canaille-globuzma/tests/test_oauth2utils.py

83 lines
2.4 KiB
Python
Raw Normal View History

from canaille.models import User
from canaille.oauth2utils import generate_user_claims
STANDARD_CLAIMS = [
"sub",
"name",
"given_name",
"family_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"email",
"email_verified",
"gender",
"birthdate",
"zoneinfo",
"locale",
"phone_number",
"phone_number_verified",
"address",
"updated_at",
]
DEFAULT_JWT_MAPPING_CONFIG = {
"SUB": "{uid}",
"NAME": "{cn}",
"PHONE_NUMBER": "{telephoneNumber}",
"EMAIL": "{mail}",
"GIVEN_NAME": "{givenName}",
"FAMILY_NAME": "{sn}",
"PREFERRED_USERNAME": "{displayName}",
"LOCALE": "{preferredLanguage}",
}
def test_generate_user_standard_claims_with_default_config(slapd_connection, user):
User.ldap_object_classes(slapd_connection)
data = generate_user_claims(user, STANDARD_CLAIMS, DEFAULT_JWT_MAPPING_CONFIG)
assert data == {
"name": "John (johnny) Doe",
"family_name": "Doe",
"email": "john@doe.com",
"sub": "user",
}
def test_custom_config_format_claim_is_well_formated(slapd_connection, user):
User.ldap_object_classes(slapd_connection)
jwt_mapping_config = DEFAULT_JWT_MAPPING_CONFIG.copy()
jwt_mapping_config["EMAIL"] = "{uid}@mydomain.tld"
data = generate_user_claims(user, STANDARD_CLAIMS, jwt_mapping_config)
assert data["email"] == "user@mydomain.tld"
def test_claim_is_omitted_if_empty(slapd_connection, user):
# According to https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
# it's better to not insert a null or empty string value
User.ldap_object_classes(slapd_connection)
user.mail = ""
user.save(slapd_connection)
data = generate_user_claims(user, STANDARD_CLAIMS, DEFAULT_JWT_MAPPING_CONFIG)
assert "email" not in data
def test_custom_format_claim_is_formatted_with_empty_value_and_not_omitted(slapd_connection, user):
# If the jwt mapping config is customized, it's not canaille's responsability to verify value consistency when one user attribute is not set or null.
# Attribute field is left empty in the formatted string.
User.ldap_object_classes(slapd_connection)
jwt_mapping_config = DEFAULT_JWT_MAPPING_CONFIG.copy()
jwt_mapping_config["EMAIL"] = "{givenName}@mydomain.tld"
data = generate_user_claims(user, STANDARD_CLAIMS, jwt_mapping_config)
assert data["email"] == "@mydomain.tld"