Consent
from canaille.ldaputils import LDAPObject


class CustomSlapdObject(slapdtest.SlapdObject):
    custom_schema_files = ("oauth2-openldap.schema",)
    openldap_schema_files = (
        "core.schema",
        "cosine.schema",
        "nis.schema",
        "inetorgperson.schema",
    )

    def _ln_schema_files(self, *args, **kwargs):
        dir_path = os.path.join(
            os.path.dirname(os.path.dirname(os.path.realpath(__file__))), "schemas"
        )
        super()._ln_schema_files(*args, **kwargs)
        super()._ln_schema_files(self.custom_schema_files, dir_path)

    def gen_config(self):
        previous = self.openldap_schema_files
        self.openldap_schema_files += self.custom_schema_files
        config = super().gen_config()
        self.openldap_schema_files = previous
        return config


@pytest.fixture(scope="session")
def keypair():
    key = rsa.generate_private_key(
        backend=crypto_default_backend(), public_exponent=65537, key_size=2048
    )
    private_key = key.private_bytes(
        crypto_serialization.Encoding.PEM,
        crypto_serialization.PrivateFormat.PKCS8,
        crypto_serialization.NoEncryption(),
    )
    public_key = key.public_key().public_bytes(
        crypto_serialization.Encoding.OpenSSH, crypto_serialization.PublicFormat.OpenSSH
    )
    return private_key, public_key


@pytest.fixture
def keypair_path(keypair, tmp_path):
    private_key, public_key = keypair

    private_key_path = os.path.join(tmp_path, "private.pem")
    with open(private_key_path, "wb") as fd:
        fd.write(private_key)

    public_key_path = os.path.join(tmp_path, "public.pem")
    with open(public_key_path, "wb") as fd:
        fd.write(public_key)

    return private_key_path, public_key_path


@pytest.fixture(scope="session")
def slapd_server():
    slapd = CustomSlapdObject()
    try:
        slapd.start()
        suffix_dc = slapd.suffix.split(",")[0][3:]
        slapd.ldapadd(
            "\n".join(
                [
                    "dn: " + slapd.suffix,
                    "objectClass: dcObject",
                    "objectClass: organization",
                    "dc: " + suffix_dc,
                    "o: " + suffix_dc,
                    "",
                    "dn: " + slapd.root_dn,
                    "objectClass: applicationProcess",
                    "cn: " + slapd.root_cn,
                    "",
                    "dn: ou=users," + slapd.suffix,
                    "objectClass: organizationalUnit",
                    "ou: users",
                ]
            )
            + "\n"
        )

        LDAPObject.root_dn = slapd.suffix
        User.base = "ou=users"

        yield slapd
    finally:
        slapd.stop()


@pytest.fixture
def slapd_connection(slapd_server):
    conn = ldap.ldapobject.SimpleLDAPObject(slapd_server.ldap_uri)
    conn.protocol_version = 3
    conn.simple_bind_s(slapd_server.root_dn, slapd_server.root_pw)
    yield conn
    conn.unbind_s()


@pytest.fixture
def app(slapd_server, keypair_path):
    os.environ["AUTHLIB_INSECURE_TRANSPORT"] = "true"
    private_key_path, public_key_path = keypair_path

