globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

Avoid slapd_connection fixture in tests

Browse source
This commit is contained in:
Éloi Rivard 2022-05-19 12:36:39 +02:00
parent 11a750d238
commit 759c19d3a8
13 changed files with 63 additions and 96 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
tests/oidc/conftest.py
View file

@ -9,7 +9,7 @@ from werkzeug.security import gen_salt
@pytest.fixture
def client(app, slapd_connection, other_client):
def client(app, other_client):
c = Client(
client_id=gen_salt(24),
name="Some client",
@ -43,7 +43,7 @@ def client(app, slapd_connection, other_client):
@pytest.fixture
def other_client(app, slapd_connection):
def other_client(app):
c = Client(
client_id=gen_salt(24),
name="Some other client",
@ -77,7 +77,7 @@ def other_client(app, slapd_connection):
@pytest.fixture
def authorization(app, slapd_connection, user, client):
def authorization(app, user, client):
a = AuthorizationCode(
authorization_code_id=gen_salt(48),
code="my-code",
@ -98,7 +98,7 @@ def authorization(app, slapd_connection, user, client):
@pytest.fixture
def token(slapd_connection, client, user):
def token(client, user):
t = Token(
token_id=gen_salt(48),
access_token=gen_salt(48),
@ -116,7 +116,7 @@ def token(slapd_connection, client, user):
@pytest.fixture
def consent(slapd_connection, client, user):
def consent(client, user):
t = Consent(
client=client.dn,
subject=user.dn,
@ -128,7 +128,7 @@ def consent(slapd_connection, client, user):
@pytest.fixture(autouse=True)
def cleanup_consents(slapd_connection):
def cleanup_consents():
yield
for consent in Consent.all():
consent.delete()

30
tests/oidc/test_authorization_code_flow.py
View file

@ -13,7 +13,7 @@ from . import client_credentials
def test_authorization_code_flow(
testclient, slapd_connection, logged_user, client, keypair, other_client
testclient, logged_user, client, keypair, other_client
):
res = testclient.get(
"/oauth/authorize",
@ -71,7 +71,7 @@ def test_authorization_code_flow(
def test_authorization_code_flow_preconsented(
testclient, slapd_connection, logged_user, client, keypair, other_client
testclient, logged_user, client, keypair, other_client
):
client.preconsent = True
client.save()
@ -129,7 +129,7 @@ def test_authorization_code_flow_preconsented(
} == res.json
def test_logout_login(testclient, slapd_connection, logged_user, client):
def test_logout_login(testclient, logged_user, client):
res = testclient.get(
"/oauth/authorize",
params=dict(
@ -192,7 +192,7 @@ def test_logout_login(testclient, slapd_connection, logged_user, client):
} == res.json
def test_refresh_token(testclient, slapd_connection, user, client):
def test_refresh_token(testclient, user, client):
with freezegun.freeze_time("2020-01-01 01:00:00"):
res = testclient.get(
"/oauth/authorize",
@ -266,7 +266,7 @@ def test_refresh_token(testclient, slapd_connection, user, client):
} == res.json
def test_code_challenge(testclient, slapd_connection, logged_user, client):
def test_code_challenge(testclient, logged_user, client):
client.token_endpoint_auth_method = "none"
client.save()
@ -329,7 +329,7 @@ def test_code_challenge(testclient, slapd_connection, logged_user, client):
def test_authorization_code_flow_when_consent_already_given(
testclient, slapd_connection, logged_user, client
testclient, logged_user, client
):
assert not Consent.all()
@ -384,7 +384,7 @@ def test_authorization_code_flow_when_consent_already_given(
def test_authorization_code_flow_when_consent_already_given_but_for_a_smaller_scope(
testclient, slapd_connection, logged_user, client
testclient, logged_user, client
):
assert not Consent.all()
@ -449,7 +449,7 @@ def test_authorization_code_flow_when_consent_already_given_but_for_a_smaller_sc
def test_authorization_code_flow_but_user_cannot_use_oidc(
testclient, slapd_connection, user, client, keypair, other_client
testclient, user, client, keypair, other_client
):
testclient.app.config["ACL"]["DEFAULT"]["PERMISSIONS"] = []
@ -472,7 +472,7 @@ def test_authorization_code_flow_but_user_cannot_use_oidc(
res = res.follow(status=400)
def test_prompt_none(testclient, slapd_connection, logged_user, client):
def test_prompt_none(testclient, logged_user, client):
consent = Consent(
client=client.dn,
subject=logged_user.dn,
@ -496,7 +496,7 @@ def test_prompt_none(testclient, slapd_connection, logged_user, client):
assert "code" in params
def test_prompt_not_logged(testclient, slapd_connection, user, client):
def test_prompt_not_logged(testclient, user, client):
consent = Consent(
client=client.dn,
subject=user.dn,
@ -518,7 +518,7 @@ def test_prompt_not_logged(testclient, slapd_connection, user, client):
assert "login_required" == res.json.get("error")
def test_prompt_no_consent(testclient, slapd_connection, logged_user, client):
def test_prompt_no_consent(testclient, logged_user, client):
res = testclient.get(
"/oauth/authorize",
params=dict(
@ -533,9 +533,7 @@ def test_prompt_no_consent(testclient, slapd_connection, logged_user, client):
assert "consent_required" == res.json.get("error")
def test_nonce_required_in_oidc_requests(
testclient, slapd_connection, logged_user, client
):
def test_nonce_required_in_oidc_requests(testclient, logged_user, client):
res = testclient.get(
"/oauth/authorize",
params=dict(
@ -549,9 +547,7 @@ def test_nonce_required_in_oidc_requests(
assert res.json.get("error") == "invalid_request"
def test_nonce_not_required_in_oauth_requests(
testclient, slapd_connection, logged_user, client
):
def test_nonce_not_required_in_oauth_requests(testclient, logged_user, client):
testclient.app.config["REQUIRE_NONCE"] = False
res = testclient.get(

