globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

tests: backport tests from sqlachemy branch

Browse source
This commit is contained in:
Éloi Rivard 2023-11-24 12:10:17 +01:00
parent ac149a2120
commit e6cf6ad7bd
No known key found for this signature in database
GPG key ID: 7EDA204EA57DD184
12 changed files with 44 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
tests/app/test_forms.py
View file

@ -189,6 +189,7 @@ def test_datetime_utc_field_invalid_timezone(testclient):
def test_fieldlist_add_readonly(testclient, logged_user, configuration):
configuration["ACL"]["DEFAULT"]["WRITE"].remove("phone_numbers")
configuration["ACL"]["DEFAULT"]["READ"].append("phone_numbers")
logged_user.reload()
res = testclient.get("/profile/user")
form = res.forms["baseform"]
@ -207,6 +208,8 @@ def test_fieldlist_add_readonly(testclient, logged_user, configuration):
def test_fieldlist_remove_readonly(testclient, logged_user, configuration):
configuration["ACL"]["DEFAULT"]["WRITE"].remove("phone_numbers")
configuration["ACL"]["DEFAULT"]["READ"].append("phone_numbers")
logged_user.reload()
logged_user.phone_numbers = ["555-555-000", "555-555-111"]
logged_user.save()

2
tests/backends/test_models.py
View file

@ -141,9 +141,7 @@ def test_model_indexation(testclient, backend):
user.emails = ["email2@user.com"]
assert models.User.get(family_name="family_name") != user
assert not models.User.get(family_name="new_family_name")
assert models.User.get(emails=["email1@user.com"]) != user
assert models.User.get(emails=["email2@user.com"]) != user
assert not models.User.get(emails=["email3@user.com"])
user.save()

4
tests/core/test_account.py
View file

@ -331,6 +331,9 @@ def test_user_self_deletion(testclient, backend):
"edit_self",
"delete_account",
]
# Simulate an app restart
user.reload()
res = testclient.get("/profile/temp/settings")
res.mustcontain("Delete my account")
res = res.form.submit(name="action", value="confirm-delete")
@ -354,6 +357,7 @@ def test_account_locking(user, backend):
assert user.check_password("correct horse battery staple") == (True, None)
user.lock_date = datetime.datetime.now(datetime.timezone.utc)
assert user.locked
user.save()
assert user.locked
assert models.User.get(id=user.id).locked

2
tests/core/test_forgotten_password.py
View file

@ -80,6 +80,7 @@ def test_password_forgotten_invalid(smtpd, testclient, user):
def test_password_forgotten_invalid_when_user_cannot_self_edit(smtpd, testclient, user):
testclient.app.config["ACL"]["DEFAULT"]["PERMISSIONS"] = []
user.reload()
testclient.app.config["HIDE_INVALID_LOGINS"] = False
res = testclient.get("/reset", status=200)
@ -96,6 +97,7 @@ def test_password_forgotten_invalid_when_user_cannot_self_edit(smtpd, testclient
) in res.flashes
testclient.app.config["HIDE_INVALID_LOGINS"] = True
user.reload()
res = testclient.get("/reset", status=200)
res.form["login"] = "user"

3
tests/core/test_groups.py
View file

@ -95,7 +95,7 @@ def test_set_groups(app, user, foo_group, bar_group):
bar_group.reload()
assert user in bar_group.members
assert user.groups[1] == bar_group
assert bar_group in user.groups
user.groups = [foo_group]
user.save()
@ -240,6 +240,7 @@ def test_user_list_pagination(testclient, logged_admin, foo_group):
foo_group.members = foo_group.members + [user]
foo_group.save()
assert len(foo_group.members) == 26
res = testclient.get("/groups/foo")
res.mustcontain("26 items")
user_name = res.pyquery(".users tbody tr:nth-of-type(1) td:nth-of-type(2) a").text()

9
tests/core/test_permissions.py
View file

@ -14,3 +14,12 @@ def test_group_permissions_by_display_name(testclient, user, foo_group):
user.reload()
assert user.can_manage_users
def test_invalid_group_permission(testclient, user, foo_group):
assert not user.can_manage_users
testclient.app.config["ACL"]["ADMIN"]["FILTER"] = {"groups": "invalid"}
user.reload()
assert not user.can_manage_users

