forked from Github-Mirrors/canaille
split oidc tests from the rest
This commit is contained in:
parent
3d69e5cdb4
commit
16d2d71194
20 changed files with 144 additions and 131 deletions
|
@ -1,9 +0,0 @@
|
|||
import base64
|
||||
|
||||
|
||||
def client_credentials(client):
|
||||
return base64.b64encode(
|
||||
client.oauthClientID.encode("utf-8")
|
||||
+ b":"
|
||||
+ client.oauthClientSecret.encode("utf-8")
|
||||
).decode("utf-8")
|
|
@ -1,4 +1,3 @@
|
|||
import datetime
|
||||
import os
|
||||
|
||||
import ldap.ldapobject
|
||||
|
@ -7,11 +6,7 @@ import slapd
|
|||
from canaille import create_app
|
||||
from canaille.installation import setup_ldap_tree
|
||||
from canaille.ldaputils import LDAPObject
|
||||
from canaille.models import AuthorizationCode
|
||||
from canaille.models import Client
|
||||
from canaille.models import Consent
|
||||
from canaille.models import Group
|
||||
from canaille.models import Token
|
||||
from canaille.models import User
|
||||
from cryptography.hazmat.backends import default_backend as crypto_default_backend
|
||||
from cryptography.hazmat.primitives import serialization as crypto_serialization
|
||||
|
@ -222,94 +217,6 @@ def testclient(app):
|
|||
return TestApp(app)
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def client(app, slapd_connection, other_client):
|
||||
c = Client(
|
||||
oauthClientID=gen_salt(24),
|
||||
oauthClientName="Some client",
|
||||
oauthClientContact="contact@mydomain.tld",
|
||||
oauthClientURI="https://mydomain.tld",
|
||||
oauthRedirectURIs=[
|
||||
"https://mydomain.tld/redirect1",
|
||||
"https://mydomain.tld/redirect2",
|
||||
],
|
||||
oauthLogoURI="https://mydomain.tld/logo.png",
|
||||
oauthIssueDate=datetime.datetime.now(),
|
||||
oauthClientSecret=gen_salt(48),
|
||||
oauthGrantType=[
|
||||
"password",
|
||||
"authorization_code",
|
||||
"implicit",
|
||||
"hybrid",
|
||||
"refresh_token",
|
||||
],
|
||||
oauthResponseType=["code", "token", "id_token"],
|
||||
oauthScope=["openid", "profile", "groups"],
|
||||
oauthTermsOfServiceURI="https://mydomain.tld/tos",
|
||||
oauthPolicyURI="https://mydomain.tld/policy",
|
||||
oauthJWKURI="https://mydomain.tld/jwk",
|
||||
oauthTokenEndpointAuthMethod="client_secret_basic",
|
||||
)
|
||||
c.oauthAudience = [c.dn, other_client.dn]
|
||||
c.save(slapd_connection)
|
||||
|
||||
return c
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def other_client(app, slapd_connection):
|
||||
c = Client(
|
||||
oauthClientID=gen_salt(24),
|
||||
oauthClientName="Some other client",
|
||||
oauthClientContact="contact@myotherdomain.tld",
|
||||
oauthClientURI="https://myotherdomain.tld",
|
||||
oauthRedirectURIs=[
|
||||
"https://myotherdomain.tld/redirect1",
|
||||
"https://myotherdomain.tld/redirect2",
|
||||
],
|
||||
oauthLogoURI="https://myotherdomain.tld/logo.png",
|
||||
oauthIssueDate=datetime.datetime.now(),
|
||||
oauthClientSecret=gen_salt(48),
|
||||
oauthGrantType=[
|
||||
"password",
|
||||
"authorization_code",
|
||||
"implicit",
|
||||
"hybrid",
|
||||
"refresh_token",
|
||||
],
|
||||
oauthResponseType=["code", "token", "id_token"],
|
||||
oauthScope=["openid", "profile", "groups"],
|
||||
oauthTermsOfServiceURI="https://myotherdomain.tld/tos",
|
||||
oauthPolicyURI="https://myotherdomain.tld/policy",
|
||||
oauthJWKURI="https://myotherdomain.tld/jwk",
|
||||