4
tests/oidc/test_bad_flows.py
View file

@ -1,4 +1,4 @@
def test_incomplete_requests(testclient, slapd_connection, logged_user, client):
def test_incomplete_requests(testclient, logged_user, client):
testclient.get(
"/oauth/authorize",
params=dict(
@ -8,7 +8,7 @@ def test_incomplete_requests(testclient, slapd_connection, logged_user, client):
)
def test_bad_client(testclient, slapd_connection, logged_user, client):
def test_bad_client(testclient, logged_user, client):
testclient.get(
"/oauth/authorize",
params=dict(

4
tests/oidc/test_client_admin.py
View file

@ -18,7 +18,7 @@ def test_client_list(testclient, client, logged_admin):
assert client.name in res.text
def test_client_add(testclient, logged_admin, slapd_connection):
def test_client_add(testclient, logged_admin):
res = testclient.get("/admin/client/add")
data = {
"name": "foobar",
@ -58,7 +58,7 @@ def test_client_add(testclient, logged_admin, slapd_connection):
assert v == client_value
def test_client_edit(testclient, client, logged_admin, slapd_connection, other_client):
def test_client_edit(testclient, client, logged_admin, other_client):
res = testclient.get("/admin/client/edit/" + client.client_id)
data = {
"name": "foobar",

4
tests/oidc/test_consent.py
View file

@ -2,9 +2,7 @@ def test_no_logged_no_access(testclient):
testclient.get("/consent", status=403)
def test_consent_list(
testclient, slapd_connection, client, consent, logged_user, token
):
def test_consent_list(testclient, client, consent, logged_user, token):
res = testclient.get("/consent", status=200)
assert client.name in res.text
assert not token.revoked

8
tests/oidc/test_implicit_flow.py
View file

@ -5,7 +5,7 @@ from authlib.jose import jwt
from canaille.oidc.models import Token
def test_oauth_implicit(testclient, slapd_connection, user, client):
def test_oauth_implicit(testclient, user, client):
client.grant_type = ["token"]
client.token_endpoint_auth_method = "none"
@ -54,9 +54,7 @@ def test_oauth_implicit(testclient, slapd_connection, user, client):
client.save()
def test_oidc_implicit(
testclient, keypair, slapd_connection, user, client, other_client
):
def test_oidc_implicit(testclient, keypair, user, client, other_client):
client.grant_type = ["token id_token"]
client.token_endpoint_auth_method = "none"
@ -114,7 +112,7 @@ def test_oidc_implicit(
def test_oidc_implicit_with_group(
testclient, keypair, slapd_connection, user, client, foo_group, other_client
testclient, keypair, user, client, foo_group, other_client
):
client.grant_type = ["token id_token"]
client.token_endpoint_auth_method = "none"

4
tests/oidc/test_password_flow.py
View file

@ -3,7 +3,7 @@ from canaille.oidc.models import Token
from . import client_credentials
def test_password_flow_basic(testclient, slapd_connection, user, client):
def test_password_flow_basic(testclient, user, client):
res = testclient.post(
"/oauth/token",
params=dict(
@ -36,7 +36,7 @@ def test_password_flow_basic(testclient, slapd_connection, user, client):
} == res.json
def test_password_flow_post(testclient, slapd_connection, user, client):
def test_password_flow_post(testclient, user, client):
client.token_endpoint_auth_method = "client_secret_post"
client.save()

