Moved the OIDC configuration in the oidc test subdir conftest.py

canaille/configuration.py

@@ -23,12 +23,12 @@ def validate(config, validate_remote=False):
 
 
 def validate_keypair(config):
-    if not os.path.exists(config["JWT"]["PUBLIC_KEY"]):
+    if "JWT" in config and not os.path.exists(config["JWT"]["PUBLIC_KEY"]):
         raise ConfigurationException(
             f'Public key does not exist {config["JWT"]["PUBLIC_KEY"]}'
         )
 
-    if not os.path.exists(config["JWT"]["PRIVATE_KEY"]):
+    if "JWT" in config and not os.path.exists(config["JWT"]["PRIVATE_KEY"]):
         raise ConfigurationException(
             f'Private key does not exist {config["JWT"]["PRIVATE_KEY"]}'
         )

tests/conftest.py

@@ -9,9 +9,6 @@ from canaille.ldap_backend.backend import setup_ldap_models
 from canaille.ldap_backend.ldapobject import LDAPObject
 from canaille.models import Group
 from canaille.models import User
-from cryptography.hazmat.backends import default_backend as crypto_default_backend
-from cryptography.hazmat.primitives import serialization as crypto_serialization
-from cryptography.hazmat.primitives.asymmetric import rsa
 from flask import g
 from flask_webtest import TestApp
 from werkzeug.security import gen_salt
@@ -78,41 +75,9 @@ def slapd_connection(slapd_server, testclient):
     g.ldap.unbind_s()
 
 
-@pytest.fixture(scope="session")
-def keypair():
-    key = rsa.generate_private_key(
-        backend=crypto_default_backend(), public_exponent=65537, key_size=2048
-    )
-    private_key = key.private_bytes(
-        crypto_serialization.Encoding.PEM,
-        crypto_serialization.PrivateFormat.PKCS8,
-        crypto_serialization.NoEncryption(),
-    )
-    public_key = key.public_key().public_bytes(
-        crypto_serialization.Encoding.OpenSSH, crypto_serialization.PublicFormat.OpenSSH
-    )
-    return private_key, public_key
-
-
 @pytest.fixture
-def keypair_path(keypair, tmp_path):
+def configuration(slapd_server, smtpd):
-    private_key, public_key = keypair
-
-    private_key_path = os.path.join(tmp_path, "private.pem")
-    with open(private_key_path, "wb") as fd:
-        fd.write(private_key)
-
-    public_key_path = os.path.join(tmp_path, "public.pem")
-    with open(public_key_path, "wb") as fd:
-        fd.write(public_key)
-
-    return private_key_path, public_key_path
-
-
-@pytest.fixture
-def configuration(slapd_server, smtpd, keypair_path):
     smtpd.config.use_starttls = True
-    private_key_path, public_key_path = keypair_path
     conf = {
         "SECRET_KEY": gen_salt(24),
         "LOGO": "/static/img/canaille-head.png",
@@ -164,24 +129,6 @@ def configuration(slapd_server, smtpd, keypair_path):
                 ],
             },
         },
-        "JWT": {
-            "PUBLIC_KEY": public_key_path,
-            "PRIVATE_KEY": private_key_path,
-            "ISS": "https://auth.mydomain.tld",
-            "MAPPING": {
-                "SUB": "{{ user.uid[0] }}",
-                "NAME": "{{ user.cn[0] }}",
-                "PHONE_NUMBER": "{{ user.telephoneNumber[0] }}",
-                "EMAIL": "{{ user.mail[0] }}",
-                "GIVEN_NAME": "{{ user.givenName[0] }}",
-                "FAMILY_NAME": "{{ user.sn[0] }}",
-                "PREFERRED_USERNAME": "{{ user.displayName }}",
-                "LOCALE": "{{ user.preferredLanguage }}",
-                "PICTURE": "{% if user.jpegPhoto %}{{ url_for('account.photo', uid=user.uid[0], field='jpegPhoto', _external=True) }}{% endif %}",
-                "ADDRESS": "{{ user.postalAddress[0] }}",
-                "WEBSITE": "{{ user.labeledURI[0] }}",
-            },
-        },
         "SMTP": {
             "HOST": smtpd.hostname,
             "PORT": smtpd.port,

tests/oidc/conftest.py

@@ -1,4 +1,5 @@
 import datetime
+import os
 
 import pytest
 from authlib.oidc.core.grants.util import generate_id_token
@@ -8,9 +9,70 @@ from canaille.oidc.models import Consent
 from canaille.oidc.models import Token
 from canaille.oidc.oauth import generate_user_info
 from canaille.oidc.oauth import get_jwt_config
+from cryptography.hazmat.backends import default_backend as crypto_default_backend
+from cryptography.hazmat.primitives import serialization as crypto_serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
 from werkzeug.security import gen_salt
 
