canaille-globuzma/tests/test_password_flow.py

from . import client_credentials
from canaille.models import Token


def test_password_flow_basic(testclient, slapd_connection, user, client):
    res = testclient.post(
        "/oauth/token",
        params=dict(
            grant_type="password",
            username="John (johnny) Doe",
            password="correct horse battery staple",
            scope="profile",
        ),
        headers={"Authorization": f"Basic {client_credentials(client)}"},
        status=200,
    )

    assert res.json["scope"] == "openid profile groups"
    assert res.json["token_type"] == "Bearer"
    access_token = res.json["access_token"]

    token = Token.get(access_token, conn=slapd_connection)
    assert token is not None

    res = testclient.get(
        "/oauth/userinfo",
        headers={"Authorization": f"Bearer {access_token}"},
        status=200,
    )
    assert {
        "name": "John (johnny) Doe",
        "sub": "user",
        "family_name": "Doe",
        "groups": [],
    } == res.json


def test_password_flow_post(testclient, slapd_connection, user, client):
    client.oauthTokenEndpointAuthMethod = "client_secret_post"
    client.save(conn=slapd_connection)

    res = testclient.post(
        "/oauth/token",
        params=dict(
            grant_type="password",
            username="John (johnny) Doe",
            password="correct horse battery staple",
            scope="profile",
            client_id=client.oauthClientID,
            client_secret=client.oauthClientSecret,
        ),
        status=200,
    )

    assert res.json["scope"] == "openid profile groups"
    assert res.json["token_type"] == "Bearer"
    access_token = res.json["access_token"]

    token = Token.get(access_token, conn=slapd_connection)
    assert token is not None

    res = testclient.get(
        "/oauth/userinfo",
        headers={"Authorization": f"Bearer {access_token}"},
        status=200,
    )
    assert {
        "name": "John (johnny) Doe",
        "sub": "user",
        "family_name": "Doe",
        "groups": [],
    } == res.json
Authorization code flow unit tests 2020-08-19 08:28:28 +00:00			`from . import client_credentials`
Renamed the project 'canaille' 2020-10-21 12:04:40 +00:00			`from canaille.models import Token`
Password flow unit test 2020-08-19 07:09:22 +00:00

password flow: allow other token endpoint authentication methods 2021-11-21 12:23:08 +00:00			`def test_password_flow_basic(testclient, slapd_connection, user, client):`
Password flow unit test 2020-08-19 07:09:22 +00:00			`res = testclient.post(`
			`"/oauth/token",`
Authorization code flow unit tests 2020-08-19 08:28:28 +00:00			`params=dict(`
Password flow unit test 2020-08-19 07:09:22 +00:00			`grant_type="password",`
Escape filters 2021-12-06 14:40:30 +00:00			`username="John (johnny) Doe",`
Actually authentify against LDAP password 2020-08-19 11:49:38 +00:00			`password="correct horse battery staple",`
Password flow unit test 2020-08-19 07:09:22 +00:00			`scope="profile",`
			`),`
Authorization code flow unit tests 2020-08-19 08:28:28 +00:00			`headers={"Authorization": f"Basic {client_credentials(client)}"},`
Minor test refactoring 2020-10-30 18:19:34 +00:00			`status=200,`
Password flow unit test 2020-08-19 07:09:22 +00:00			`)`

Add groups claim and scope 2021-06-03 15:24:36 +00:00			`assert res.json["scope"] == "openid profile groups"`
Password flow unit test 2020-08-19 07:09:22 +00:00			`assert res.json["token_type"] == "Bearer"`
			`access_token = res.json["access_token"]`

Admin login 2020-08-19 14:20:57 +00:00			`token = Token.get(access_token, conn=slapd_connection)`
Authorization code flow unit tests 2020-08-19 08:28:28 +00:00			`assert token is not None`

Userinfo endpoint 2020-09-25 09:26:41 +00:00			`res = testclient.get(`
Minor test refactoring 2020-10-30 18:19:34 +00:00			`"/oauth/userinfo",`
			`headers={"Authorization": f"Bearer {access_token}"},`
			`status=200,`
Userinfo endpoint 2020-09-25 09:26:41 +00:00			`)`
black 2021-09-28 07:30:41 +00:00			`assert {`
Escape filters 2021-12-06 14:40:30 +00:00			`"name": "John (johnny) Doe",`
black 2021-09-28 07:30:41 +00:00			`"sub": "user",`
			`"family_name": "Doe",`
			`"groups": [],`
			`} == res.json`
password flow: allow other token endpoint authentication methods 2021-11-21 12:23:08 +00:00

			`def test_password_flow_post(testclient, slapd_connection, user, client):`
			`client.oauthTokenEndpointAuthMethod = "client_secret_post"`
			`client.save(conn=slapd_connection)`

			`res = testclient.post(`
			`"/oauth/token",`
			`params=dict(`
			`grant_type="password",`
Escape filters 2021-12-06 14:40:30 +00:00			`username="John (johnny) Doe",`
password flow: allow other token endpoint authentication methods 2021-11-21 12:23:08 +00:00			`password="correct horse battery staple",`
			`scope="profile",`
			`client_id=client.oauthClientID,`
			`client_secret=client.oauthClientSecret,`
			`),`
			`status=200,`
			`)`

			`assert res.json["scope"] == "openid profile groups"`
			`assert res.json["token_type"] == "Bearer"`
			`access_token = res.json["access_token"]`

			`token = Token.get(access_token, conn=slapd_connection)`
			`assert token is not None`

			`res = testclient.get(`
			`"/oauth/userinfo",`
			`headers={"Authorization": f"Bearer {access_token}"},`
			`status=200,`
			`)`
			`assert {`
Escape filters 2021-12-06 14:40:30 +00:00			`"name": "John (johnny) Doe",`
password flow: allow other token endpoint authentication methods 2021-11-21 12:23:08 +00:00			`"sub": "user",`
			`"family_name": "Doe",`
			`"groups": [],`
			`} == res.json`