4
tests/oidc/test_token_introspection.py
View file

@ -40,9 +40,7 @@ def test_token_invalid(testclient, client):
assert {"active": False} == res.json
def test_full_flow(
testclient, slapd_connection, logged_user, client, user, other_client
):
def test_full_flow(testclient, logged_user, client, user, other_client):
res = testclient.get(
"/oauth/authorize",
params=dict(

2
tests/oidc/test_token_revocation.py
View file

@ -1,7 +1,7 @@
from . import client_credentials
def test_token_revocation(testclient, user, client, token, slapd_connection):
def test_token_revocation(testclient, user, client, token):
assert not token.revokation_date
res = testclient.post(

10
tests/test_account.py
View file

@ -2,7 +2,7 @@ from canaille.ldap_backend.ldapobject import LDAPObject
from canaille.models import User
def test_signin_and_out(testclient, slapd_connection, user):
def test_signin_and_out(testclient, user):
with testclient.session_transaction() as session:
assert not session.get("user_dn")
@ -34,7 +34,7 @@ def test_signin_and_out(testclient, slapd_connection, user):
assert not session.get("user_dn")
def test_signin_wrong_password(testclient, slapd_connection, user):
def test_signin_wrong_password(testclient, user):
with testclient.session_transaction() as session:
assert not session.get("user_dn")
@ -48,7 +48,7 @@ def test_signin_wrong_password(testclient, slapd_connection, user):
assert "Login failed, please check your information" in res.text
def test_signin_with_alternate_attribute(testclient, slapd_connection, user):
def test_signin_with_alternate_attribute(testclient, user):
res = testclient.get("/login", status=200)
res.form["login"] = "user"
@ -108,7 +108,7 @@ def test_user_deleted_in_session(testclient, slapd_connection):
assert not session.get("user_dn")
def test_impersonate(testclient, slapd_connection, logged_admin, user):
def test_impersonate(testclient, logged_admin, user):
res = testclient.get("/", status=302).follow(status=200)
assert "admin" == res.form["uid"].value
@ -125,7 +125,7 @@ def test_impersonate(testclient, slapd_connection, logged_admin, user):
assert "admin" == res.form["uid"].value
def test_wrong_login(testclient, slapd_connection, user):
def test_wrong_login(testclient, user):
testclient.app.config["HIDE_INVALID_LOGINS"] = True
res = testclient.get("/login", status=200)

18
tests/test_groups.py
View file

@ -6,7 +6,7 @@ def test_no_group(app, slapd_connection):
assert Group.all() == []
def test_set_groups(app, slapd_connection, user, foo_group, bar_group):
def test_set_groups(app, user, foo_group, bar_group):
foo_dns = {m.dn for m in foo_group.get_members()}
assert user.dn in foo_dns
assert user.groups[0].dn == foo_group.dn
@ -30,9 +30,7 @@ def test_set_groups(app, slapd_connection, user, foo_group, bar_group):
assert user.dn not in bar_dns
def test_set_groups_with_leading_space_in_user_id_attribute(
app, slapd_connection, foo_group
):
def test_set_groups_with_leading_space_in_user_id_attribute(app, foo_group):
user = User(
objectClass=["inetOrgPerson"],
cn=" Doe", # leading space in id attribute
@ -59,7 +57,7 @@ def test_set_groups_with_leading_space_in_user_id_attribute(
def test_moderator_can_create_edit_and_delete_group(
testclient, slapd_connection, logged_moderator, foo_group
testclient, logged_moderator, foo_group
):
# The group does not exist
res = testclient.get("/groups", status=200)
@ -105,25 +103,21 @@ def test_moderator_can_create_edit_and_delete_group(
assert "The group bar has been sucessfully deleted" in res.text
def test_cannot_create_already_existing_group(
testclient, slapd_connection, logged_moderator, foo_group
):
def test_cannot_create_already_existing_group(testclient, logged_moderator, foo_group):
res = testclient.post("/groups/add", {"name": "foo"}, status=200)
assert "Group creation failed." in res
assert "The group 'foo' already exists" in res
def test_simple_user_cannot_view_or_edit_groups(
testclient, slapd_connection, logged_user, foo_group
):
def test_simple_user_cannot_view_or_edit_groups(testclient, logged_user, foo_group):
testclient.get("/groups", status=403)
testclient.get("/groups/add", status=403)
testclient.get("/groups/foo", status=403)
def test_get_members_filters_non_existent_user(
testclient, slapd_connection, logged_moderator, foo_group, user
testclient, logged_moderator, foo_group, user
):
# an LDAP group can be inconsistent by containing members which doesn't exist
non_existent_user_dn = user.dn.replace(user.name, "yolo")

