diff --git a/tests/__init__.py b/tests/__init__.py index 39da59e6..e69de29b 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -1,9 +0,0 @@ -import base64 - - -def client_credentials(client): - return base64.b64encode( - client.oauthClientID.encode("utf-8") - + b":" - + client.oauthClientSecret.encode("utf-8") - ).decode("utf-8") diff --git a/tests/conftest.py b/tests/conftest.py index 38d6f8b3..3ec5636b 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -1,4 +1,3 @@ -import datetime import os import ldap.ldapobject @@ -7,11 +6,7 @@ import slapd from canaille import create_app from canaille.installation import setup_ldap_tree from canaille.ldaputils import LDAPObject -from canaille.models import AuthorizationCode -from canaille.models import Client -from canaille.models import Consent from canaille.models import Group -from canaille.models import Token from canaille.models import User from cryptography.hazmat.backends import default_backend as crypto_default_backend from cryptography.hazmat.primitives import serialization as crypto_serialization @@ -222,94 +217,6 @@ def testclient(app): return TestApp(app) -@pytest.fixture -def client(app, slapd_connection, other_client): - c = Client( - oauthClientID=gen_salt(24), - oauthClientName="Some client", - oauthClientContact="contact@mydomain.tld", - oauthClientURI="https://mydomain.tld", - oauthRedirectURIs=[ - "https://mydomain.tld/redirect1", - "https://mydomain.tld/redirect2", - ], - oauthLogoURI="https://mydomain.tld/logo.png", - oauthIssueDate=datetime.datetime.now(), - oauthClientSecret=gen_salt(48), - oauthGrantType=[ - "password", - "authorization_code", - "implicit", - "hybrid", - "refresh_token", - ], - oauthResponseType=["code", "token", "id_token"], - oauthScope=["openid", "profile", "groups"], - oauthTermsOfServiceURI="https://mydomain.tld/tos", - oauthPolicyURI="https://mydomain.tld/policy", - oauthJWKURI="https://mydomain.tld/jwk", - oauthTokenEndpointAuthMethod="client_secret_basic", - ) - c.oauthAudience = [c.dn, other_client.dn] - c.save(slapd_connection) - - return c - - -@pytest.fixture -def other_client(app, slapd_connection): - c = Client( - oauthClientID=gen_salt(24), - oauthClientName="Some other client", - oauthClientContact="contact@myotherdomain.tld", - oauthClientURI="https://myotherdomain.tld", - oauthRedirectURIs=[ - "https://myotherdomain.tld/redirect1", - "https://myotherdomain.tld/redirect2", - ], - oauthLogoURI="https://myotherdomain.tld/logo.png", - oauthIssueDate=datetime.datetime.now(), - oauthClientSecret=gen_salt(48), - oauthGrantType=[ - "password", - "authorization_code", - "implicit", - "hybrid", - "refresh_token", - ], - oauthResponseType=["code", "token", "id_token"], - oauthScope=["openid", "profile", "groups"], - oauthTermsOfServiceURI="https://myotherdomain.tld/tos", - oauthPolicyURI="https://myotherdomain.tld/policy", - oauthJWKURI="https://myotherdomain.tld/jwk", - oauthTokenEndpointAuthMethod="client_secret_basic", - ) - c.oauthAudience = [c.dn] - c.save(slapd_connection) - - return c - - -@pytest.fixture -def authorization(app, slapd_connection, user, client): - a = AuthorizationCode( - oauthCode="my-code", - oauthClient=client.dn, - oauthSubject=user.dn, - oauthRedirectURI="https://foo.bar/callback", - oauthResponseType="code", - oauthScope="openid profile", - oauthNonce="nonce", - oauthAuthorizationDate=datetime.datetime(2020, 1, 1), - oauthAuthorizationLifetime="3600", - oauthCodeChallenge="challenge", - oauthCodeChallengeMethod="method", - oauthRevokation="", - ) - a.save(slapd_connection) - return a - - @pytest.fixture def user(app, slapd_connection): User.ldap_object_classes(slapd_connection) @@ -358,35 +265,6 @@ def moderator(app, slapd_connection): return u -@pytest.fixture -def