canaille-globuzma/tests/test_oauth2utils.py

from canaille.models import User
from canaille.oauth2utils import generate_user_claims

STANDARD_CLAIMS = [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "preferred_username",
    "profile",
    "picture",
    "website",
    "email",
    "email_verified",
    "gender",
    "birthdate",
    "zoneinfo",
    "locale",
    "phone_number",
    "phone_number_verified",
    "address",
    "updated_at",
]
DEFAULT_JWT_MAPPING_CONFIG = {
    "SUB": "{uid}",
    "NAME": "{cn}",
    "PHONE_NUMBER": "{telephoneNumber}",
    "EMAIL": "{mail}",
    "GIVEN_NAME": "{givenName}",
    "FAMILY_NAME": "{sn}",
    "PREFERRED_USERNAME": "{displayName}",
    "LOCALE": "{preferredLanguage}",
}


def test_generate_user_standard_claims_with_default_config(slapd_connection, user):
    User.ldap_object_classes(slapd_connection)

    data = generate_user_claims(user, STANDARD_CLAIMS, DEFAULT_JWT_MAPPING_CONFIG)

    assert data == {
        "name": "John (johnny) Doe",
        "family_name": "Doe",
        "email": "john@doe.com",
        "sub": "user",
    }


def test_custom_config_format_claim_is_well_formated(slapd_connection, user):
    User.ldap_object_classes(slapd_connection)
    jwt_mapping_config = DEFAULT_JWT_MAPPING_CONFIG.copy()
    jwt_mapping_config["EMAIL"] = "{uid}@mydomain.tld"

    data = generate_user_claims(user, STANDARD_CLAIMS, jwt_mapping_config)

    assert data["email"] == "user@mydomain.tld"


def test_claim_is_omitted_if_empty(slapd_connection, user):
    # According to https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
    # it's better to not insert a null or empty string value
    User.ldap_object_classes(slapd_connection)
    user.mail = ""
    user.save(slapd_connection)

    data = generate_user_claims(user, STANDARD_CLAIMS, DEFAULT_JWT_MAPPING_CONFIG)

    assert "email" not in data


def test_custom_format_claim_is_formatted_with_empty_value_and_not_omitted(slapd_connection, user):
    # If the jwt mapping config is customized, it's not canaille's responsability to verify value consistency when one user attribute is not set or null.
    # Attribute field is left empty in the formatted string.
    User.ldap_object_classes(slapd_connection)
    jwt_mapping_config = DEFAULT_JWT_MAPPING_CONFIG.copy()
    jwt_mapping_config["EMAIL"] = "{givenName}@mydomain.tld"

    data = generate_user_claims(user, STANDARD_CLAIMS, jwt_mapping_config)

    assert data["email"] == "@mydomain.tld"
customize jwt claims with format string in config file 2021-12-10 14:56:43 +00:00			`from canaille.models import User`
			`from canaille.oauth2utils import generate_user_claims`

			`STANDARD_CLAIMS = [`
			`"sub",`
			`"name",`
			`"given_name",`
			`"family_name",`
			`"middle_name",`
			`"nickname",`
			`"preferred_username",`
			`"profile",`
			`"picture",`
			`"website",`
			`"email",`
			`"email_verified",`
			`"gender",`
			`"birthdate",`
			`"zoneinfo",`
			`"locale",`
			`"phone_number",`
			`"phone_number_verified",`
			`"address",`
			`"updated_at",`
			`]`
			`DEFAULT_JWT_MAPPING_CONFIG = {`
			`"SUB": "{uid}",`
			`"NAME": "{cn}",`
			`"PHONE_NUMBER": "{telephoneNumber}",`
			`"EMAIL": "{mail}",`
			`"GIVEN_NAME": "{givenName}",`
			`"FAMILY_NAME": "{sn}",`
			`"PREFERRED_USERNAME": "{displayName}",`
			`"LOCALE": "{preferredLanguage}",`
			`}`


			`def test_generate_user_standard_claims_with_default_config(slapd_connection, user):`
			`User.ldap_object_classes(slapd_connection)`

			`data = generate_user_claims(user, STANDARD_CLAIMS, DEFAULT_JWT_MAPPING_CONFIG)`

			`assert data == {`
			`"name": "John (johnny) Doe",`
			`"family_name": "Doe",`
			`"email": "john@doe.com",`
			`"sub": "user",`
			`}`


			`def test_custom_config_format_claim_is_well_formated(slapd_connection, user):`
			`User.ldap_object_classes(slapd_connection)`
			`jwt_mapping_config = DEFAULT_JWT_MAPPING_CONFIG.copy()`
			`jwt_mapping_config["EMAIL"] = "{uid}@mydomain.tld"`

			`data = generate_user_claims(user, STANDARD_CLAIMS, jwt_mapping_config)`

			`assert data["email"] == "user@mydomain.tld"`


			`def test_claim_is_omitted_if_empty(slapd_connection, user):`
			`# According to https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse`
			`# it's better to not insert a null or empty string value`
			`User.ldap_object_classes(slapd_connection)`
			`user.mail = ""`
			`user.save(slapd_connection)`

			`data = generate_user_claims(user, STANDARD_CLAIMS, DEFAULT_JWT_MAPPING_CONFIG)`

			`assert "email" not in data`


			`def test_custom_format_claim_is_formatted_with_empty_value_and_not_omitted(slapd_connection, user):`
			`# If the jwt mapping config is customized, it's not canaille's responsability to verify value consistency when one user attribute is not set or null.`
			`# Attribute field is left empty in the formatted string.`
			`User.ldap_object_classes(slapd_connection)`
			`jwt_mapping_config = DEFAULT_JWT_MAPPING_CONFIG.copy()`
			`jwt_mapping_config["EMAIL"] = "{givenName}@mydomain.tld"`

			`data = generate_user_claims(user, STANDARD_CLAIMS, jwt_mapping_config)`

			`assert data["email"] == "@mydomain.tld"`