forked from Github-Mirrors/canaille
83 lines
2.4 KiB
Python
83 lines
2.4 KiB
Python
![]() |
from canaille.models import User
|
||
|
from canaille.oauth2utils import generate_user_claims
|
||
|
|
||
|
STANDARD_CLAIMS = [
|
||
|
"sub",
|
||
|
"name",
|
||
|
"given_name",
|
||
|
"family_name",
|
||
|
"middle_name",
|
||
|
"nickname",
|
||
|
"preferred_username",
|
||
|
"profile",
|
||
|
"picture",
|
||
|
"website",
|
||
|
"email",
|
||
|
"email_verified",
|
||
|
"gender",
|
||
|
"birthdate",
|
||
|
"zoneinfo",
|
||
|
"locale",
|
||
|
"phone_number",
|
||
|
"phone_number_verified",
|
||
|
"address",
|
||
|
"updated_at",
|
||
|
]
|
||
|
DEFAULT_JWT_MAPPING_CONFIG = {
|
||
|
"SUB": "{uid}",
|
||
|
"NAME": "{cn}",
|
||
|
"PHONE_NUMBER": "{telephoneNumber}",
|
||
|
"EMAIL": "{mail}",
|
||
|
"GIVEN_NAME": "{givenName}",
|
||
|
"FAMILY_NAME": "{sn}",
|
||
|
"PREFERRED_USERNAME": "{displayName}",
|
||
|
"LOCALE": "{preferredLanguage}",
|
||
|
}
|
||
|
|
||
|
|
||
|
def test_generate_user_standard_claims_with_default_config(slapd_connection, user):
|
||
|
User.ldap_object_classes(slapd_connection)
|
||
|
|
||
|
data = generate_user_claims(user, STANDARD_CLAIMS, DEFAULT_JWT_MAPPING_CONFIG)
|
||
|
|
||
|
assert data == {
|
||
|
"name": "John (johnny) Doe",
|
||
|
"family_name": "Doe",
|
||
|
"email": "john@doe.com",
|
||
|
"sub": "user",
|
||
|
}
|
||
|
|
||
|
|
||
|
def test_custom_config_format_claim_is_well_formated(slapd_connection, user):
|
||
|
User.ldap_object_classes(slapd_connection)
|
||
|
jwt_mapping_config = DEFAULT_JWT_MAPPING_CONFIG.copy()
|
||
|
jwt_mapping_config["EMAIL"] = "{uid}@mydomain.tld"
|
||
|
|
||
|
data = generate_user_claims(user, STANDARD_CLAIMS, jwt_mapping_config)
|
||
|
|
||
|
assert data["email"] == "user@mydomain.tld"
|
||
|
|
||
|
|
||
|
def test_claim_is_omitted_if_empty(slapd_connection, user):
|
||
|
# According to https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
|
||
|
# it's better to not insert a null or empty string value
|
||
|
User.ldap_object_classes(slapd_connection)
|
||
|
user.mail = ""
|
||
|
user.save(slapd_connection)
|
||
|
|
||
|
data = generate_user_claims(user, STANDARD_CLAIMS, DEFAULT_JWT_MAPPING_CONFIG)
|
||
|
|
||
|
assert "email" not in data
|
||
|
|
||
|
|
||
|
def test_custom_format_claim_is_formatted_with_empty_value_and_not_omitted(slapd_connection, user):
|
||
|
# If the jwt mapping config is customized, it's not canaille's responsability to verify value consistency when one user attribute is not set or null.
|
||
|
# Attribute field is left empty in the formatted string.
|
||
|
User.ldap_object_classes(slapd_connection)
|
||
|
jwt_mapping_config = DEFAULT_JWT_MAPPING_CONFIG.copy()
|
||
|
jwt_mapping_config["EMAIL"] = "{givenName}@mydomain.tld"
|
||
|
|
||
|
data = generate_user_claims(user, STANDARD_CLAIMS, jwt_mapping_config)
|
||
|
|
||
|
assert data["email"] == "@mydomain.tld"
|