    app = create_app(
        {
            "SECRET_KEY": gen_salt(24),
            "OAUTH2_METADATA_FILE": "canaille/conf/oauth-authorization-server.sample.json",
            "OIDC_METADATA_FILE": "canaille/conf/openid-configuration.sample.json",
            "LDAP": {
                "ROOT_DN": slapd_server.suffix,
                "URI": slapd_server.ldap_uri,
                "BIND_DN": slapd_server.root_dn,
                "BIND_PW": slapd_server.root_pw,
                "USER_BASE": "ou=users",
                "USER_FILTER": "(|(uid={login})(cn={login}))",
                "USER_CLASS": "inetOrgPerson",
                "ADMIN_FILTER": "(|(uid=admin)(sn=admin))",
                "USER_ADMIN_FILTER": "(|(uid=moderator)(sn=moderator))",
            },
            "JWT": {
                "PUBLIC_KEY": public_key_path,
                "PRIVATE_KEY": private_key_path,
                "ALG": "RS256",
                "KTY": "RSA",
                "EXP": 3600,
                "MAPPING": {
                    "SUB": "uid",
                    "NAME": "cn",
                    "PHONE_NUMBER": "telephoneNumber",
                    "EMAIL": "mail",
                    "GIVEN_NAME": "givenName",
                    "FAMILY_NAME": "sn",
                    "PREFERRED_USERNAME": "displayName",
                    "LOCALE": "preferredLanguage",
                    "PICTURE": "photo",
                },
            },
            "SMTP": {
                "HOST": "localhost",
                "PORT": 25,
                "TLS": True,
                "LOGIN": "smtp_login",
                "PASSWORD": "smtp_password",
                "FROM_ADDR": "admin@mydomain.tld",
            },
        }
    )
    return app


@pytest.fixture
def testclient(app):
    app.config["TESTING"] = True
    return TestApp(app)


@pytest.fixture
def client(app, slapd_connection):
    Client.ocs_by_name(slapd_connection)
    c = Client(
        oauthClientID=gen_salt(24),
        oauthClientName="Some client",
        oauthClientContact="contact@mydomain.tld",
        oauthClientURI="https://mydomain.tld",
        oauthRedirectURIs=[
            "https://mydomain.tld/redirect1",
            "https://mydomain.tld/redirect2",
        ],
        oauthLogoURI="https://mydomain.tld/logo.png",
        oauthIssueDate=datetime.datetime.now().strftime("%Y%m%d%H%S%MZ"),
        oauthClientSecret=gen_salt(48),
        oauthGrantType=[
            "password",
            "authorization_code",
            "implicit",
            "hybrid",
            "refresh_token",
        ],
        oauthResponseType=["code", "token", "id_token"],
        oauthScope=["openid", "profile"],
        oauthTermsOfServiceURI="https://mydomain.tld/tos",
        oauthPolicyURI="https://mydomain.tld/policy",
        oauthJWKURI="https://mydomain.tld/jwk",
        oauthTokenEndpointAuthMethod="client_secret_basic",
    )
    c.save(slapd_connection)

    return c


@pytest.fixture
def authorization(app, slapd_connection, user, client):
    AuthorizationCode.ocs_by_name(slapd_connection)
    a = AuthorizationCode(
        oauthCode="my-code",
        oauthClient=client.dn,
        oauthSubject=user.dn,
        oauthRedirectURI="https://foo.bar/callback",
        oauthResponseType="code",
        oauthScope="openid profile",
        oauthNonce="nonce",
        oauthAuthorizationDate="20200101000000Z",
        oauthAuthorizationLifetime="3600",
        oauthCodeChallenge="challenge",
        oauthCodeChallengeMethod="method",
        oauthRevokation="",
    )
    a.save(slapd_connection)
    return a


@pytest.fixture
def user(app, slapd_connection):
    User.ocs_by_name(slapd_connection)
    u = User(
        objectClass=["inetOrgPerson"],
        cn="John Doe",
        sn="Doe",
        uid="user",
        mail="john@doe.com",
        userPassword="{SSHA}fw9DYeF/gHTHuVMepsQzVYAkffGcU8Fz",
    )
    u.save(slapd_connection)
    return u


@pytest.fixture
def admin(app, slapd_connection):
    User.ocs_by_name(slapd_connection)
    u = User(
        objectClass=["inetOrgPerson"],
        cn="Jane Doe",
        sn="Doe",
        uid="admin",
        mail="jane@doe.com",
        userPassword="{SSHA}Vmgh2jkD0idX3eZHf8RzGos31oerjGiU",
    )
    u.save(slapd_connection)
    return u


