Projet

Général

Profil

0001-profile_views-provide-a-more-general-message-in-oidc.patch

Paul Marillonnet, 25 août 2020 16:12

Télécharger (4,78 ko)

Voir les différences: 

Subject: [PATCH] profile_views: provide a more general message in oidc-authz
 page (#45651)


 .../accounts_authorized_oauth_services.html   |  8 ++---
 tests/test_idp_oidc.py                        | 33 +++++++++++++++----
 2 files changed, 29 insertions(+), 12 deletions(-)
src/authentic2/templates/authentic2/accounts_authorized_oauth_services.html
17 17 
  {% block oidc-authorized-oauth-services-top %}
18 18 
  <p class="authorized-oauth-services--top">
19 19 
    {% if authorized_oauth_services|length_is:0 %}
20 
    {% trans "You have not granted service access to your account profile data." %}
20 
    {% trans "You have not given any authorization to access your account profile data." %}
21 21 
    {% else %}
22 
    {% blocktrans count counter=authorized_oauth_services|length %}
23 
    You have granted one service access to your account profile data.
24 
    {% plural %}
25 
    You have granted {{ counter }} services access to your account profile data.
26 
    {% endblocktrans %}
22 
    {% trans "You have given authorizations to access your account profile data." %}
27 23 
    {% endif %}
28 24 
  </p>
29 25 
  {% endblock %}
tests/test_idp_oidc.py
45 45 
from authentic2.a2_rbac.utils import get_default_ou
46 46 
from authentic2.utils import make_url
47 47 
from authentic2_auth_oidc.utils import parse_timestamp
48 
from django_rbac.utils import get_ou_model
48 49 
from django_rbac.utils import get_role_model
49 50 

  		




  50
  51
  
    
User = get_user_model()

  		




  ......




  1615
  1616
  
    

  		




  1616
  1617
  
    

  		




  1617
  1618
  
    
def test_oidc_authorized_oauth_services_view(app, oidc_client, simple_user):

  		




  
  1619
  
    
    from django.contrib.contenttypes.models import ContentType

  		




  
  1620
  
    

  		




  1618
  1621
  
    
    url = make_url('authorized-oauth-services')

  		




  1619
  1622
  
    
    response = app.get(url, status=302)

  		




  1620
  1623
  
    
    assert '/login/' in response.location

  		




  1621
  1624
  
    

  		




  1622
  1625
  
    
    utils.login(app, simple_user)

  		




  1623
  1626
  
    
    response = app.get(url, status=200)

  		




  1624
  
  
    
    assert "You have not granted service access to your account profile data." in response.text

  		




  
  1627
  
    
    assert "You have not given any authorization to access your account profile data." in response.text

  		




  1625
  1628
  
    

  		




  
  1629
  
    
    # create an ou authz

  		




  
  1630
  
    
    OU = get_ou_model()

  		




  
  1631
  
    
    ou1 = OU.objects.create(name='Orgunit1', slug='orgunit1')

  		




  
  1632
  
    
    OIDCAuthorization.objects.create(

  		




  
  1633
  
    
        client=ou1, user=simple_user, scopes='openid profile email',

  		




  
  1634
  
    
        expired=now() + datetime.timedelta(days=2))

  		




  
  1635
  
    
    # create service authzs

  		




  1626
  1636
  
    
    OIDCAuthorization.objects.create(

  		




  1627
  1637
  
    
        client=oidc_client, user=simple_user, scopes='openid',

  		




  1628
  1638
  
    
        expired=now() + datetime.timedelta(days=2))

  		




  ......




  1634
  1644
  
    
        expired=now() + datetime.timedelta(days=2))

  		




  1635
  1645
  
    

  		




  1636
  1646
  
    
    response = app.get(url, status=200)

  		




  1637
  
  
    
    assert "You have granted 3 services access to your account profile data."

  		




  
  1647
  
    
    assert "You have given authorizations to access your account profile data." in response.text

  		




  1638
  1648
  
    
    assert len(response.html.find_all(

  		




  1639
  
  
    
        'button', {'class': 'authorized-oauth-services--revoke-button'})) == 3

  		




  
  1649
  
    
        'button', {'class': 'authorized-oauth-services--revoke-button'})) == 4

  		




  1640
  1650
  
    

  		




  1641
  
  
    
    # revoke two

  		




  1642
  
  
    
    response = response.forms[0].submit()

  		




  
  1651
  
    
    # revoke two service authz

  		




  
  1652
  
    
    response = response.forms[1].submit()

  		




  
  1653
  
    
    response = response.follow()

  		




  
  1654
  
    
    assert len(response.html.find_all(

  		




  
  1655
  
    
        'button', {'class': 'authorized-oauth-services--revoke-button'})) == 3

  		




  
  1656
  
    
    assert OIDCAuthorization.objects.filter(

  		




  
  1657
  
    
        client_ct=ContentType.objects.get_for_model(OIDCClient)).count() == 2

  		




  
  1658
  
    
    response = response.forms[1].submit()

  		




  1643
  1659
  
    
    response = response.follow()

  		




  1644
  1660
  
    
    assert len(response.html.find_all(

  		




  1645
  1661
  
    
        'button', {'class': 'authorized-oauth-services--revoke-button'})) == 2

  		




  
  1662
  
    
    assert OIDCAuthorization.objects.filter(

  		




  
  1663
  
    
        client_ct=ContentType.objects.get_for_model(OIDCClient)).count() == 1

  		




  
  1664
  
    

  		




  
  1665
  
    
    # revoke the only OU authz

  		




  1646
  1666
  
    
    response = response.forms[0].submit()

  		




  1647
  1667
  
    
    response = response.follow()

  		




  1648
  1668
  
    
    assert len(response.html.find_all(

  		




  1649
  1669
  
    
        'button', {'class': 'authorized-oauth-services--revoke-button'})) == 1

  		




  1650
  
  
    
    assert "You have granted one service access to your account profile data." in response.text

  		




  
  1670
  
    
    assert OIDCAuthorization.objects.filter(

  		




  
  1671
  
    
        client_ct=ContentType.objects.get_for_model(OU)).count() == 0

  		




  1651
  
  
    
-