split oidc tests from the rest

This commit is contained in:
Éloi Rivard 2022-01-11 19:42:26 +01:00
parent 3d69e5cdb4
commit 16d2d71194
20 changed files with 144 additions and 131 deletions

View file

@ -1,9 +0,0 @@
import base64
def client_credentials(client):
return base64.b64encode(
client.oauthClientID.encode("utf-8")
+ b":"
+ client.oauthClientSecret.encode("utf-8")
).decode("utf-8")

View file

@ -1,4 +1,3 @@
import datetime
import os import os
import ldap.ldapobject import ldap.ldapobject
@ -7,11 +6,7 @@ import slapd
from canaille import create_app from canaille import create_app
from canaille.installation import setup_ldap_tree from canaille.installation import setup_ldap_tree
from canaille.ldaputils import LDAPObject from canaille.ldaputils import LDAPObject
from canaille.models import AuthorizationCode
from canaille.models import Client
from canaille.models import Consent
from canaille.models import Group from canaille.models import Group
from canaille.models import Token
from canaille.models import User from canaille.models import User
from cryptography.hazmat.backends import default_backend as crypto_default_backend from cryptography.hazmat.backends import default_backend as crypto_default_backend
from cryptography.hazmat.primitives import serialization as crypto_serialization from cryptography.hazmat.primitives import serialization as crypto_serialization
@ -222,94 +217,6 @@ def testclient(app):
return TestApp(app) return TestApp(app)
@pytest.fixture
def client(app, slapd_connection, other_client):
c = Client(
oauthClientID=gen_salt(24),
oauthClientName="Some client",
oauthClientContact="contact@mydomain.tld",
oauthClientURI="https://mydomain.tld",
oauthRedirectURIs=[
"https://mydomain.tld/redirect1",
"https://mydomain.tld/redirect2",
],
oauthLogoURI="https://mydomain.tld/logo.png",
oauthIssueDate=datetime.datetime.now(),
oauthClientSecret=gen_salt(48),
oauthGrantType=[
"password",
"authorization_code",
"implicit",
"hybrid",
"refresh_token",
],
oauthResponseType=["code", "token", "id_token"],
oauthScope=["openid", "profile", "groups"],
oauthTermsOfServiceURI="https://mydomain.tld/tos",
oauthPolicyURI="https://mydomain.tld/policy",
oauthJWKURI="https://mydomain.tld/jwk",
oauthTokenEndpointAuthMethod="client_secret_basic",
)
c.oauthAudience = [c.dn, other_client.dn]
c.save(slapd_connection)
return c
@pytest.fixture
def other_client(app, slapd_connection):
c = Client(
oauthClientID=gen_salt(24),
oauthClientName="Some other client",
oauthClientContact="contact@myotherdomain.tld",
oauthClientURI="https://myotherdomain.tld",
oauthRedirectURIs=[
"https://myotherdomain.tld/redirect1",
"https://myotherdomain.tld/redirect2",
],
oauthLogoURI="https://myotherdomain.tld/logo.png",
oauthIssueDate=datetime.datetime.now(),
oauthClientSecret=gen_salt(48),
oauthGrantType=[
"password",
"authorization_code",
"implicit",
"hybrid",
"refresh_token",
],
oauthResponseType=["code", "token", "id_token"],
oauthScope=["openid", "profile", "groups"],
oauthTermsOfServiceURI="https://myotherdomain.tld/tos",
oauthPolicyURI="https://myotherdomain.tld/policy",
oauthJWKURI="https://myotherdomain.tld/jwk",
oauthTokenEndpointAuthMethod="client_secret_basic",
)
c.oauthAudience = [c.dn]
c.save(slapd_connection)
return c
@pytest.fixture
def authorization(app, slapd_connection, user, client):
a = AuthorizationCode(
oauthCode="my-code",
oauthClient=client.dn,
oauthSubject=user.dn,
oauthRedirectURI="https://foo.bar/callback",
oauthResponseType="code",
oauthScope="openid profile",
oauthNonce="nonce",
oauthAuthorizationDate=datetime.datetime(2020, 1, 1),
oauthAuthorizationLifetime="3600",
oauthCodeChallenge="challenge",
oauthCodeChallengeMethod="method",
oauthRevokation="",
)
a.save(slapd_connection)
return a
@pytest.fixture @pytest.fixture
def user(app, slapd_connection): def user(app, slapd_connection):
User.ldap_object_classes(slapd_connection) User.ldap_object_classes(slapd_connection)
@ -358,35 +265,6 @@ def moderator(app, slapd_connection):
return u return u
@pytest.fixture
def token(slapd_connection, client, user):
t = Token(
oauthAccessToken=gen_salt(48),
oauthAudience=[client.dn],
oauthClient=client.dn,
oauthSubject=user.dn,
oauthTokenType=None,
oauthRefreshToken=gen_salt(48),
oauthScope="openid profile",
oauthIssueDate=datetime.datetime.now(),
oauthTokenLifetime=str(3600),
)
t.save(slapd_connection)
return t
@pytest.fixture
def consent(slapd_connection, client, user):
t = Consent(
oauthClient=client.dn,
oauthSubject=user.dn,
oauthScope=["openid", "profile"],
oauthIssueDate=datetime.datetime.now(),
)
t.save(slapd_connection)
return t
@pytest.fixture @pytest.fixture
def logged_user(user, testclient): def logged_user(user, testclient):
with testclient.session_transaction() as sess: with testclient.session_transaction() as sess:

0
tests/ldap/__init__.py Normal file
View file

9
tests/oidc/__init__.py Normal file
View file

@ -0,0 +1,9 @@
import base64
def client_credentials(client):
return base64.b64encode(
client.oauthClientID.encode("utf-8")
+ b":"
+ client.oauthClientSecret.encode("utf-8")
).decode("utf-8")

135
tests/oidc/conftest.py Normal file
View file

@ -0,0 +1,135 @@
import datetime
import pytest
from canaille.models import AuthorizationCode
from canaille.models import Client
from canaille.models import Consent
from canaille.models import Token
from werkzeug.security import gen_salt
@pytest.fixture
def client(app, slapd_connection, other_client):
c = Client(
oauthClientID=gen_salt(24),
oauthClientName="Some client",
oauthClientContact="contact@mydomain.tld",
oauthClientURI="https://mydomain.tld",
oauthRedirectURIs=[
"https://mydomain.tld/redirect1",
"https://mydomain.tld/redirect2",
],
oauthLogoURI="https://mydomain.tld/logo.png",
oauthIssueDate=datetime.datetime.now(),
oauthClientSecret=gen_salt(48),
oauthGrantType=[
"password",
"authorization_code",
"implicit",
"hybrid",
"refresh_token",
],
oauthResponseType=["code", "token", "id_token"],
oauthScope=["openid", "profile", "groups"],
oauthTermsOfServiceURI="https://mydomain.tld/tos",
oauthPolicyURI="https://mydomain.tld/policy",
oauthJWKURI="https://mydomain.tld/jwk",
oauthTokenEndpointAuthMethod="client_secret_basic",
)
c.oauthAudience = [c.dn, other_client.dn]
c.save(slapd_connection)
return c
@pytest.fixture
def other_client(app, slapd_connection):
c = Client(
oauthClientID=gen_salt(24),
oauthClientName="Some other client",
oauthClientContact="contact@myotherdomain.tld",
oauthClientURI="https://myotherdomain.tld",
oauthRedirectURIs=[
"https://myotherdomain.tld/redirect1",
"https://myotherdomain.tld/redirect2",
],
oauthLogoURI="https://myotherdomain.tld/logo.png",
oauthIssueDate=datetime.datetime.now(),
oauthClientSecret=gen_salt(48),
oauthGrantType=[
"password",
"authorization_code",
"implicit",
"hybrid",
"refresh_token",
],
oauthResponseType=["code", "token", "id_token"],
oauthScope=["openid", "profile", "groups"],
oauthTermsOfServiceURI="https://myotherdomain.tld/tos",
oauthPolicyURI="https://myotherdomain.tld/policy",
oauthJWKURI="https://myotherdomain.tld/jwk",
oauthTokenEndpointAuthMethod="client_secret_basic",
)
c.oauthAudience = [c.dn]
c.save(slapd_connection)
return c
@pytest.fixture
def authorization(app, slapd_connection, user, client):
a = AuthorizationCode(
oauthCode="my-code",
oauthClient=client.dn,
oauthSubject=user.dn,
oauthRedirectURI="https://foo.bar/callback",
oauthResponseType="code",
oauthScope="openid profile",
oauthNonce="nonce",
oauthAuthorizationDate=datetime.datetime(2020, 1, 1),
oauthAuthorizationLifetime="3600",
oauthCodeChallenge="challenge",
oauthCodeChallengeMethod="method",
oauthRevokation="",
)
a.save(slapd_connection)
return a
@pytest.fixture
def token(slapd_connection, client, user):
t = Token(
oauthAccessToken=gen_salt(48),
oauthAudience=[client.dn],
oauthClient=client.dn,
oauthSubject=user.dn,
oauthTokenType=None,
oauthRefreshToken=gen_salt(48),
oauthScope="openid profile",
oauthIssueDate=datetime.datetime.now(),
oauthTokenLifetime=str(3600),
)
t.save(slapd_connection)
return t
@pytest.fixture
def consent(slapd_connection, client, user):
t = Consent(
oauthClient=client.dn,
oauthSubject=user.dn,
oauthScope=["openid", "profile"],
oauthIssueDate=datetime.datetime.now(),
)
t.save(slapd_connection)
return t
@pytest.fixture(autouse=True)
def cleanups(slapd_connection):
yield
try:
for consent in Consent.filter(conn=slapd_connection):
consent.delete(conn=slapd_connection)
except Exception:
pass