@pytest.fixture
def moderator(app, slapd_connection):
    User.ocs_by_name(slapd_connection)
    u = User(
        objectClass=["inetOrgPerson"],
        cn="Jack Doe",
        sn="Doe",
        uid="moderator",
        mail="jack@doe.com",
        userPassword="{SSHA}+eHyxWqajMHsOWnhONC2vbtfNZzKTkag",
    )
    u.save(slapd_connection)
    return u


@pytest.fixture
def token(slapd_connection, client, user):
    Token.ocs_by_name(slapd_connection)
    t = Token(
        oauthAccessToken=gen_salt(48),
        oauthClient=client.dn,
        oauthSubject=user.dn,
        oauthTokenType=None,
        oauthRefreshToken=gen_salt(48),
        oauthScope="openid profile",
        oauthIssueDate=datetime.datetime.now().strftime("%Y%m%d%H%M%SZ"),
        oauthTokenLifetime=str(3600),
    )
    t.save(slapd_connection)
    return t


@pytest.fixture
def consent(slapd_connection, client, user):
    Consent.ocs_by_name(slapd_connection)
    t = Consent(
        oauthClient=client.dn,
        oauthSubject=user.dn,
        oauthScope=["openid", "profile"],
        oauthIssueDate=datetime.datetime.now().strftime("%Y%m%d%H%M%SZ"),
    )
    t.save(slapd_connection)
    return t


@pytest.fixture
def logged_user(user, testclient):
    with testclient.session_transaction() as sess:
        sess["user_dn"] = user.dn
    return user


@pytest.fixture
def logged_admin(admin, testclient):
    with testclient.session_transaction() as sess:
        sess["user_dn"] = admin.dn
    return admin


@pytest.fixture
def logged_moderator(moderator, testclient):
    with testclient.session_transaction() as sess:
        sess["user_dn"] = moderator.dn
    return moderator


@pytest.fixture(autouse=True)
def cleanups(slapd_connection):
    yield
    for consent in Consent.filter(conn=slapd_connection):
        consent.delete(conn=slapd_connection)
tests workflow 2020-08-18 15:39:34 +00:00			`import datetime`
			`import ldap.ldapobject`
			`import os`
			`import pytest`
			`import slapdtest`
Use private/public keys to sign JWTs 2020-08-28 14:07:39 +00:00			`from cryptography.hazmat.primitives import serialization as crypto_serialization`
			`from cryptography.hazmat.primitives.asymmetric import rsa`
			`from cryptography.hazmat.backends import default_backend as crypto_default_backend`
Authorization code flow unit tests 2020-08-19 08:28:28 +00:00			`from flask_webtest import TestApp`
tests workflow 2020-08-18 15:39:34 +00:00			`from werkzeug.security import gen_salt`
Renamed the project 'canaille' 2020-10-21 12:04:40 +00:00			`from canaille import create_app`
			`from canaille.models import User, Client, Token, AuthorizationCode, Consent`
			`from canaille.ldaputils import LDAPObject`
tests workflow 2020-08-18 15:39:34 +00:00

			`class CustomSlapdObject(slapdtest.SlapdObject):`
			`custom_schema_files = ("oauth2-openldap.schema",)`
Use additional schemas in unit tests 2020-10-20 07:55:05 +00:00			`openldap_schema_files = (`
			`"core.schema",`
			`"cosine.schema",`
			`"nis.schema",`
			`"inetorgperson.schema",`
			`)`
tests workflow 2020-08-18 15:39:34 +00:00
			`def _ln_schema_files(self, args, *kwargs):`
			`dir_path = os.path.join(`
			`os.path.dirname(os.path.dirname(os.path.realpath(__file__))), "schemas"`
			`)`
			`super()._ln_schema_files(args, *kwargs)`
			`super()._ln_schema_files(self.custom_schema_files, dir_path)`

			`def gen_config(self):`
			`previous = self.openldap_schema_files`
			`self.openldap_schema_files += self.custom_schema_files`
			`config = super().gen_config()`
			`self.openldap_schema_files = previous`
			`return config`


