From 759c19d3a8f30269747c0a38a13cc28ac0b5f4b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89loi=20Rivard?= Date: Thu, 19 May 2022 12:36:39 +0200 Subject: [PATCH] Avoid slapd_connection fixture in tests --- tests/oidc/conftest.py | 12 ++++----- tests/oidc/test_authorization_code_flow.py | 30 +++++++++------------ tests/oidc/test_bad_flows.py | 4 +-- tests/oidc/test_client_admin.py | 4 +-- tests/oidc/test_consent.py | 4 +-- tests/oidc/test_implicit_flow.py | 8 +++--- tests/oidc/test_password_flow.py | 4 +-- tests/oidc/test_token_introspection.py | 4 +-- tests/oidc/test_token_revocation.py | 2 +- tests/test_account.py | 10 +++---- tests/test_groups.py | 18 +++++-------- tests/test_invitation.py | 28 ++++++++----------- tests/test_profile.py | 31 +++++++--------------- 13 files changed, 63 insertions(+), 96 deletions(-) diff --git a/tests/oidc/conftest.py b/tests/oidc/conftest.py index 4382a6a0..7f5e5d38 100644 --- a/tests/oidc/conftest.py +++ b/tests/oidc/conftest.py @@ -9,7 +9,7 @@ from werkzeug.security import gen_salt @pytest.fixture -def client(app, slapd_connection, other_client): +def client(app, other_client): c = Client( client_id=gen_salt(24), name="Some client", @@ -43,7 +43,7 @@ def client(app, slapd_connection, other_client): @pytest.fixture -def other_client(app, slapd_connection): +def other_client(app): c = Client( client_id=gen_salt(24), name="Some other client", @@ -77,7 +77,7 @@ def other_client(app, slapd_connection): @pytest.fixture -def authorization(app, slapd_connection, user, client): +def authorization(app, user, client): a = AuthorizationCode( authorization_code_id=gen_salt(48), code="my-code", @@ -98,7 +98,7 @@ def authorization(app, slapd_connection, user, client): @pytest.fixture -def token(slapd_connection, client, user): +def token(client, user): t = Token( token_id=gen_salt(48), access_token=gen_salt(48), @@ -116,7 +116,7 @@ def token(slapd_connection, client, user): @pytest.fixture -def consent(slapd_connection, client, user): +def consent(client, user): t = Consent( client=client.dn, subject=user.dn, @@ -128,7 +128,7 @@ def consent(slapd_connection, client, user): @pytest.fixture(autouse=True) -def cleanup_consents(slapd_connection): +def cleanup_consents(): yield for consent in Consent.all(): consent.delete() diff --git a/tests/oidc/test_authorization_code_flow.py b/tests/oidc/test_authorization_code_flow.py index f5105408..a7331ffb 100644 --- a/tests/oidc/test_authorization_code_flow.py +++ b/tests/oidc/test_authorization_code_flow.py @@ -13,7 +13,7 @@ from . import client_credentials def test_authorization_code_flow( - testclient, slapd_connection, logged_user, client, keypair, other_client + testclient, logged_user, client, keypair, other_client ): res = testclient.get( "/oauth/authorize", @@ -71,7 +71,7 @@ def test_authorization_code_flow( def test_authorization_code_flow_preconsented( - testclient, slapd_connection, logged_user, client, keypair, other_client + testclient, logged_user, client, keypair, other_client ): client.preconsent = True client.save() @@ -129,7 +129,7 @@ def test_authorization_code_flow_preconsented( } == res.json -def test_logout_login(testclient, slapd_connection, logged_user, client): +def test_logout_login(testclient, logged_user, client): res = testclient.get( "/oauth/authorize", params=dict( @@ -192,7 +192,7 @@ def test_logout_login(testclient, slapd_connection, logged_user, client): } == res.json -def test_refresh_token(testclient, slapd_connection, user, client): +def test_refresh_token(testclient, user, client): with freezegun.freeze_time("2020-01-01 01:00:00"): res = testclient.get( "/oauth/authorize", @@ -266,7 +266,7 @@ def test_refresh_token(testclient, slapd_connection, user, client): } == res.json -def test_code_challenge(testclient, slapd_connection, logged_user, client): +def test_code_challenge(testclient, logged_user, client): client.token_endpoint_auth_method = "none" client.save() @@ -329,7 +329,7 @@ def test_code_challenge(testclient, slapd_connection, logged_user, client): def test_authorization_code_flow_when_consent_already_given( - testclient, slapd_connection, logged_user, client + testclient, logged_user, client ): assert not Consent.all() @@ -384,7 +384,7 @@ def test_authorization_code_flow_when_consent_already_given( def test_authorization_code_flow_when_consent_already_given_but_for_a_smaller_scope( - testclient, slapd_connection, logged_user, client + testclient, logged_user, client ): assert not Consent.all() @@ -449,7 +449,7 @@ def test_authorization_code_flow_when_consent_already_given_but_for_a_smaller_sc def test_authorization_code_flow_but_user_cannot_use_oidc( - testclient, slapd_connection, user, client, keypair, other_client + testclient, user, client, keypair, other_client ): testclient.app.config["ACL"]["DEFAULT"]["PERMISSIONS"] = [] @@ -472,7 +472,7 @@ def test_authorization_code_flow_but_user_cannot_use_oidc( res = res.follow(status=400) -def test_prompt_none(testclient, slapd_connection, logged_user, client): +def test_prompt_none(testclient, logged_user, client): consent = Consent( client=client.dn, subject=logged_user.dn, @@ -496,7 +496,7 @@ def test_prompt_none(testclient, slapd_connection, logged_user, client): assert "code" in params -def test_prompt_not_logged(testclient, slapd_connection, user, client): +def test_prompt_not_logged(testclient, user, client): consent = Consent( client=client.dn, subject=user.dn, @@ -518,7 +518,7 @@ def test_prompt_not_logged(testclient, slapd_connection, user, client): assert "login_required" == res.json.get("error") -def test_prompt_no_consent(testclient, slapd_connection, logged_user, client): +def test_prompt_no_consent(testclient, logged_user, client): res = testclient.get( "/oauth/authorize", params=dict( @@ -533,9 +533,7 @@ def test_prompt_no_consent(testclient, slapd_connection, logged_user, client): assert "consent_required" == res.json.get("error") -def test_nonce_required_in_oidc_requests( - testclient, slapd_connection, logged_user, client -): +def test_nonce_required_in_oidc_requests(testclient, logged_user, client): res = testclient.get( "/oauth/authorize", params=dict( @@ -549,9 +547,7 @@ def test_nonce_required_in_oidc_requests( assert res.json.get("error") == "invalid_request" -def test_nonce_not_required_in_oauth_requests( - testclient, slapd_connection, logged_user, client -): +def test_nonce_not_required_in_oauth_requests(testclient, logged_user, client): testclient.app.config["REQUIRE_NONCE"] = False res = testclient.get( diff --git a/tests/oidc/test_bad_flows.py b/tests/oidc/test_bad_flows.py index e0e79e9c..087b8cf9 100644 --- a/tests/oidc/test_bad_flows.py +++ b/tests/oidc/test_bad_flows.py @@ -1,4 +1,4 @@ -def test_incomplete_requests(testclient, slapd_connection, logged_user, client): +def test_incomplete_requests(testclient, logged_user, client): testclient.get( "/oauth/authorize", params=dict( @@ -8,7 +8,7 @@ def test_incomplete_requests(testclient, slapd_connection, logged_user, client): ) -def test_bad_client(testclient, slapd_connection, logged_user, client): +def test_bad_client(testclient, logged_user, client): testclient.get( "/oauth/authorize", params=dict( diff --git a/tests/oidc/test_client_admin.py b/tests/oidc/test_client_admin.py index bee97f9e..5baaa4bd 100644 --- a/tests/oidc/test_client_admin.py +++ b/tests/oidc/test_client_admin.py @@ -18,7 +18,7 @@ def test_client_list(testclient, client, logged_admin): assert client.name in res.text -def test_client_add(testclient, logged_admin, slapd_connection): +def test_client_add(testclient, logged_admin): res = testclient.get("/admin/client/add") data = { "name": "foobar", @@ -58,7 +58,7 @@ def test_client_add(testclient, logged_admin, slapd_connection): assert v == client_value -def test_client_edit(testclient, client, logged_admin, slapd_connection, other_client): +def test_client_edit(testclient, client, logged_admin, other_client): res = testclient.get("/admin/client/edit/" + client.client_id) data = { "name": "foobar", diff --git a/tests/oidc/test_consent.py b/tests/oidc/test_consent.py index 99240234..786359e6 100644 --- a/tests/oidc/test_consent.py +++ b/tests/oidc/test_consent.py @@ -2,9 +2,7 @@ def test_no_logged_no_access(testclient): testclient.get("/consent", status=403) -def test_consent_list( - testclient, slapd_connection, client, consent, logged_user, token -): +def test_consent_list(testclient, client, consent, logged_user, token): res = testclient.get("/consent", status=200) assert client.name in res.text assert not token.revoked diff --git a/tests/oidc/test_implicit_flow.py b/tests/oidc/test_implicit_flow.py index 4d408bf6..80e6d6be 100644 --- a/tests/oidc/test_implicit_flow.py +++ b/tests/oidc/test_implicit_flow.py @@ -5,7 +5,7 @@ from authlib.jose import jwt from canaille.oidc.models import Token -def test_oauth_implicit(testclient, slapd_connection, user, client): +def test_oauth_implicit(testclient, user, client): client.grant_type = ["token"] client.token_endpoint_auth_method = "none" @@ -54,9 +54,7 @@ def test_oauth_implicit(testclient, slapd_connection, user, client): client.save() -def test_oidc_implicit( - testclient, keypair, slapd_connection, user, client, other_client -): +def test_oidc_implicit(testclient, keypair, user, client, other_client): client.grant_type = ["token id_token"] client.token_endpoint_auth_method = "none" @@ -114,7 +112,7 @@ def test_oidc_implicit( def test_oidc_implicit_with_group( - testclient, keypair, slapd_connection, user, client, foo_group, other_client + testclient, keypair, user, client, foo_group, other_client ): client.grant_type = ["token id_token"] client.token_endpoint_auth_method = "none" diff --git a/tests/oidc/test_password_flow.py b/tests/oidc/test_password_flow.py index 4ee03e6d..7626d893 100644 --- a/tests/oidc/test_password_flow.py +++ b/tests/oidc/test_password_flow.py @@ -3,7 +3,7 @@ from canaille.oidc.models import Token from . import client_credentials -def test_password_flow_basic(testclient, slapd_connection, user, client): +def test_password_flow_basic(testclient, user, client): res = testclient.post( "/oauth/token", params=dict( @@ -36,7 +36,7 @@ def test_password_flow_basic(testclient, slapd_connection, user, client): } == res.json -def test_password_flow_post(testclient, slapd_connection, user, client): +def test_password_flow_post(testclient, user, client): client.token_endpoint_auth_method = "client_secret_post" client.save() diff --git a/tests/oidc/test_token_introspection.py b/tests/oidc/test_token_introspection.py index 43f6938e..4e21d5e0 100644 --- a/tests/oidc/test_token_introspection.py +++ b/tests/oidc/test_token_introspection.py @@ -40,9 +40,7 @@ def test_token_invalid(testclient, client): assert {"active": False} == res.json -def test_full_flow( - testclient, slapd_connection, logged_user, client, user, other_client -): +def test_full_flow(testclient, logged_user, client, user, other_client): res = testclient.get( "/oauth/authorize", params=dict( diff --git a/tests/oidc/test_token_revocation.py b/tests/oidc/test_token_revocation.py index 4050f2ce..2d3cdca7 100644 --- a/tests/oidc/test_token_revocation.py +++ b/tests/oidc/test_token_revocation.py @@ -1,7 +1,7 @@ from . import client_credentials -def test_token_revocation(testclient, user, client, token, slapd_connection): +def test_token_revocation(testclient, user, client, token): assert not token.revokation_date res = testclient.post( diff --git a/tests/test_account.py b/tests/test_account.py index 96d8b9e4..e5f22f94 100644 --- a/tests/test_account.py +++ b/tests/test_account.py @@ -2,7 +2,7 @@ from canaille.ldap_backend.ldapobject import LDAPObject from canaille.models import User -def test_signin_and_out(testclient, slapd_connection, user): +def test_signin_and_out(testclient, user): with testclient.session_transaction() as session: assert not session.get("user_dn") @@ -34,7 +34,7 @@ def test_signin_and_out(testclient, slapd_connection, user): assert not session.get("user_dn") -def test_signin_wrong_password(testclient, slapd_connection, user): +def test_signin_wrong_password(testclient, user): with testclient.session_transaction() as session: assert not session.get("user_dn") @@ -48,7 +48,7 @@ def test_signin_wrong_password(testclient, slapd_connection, user): assert "Login failed, please check your information" in res.text -def test_signin_with_alternate_attribute(testclient, slapd_connection, user): +def test_signin_with_alternate_attribute(testclient, user): res = testclient.get("/login", status=200) res.form["login"] = "user" @@ -108,7 +108,7 @@ def test_user_deleted_in_session(testclient, slapd_connection): assert not session.get("user_dn") -def test_impersonate(testclient, slapd_connection, logged_admin, user): +def test_impersonate(testclient, logged_admin, user): res = testclient.get("/", status=302).follow(status=200) assert "admin" == res.form["uid"].value @@ -125,7 +125,7 @@ def test_impersonate(testclient, slapd_connection, logged_admin, user): assert "admin" == res.form["uid"].value -def test_wrong_login(testclient, slapd_connection, user): +def test_wrong_login(testclient, user): testclient.app.config["HIDE_INVALID_LOGINS"] = True res = testclient.get("/login", status=200) diff --git a/tests/test_groups.py b/tests/test_groups.py index d73794db..2b042f3c 100644 --- a/tests/test_groups.py +++ b/tests/test_groups.py @@ -6,7 +6,7 @@ def test_no_group(app, slapd_connection): assert Group.all() == [] -def test_set_groups(app, slapd_connection, user, foo_group, bar_group): +def test_set_groups(app, user, foo_group, bar_group): foo_dns = {m.dn for m in foo_group.get_members()} assert user.dn in foo_dns assert user.groups[0].dn == foo_group.dn @@ -30,9 +30,7 @@ def test_set_groups(app, slapd_connection, user, foo_group, bar_group): assert user.dn not in bar_dns -def test_set_groups_with_leading_space_in_user_id_attribute( - app, slapd_connection, foo_group -): +def test_set_groups_with_leading_space_in_user_id_attribute(app, foo_group): user = User( objectClass=["inetOrgPerson"], cn=" Doe", # leading space in id attribute @@ -59,7 +57,7 @@ def test_set_groups_with_leading_space_in_user_id_attribute( def test_moderator_can_create_edit_and_delete_group( - testclient, slapd_connection, logged_moderator, foo_group + testclient, logged_moderator, foo_group ): # The group does not exist res = testclient.get("/groups", status=200) @@ -105,25 +103,21 @@ def test_moderator_can_create_edit_and_delete_group( assert "The group bar has been sucessfully deleted" in res.text -def test_cannot_create_already_existing_group( - testclient, slapd_connection, logged_moderator, foo_group -): +def test_cannot_create_already_existing_group(testclient, logged_moderator, foo_group): res = testclient.post("/groups/add", {"name": "foo"}, status=200) assert "Group creation failed." in res assert "The group 'foo' already exists" in res -def test_simple_user_cannot_view_or_edit_groups( - testclient, slapd_connection, logged_user, foo_group -): +def test_simple_user_cannot_view_or_edit_groups(testclient, logged_user, foo_group): testclient.get("/groups", status=403) testclient.get("/groups/add", status=403) testclient.get("/groups/foo", status=403) def test_get_members_filters_non_existent_user( - testclient, slapd_connection, logged_moderator, foo_group, user + testclient, logged_moderator, foo_group, user ): # an LDAP group can be inconsistent by containing members which doesn't exist non_existent_user_dn = user.dn.replace(user.name, "yolo") diff --git a/tests/test_invitation.py b/tests/test_invitation.py index 92789c7b..533236bf 100644 --- a/tests/test_invitation.py +++ b/tests/test_invitation.py @@ -5,7 +5,7 @@ from canaille.account import Invitation from canaille.models import User -def test_invitation(testclient, slapd_connection, logged_admin, foo_group, smtpd): +def