0006-idp_oidc-test-templated-claims-37884.patch

Paul Marillonnet, 20 février 2020 16:53

Voir les différences: en ligne côte à côte

Subject: [PATCH 6/6] idp_oidc: test templated claims (#37884)

 tests/test_idp_oidc.py | 74 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)

         assert 'family_name' not in user_info
     def test_claim_templated(oidc_settings, normal_oidc_client, simple_user, app):
         oidc_settings.A2_IDP_OIDC_SCOPES = ['openid', 'profile', 'email']
         OIDCClaim.objects.filter(
                 client=normal_oidc_client, name='given_name').delete()
         OIDCClaim.objects.filter(
                 client=normal_oidc_client, name='family_name').delete()
         claim1 = OIDCClaim.objects.create(
                 client=normal_oidc_client,
                 name='given_name',
                 value='{{ django_user_first_name|add:"ounet" }}',
                 is_templated=True,
                 scopes='profile')
         claim2 = OIDCClaim.objects.create(
                 client=normal_oidc_client,
                 name='family_name',
                 value='{{ "Von der "|add:django_user_last_name }}',
                 is_templated=True,
                 scopes='profile')
         normal_oidc_client.authorization_flow = normal_oidc_client.FLOW_AUTHORIZATION_CODE
         normal_oidc_client.authorization_mode = normal_oidc_client.AUTHORIZATION_MODE_NONE
         normal_oidc_client.save()
         utils.login(app, simple_user)
         oidc_client = normal_oidc_client
         redirect_uri = oidc_client.redirect_uris.split()[0]
         params = {
             'client_id': oidc_client.client_id,
             'scope': 'openid email profile',
             'redirect_uri': redirect_uri,
             'state': 'xxx',
             'nonce': 'yyy',
             'response_type': 'code',
+        }
         def sso():
             authorize_url = make_url('oidc-authorize', params=params)
             response = app.get(authorize_url)
             location = urlparse.urlparse(response['Location'])
             query = urlparse.parse_qs(location.query)
             code = query['code'][0]
             token_url = make_url('oidc-token')
             response = app.post(token_url, params={
                 'grant_type': 'authorization_code',
                 'code': code,
                 'redirect_uri': oidc_client.redirect_uris.split()[0],
             }, headers=client_authentication_headers(oidc_client))
             access_token = response.json['access_token']
             id_token = response.json['id_token']
             key = JWK(kty='oct', k=base64.b64encode(oidc_client.client_secret.encode('utf-8')))
             jwt = JWT(jwt=id_token, key=key)
             claims = json.loads(jwt.claims)
             user_info_url = make_url('oidc-user-info')
             response = app.get(user_info_url, headers=bearer_authentication_headers(access_token))
             return claims, response.json
         claims, user_info = sso()
         assert claims['given_name'].endswith('ounet')
         assert claims['given_name'].startswith(simple_user.first_name)
         assert claims['family_name'].startswith('Von der')
         assert claims['family_name'].endswith(simple_user.last_name)
         assert user_info['given_name'].endswith('ounet')
         assert user_info['given_name'].startswith(simple_user.first_name)
         assert user_info['family_name'].startswith('Von der')
         assert user_info['family_name'].endswith(simple_user.last_name)
     def test_client_is_valid_redirect_uri():
         client = OIDCClient(redirect_uris='''http://example.com
     http://example2.com/
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0006-idp_oidc-test-templated-claims-37884.patch