Use private/public keys to sign JWTs 2020-08-28 14:07:39 +00:00			`@pytest.fixture(scope="session")`
			`def keypair():`
			`key = rsa.generate_private_key(`
			`backend=crypto_default_backend(), public_exponent=65537, key_size=2048`
			`)`
			`private_key = key.private_bytes(`
			`crypto_serialization.Encoding.PEM,`
			`crypto_serialization.PrivateFormat.PKCS8,`
			`crypto_serialization.NoEncryption(),`
			`)`
			`public_key = key.public_key().public_bytes(`
			`crypto_serialization.Encoding.OpenSSH, crypto_serialization.PublicFormat.OpenSSH`
			`)`
			`return private_key, public_key`


			`@pytest.fixture`
			`def keypair_path(keypair, tmp_path):`
			`private_key, public_key = keypair`

			`private_key_path = os.path.join(tmp_path, "private.pem")`
			`with open(private_key_path, "wb") as fd:`
			`fd.write(private_key)`

			`public_key_path = os.path.join(tmp_path, "public.pem")`
			`with open(public_key_path, "wb") as fd:`
			`fd.write(public_key)`

			`return private_key_path, public_key_path`


tests workflow 2020-08-18 15:39:34 +00:00			`@pytest.fixture(scope="session")`
			`def slapd_server():`
			`slapd = CustomSlapdObject()`
			`try:`
			`slapd.start()`
			`suffix_dc = slapd.suffix.split(",")[0][3:]`
			`slapd.ldapadd(`
			`"\n".join(`
			`[`
			`"dn: " + slapd.suffix,`
			`"objectClass: dcObject",`
			`"objectClass: organization",`
			`"dc: " + suffix_dc,`
			`"o: " + suffix_dc,`
			`"",`
			`"dn: " + slapd.root_dn,`
			`"objectClass: applicationProcess",`
			`"cn: " + slapd.root_cn,`
Minor testfix 2020-09-28 07:47:00 +00:00			`"",`
			`"dn: ou=users," + slapd.suffix,`
			`"objectClass: organizationalUnit",`
			`"ou: users",`
tests workflow 2020-08-18 15:39:34 +00:00			`]`
			`)`
			`+ "\n"`
			`)`

Renamed LDAPObjectHelper into LDAPObject 2020-09-24 13:16:25 +00:00			`LDAPObject.root_dn = slapd.suffix`
USER_BASE configuration parameter 2020-09-01 15:11:30 +00:00			`User.base = "ou=users"`
Authorization code flow unit tests 2020-08-19 08:28:28 +00:00
tests workflow 2020-08-18 15:39:34 +00:00			`yield slapd`
			`finally:`
			`slapd.stop()`


			`@pytest.fixture`
			`def slapd_connection(slapd_server):`
			`conn = ldap.ldapobject.SimpleLDAPObject(slapd_server.ldap_uri)`
			`conn.protocol_version = 3`
			`conn.simple_bind_s(slapd_server.root_dn, slapd_server.root_pw)`
			`yield conn`
			`conn.unbind_s()`


