forked from Github-Mirrors/canaille
236 lines
7.9 KiB
Python
236 lines
7.9 KiB
Python
import datetime
|
|
|
|
from canaille.oidc.models import AuthorizationCode
|
|
from canaille.oidc.models import Client
|
|
from canaille.oidc.models import Consent
|
|
from canaille.oidc.models import Token
|
|
from werkzeug.security import gen_salt
|
|
|
|
|
|
def test_no_logged_no_access(testclient):
|
|
testclient.get("/admin/client", status=403)
|
|
|
|
|
|
def test_no_admin_no_access(testclient, logged_user):
|
|
testclient.get("/admin/client", status=403)
|
|
|
|
|
|
def test_invalid_client_edition(testclient, logged_admin):
|
|
testclient.get("/admin/client/edit/invalid", status=404)
|
|
|
|
|
|
def test_client_list(testclient, client, logged_admin):
|
|
res = testclient.get("/admin/client")
|
|
assert client.client_name in res.text
|
|
|
|
|
|
def test_client_list_pagination(testclient, logged_admin, client, other_client):
|
|
res = testclient.get("/admin/client")
|
|
assert "2 items" in res
|
|
clients = []
|
|
for _ in range(25):
|
|
client = Client(client_id=gen_salt(48), client_name=gen_salt(48))
|
|
client.save()
|
|
clients.append(client)
|
|
|
|
res = testclient.get("/admin/client")
|
|
assert "27 items" in res, res.text
|
|
client_name = res.pyquery(
|
|
".clients tbody tr:nth-of-type(1) td:nth-of-type(2) a"
|
|
).text()
|
|
assert client_name
|
|
|
|
form = res.forms["next"]
|
|
form["page"] = 2
|
|
res = form.submit()
|
|
assert client_name not in res.pyquery(
|
|
".clients tbody tr td:nth-of-type(2) a"
|
|
).text().split(" ")
|
|
for client in clients:
|
|
client.delete()
|
|
|
|
res = testclient.get("/admin/client")
|
|
assert "2 items" in res
|
|
|
|
|
|
def test_client_list_bad_pages(testclient, logged_admin):
|
|
res = testclient.get("/admin/client")
|
|
form = res.forms["next"]
|
|
testclient.post(
|
|
"/admin/client", {"csrf_token": form["csrf_token"], "page": "2"}, status=404
|
|
)
|
|
|
|
res = testclient.get("/admin/client")
|
|
form = res.forms["next"]
|
|
testclient.post(
|
|
"/admin/client", {"csrf_token": form["csrf_token"], "page": "-1"}, status=404
|
|
)
|
|
|
|
|
|
def test_client_list_search(testclient, logged_admin, client, other_client):
|
|
res = testclient.get("/admin/client")
|
|
assert "2 items" in res
|
|
assert client.client_name in res
|
|
assert other_client.client_name in res
|
|
|
|
form = res.forms["search"]
|
|
form["query"] = "other"
|
|
res = form.submit()
|
|
|
|
assert "1 items" in res
|
|
assert other_client.client_name in res
|
|
assert client.client_name not in res
|
|
|
|
|
|
def test_client_add(testclient, logged_admin):
|
|
res = testclient.get("/admin/client/add")
|
|
data = {
|
|
"client_name": "foobar",
|
|
"contacts": "foo@bar.com",
|
|
"client_uri": "https://foo.bar",
|
|
"redirect_uris": ["https:/foo.bar/callback"],
|
|
"grant_types": ["password", "authorization_code"],
|
|
"scope": "openid profile",
|
|
"response_types": ["code", "token"],
|
|
"token_endpoint_auth_method": "none",
|
|
"logo_uri": "https://foo.bar/logo.png",
|
|
"tos_uri": "https://foo.bar/tos",
|
|
"policy_uri": "https://foo.bar/policy",
|
|
"software_id": "software",
|
|
"software_version": "1",
|
|
"jwk": "jwk",
|
|
"jwks_uri": "https://foo.bar/jwks.json",
|
|
"audience": [],
|
|
"preconsent": False,
|
|
"post_logout_redirect_uris": ["https://foo.bar/disconnected"],
|
|
}
|
|
for k, v in data.items():
|
|
res.form[k].force_value(v)
|
|
|
|
res = res.form.submit(status=302, name="action", value="edit")
|
|
res = res.follow(status=200)
|
|
|
|
client_id = res.forms["readonly"]["client_id"].value
|
|
client = Client.get(client_id)
|
|
data["audience"] = [client]
|
|
for k, v in data.items():
|
|
client_value = getattr(client, k)
|
|
if k == "scope":
|
|
assert v == " ".join(client_value)
|
|
elif k == "preconsent":
|
|
assert v is False
|
|
elif k == "contacts":
|
|
assert [v] == client_value
|
|
else:
|
|
assert v == client_value
|
|
client.delete()
|
|
|
|
|
|
def test_add_missing_fields(testclient, logged_admin):
|
|
res = testclient.get("/admin/client/add")
