22 |
22 |
|
23 |
23 |
from django.urls import reverse
|
24 |
24 |
|
|
25 |
from authentic2.a2_rbac.utils import get_default_ou
|
25 |
26 |
from authentic2.models import Attribute
|
|
27 |
from authentic2_idp_oidc.models import OIDCClient
|
26 |
28 |
|
27 |
29 |
from . import utils
|
28 |
30 |
|
... | ... | |
194 |
196 |
assert len(response.pyquery('input[type="text"][name="edit-profile-title@disabled"][readonly]')) == 1
|
195 |
197 |
|
196 |
198 |
|
197 |
|
def test_acount_view(app, simple_user, settings):
|
|
199 |
def test_account_view(app, simple_user, settings):
|
198 |
200 |
utils.login(app, simple_user)
|
199 |
201 |
url = reverse('account_management')
|
|
202 |
# no oidc client defined -> no authorization management
|
|
203 |
response = app.get(url, status=200)
|
|
204 |
assert [x['href'] for x in response.html.find('div', {'id': 'a2-profile'}).find_all('a')] == [
|
|
205 |
reverse('email-change'),
|
|
206 |
reverse('profile_edit'),
|
|
207 |
reverse('delete_account')
|
|
208 |
]
|
|
209 |
|
|
210 |
# oidc client defined -> authorization management
|
|
211 |
client = OIDCClient.objects.create(
|
|
212 |
name='client',
|
|
213 |
slug='client',
|
|
214 |
ou=get_default_ou(),
|
|
215 |
redirect_uris='https://example.com/')
|
200 |
216 |
response = app.get(url, status=200)
|
201 |
217 |
assert [x['href'] for x in response.html.find('div', {'id': 'a2-profile'}).find_all('a')] == [
|
202 |
218 |
reverse('email-change'),
|
... | ... | |
205 |
221 |
reverse('delete_account')
|
206 |
222 |
]
|
207 |
223 |
|
|
224 |
# oidc client defined but no authorization mode -> no authorization management
|
|
225 |
client.authorization_mode = OIDCClient.AUTHORIZATION_MODE_NONE
|
|
226 |
client.save()
|
|
227 |
response = app.get(url, status=200)
|
|
228 |
assert [x['href'] for x in response.html.find('div', {'id': 'a2-profile'}).find_all('a')] == [
|
|
229 |
reverse('email-change'),
|
|
230 |
reverse('profile_edit'),
|
|
231 |
reverse('delete_account')
|
|
232 |
]
|
|
233 |
|
|
234 |
# restore authorization mode
|
|
235 |
client.authorization_mode = OIDCClient.AUTHORIZATION_MODE_BY_SERVICE
|
|
236 |
client.save()
|
|
237 |
|
|
238 |
# disabled authentic2_idp_oidc app -> no authorization management
|
208 |
239 |
settings.INSTALLED_APPS = tuple(x for x in settings.INSTALLED_APPS if x != 'authentic2_idp_oidc')
|
209 |
240 |
url = reverse('account_management')
|
210 |
241 |
response = app.get(url, status=200)
|
... | ... | |
215 |
246 |
]
|
216 |
247 |
settings.INSTALLED_APPS += ('authentic2_idp_oidc',)
|
217 |
248 |
|
|
249 |
# more disabled options -> less actions
|
218 |
250 |
settings.A2_PROFILE_CAN_CHANGE_EMAIL = False
|
219 |
251 |
settings.A2_PROFILE_CAN_MANAGE_SERVICE_AUTHORIZATIONS = False
|
220 |
252 |
settings.A2_REGISTRATION_CAN_DELETE_ACCOUNT = False
|
221 |
|
-
|