globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

oidc implicit flow test

Browse source
This commit is contained in:
Éloi Rivard 2020-08-23 19:56:37 +02:00
parent e5bd075f8f
commit 3e453810ec
4 changed files with 64 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
tests/conftest.py
View file

@ -136,3 +136,10 @@ def user(app, slapd_connection):
) )
u.save(slapd_connection) u.save(slapd_connection)
return u return u
@pytest.fixture
def logged_user(user, testclient):
with testclient.session_transaction() as sess:
sess["user_dn"] = user.dn
return user

9
tests/test_hybrid_flow.py
View file

@ -42,10 +42,7 @@ def test_oauth_hybrid(testclient, slapd_connection, user, client):
assert {"foo": "bar"} == res.json assert {"foo": "bar"} == res.json
def test_oidc_hybrid(testclient, slapd_connection, user, client): def test_oidc_hybrid(testclient, slapd_connection, logged_user, client):
with testclient.session_transaction() as sess:
sess["user_dn"] = user.dn
res = testclient.get( res = testclient.get(
"/oauth/authorize", "/oauth/authorize",
params=dict( params=dict(
@ -73,8 +70,8 @@ def test_oidc_hybrid(testclient, slapd_connection, user, client):
id_token = params["id_token"][0] id_token = params["id_token"][0]
claims = jwt.decode(id_token, "secret-key") claims = jwt.decode(id_token, "secret-key")
assert user.dn == claims['sub'] assert logged_user.dn == claims['sub']
assert user.sn == claims['name'] assert logged_user.sn == claims['name']
res = testclient.get("/api/me", headers={"Authorization": f"Bearer {access_token}"}) res = testclient.get("/api/me", headers={"Authorization": f"Bearer {access_token}"})
assert 200 == res.status_code assert 200 == res.status_code

54
tests/test_implicit_flow.py
View file

@ -1,8 +1,9 @@
from authlib.jose import jwt
from urllib.parse import urlsplit, parse_qs from urllib.parse import urlsplit, parse_qs
from web.models import Token from web.models import Token
def test_success(testclient, slapd_connection, user, client): def test_oauth_implicit(testclient, slapd_connection, user, client):
client.oauthGrantType = ["token"] client.oauthGrantType = ["token"]
client.oauthTokenEndpointAuthMethod = "none" client.oauthTokenEndpointAuthMethod = "none"
@ -32,8 +33,8 @@ def test_success(testclient, slapd_connection, user, client):
assert res.location.startswith(client.oauthRedirectURIs[0]) assert res.location.startswith(client.oauthRedirectURIs[0])
params = parse_qs(urlsplit(res.location).fragment) params = parse_qs(urlsplit(res.location).fragment)
access_token = params["access_token"][0]
access_token = params["access_token"][0]
token = Token.get(access_token, conn=slapd_connection) token = Token.get(access_token, conn=slapd_connection)
assert token is not None assert token is not None
@ -44,3 +45,52 @@ def test_success(testclient, slapd_connection, user, client):
client.oauthGrantType = ["code"] client.oauthGrantType = ["code"]
client.oauthTokenEndpointAuthMethod = "client_secret_basic" client.oauthTokenEndpointAuthMethod = "client_secret_basic"
client.save(slapd_connection) client.save(slapd_connection)
def test_oidc_implicit(testclient, slapd_connection, user, client):
client.oauthGrantType = ["token id_token"]
client.oauthTokenEndpointAuthMethod = "none"
client.save(slapd_connection)
res = testclient.get(
"/oauth/authorize",
params=dict(
response_type="id_token token",
client_id=client.oauthClientID,
scope="openid profile",
nonce="somenonce",
),
)
assert (200, "text/html") == (res.status_code, res.content_type)
res.form["login"] = user.name
res.form["password"] = "correct horse battery staple"
res = res.form.submit()
assert 302 == res.status_code
res = res.follow()
assert (200, "text/html") == (res.status_code, res.content_type), res.json
res = res.forms["accept"].submit()
assert 302 == res.status_code
assert res.location.startswith(client.oauthRedirectURIs[0])
params = parse_qs(urlsplit(res.location).fragment)
access_token = params["access_token"][0]
token = Token.get(access_token, conn=slapd_connection)
assert token is not None
id_token = params["id_token"][0]
claims = jwt.decode(id_token, "secret-key")
assert user.dn == claims['sub']
assert user.sn == claims['name']
res = testclient.get("/api/me", headers={"Authorization": f"Bearer {access_token}"})
assert (200, "application/json") == (res.status_code, res.content_type)
assert {"foo": "bar"} == res.json
client.oauthGrantType = ["code"]
client.oauthTokenEndpointAuthMethod = "client_secret_basic"
client.save(slapd_connection)

6
web/oauth2utils.py
View file

@ -103,15 +103,13 @@ class RefreshTokenGrant(_RefreshTokenGrant):
class OpenIDImplicitGrant(_OpenIDImplicitGrant): class OpenIDImplicitGrant(_OpenIDImplicitGrant):
def exists_nonce(self, nonce, request): def exists_nonce(self, nonce, request):
raise NotImplementedError()
return exists_nonce(nonce, request) return exists_nonce(nonce, request)
def get_jwt_config(self, grant): def get_jwt_config(self, grant=None):
raise NotImplementedError()
return DUMMY_JWT_CONFIG return DUMMY_JWT_CONFIG
def generate_user_info(self, user, scope): def generate_user_info(self, user, scope):
raise NotImplementedError() user = User.get(user)
return generate_user_info(user, scope) return generate_user_info(user, scope)