|
|
res = res.form.submit(status=200, name="action", value="edit")
|
|
assert "The client has not been added. Please check your information." in res
|
|
|
|
|
|
def test_client_edit(testclient, client, logged_admin, other_client):
|
|
res = testclient.get("/admin/client/edit/" + client.client_id)
|
|
data = {
|
|
"client_name": "foobar",
|
|
"contacts": "foo@bar.com",
|
|
"client_uri": "https://foo.bar",
|
|
"redirect_uris": ["https:/foo.bar/callback"],
|
|
"grant_types": ["password", "authorization_code"],
|
|
"scope": "openid profile",
|
|
"response_types": ["code", "token"],
|
|
"token_endpoint_auth_method": "none",
|
|
"logo_uri": "https://foo.bar/logo.png",
|
|
"tos_uri": "https://foo.bar/tos",
|
|
"policy_uri": "https://foo.bar/policy",
|
|
"software_id": "software",
|
|
"software_version": "1",
|
|
"jwk": "jwk",
|
|
"jwks_uri": "https://foo.bar/jwks.json",
|
|
"audience": [client.dn, other_client.dn],
|
|
"preconsent": True,
|
|
"post_logout_redirect_uris": ["https://foo.bar/disconnected"],
|
|
}
|
|
for k, v in data.items():
|
|
res.forms["clientadd"][k].force_value(v)
|
|
res = res.forms["clientadd"].submit(status=302, name="action", value="edit")
|
|
|
|
assert (
|
|
"error",
|
|
"The client has not been edited. Please check your information.",
|
|
) not in res.flashes
|
|
assert ("success", "The client has been edited.") in res.flashes
|
|
|
|
client = Client.get(client.dn)
|
|
data["audience"] = [client, other_client]
|
|
for k, v in data.items():
|
|
client_value = getattr(client, k)
|
|
if k == "scope":
|
|
assert v == " ".join(client_value)
|
|
elif k == "preconsent":
|
|
assert v is True
|
|
elif k == "contacts":
|
|
assert [v] == client_value
|
|
else:
|
|
assert v == client_value
|
|
|
|
|
|
def test_client_edit_missing_fields(testclient, client, logged_admin, other_client):
|
|
res = testclient.get("/admin/client/edit/" + client.client_id)
|
|
res.forms["clientadd"]["client_name"] = ""
|
|
res = res.forms["clientadd"].submit(name="action", value="edit")
|
|
assert "The client has not been edited. Please check your information." in res
|
|
client.reload()
|
|
assert client.client_name
|
|
|
|
|
|
def test_client_delete(testclient, logged_admin):
|
|
client = Client(client_id="client_id")
|
|
client.save()
|
|
token = Token(
|
|
token_id="id", client=client, issue_datetime=datetime.datetime.utcnow()
|
|
)
|
|
token.save()
|
|
consent = Consent(cn="cn", subject=logged_admin, client=client, scope="openid")
|
|
consent.save()
|
|
code = AuthorizationCode(authorization_code_id="id", client=client, subject=client)
|
|
|
|
res = testclient.get("/admin/client/edit/" + client.client_id)
|
|
res = res.forms["clientadd"].submit(name="action", value="delete").follow()
|
|
|
|
assert not Client.get()
|
|
assert not Token.get()
|
|
assert not AuthorizationCode.get()
|
|
assert not Consent.get()
|
|
|
|
|
|
def test_client_delete_invalid_client(testclient, logged_admin):
|
|
testclient.post("/admin/client/edit/invalid", {"action": "delete"}, status=404)
|
|
|
|
|
|
def test_invalid_request(testclient, logged_admin, client):
|
|
res = testclient.get("/admin/client/edit/" + client.client_id)
|
|
res = res.forms["clientadd"].submit(name="action", value="invalid", status=400)
|
|
|
|
|
|
def test_client_edit_preauth(testclient, client, logged_admin, other_client):
|
|
assert not client.preconsent
|
|
|
|
res = testclient.get("/admin/client/edit/" + client.client_id)
|
|
res.forms["clientadd"]["preconsent"] = True
|
|
res = res.forms["clientadd"].submit(name="action", value="edit")
|
|
|
|
assert ("success", "The client has been edited.") in res.flashes
|
|
client = Client.get(client.dn)
|
|
assert client.preconsent
|
|
|
|
res = testclient.get("/admin/client/edit/" + client.client_id)
|
|
res.forms["clientadd"]["preconsent"] = False
|
|
res = res.forms["clientadd"].submit(name="action", value="edit")
|
|
|
|
assert ("success", "The client has been edited.") in res.flashes
|
|
client = Client.get(client.dn)
|
|
assert not client.preconsent
|