			`@pytest.fixture`
Use private/public keys to sign JWTs 2020-08-28 14:07:39 +00:00			`def app(slapd_server, keypair_path):`
Password flow unit test 2020-08-19 07:09:22 +00:00			`os.environ["AUTHLIB_INSECURE_TRANSPORT"] = "true"`
Use private/public keys to sign JWTs 2020-08-28 14:07:39 +00:00			`private_key_path, public_key_path = keypair_path`
Password flow unit test 2020-08-19 07:09:22 +00:00
tests workflow 2020-08-18 15:39:34 +00:00			`app = create_app(`
			`{`
Authorization code flow unit tests 2020-08-19 08:28:28 +00:00			`"SECRET_KEY": gen_salt(24),`
Renamed the project 'canaille' 2020-10-21 12:04:40 +00:00			`"OAUTH2_METADATA_FILE": "canaille/conf/oauth-authorization-server.sample.json",`
			`"OIDC_METADATA_FILE": "canaille/conf/openid-configuration.sample.json",`
tests workflow 2020-08-18 15:39:34 +00:00			`"LDAP": {`
Password flow unit test 2020-08-19 07:09:22 +00:00			`"ROOT_DN": slapd_server.suffix,`
tests workflow 2020-08-18 15:39:34 +00:00			`"URI": slapd_server.ldap_uri,`
			`"BIND_DN": slapd_server.root_dn,`
			`"BIND_PW": slapd_server.root_pw,`
USER_BASE configuration parameter 2020-09-01 15:11:30 +00:00			`"USER_BASE": "ou=users",`
Alternate login filters 2020-08-20 08:45:33 +00:00			`"USER_FILTER": "(\|(uid={login})(cn={login}))",`
User admin page. Fixes #8 2020-11-01 10:33:56 +00:00			`"USER_CLASS": "inetOrgPerson",`
			`"ADMIN_FILTER": "(\|(uid=admin)(sn=admin))",`
Moderators group. #12 2020-11-02 11:13:03 +00:00			`"USER_ADMIN_FILTER": "(\|(uid=moderator)(sn=moderator))",`
Authorization code flow unit tests 2020-08-19 08:28:28 +00:00			`},`
Claims are configurable 2020-08-24 08:03:48 +00:00			`"JWT": {`
Use private/public keys to sign JWTs 2020-08-28 14:07:39 +00:00			`"PUBLIC_KEY": public_key_path,`
			`"PRIVATE_KEY": private_key_path,`
			`"ALG": "RS256",`
			`"KTY": "RSA",`
Claims are configurable 2020-08-24 08:03:48 +00:00			`"EXP": 3600,`
			`"MAPPING": {`
			`"SUB": "uid",`
			`"NAME": "cn",`
			`"PHONE_NUMBER": "telephoneNumber",`
Use additional schemas in unit tests 2020-10-20 07:55:05 +00:00			`"EMAIL": "mail",`
			`"GIVEN_NAME": "givenName",`
			`"FAMILY_NAME": "sn",`
			`"PREFERRED_USERNAME": "displayName",`
			`"LOCALE": "preferredLanguage",`
			`"PICTURE": "photo",`
Claims are configurable 2020-08-24 08:03:48 +00:00			`},`
			`},`
Password mechanism recovery. Fixes #3 2020-10-22 15:37:01 +00:00			`"SMTP": {`
			`"HOST": "localhost",`
			`"PORT": 25,`
Slightly improved coverage 2020-10-30 22:55:11 +00:00			`"TLS": True,`
Password mechanism recovery. Fixes #3 2020-10-22 15:37:01 +00:00			`"LOGIN": "smtp_login",`
			`"PASSWORD": "smtp_password",`
			`"FROM_ADDR": "admin@mydomain.tld",`
			`},`
tests workflow 2020-08-18 15:39:34 +00:00			`}`
			`)`
			`return app`


Password flow unit test 2020-08-19 07:09:22 +00:00			`@pytest.fixture`
			`def testclient(app):`
			`app.config["TESTING"] = True`
Authorization code flow unit tests 2020-08-19 08:28:28 +00:00			`return TestApp(app)`
Password flow unit test 2020-08-19 07:09:22 +00:00