oauthTokenEndpointAuthMethod="client_secret_basic",
|
||||
)
|
||||
c.oauthAudience = [c.dn]
|
||||
c.save(slapd_connection)
|
||||
|
||||
return c
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def authorization(app, slapd_connection, user, client):
|
||||
a = AuthorizationCode(
|
||||
oauthCode="my-code",
|
||||
oauthClient=client.dn,
|
||||
oauthSubject=user.dn,
|
||||
oauthRedirectURI="https://foo.bar/callback",
|
||||
oauthResponseType="code",
|
||||
oauthScope="openid profile",
|
||||
oauthNonce="nonce",
|
||||
oauthAuthorizationDate=datetime.datetime(2020, 1, 1),
|
||||
oauthAuthorizationLifetime="3600",
|
||||
oauthCodeChallenge="challenge",
|
||||
oauthCodeChallengeMethod="method",
|
||||
oauthRevokation="",
|
||||
)
|
||||
a.save(slapd_connection)
|
||||
return a
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def user(app, slapd_connection):
|
||||
User.ldap_object_classes(slapd_connection)
|
||||
|
@ -358,35 +265,6 @@ def moderator(app, slapd_connection):
|
|||
return u
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def token(slapd_connection, client, user):
|
||||
t = Token(
|
||||
oauthAccessToken=gen_salt(48),
|
||||
oauthAudience=[client.dn],
|
||||
oauthClient=client.dn,
|
||||
oauthSubject=user.dn,
|
||||
oauthTokenType=None,
|
||||
oauthRefreshToken=gen_salt(48),
|
||||
oauthScope="openid profile",
|
||||
oauthIssueDate=datetime.datetime.now(),
|
||||
oauthTokenLifetime=str(3600),
|
||||
)
|
||||
t.save(slapd_connection)
|
||||
return t
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def consent(slapd_connection, client, user):
|
||||
t = Consent(
|
||||
oauthClient=client.dn,
|
||||
oauthSubject=user.dn,
|
||||
oauthScope=["openid", "profile"],
|
||||
oauthIssueDate=datetime.datetime.now(),
|
||||
)
|
||||
t.save(slapd_connection)
|
||||
return t
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def logged_user(user, testclient):
|
||||
with testclient.session_transaction() as sess:
|
||||
|
|
0
tests/ldap/__init__.py
Normal file
0
tests/ldap/__init__.py
Normal file
9
tests/oidc/__init__.py
Normal file
9
tests/oidc/__init__.py
Normal file
|
@ -0,0 +1,9 @@
|
|||
import base64
|
||||
|
||||
|
||||
def client_credentials(client):
|
||||
return base64.b64encode(
|
||||
client.oauthClientID.encode("utf-8")
|
||||
+ b":"
|
||||
+ client.oauthClientSecret.encode("utf-8")
|
||||
).decode("utf-8")
|
135
tests/oidc/conftest.py
Normal file
135
tests/oidc/conftest.py
Normal file
|
@ -0,0 +1,135 @@
|
|||
import datetime
|
||||
|
||||
import pytest
|
||||
from canaille.models import AuthorizationCode
|
||||
from canaille.models import Client
|
||||
from canaille.models import Consent
|
||||
from canaille.models import Token
|
||||
from werkzeug.security import gen_salt
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def client(app, slapd_connection, other_client):
|
||||
c = Client(
|
||||
oauthClientID=gen_salt(24),
|
||||
oauthClientName="Some client",
|
||||
oauthClientContact="contact@mydomain.tld",
|
||||
oauthClientURI="https://mydomain.tld",
|
||||
oauthRedirectURIs=[
|
||||
"https://mydomain.tld/redirect1",
|
||||
"https://mydomain.tld/redirect2",
|
||||
],
|
||||
oauthLogoURI="https://mydomain.tld/logo.png",
|
||||
oauthIssueDate=datetime.datetime.now(),
|
||||
oauthClientSecret=gen_salt(48),
|
||||
oauthGrantType=[
|
||||
"password",
|
||||
"authorization_code",
|
||||
"implicit",
|
||||