3
tests/core/test_profile_edition.py
View file

@ -103,6 +103,7 @@ def test_edition_permission(
admin,
):
testclient.app.config["ACL"]["DEFAULT"]["PERMISSIONS"] = []
logged_user.reload()
testclient.get("/profile/user", status=404)
testclient.app.config["ACL"]["DEFAULT"]["PERMISSIONS"] = ["edit_self"]
@ -389,6 +390,8 @@ def test_inline_validation_keep_indicators(
configuration["ACL"]["DEFAULT"]["WRITE"].remove("display_name")
configuration["ACL"]["DEFAULT"]["READ"].append("display_name")
configuration["ACL"]["ADMIN"]["WRITE"].append("display_name")
logged_admin.reload()
user.reload()
res = testclient.get("/profile/admin")
form = res.forms["baseform"]

1
tests/core/test_profile_settings.py
View file

@ -298,6 +298,7 @@ def test_edition_permission(
admin,
):
testclient.app.config["ACL"]["DEFAULT"]["PERMISSIONS"] = []
logged_user.reload()
testclient.get("/profile/user/settings", status=404)
testclient.app.config["ACL"]["DEFAULT"]["PERMISSIONS"] = ["edit_self"]

5
tests/oidc/conftest.py
View file

@ -45,7 +45,7 @@ def client(testclient, other_client, backend):
c = models.Client(
client_id=gen_salt(24),
client_name="Some client",
contacts="contact@mydomain.tld",
contacts=["contact@mydomain.tld"],
client_uri="https://mydomain.tld",
redirect_uris=[
"https://mydomain.tld/redirect1",
@ -81,7 +81,7 @@ def other_client(testclient, backend):
c = models.Client(
client_id=gen_salt(24),
client_name="Some other client",
contacts="contact@myotherdomain.tld",
contacts=["contact@myotherdomain.tld"],
client_uri="https://myotherdomain.tld",
redirect_uris=[
"https://myotherdomain.tld/redirect1",
@ -141,7 +141,6 @@ def token(testclient, client, user, backend):
audience=[client],
client=client,
subject=user,
token_type=None,
refresh_token=gen_salt(48),
scope=["openid", "profile"],
issue_date=datetime.datetime.now(datetime.timezone.utc),

1
tests/oidc/test_authorization_code_flow.py
View file

@ -588,6 +588,7 @@ def test_authorization_code_flow_but_user_cannot_use_oidc(
testclient, user, client, keypair, other_client
):
testclient.app.config["ACL"]["DEFAULT"]["PERMISSIONS"] = []
user.reload()
res = testclient.get(
"/oauth/authorize",

10
tests/oidc/test_client_admin.py
View file

@ -219,14 +219,18 @@ def test_client_delete(testclient, logged_admin):
token = models.Token(
token_id="id",
client=client,
issue_datetime=datetime.datetime.now(datetime.timezone.utc),
subject=logged_admin,
issue_date=datetime.datetime.now(datetime.timezone.utc),
)
token.save()
consent = models.Consent(
consent_id="consent_id", subject=logged_admin, client=client, scope="openid"
consent_id="consent_id", subject=logged_admin, client=client, scope=["openid"]
)
consent.save()
models.AuthorizationCode(authorization_code_id="id", client=client, subject=client)
authorization_code = models.AuthorizationCode(
authorization_code_id="id", client=client, subject=logged_admin
)
authorization_code.save()
res = testclient.get("/admin/client/edit/" + client.client_id)
res = res.forms["clientaddform"].submit(name="action", value="confirm-delete")

22
tests/oidc/test_token_introspection.py
View file

@ -103,15 +103,13 @@ def test_full_flow(testclient, logged_user, client, user, other_client):
headers={"Authorization": f"Basic {client_credentials(client)}"},
status=200,
)
assert {
"aud": [client.client_id, other_client.client_id],
"active": True,
"client_id": client.client_id,
"token_type": token.type,
"username": user.formatted_name,
"scope": token.get_scope(),
"sub": user.user_name,
"iss": "https://auth.mydomain.tld",
"exp": token.get_expires_at(),
"iat": token.get_issued_at(),
} == res.json
assert set(res.json["aud"]) == {client.client_id, other_client.client_id}
assert res.json["active"]
assert res.json["client_id"] == client.client_id
assert res.json["token_type"] == token.type
assert res.json["username"] == user.formatted_name
assert res.json["scope"] == token.get_scope()
assert res.json["sub"] == user.user_name
assert res.json["iss"] == "https://auth.mydomain.tld"
assert res.json["exp"] == token.get_expires_at()
assert res.json["iat"] == token.get_issued_at()