28
tests/test_invitation.py
View file

@ -5,7 +5,7 @@ from canaille.account import Invitation
from canaille.models import User
def test_invitation(testclient, slapd_connection, logged_admin, foo_group, smtpd):
def test_invitation(testclient, logged_admin, foo_group, smtpd):
assert User.get("someone") is None
res = testclient.get("/invite", status=200)
@ -53,9 +53,7 @@ def test_invitation(testclient, slapd_connection, logged_admin, foo_group, smtpd
res = testclient.get(url, status=302)
def test_invitation_editable_uid(
testclient, slapd_connection, logged_admin, foo_group, smtpd
):
def test_invitation_editable_uid(testclient, logged_admin, foo_group, smtpd):
assert User.get("jackyjack") is None
assert User.get("djorje") is None
@ -103,7 +101,7 @@ def test_invitation_editable_uid(
del sess["user_dn"]
def test_generate_link(testclient, slapd_connection, logged_admin, foo_group, smtpd):
def test_generate_link(testclient, logged_admin, foo_group, smtpd):
assert User.get("sometwo") is None
res = testclient.get("/invite", status=200)
@ -147,7 +145,7 @@ def test_generate_link(testclient, slapd_connection, logged_admin, foo_group, sm
res = testclient.get(url, status=302)
def test_invitation_login_already_taken(testclient, slapd_connection, logged_admin):
def test_invitation_login_already_taken(testclient, logged_admin):
res = testclient.get("/invite", status=200)
res.form["uid"] = logged_admin.uid
@ -158,7 +156,7 @@ def test_invitation_login_already_taken(testclient, slapd_connection, logged_adm
assert "The email 'jane@doe.com' already exists" in res.text
def test_registration(testclient, slapd_connection, foo_group):
def test_registration(testclient, foo_group):
invitation = Invitation(
datetime.now().isoformat(),
"someoneelse",
@ -172,7 +170,7 @@ def test_registration(testclient, slapd_connection, foo_group):
testclient.get(f"/register/{b64}/{hash}", status=200)
def test_registration_invalid_hash(testclient, slapd_connection, foo_group):
def test_registration_invalid_hash(testclient, foo_group):
now = datetime.now().isoformat()
invitation = Invitation(
now, "anything", False, "someone@mydomain.tld", [foo_group.dn]
@ -182,7 +180,7 @@ def test_registration_invalid_hash(testclient, slapd_connection, foo_group):
testclient.get(f"/register/{b64}/invalid", status=302)
def test_registration_invalid_data(testclient, slapd_connection, foo_group):
def test_registration_invalid_data(testclient, foo_group):
invitation = Invitation(
datetime.now().isoformat(),
"someoneelse",
@ -195,9 +193,7 @@ def test_registration_invalid_data(testclient, slapd_connection, foo_group):
testclient.get(f"/register/invalid/{hash}", status=302)
def test_registration_more_than_48_hours_after_invitation(
testclient, slapd_connection, foo_group
):
def test_registration_more_than_48_hours_after_invitation(testclient, foo_group):
two_days_ago = datetime.now() - timedelta(hours=48)
invitation = Invitation(
two_days_ago.isoformat(),
@ -212,7 +208,7 @@ def test_registration_more_than_48_hours_after_invitation(
testclient.get(f"/register/{b64}/{hash}", status=302)
def test_registration_no_password(testclient, slapd_connection, foo_group):
def test_registration_no_password(testclient, foo_group):
invitation = Invitation(
datetime.now().isoformat(),
"someoneelse",
@ -237,9 +233,7 @@ def test_registration_no_password(testclient, slapd_connection, foo_group):
assert "user_dn" not in sess
def test_no_registration_if_logged_in(
testclient, slapd_connection, logged_user, foo_group
):
def test_no_registration_if_logged_in(testclient, logged_user, foo_group):
invitation = Invitation(
datetime.now().isoformat(),
"someoneelse",
@ -271,7 +265,7 @@ def test_unavailable_if_no_smtp(testclient, logged_admin):
def test_groups_are_saved_even_when_user_does_not_have_read_permission(
testclient, slapd_connection, foo_group
testclient, foo_group
):
testclient.app.config["ACL"]["DEFAULT"]["READ"] = [
"uid"