token(slapd_connection, client, user): - t = Token( - oauthAccessToken=gen_salt(48), - oauthAudience=[client.dn], - oauthClient=client.dn, - oauthSubject=user.dn, - oauthTokenType=None, - oauthRefreshToken=gen_salt(48), - oauthScope="openid profile", - oauthIssueDate=datetime.datetime.now(), - oauthTokenLifetime=str(3600), - ) - t.save(slapd_connection) - return t - - -@pytest.fixture -def consent(slapd_connection, client, user): - t = Consent( - oauthClient=client.dn, - oauthSubject=user.dn, - oauthScope=["openid", "profile"], - oauthIssueDate=datetime.datetime.now(), - ) - t.save(slapd_connection) - return t - - @pytest.fixture def logged_user(user, testclient): with testclient.session_transaction() as sess: diff --git a/tests/ldap/__init__.py b/tests/ldap/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/tests/test_ldap_utils.py b/tests/ldap/test_ldap_utils.py similarity index 100% rename from tests/test_ldap_utils.py rename to tests/ldap/test_ldap_utils.py diff --git a/tests/oidc/__init__.py b/tests/oidc/__init__.py new file mode 100644 index 00000000..39da59e6 --- /dev/null +++ b/tests/oidc/__init__.py @@ -0,0 +1,9 @@ +import base64 + + +def client_credentials(client): + return base64.b64encode( + client.oauthClientID.encode("utf-8") + + b":" + + client.oauthClientSecret.encode("utf-8") + ).decode("utf-8") diff --git a/tests/oidc/conftest.py b/tests/oidc/conftest.py new file mode 100644 index 00000000..3418d612 --- /dev/null +++ b/tests/oidc/conftest.py @@ -0,0 +1,135 @@ +import datetime + +import pytest +from canaille.models import AuthorizationCode +from canaille.models import Client +from canaille.models import Consent +from canaille.models import Token +from werkzeug.security import gen_salt + + +@pytest.fixture +def client(app, slapd_connection, other_client): + c = Client( + oauthClientID=gen_salt(24), + oauthClientName="Some client", + oauthClientContact="contact@mydomain.tld", + oauthClientURI="https://mydomain.tld", + oauthRedirectURIs=[ + "https://mydomain.tld/redirect1", + "https://mydomain.tld/redirect2", + ], + oauthLogoURI="https://mydomain.tld/logo.png", + oauthIssueDate=datetime.datetime.now(), + oauthClientSecret=gen_salt(48), + oauthGrantType=[ + "password", + "authorization_code", + "implicit", + "hybrid", + "refresh_token", + ], + oauthResponseType=["code", "token", "id_token"], + oauthScope=["openid", "profile", "groups"], + oauthTermsOfServiceURI="https://mydomain.tld/tos", + oauthPolicyURI="https://mydomain.tld/policy", + oauthJWKURI="https://mydomain.tld/jwk", + oauthTokenEndpointAuthMethod="client_secret_basic", + ) + c.oauthAudience = [c.dn, other_client.dn] + c.save(slapd_connection) + + return c + + +@pytest.fixture +def other_client(app, slapd_connection): + c = Client( + oauthClientID=gen_salt(24), + oauthClientName="Some other client", + oauthClientContact="contact@myotherdomain.tld", + oauthClientURI="https://myotherdomain.tld", + oauthRedirectURIs=[ + "https://myotherdomain.tld/redirect1", + "https://myotherdomain.tld/redirect2", + ], + oauthLogoURI="https://myotherdomain.tld/logo.png", + oauthIssueDate=datetime.datetime.now(), + oauthClientSecret=gen_salt(48), + oauthGrantType=[ + "password", + "authorization_code", + "implicit", + "hybrid", + "refresh_token", + ], + oauthResponseType=["code", "token", "id_token"], + oauthScope=["openid", "profile", "groups"], + oauthTermsOfServiceURI="https://myotherdomain.tld/tos", + oauthPolicyURI="https://myotherdomain.tld/policy", + oauthJWKURI="https://myotherdomain.tld/jwk", + oauthTokenEndpointAuthMethod="client_secret_basic", + ) + c.oauthAudience = [c.dn] + c.save(slapd_connection) + + return c + + +@pytest.fixture +def authorization(app, slapd_connection, user, client): + a = AuthorizationCode( + oauthCode="my-code", + oauthClient=client.dn, + oauthSubject=user.dn, + oauthRedirectURI="https://foo.bar/callback", + oauthResponseType="code", + oauthScope="openid profile", + oauthNonce="nonce", + oauthAuthorizationDate=datetime.datetime(2020, 1, 1), + oauthAuthorizationLifetime="3600", + oauthCodeChallenge="challenge", + oauthCodeChallengeMethod="method", + oauthRevokation="", + ) + a.save(slapd_connection) + return a + + +@pytest.fixture +def token(slapd_connection, client, user): + t = Token( + oauthAccessToken=gen_salt(48), + oauthAudience=[client.dn], + oauthClient=client.dn, + oauthSubject=user.dn, + oauthTokenType=None, + oauthRefreshToken=gen_salt(48), + oauthScope="openid profile", + oauthIssueDate=datetime.datetime.now(), + oauthTokenLifetime=str(3600), + ) + t.save(slapd_connection) + return t + + +@pytest.fixture +def consent(slapd_connection, client, user): + t = Consent( + oauthClient=client.dn, + oauthSubject=user.dn, + oauthScope=["openid", "profile"], + oauthIssueDate=datetime.datetime.now(), + ) + t.save(slapd_connection) + return t + + +@pytest.fixture(autouse=True) +def cleanups(slapd_connection): + yield + try: + for consent in Consent.filter(conn=slapd_connection): + consent.delete(conn=slapd_connection) + except Exception: + pass diff --git a/tests/test_authorization_code_flow.py b/tests/oidc/test_authorization_code_flow.py similarity index 100% rename from tests/test_authorization_code_flow.py rename to tests/oidc/test_authorization_code_flow.py diff --git a/tests/test_bad_flows.py b/tests/oidc/test_bad_flows.py similarity index 100% rename from tests/test_bad_flows.py rename to tests/oidc/test_bad_flows.py diff --git a/tests/commands/test_clean.py b/tests/oidc/test_clean.py similarity index 100% rename from tests/commands/test_clean.py rename to tests/oidc/test_clean.py diff --git a/tests/test_client_admin.py b/tests/oidc/test_client_admin.py similarity index 100% rename from tests/test_client_admin.py rename to tests/oidc/test_client_admin.py diff --git a/tests/test_code_admin.py b/tests/oidc/test_code_admin.py similarity index 100% rename from tests/test_code_admin.py rename to tests/oidc/test_code_admin.py diff --git a/tests/test_consent.py b/tests/oidc/test_consent.py similarity index 100% rename from tests/test_consent.py rename to tests/oidc/test_consent.py diff --git a/tests/test_hybrid_flow.py b/tests/oidc/test_hybrid_flow.py similarity index 100% rename from tests/test_hybrid_flow.py rename to tests/oidc/test_hybrid_flow.py diff --git a/tests/test_implicit_flow.py b/tests/oidc/test_implicit_flow.py similarity index 100% rename from tests/test_implicit_flow.py rename to tests/oidc/test_implicit_flow.py diff --git a/tests/test_oauth2utils.py b/tests/oidc/test_oauth2utils.py similarity index 100% rename from tests/test_oauth2utils.py rename to tests/oidc/test_oauth2utils.py diff --git a/tests/test_password_flow.py b/tests/oidc/test_password_flow.py similarity index 100% rename from tests/test_password_flow.py rename to tests/oidc/test_password_flow.py diff --git a/tests/test_token_admin.py b/tests/oidc/test_token_admin.py similarity index 100% rename from tests/test_token_admin.py rename to tests/oidc/test_token_admin.py diff --git a/tests/test_token_introspection.py b/tests/oidc/test_token_introspection.py similarity index 100% rename from tests/test_token_introspection.py rename to tests/oidc/test_token_introspection.py diff --git a/tests/test_token_revocation.py b/tests/oidc/test_token_revocation.py similarity index 100% rename from tests/test_token_revocation.py rename to tests/oidc/test_token_revocation.py diff --git a/tests/test_well_known.py b/tests/oidc/test_well_known.py similarity index 100% rename from tests/test_well_known.py rename to tests/oidc/test_well_known.py