Password flow unit test

2020-08-19 09:09:22 +02:00 · 2020-08-19 09:09:22 +02:00 · ff8bd12aaf
commit ff8bd12aaf
parent 531c34a689
5 changed files with 44 additions and 5 deletions
--- a/requirements.txt
+++ b/requirements.txt
@ -4,6 +4,5 @@ flask-babel
 flask-wtf
 python-ldap
 pytest
-pytest-flask
 toml
 pdbpp
--- a/setup.cfg
+++ b/setup.cfg
@ -7,5 +7,5 @@ skipsdist=True

 [testenv]
 install_command = pip install {packages}
-commands = {envbindir}/pytest --showlocals {posargs}
+commands = {envbindir}/pytest --showlocals --full-trace {posargs}
 deps = --requirement requirements.txt
--- a/tests/conftest.py
+++ b/tests/conftest.py
@ -66,6 +66,8 @@ def slapd_connection(slapd_server):

@pytest.fixture
 def app(slapd_server, slapd_connection):
+    os.environ["AUTHLIB_INSECURE_TRANSPORT"] = "true"
+
    LDAPObjectHelper.root_dn = slapd_server.suffix
    Client.initialize(slapd_connection)
    User.initialize(slapd_connection)
@ -75,6 +77,7 @@ def app(slapd_server, slapd_connection):
    app = create_app(
        {
            "LDAP": {
+                "ROOT_DN": slapd_server.suffix,
                "URI": slapd_server.ldap_uri,
                "BIND_DN": slapd_server.root_dn,
                "BIND_PW": slapd_server.root_pw,
@ -84,6 +87,14 @@ def app(slapd_server, slapd_connection):
    return app


+@pytest.fixture
+def testclient(app):
+    app.config["TESTING"] = True
+
+    with app.test_client() as client:
+        yield client
+
+
@pytest.fixture
 def client(app, slapd_connection):
    c = Client(
--- a/tests/test_password_flow.py
+++ b/tests/test_password_flow.py
@ -1,2 +1,31 @@
-def test_foobar(slapd_connection, user, client):
-    assert True
+import base64
+
+
+def test_success(testclient, user, client):
+    client_credentials = base64.b64encode(
+        client.oauthClientID.encode("utf-8")
+        + b":"
+        + client.oauthClientSecret.encode("utf-8")
+    ).decode("utf-8")
+
+    res = testclient.post(
+        "/oauth/token",
+        data=dict(
+            grant_type="password",
+            username=user.name,
+            password="valid",
+            scope="profile",
+        ),
+        headers={"Authorization": f"Basic {client_credentials}"},
+    )
+    assert 200 == res.status_code
+
+    assert res.json["scope"] == ["openid", "profile"]
+    assert res.json["token_type"] == "Bearer"
+    access_token = res.json["access_token"]
+
+    res = testclient.get(
+        "/api/me", headers={"Authorization": f"Bearer {access_token}"}
+    )
+    assert 200 == res.status_code
+    assert {"foo": "bar"} == res.json
--- a/web/oauth2utils.py
+++ b/web/oauth2utils.py
@ -141,7 +141,7 @@ def save_token(token, request):
        oauthClientID=request.client.oauthClientID[0],
    )
    if "refresh_token" in token:
-        t.oauthRefreshToken = (token["refresh_token"],)
+        t.oauthRefreshToken = token["refresh_token"]
    t.save()