11 |
11 |
import utils
|
12 |
12 |
|
13 |
13 |
from django.core.urlresolvers import reverse
|
|
14 |
from django.db import connection
|
|
15 |
from django.db.migrations.executor import MigrationExecutor
|
14 |
16 |
from django.utils.timezone import now
|
15 |
17 |
from django.contrib.auth import get_user_model
|
16 |
18 |
|
|
19 |
|
17 |
20 |
User = get_user_model()
|
18 |
21 |
|
19 |
22 |
from authentic2_idp_oidc.models import OIDCClient, OIDCAuthorization, OIDCCode, OIDCAccessToken, OIDCClaim
|
... | ... | |
235 |
238 |
else:
|
236 |
239 |
assert claims['acr'] == '1'
|
237 |
240 |
assert claims['sub'] == make_sub(oidc_client, simple_user)
|
238 |
|
assert claims['preferred_username'] == simple_user.username
|
|
241 |
assert claims['preferred_username'] == ''
|
239 |
242 |
assert claims['given_name'] == simple_user.first_name
|
240 |
243 |
assert claims['family_name'] == simple_user.last_name
|
241 |
244 |
assert claims['email'] == simple_user.email
|
... | ... | |
244 |
247 |
user_info_url = make_url('oidc-user-info')
|
245 |
248 |
response = app.get(user_info_url, headers=bearer_authentication_headers(access_token))
|
246 |
249 |
assert response.json['sub'] == make_sub(oidc_client, simple_user)
|
247 |
|
assert response.json['preferred_username'] == simple_user.username
|
|
250 |
assert response.json['preferred_username'] == ''
|
248 |
251 |
assert response.json['given_name'] == simple_user.first_name
|
249 |
252 |
assert response.json['family_name'] == simple_user.last_name
|
250 |
253 |
assert response.json['email'] == simple_user.email
|
... | ... | |
856 |
859 |
|
857 |
860 |
|
858 |
861 |
def test_oidclient_claims_data_migration():
|
859 |
|
from django.db import connection
|
860 |
|
from django.db.migrations.executor import MigrationExecutor
|
861 |
|
|
862 |
862 |
executor = MigrationExecutor(connection)
|
863 |
863 |
app = 'authentic2_idp_oidc'
|
864 |
864 |
migrate_from = [(app, '0009_auto_20180313_1156')]
|
... | ... | |
877 |
877 |
assert OIDCClaim.objects.filter(client=client.id).count() == 5
|
878 |
878 |
|
879 |
879 |
|
|
880 |
def test_oidclient_preferred_username_as_identifier_data_migration():
|
|
881 |
executor = MigrationExecutor(connection)
|
|
882 |
app = 'authentic2_idp_oidc'
|
|
883 |
migrate_from = [(app, '0010_oidcclaim')]
|
|
884 |
migrate_to = [(app, '0011_auto_20180808_1546')]
|
|
885 |
executor.migrate(migrate_from)
|
|
886 |
executor.loader.build_graph()
|
|
887 |
old_apps = executor.loader.project_state(migrate_from).apps
|
|
888 |
OIDCClient = old_apps.get_model('authentic2_idp_oidc', 'OIDCClient')
|
|
889 |
OIDCClaim = old_apps.get_model('authentic2_idp_oidc', 'OIDCClaim')
|
|
890 |
client1 = OIDCClient.objects.create(name='test', slug='test', redirect_uris='https://example.net/')
|
|
891 |
client2 = OIDCClient.objects.create(name='test1', slug='test1', redirect_uris='https://example.net/')
|
|
892 |
client3 = OIDCClient.objects.create(name='test2', slug='test2', redirect_uris='https://example.net/')
|
|
893 |
client4 = OIDCClient.objects.create(name='test3', slug='test3', redirect_uris='https://example.net/')
|
|
894 |
for client in (client1, client2, client3, client4):
|
|
895 |
if client.name == 'test1':
|
|
896 |
continue
|
|
897 |
if client.name == 'test3':
|
|
898 |
OIDCClaim.objects.create(client=client, name='preferred_username', value='django_user_full_name', scopes='profile')
|
|
899 |
else:
|
|
900 |
OIDCClaim.objects.create(client=client, name='preferred_username', value='django_user_username', scopes='profile')
|
|
901 |
OIDCClaim.objects.create(client=client, name='given_name', value='django_user_first_name', scopes='profile')
|
|
902 |
OIDCClaim.objects.create(client=client, name='family_name', value='django_user_last_name', scopes='profile')
|
|
903 |
if client.name == 'test2':
|
|
904 |
continue
|
|
905 |
OIDCClaim.objects.create(client=client, name='email', value='django_user_email', scopes='email')
|
|
906 |
OIDCClaim.objects.create(client=client, name='email_verified', value='django_user_email_verified', scopes='email')
|
|
907 |
executor.migrate(migrate_to)
|
|
908 |
executor.loader.build_graph()
|
|
909 |
client = OIDCClient.objects.first()
|
|
910 |
for client in OIDCClient.objects.all():
|
|
911 |
claims = client.oidcclaim_set.all()
|
|
912 |
if client.name == 'test':
|
|
913 |
assert claims.count() == 5
|
|
914 |
assert sorted(claims.values_list('name', flat=True)) == [u'email', u'email_verified', u'family_name', u'given_name', u'preferred_username']
|
|
915 |
assert sorted(claims.values_list('value', flat=True)) == [u'django_user_email', u'django_user_email_verified', u'django_user_first_name', u'django_user_identifier', u'django_user_last_name']
|
|
916 |
elif client.name == 'test2':
|
|
917 |
assert claims.count() == 3
|
|
918 |
assert sorted(claims.values_list('name', flat=True)) == [u'family_name', u'given_name', u'preferred_username']
|
|
919 |
assert sorted(claims.values_list('value', flat=True)) == [u'django_user_first_name', u'django_user_last_name', u'django_user_username']
|
|
920 |
elif client.name == 'test3':
|
|
921 |
assert claims.count() == 5
|
|
922 |
assert sorted(claims.values_list('name', flat=True)) == [u'email', u'email_verified', u'family_name', u'given_name', u'preferred_username']
|
|
923 |
assert sorted(claims.values_list('value', flat=True)) == [u'django_user_email', u'django_user_email_verified', u'django_user_first_name', u'django_user_full_name', u'django_user_last_name']
|
|
924 |
else:
|
|
925 |
assert claims.count() == 0
|
|
926 |
|
|
927 |
|
880 |
928 |
def test_api_synchronization(app, oidc_client):
|
881 |
929 |
oidc_client.has_api_access = True
|
882 |
930 |
oidc_client.save()
|
883 |
|
-
|