test_invitation(testclient, logged_admin, foo_group, smtpd): assert User.get("someone") is None res = testclient.get("/invite", status=200) @@ -53,9 +53,7 @@ def test_invitation(testclient, slapd_connection, logged_admin, foo_group, smtpd res = testclient.get(url, status=302) -def test_invitation_editable_uid( - testclient, slapd_connection, logged_admin, foo_group, smtpd -): +def test_invitation_editable_uid(testclient, logged_admin, foo_group, smtpd): assert User.get("jackyjack") is None assert User.get("djorje") is None @@ -103,7 +101,7 @@ def test_invitation_editable_uid( del sess["user_dn"] -def test_generate_link(testclient, slapd_connection, logged_admin, foo_group, smtpd): +def test_generate_link(testclient, logged_admin, foo_group, smtpd): assert User.get("sometwo") is None res = testclient.get("/invite", status=200) @@ -147,7 +145,7 @@ def test_generate_link(testclient, slapd_connection, logged_admin, foo_group, sm res = testclient.get(url, status=302) -def test_invitation_login_already_taken(testclient, slapd_connection, logged_admin): +def test_invitation_login_already_taken(testclient, logged_admin): res = testclient.get("/invite", status=200) res.form["uid"] = logged_admin.uid @@ -158,7 +156,7 @@ def test_invitation_login_already_taken(testclient, slapd_connection, logged_adm assert "The email 'jane@doe.com' already exists" in res.text -def test_registration(testclient, slapd_connection, foo_group): +def test_registration(testclient, foo_group): invitation = Invitation( datetime.now().isoformat(), "someoneelse", @@ -172,7 +170,7 @@ def test_registration(testclient, slapd_connection, foo_group): testclient.get(f"/register/{b64}/{hash}", status=200) -def test_registration_invalid_hash(testclient, slapd_connection, foo_group): +def test_registration_invalid_hash(testclient, foo_group): now = datetime.now().isoformat() invitation = Invitation( now, "anything", False, "someone@mydomain.tld", [foo_group.dn] @@ -182,7 +180,7 @@ def test_registration_invalid_hash(testclient, slapd_connection, foo_group): testclient.get(f"/register/{b64}/invalid", status=302) -def test_registration_invalid_data(testclient, slapd_connection, foo_group): +def test_registration_invalid_data(testclient, foo_group): invitation = Invitation( datetime.now().isoformat(), "someoneelse", @@ -195,9 +193,7 @@ def test_registration_invalid_data(testclient, slapd_connection, foo_group): testclient.get(f"/register/invalid/{hash}", status=302) -def test_registration_more_than_48_hours_after_invitation( - testclient, slapd_connection, foo_group -): +def test_registration_more_than_48_hours_after_invitation(testclient, foo_group): two_days_ago = datetime.now() - timedelta(hours=48) invitation = Invitation( two_days_ago.isoformat(), @@ -212,7 +208,7 @@ def test_registration_more_than_48_hours_after_invitation( testclient.get(f"/register/{b64}/{hash}", status=302) -def test_registration_no_password(testclient, slapd_connection, foo_group): +def test_registration_no_password(testclient, foo_group): invitation = Invitation( datetime.now().isoformat(), "someoneelse", @@ -237,9 +233,7 @@ def test_registration_no_password(testclient, slapd_connection, foo_group): assert "user_dn" not in sess -def test_no_registration_if_logged_in( - testclient, slapd_connection, logged_user, foo_group -): +def test_no_registration_if_logged_in(testclient, logged_user, foo_group): invitation = Invitation( datetime.now().isoformat(), "someoneelse", @@ -271,7 +265,7 @@ def test_unavailable_if_no_smtp(testclient, logged_admin): def test_groups_are_saved_even_when_user_does_not_have_read_permission( - testclient, slapd_connection, foo_group + testclient, foo_group ): testclient.app.config["ACL"]["DEFAULT"]["READ"] = [ "uid" diff --git a/tests/test_profile.py b/tests/test_profile.py index 45487491..8427d61a 100644 --- a/tests/test_profile.py +++ b/tests/test_profile.py @@ -5,7 +5,6 @@ from webtest import Upload def