tests workflow 2020-08-18 15:39:34 +00:00			`@pytest.fixture`
			`def client(app, slapd_connection):`
Minor testfix 2020-09-28 07:47:00 +00:00			`Client.ocs_by_name(slapd_connection)`
tests workflow 2020-08-18 15:39:34 +00:00			`c = Client(`
			`oauthClientID=gen_salt(24),`
			`oauthClientName="Some client",`
			`oauthClientContact="contact@mydomain.tld",`
			`oauthClientURI="https://mydomain.tld",`
			`oauthRedirectURIs=[`
			`"https://mydomain.tld/redirect1",`
			`"https://mydomain.tld/redirect2",`
			`],`
			`oauthLogoURI="https://mydomain.tld/logo.png",`
			`oauthIssueDate=datetime.datetime.now().strftime("%Y%m%d%H%S%MZ"),`
			`oauthClientSecret=gen_salt(48),`
Implemented refresh grant 2020-08-24 08:52:21 +00:00			`oauthGrantType=[`
			`"password",`
			`"authorization_code",`
			`"implicit",`
			`"hybrid",`
			`"refresh_token",`
			`],`
Implicit flow test 2020-08-20 12:30:42 +00:00			`oauthResponseType=["code", "token", "id_token"],`
tests workflow 2020-08-18 15:39:34 +00:00			`oauthScope=["openid", "profile"],`
			`oauthTermsOfServiceURI="https://mydomain.tld/tos",`
			`oauthPolicyURI="https://mydomain.tld/policy",`
			`oauthJWKURI="https://mydomain.tld/jwk",`
			`oauthTokenEndpointAuthMethod="client_secret_basic",`
			`)`
			`c.save(slapd_connection)`
Authorization code flow unit tests 2020-08-19 08:28:28 +00:00
tests workflow 2020-08-18 15:39:34 +00:00			`return c`


Token list and auth code list views 2020-08-26 14:27:08 +00:00			`@pytest.fixture`
Schema use client dn instead of client id 2020-09-07 13:39:51 +00:00			`def authorization(app, slapd_connection, user, client):`
Minor testfix 2020-09-28 07:47:00 +00:00			`AuthorizationCode.ocs_by_name(slapd_connection)`
Token list and auth code list views 2020-08-26 14:27:08 +00:00			`a = AuthorizationCode(`
			`oauthCode="my-code",`
Schema use client dn instead of client id 2020-09-07 13:39:51 +00:00			`oauthClient=client.dn,`
oauthSubject use full DN in tests 2020-09-07 09:28:29 +00:00			`oauthSubject=user.dn,`
Token list and auth code list views 2020-08-26 14:27:08 +00:00			`oauthRedirectURI="https://foo.bar/callback",`
			`oauthResponseType="code",`
			`oauthScope="openid profile",`
			`oauthNonce="nonce",`
			`oauthAuthorizationDate="20200101000000Z",`
			`oauthAuthorizationLifetime="3600",`
			`oauthCodeChallenge="challenge",`
			`oauthCodeChallengeMethod="method",`
Remember revokation dates 2020-09-17 09:10:12 +00:00			`oauthRevokation="",`
Token list and auth code list views 2020-08-26 14:27:08 +00:00			`)`
			`a.save(slapd_connection)`
			`return a`


tests workflow 2020-08-18 15:39:34 +00:00			`@pytest.fixture`
			`def user(app, slapd_connection):`
Minor testfix 2020-09-28 07:47:00 +00:00			`User.ocs_by_name(slapd_connection)`
Alternate login filters 2020-08-20 08:45:33 +00:00			`u = User(`
Use inetOrgPerson for unit tests users 2020-10-20 09:36:58 +00:00			`objectClass=["inetOrgPerson"],`
Alternate login filters 2020-08-20 08:45:33 +00:00			`cn="John Doe",`
			`sn="Doe",`
			`uid="user",`
Email check on user profile form 2020-10-21 07:52:02 +00:00			`mail="john@doe.com",`
Password mechanism recovery. Fixes #3 2020-10-22 15:37:01 +00:00			`userPassword="{SSHA}fw9DYeF/gHTHuVMepsQzVYAkffGcU8Fz",`
Alternate login filters 2020-08-20 08:45:33 +00:00			`)`
tests workflow 2020-08-18 15:39:34 +00:00			`u.save(slapd_connection)`
			`return u`
oidc implicit flow test 2020-08-23 17:56:37 +00:00