"hybrid",
|
||||
"refresh_token",
|
||||
],
|
||||
oauthResponseType=["code", "token", "id_token"],
|
||||
oauthScope=["openid", "profile", "groups"],
|
||||
oauthTermsOfServiceURI="https://mydomain.tld/tos",
|
||||
oauthPolicyURI="https://mydomain.tld/policy",
|
||||
oauthJWKURI="https://mydomain.tld/jwk",
|
||||
oauthTokenEndpointAuthMethod="client_secret_basic",
|
||||
)
|
||||
c.oauthAudience = [c.dn, other_client.dn]
|
||||
c.save(slapd_connection)
|
||||
|
||||
return c
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def other_client(app, slapd_connection):
|
||||
c = Client(
|
||||
oauthClientID=gen_salt(24),
|
||||
oauthClientName="Some other client",
|
||||
oauthClientContact="contact@myotherdomain.tld",
|
||||
oauthClientURI="https://myotherdomain.tld",
|
||||
oauthRedirectURIs=[
|
||||
"https://myotherdomain.tld/redirect1",
|
||||
"https://myotherdomain.tld/redirect2",
|
||||
],
|
||||
oauthLogoURI="https://myotherdomain.tld/logo.png",
|
||||
oauthIssueDate=datetime.datetime.now(),
|
||||
oauthClientSecret=gen_salt(48),
|
||||
oauthGrantType=[
|
||||
"password",
|
||||
"authorization_code",
|
||||
"implicit",
|
||||
"hybrid",
|
||||
"refresh_token",
|
||||
],
|
||||
oauthResponseType=["code", "token", "id_token"],
|
||||
oauthScope=["openid", "profile", "groups"],
|
||||
oauthTermsOfServiceURI="https://myotherdomain.tld/tos",
|
||||
oauthPolicyURI="https://myotherdomain.tld/policy",
|
||||
oauthJWKURI="https://myotherdomain.tld/jwk",
|
||||
oauthTokenEndpointAuthMethod="client_secret_basic",
|
||||
)
|
||||
c.oauthAudience = [c.dn]
|
||||
c.save(slapd_connection)
|
||||
|
||||
return c
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def authorization(app, slapd_connection, user, client):
|
||||
a = AuthorizationCode(
|
||||
oauthCode="my-code",
|
||||
oauthClient=client.dn,
|
||||
oauthSubject=user.dn,
|
||||
oauthRedirectURI="https://foo.bar/callback",
|
||||
oauthResponseType="code",
|
||||
oauthScope="openid profile",
|
||||
oauthNonce="nonce",
|
||||
oauthAuthorizationDate=datetime.datetime(2020, 1, 1),
|
||||
oauthAuthorizationLifetime="3600",
|
||||
oauthCodeChallenge="challenge",
|
||||
oauthCodeChallengeMethod="method",
|
||||
oauthRevokation="",
|
||||
)
|
||||
a.save(slapd_connection)
|
||||
return a
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def token(slapd_connection, client, user):
|
||||
t = Token(
|
||||
oauthAccessToken=gen_salt(48),
|
||||
oauthAudience=[client.dn],
|
||||
oauthClient=client.dn,
|
||||
oauthSubject=user.dn,
|
||||
oauthTokenType=None,
|
||||
oauthRefreshToken=gen_salt(48),
|
||||
oauthScope="openid profile",
|
||||
oauthIssueDate=datetime.datetime.now(),
|
||||
oauthTokenLifetime=str(3600),
|
||||
)
|
||||
t.save(slapd_connection)
|
||||
return t
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def consent(slapd_connection, client, user):
|
||||
t = Consent(
|
||||
oauthClient=client.dn,
|
||||
oauthSubject=user.dn,
|
||||
oauthScope=["openid", "profile"],
|
||||
oauthIssueDate=datetime.datetime.now(),
|
||||
)
|
||||
t.save(slapd_connection)
|
||||
return t
|
||||
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
def cleanups(slapd_connection):
|
||||
yield
|
||||
try:
|
||||
for consent in Consent.filter(conn=slapd_connection):
|
||||
consent.delete(conn=slapd_connection)
|
||||
except Exception:
|
||||
pass
|
Loading…
Reference in a new issue