162 |
162 |
with httmock.HTTMock(access_token_response, user_info_response):
|
163 |
163 |
response = app.get(callback + '?code=zzz&state=%s' % state, status=302)
|
164 |
164 |
assert User.objects.count() == 1
|
|
165 |
assert app.session['_auth_user_id']
|
|
166 |
|
|
167 |
|
|
168 |
def test_login_email_is_unique_and_already_linked(app, fc_settings, caplog):
|
|
169 |
callback = reverse('fc-login-or-link')
|
|
170 |
response = app.get(callback, status=302)
|
|
171 |
location = response['Location']
|
|
172 |
state = check_authorization_url(location)
|
|
173 |
|
|
174 |
EMAIL = 'john.doe@example.com'
|
|
175 |
SUB = '1234'
|
|
176 |
user = User.objects.create(email=EMAIL, first_name='John', last_name='Doe')
|
|
177 |
models.FcAccount.objects.create(user=user, sub='4567', token='xxx', user_info='{}')
|
|
178 |
|
|
179 |
@httmock.urlmatch(path=r'.*/token$')
|
|
180 |
def access_token_response(url, request):
|
|
181 |
parsed = {x: y[0] for x, y in urlparse.parse_qs(request.body).items()}
|
|
182 |
assert set(parsed.keys()) == set(['code', 'client_id', 'client_secret', 'redirect_uri',
|
|
183 |
'grant_type'])
|
|
184 |
assert parsed['code'] == 'zzz'
|
|
185 |
assert parsed['client_id'] == 'xxx'
|
|
186 |
assert parsed['client_secret'] == 'yyy'
|
|
187 |
assert parsed['grant_type'] == 'authorization_code'
|
|
188 |
assert callback in parsed['redirect_uri']
|
|
189 |
id_token = {
|
|
190 |
'sub': SUB,
|
|
191 |
'aud': 'xxx',
|
|
192 |
'nonce': state,
|
|
193 |
'exp': timestamp_from_datetime(now() + datetime.timedelta(seconds=1000)),
|
|
194 |
'iss': 'https://fcp.integ01.dev-franceconnect.fr/',
|
|
195 |
}
|
|
196 |
return json.dumps({
|
|
197 |
'access_token': 'uuu',
|
|
198 |
'id_token': hmac_jwt(id_token, 'yyy')
|
|
199 |
})
|
|
200 |
|
|
201 |
@httmock.urlmatch(path=r'.*userinfo$')
|
|
202 |
def user_info_response(url, request):
|
|
203 |
assert request.headers['Authorization'] == 'Bearer uuu'
|
|
204 |
return json.dumps({
|
|
205 |
'sub': '1234',
|
|
206 |
'family_name': u'Frédérique',
|
|
207 |
'given_name': u'Ÿuñe',
|
|
208 |
'email': EMAIL,
|
|
209 |
})
|
|
210 |
|
|
211 |
fc_settings.A2_EMAIL_IS_UNIQUE = True
|
|
212 |
with httmock.HTTMock(access_token_response, user_info_response):
|
|
213 |
response = app.get(callback + '?code=zzz&state=%s' % state, status=302)
|
|
214 |
assert 'is already used' in str(response)
|
|
215 |
assert User.objects.count() == 1
|
|
216 |
assert '_auth_user_id' not in app.session
|
165 |
|
-
|