 
+@pytest.fixture(scope="session")
+def keypair():
+    key = rsa.generate_private_key(
+        backend=crypto_default_backend(), public_exponent=65537, key_size=2048
+    )
+    private_key = key.private_bytes(
+        crypto_serialization.Encoding.PEM,
+        crypto_serialization.PrivateFormat.PKCS8,
+        crypto_serialization.NoEncryption(),
+    )
+    public_key = key.public_key().public_bytes(
+        crypto_serialization.Encoding.OpenSSH, crypto_serialization.PublicFormat.OpenSSH
+    )
+    return private_key, public_key
+
+
+@pytest.fixture
+def keypair_path(keypair, tmp_path):
+    private_key, public_key = keypair
+
+    private_key_path = os.path.join(tmp_path, "private.pem")
+    with open(private_key_path, "wb") as fd:
+        fd.write(private_key)
+
+    public_key_path = os.path.join(tmp_path, "public.pem")
+    with open(public_key_path, "wb") as fd:
+        fd.write(public_key)
+
+    return private_key_path, public_key_path
+
+
+@pytest.fixture
+def configuration(configuration, keypair_path):
+    private_key_path, public_key_path = keypair_path
+    conf = {
+        **configuration,
+        "JWT": {
+            "PUBLIC_KEY": public_key_path,
+            "PRIVATE_KEY": private_key_path,
+            "ISS": "https://auth.mydomain.tld",
+            "MAPPING": {
+                "SUB": "{{ user.uid[0] }}",
+                "NAME": "{{ user.cn[0] }}",
+                "PHONE_NUMBER": "{{ user.telephoneNumber[0] }}",
+                "EMAIL": "{{ user.mail[0] }}",
+                "GIVEN_NAME": "{{ user.givenName[0] }}",
+                "FAMILY_NAME": "{{ user.sn[0] }}",
+                "PREFERRED_USERNAME": "{{ user.displayName }}",
+                "LOCALE": "{{ user.preferredLanguage }}",
+                "PICTURE": "{% if user.jpegPhoto %}{{ url_for('account.photo', uid=user.uid[0], field='jpegPhoto', _external=True) }}{% endif %}",
+                "ADDRESS": "{{ user.postalAddress[0] }}",
+                "WEBSITE": "{{ user.labeledURI[0] }}",
+            },
+        },
+    }
+    return conf
+
+
 @pytest.fixture
 def client(testclient, other_client, slapd_connection):
     c = Client(

tests/oidc/test_configuration.py

@@ -1,5 +1,8 @@
+import pytest
 import warnings
 
+from canaille.configuration import ConfigurationException
+from canaille.configuration import validate
 from canaille.oidc.oauth import get_issuer
 
 
@@ -17,3 +20,21 @@ def test_issuer(testclient):
         testclient.app.config["SERVER_NAME"] = None
         with testclient.app.test_request_context("/"):
             assert get_issuer() == "http://localhost/"
+
+
+def test_no_private_key(configuration):
+    configuration["JWT"]["PRIVATE_KEY"] = "invalid-path"
+    with pytest.raises(
+        ConfigurationException,
+        match=r"Private key does not exist",
+    ):
+        validate(configuration)
+
+
+def test_no_public_key(configuration):
+    configuration["JWT"]["PUBLIC_KEY"] = "invalid-path"
+    with pytest.raises(
+        ConfigurationException,
+        match=r"Public key does not exist",
+    ):
+        validate(configuration)

tests/test_configuration.py

@@ -13,24 +13,6 @@ def test_ldap_connection_no_remote(configuration):
     validate(configuration)
 
 
-def test_no_private_key(configuration):
-    configuration["JWT"]["PRIVATE_KEY"] = "invalid-path"
-    with pytest.raises(
-        ConfigurationException,
-        match=r"Private key does not exist",
-    ):
-        validate(configuration)
-
-
-def test_no_public_key(configuration):
-    configuration["JWT"]["PUBLIC_KEY"] = "invalid-path"
-    with pytest.raises(
-        ConfigurationException,
-        match=r"Public key does not exist",
-    ):
-        validate(configuration)
-
-
 def test_ldap_connection_remote(configuration):
     validate(configuration, validate_remote=True)