test_edition_permission( testclient, slapd_server, - slapd_connection, logged_user, admin, foo_group, @@ -23,7 +22,6 @@ def test_edition_permission( def test_edition( testclient, slapd_server, - slapd_connection, logged_user, admin, foo_group, @@ -83,9 +81,7 @@ def test_edition( logged_user.save() -def test_field_permissions_none( - testclient, slapd_server, slapd_connection, logged_user -): +def test_field_permissions_none(testclient, slapd_server, logged_user): testclient.get("/profile/user", status=200) logged_user.telephoneNumber = ["555-666-777"] logged_user.save() @@ -106,9 +102,7 @@ def test_field_permissions_none( assert user.telephoneNumber == ["555-666-777"] -def test_field_permissions_read( - testclient, slapd_server, slapd_connection, logged_user -): +def test_field_permissions_read(testclient, slapd_server, logged_user): testclient.get("/profile/user", status=200) logged_user.telephoneNumber = ["555-666-777"] logged_user.save() @@ -128,9 +122,7 @@ def test_field_permissions_read( assert user.telephoneNumber == ["555-666-777"] -def test_field_permissions_write( - testclient, slapd_server, slapd_connection, logged_user -): +def test_field_permissions_write(testclient, slapd_server, logged_user): testclient.get("/profile/user", status=200) logged_user.telephoneNumber = ["555-666-777"] logged_user.save() @@ -158,7 +150,7 @@ def test_simple_user_cannot_edit_other(testclient, logged_user): testclient.get("/users", status=403) -def test_bad_email(testclient, slapd_connection, logged_user): +def test_bad_email(testclient, logged_user): res = testclient.get("/profile/user", status=200) res.form["mail"] = "john@doe.com" @@ -178,7 +170,7 @@ def test_bad_email(testclient, slapd_connection, logged_user): assert ["john@doe.com"] == logged_user.mail -def test_surname_is_mandatory(testclient, slapd_connection, logged_user): +def test_surname_is_mandatory(testclient, logged_user): res = testclient.get("/profile/user", status=200) logged_user.sn = ["Doe"] @@ -191,7 +183,7 @@ def test_surname_is_mandatory(testclient, slapd_connection, logged_user): assert ["Doe"] == logged_user.sn -def test_password_change(testclient, slapd_connection, logged_user): +def test_password_change(testclient, logged_user): res = testclient.get("/profile/user", status=200) res.form["password1"] = "new_password" @@ -212,7 +204,7 @@ def test_password_change(testclient, slapd_connection, logged_user): assert logged_user.check_password("correct horse battery staple") -def test_password_change_fail(testclient, slapd_connection, logged_user): +def test_password_change_fail(testclient, logged_user): res = testclient.get("/profile/user", status=200) res.form["password1"] = "new_password" @@ -238,7 +230,7 @@ def test_admin_bad_request(testclient, logged_moderator): def test_user_creation_edition_and_deletion( - testclient, slapd_connection, logged_moderator, foo_group, bar_group + testclient, logged_moderator, foo_group, bar_group ): # The user does not exist. res = testclient.get("/users", status=200) @@ -295,9 +287,7 @@ def test_user_creation_edition_and_deletion( assert "george" not in res.text -def test_cn_setting_with_given_name_and_surname( - testclient, slapd_connection, logged_moderator -): +def test_cn_setting_with_given_name_and_surname(testclient, logged_moderator): res = testclient.get("/profile", status=200) res.form["uid"] = "george" res.form["givenName"] = "George" @@ -310,7 +300,7 @@ def test_cn_setting_with_given_name_and_surname( assert george.cn[0] == "George Abitbol" -def test_cn_setting_with_surname_only(testclient, slapd_connection, logged_moderator): +def test_cn_setting_with_surname_only(testclient, logged_moderator): res = testclient.get("/profile", status=200) res.form["uid"] = "george" res.form["sn"] = "Abitbol" @@ -387,7 +377,6 @@ def test_email_reset_button(smtpd, testclient, slapd_connection, logged_admin): def test_photo_edition( testclient, slapd_server, - slapd_connection, logged_user, jpeg_photo, ):