31
tests/test_profile.py
View file

@ -5,7 +5,6 @@ from webtest import Upload
def test_edition_permission(
testclient,
slapd_server,
slapd_connection,
logged_user,
admin,
foo_group,
@ -23,7 +22,6 @@ def test_edition_permission(
def test_edition(
testclient,
slapd_server,
slapd_connection,
logged_user,
admin,
foo_group,
@ -83,9 +81,7 @@ def test_edition(
logged_user.save()
def test_field_permissions_none(
testclient, slapd_server, slapd_connection, logged_user
):
def test_field_permissions_none(testclient, slapd_server, logged_user):
testclient.get("/profile/user", status=200)
logged_user.telephoneNumber = ["555-666-777"]
logged_user.save()
@ -106,9 +102,7 @@ def test_field_permissions_none(
assert user.telephoneNumber == ["555-666-777"]
def test_field_permissions_read(
testclient, slapd_server, slapd_connection, logged_user
):
def test_field_permissions_read(testclient, slapd_server, logged_user):
testclient.get("/profile/user", status=200)
logged_user.telephoneNumber = ["555-666-777"]
logged_user.save()
@ -128,9 +122,7 @@ def test_field_permissions_read(
assert user.telephoneNumber == ["555-666-777"]
def test_field_permissions_write(
testclient, slapd_server, slapd_connection, logged_user
):
def test_field_permissions_write(testclient, slapd_server, logged_user):
testclient.get("/profile/user", status=200)
logged_user.telephoneNumber = ["555-666-777"]
logged_user.save()
@ -158,7 +150,7 @@ def test_simple_user_cannot_edit_other(testclient, logged_user):
testclient.get("/users", status=403)
def test_bad_email(testclient, slapd_connection, logged_user):
def test_bad_email(testclient, logged_user):
res = testclient.get("/profile/user", status=200)
res.form["mail"] = "john@doe.com"
@ -178,7 +170,7 @@ def test_bad_email(testclient, slapd_connection, logged_user):
assert ["john@doe.com"] == logged_user.mail
def test_surname_is_mandatory(testclient, slapd_connection, logged_user):
def test_surname_is_mandatory(testclient, logged_user):
res = testclient.get("/profile/user", status=200)
logged_user.sn = ["Doe"]
@ -191,7 +183,7 @@ def test_surname_is_mandatory(testclient, slapd_connection, logged_user):
assert ["Doe"] == logged_user.sn
def test_password_change(testclient, slapd_connection, logged_user):
def test_password_change(testclient, logged_user):
res = testclient.get("/profile/user", status=200)
res.form["password1"] = "new_password"
@ -212,7 +204,7 @@ def test_password_change(testclient, slapd_connection, logged_user):
assert logged_user.check_password("correct horse battery staple")
def test_password_change_fail(testclient, slapd_connection, logged_user):
def test_password_change_fail(testclient, logged_user):
res = testclient.get("/profile/user", status=200)
res.form["password1"] = "new_password"
@ -238,7 +230,7 @@ def test_admin_bad_request(testclient, logged_moderator):
def test_user_creation_edition_and_deletion(
testclient, slapd_connection, logged_moderator, foo_group, bar_group
testclient, logged_moderator, foo_group, bar_group
):
# The user does not exist.
res = testclient.get("/users", status=200)
@ -295,9 +287,7 @@ def test_user_creation_edition_and_deletion(
assert "george" not in res.text
def test_cn_setting_with_given_name_and_surname(
testclient, slapd_connection, logged_moderator
):
def test_cn_setting_with_given_name_and_surname(testclient, logged_moderator):
res = testclient.get("/profile", status=200)
res.form["uid"] = "george"
res.form["givenName"] = "George"
@ -310,7 +300,7 @@ def test_cn_setting_with_given_name_and_surname(
assert george.cn[0] == "George Abitbol"
def test_cn_setting_with_surname_only(testclient, slapd_connection, logged_moderator):
def test_cn_setting_with_surname_only(testclient, logged_moderator):
res = testclient.get("/profile", status=200)
res.form["uid"] = "george"
res.form["sn"] = "Abitbol"
@ -387,7 +377,6 @@ def test_email_reset_button(smtpd, testclient, slapd_connection, logged_admin):
def test_photo_edition(
testclient,
slapd_server,
slapd_connection,
logged_user,
jpeg_photo,
):