Client unit tests 2020-08-26 13:37:15 +00:00			`@pytest.fixture`
			`def admin(app, slapd_connection):`
Minor testfix 2020-09-28 07:47:00 +00:00			`User.ocs_by_name(slapd_connection)`
Client unit tests 2020-08-26 13:37:15 +00:00			`u = User(`
Use inetOrgPerson for unit tests users 2020-10-20 09:36:58 +00:00			`objectClass=["inetOrgPerson"],`
Client unit tests 2020-08-26 13:37:15 +00:00			`cn="Jane Doe",`
			`sn="Doe",`
			`uid="admin",`
Email check on user profile form 2020-10-21 07:52:02 +00:00			`mail="jane@doe.com",`
Password mechanism recovery. Fixes #3 2020-10-22 15:37:01 +00:00			`userPassword="{SSHA}Vmgh2jkD0idX3eZHf8RzGos31oerjGiU",`
Client unit tests 2020-08-26 13:37:15 +00:00			`)`
			`u.save(slapd_connection)`
			`return u`


Moderators group. #12 2020-11-02 11:13:03 +00:00			`@pytest.fixture`
			`def moderator(app, slapd_connection):`
			`User.ocs_by_name(slapd_connection)`
			`u = User(`
			`objectClass=["inetOrgPerson"],`
			`cn="Jack Doe",`
			`sn="Doe",`
			`uid="moderator",`
			`mail="jack@doe.com",`
			`userPassword="{SSHA}+eHyxWqajMHsOWnhONC2vbtfNZzKTkag",`
			`)`
			`u.save(slapd_connection)`
			`return u`


Token introspection 2020-08-24 12:44:32 +00:00			`@pytest.fixture`
			`def token(slapd_connection, client, user):`
Minor testfix 2020-09-28 07:47:00 +00:00			`Token.ocs_by_name(slapd_connection)`
Token introspection 2020-08-24 12:44:32 +00:00			`t = Token(`
			`oauthAccessToken=gen_salt(48),`
Schema use client dn instead of client id 2020-09-07 13:39:51 +00:00			`oauthClient=client.dn,`
Token introspection 2020-08-24 12:44:32 +00:00			`oauthSubject=user.dn,`
			`oauthTokenType=None,`
			`oauthRefreshToken=gen_salt(48),`
			`oauthScope="openid profile",`
			`oauthIssueDate=datetime.datetime.now().strftime("%Y%m%d%H%M%SZ"),`
			`oauthTokenLifetime=str(3600),`
			`)`
			`t.save(slapd_connection)`
			`return t`


Consents page 2020-09-17 10:01:21 +00:00			`@pytest.fixture`
			`def consent(slapd_connection, client, user):`
Minor testfix 2020-09-28 07:47:00 +00:00			`Consent.ocs_by_name(slapd_connection)`
Consents page 2020-09-17 10:01:21 +00:00			`t = Consent(`
			`oauthClient=client.dn,`
			`oauthSubject=user.dn,`
			`oauthScope=["openid", "profile"],`
			`oauthIssueDate=datetime.datetime.now().strftime("%Y%m%d%H%M%SZ"),`
			`)`
			`t.save(slapd_connection)`
			`return t`


oidc implicit flow test 2020-08-23 17:56:37 +00:00			`@pytest.fixture`
			`def logged_user(user, testclient):`
			`with testclient.session_transaction() as sess:`
			`sess["user_dn"] = user.dn`
			`return user`
Client unit tests 2020-08-26 13:37:15 +00:00

			`@pytest.fixture`
			`def logged_admin(admin, testclient):`
			`with testclient.session_transaction() as sess:`
			`sess["user_dn"] = admin.dn`
			`return admin`
Remember consents 2020-09-17 08:00:39 +00:00

Moderators group. #12 2020-11-02 11:13:03 +00:00			`@pytest.fixture`
			`def logged_moderator(moderator, testclient):`
			`with testclient.session_transaction() as sess:`
			`sess["user_dn"] = moderator.dn`
			`return moderator`


Remember consents 2020-09-17 08:00:39 +00:00			`@pytest.fixture(autouse=True)`
			`def cleanups(slapd_connection):`
			`yield`
			`for consent in Consent.filter(conn=slapd_connection):`
			`consent.delete(conn=slapd_connection)`