45 |
45 |
from authentic2.a2_rbac.utils import get_default_ou
|
46 |
46 |
from authentic2.utils import make_url
|
47 |
47 |
from authentic2_auth_oidc.utils import parse_timestamp
|
|
48 |
from django_rbac.utils import get_ou_model
|
48 |
49 |
from django_rbac.utils import get_role_model
|
49 |
50 |
|
50 |
51 |
User = get_user_model()
|
... | ... | |
1615 |
1616 |
|
1616 |
1617 |
|
1617 |
1618 |
def test_oidc_authorized_oauth_services_view(app, oidc_client, simple_user):
|
|
1619 |
from django.contrib.contenttypes.models import ContentType
|
|
1620 |
|
1618 |
1621 |
url = make_url('authorized-oauth-services')
|
1619 |
1622 |
response = app.get(url, status=302)
|
1620 |
1623 |
assert '/login/' in response.location
|
1621 |
1624 |
|
1622 |
1625 |
utils.login(app, simple_user)
|
1623 |
1626 |
response = app.get(url, status=200)
|
1624 |
|
assert "You have not granted service access to your account profile data." in response.text
|
|
1627 |
assert "You have not given any authorization to access your account profile data." in response.text
|
1625 |
1628 |
|
|
1629 |
# create an ou authz
|
|
1630 |
OU = get_ou_model()
|
|
1631 |
ou1 = OU.objects.create(name='Orgunit1', slug='orgunit1')
|
|
1632 |
OIDCAuthorization.objects.create(
|
|
1633 |
client=ou1, user=simple_user, scopes='openid profile email',
|
|
1634 |
expired=now() + datetime.timedelta(days=2))
|
|
1635 |
# create service authzs
|
1626 |
1636 |
OIDCAuthorization.objects.create(
|
1627 |
1637 |
client=oidc_client, user=simple_user, scopes='openid',
|
1628 |
1638 |
expired=now() + datetime.timedelta(days=2))
|
... | ... | |
1634 |
1644 |
expired=now() + datetime.timedelta(days=2))
|
1635 |
1645 |
|
1636 |
1646 |
response = app.get(url, status=200)
|
1637 |
|
assert "You have granted 3 services access to your account profile data."
|
|
1647 |
assert "You have given authorizations to access your account profile data." in response.text
|
1638 |
1648 |
assert len(response.html.find_all(
|
1639 |
|
'button', {'class': 'authorized-oauth-services--revoke-button'})) == 3
|
|
1649 |
'button', {'class': 'authorized-oauth-services--revoke-button'})) == 4
|
1640 |
1650 |
|
1641 |
|
# revoke two
|
1642 |
|
response = response.forms[0].submit()
|
|
1651 |
# revoke two service authz
|
|
1652 |
response = response.forms[1].submit()
|
|
1653 |
response = response.follow()
|
|
1654 |
assert len(response.html.find_all(
|
|
1655 |
'button', {'class': 'authorized-oauth-services--revoke-button'})) == 3
|
|
1656 |
assert OIDCAuthorization.objects.filter(
|
|
1657 |
client_ct=ContentType.objects.get_for_model(OIDCClient)).count() == 2
|
|
1658 |
response = response.forms[1].submit()
|
1643 |
1659 |
response = response.follow()
|
1644 |
1660 |
assert len(response.html.find_all(
|
1645 |
1661 |
'button', {'class': 'authorized-oauth-services--revoke-button'})) == 2
|
|
1662 |
assert OIDCAuthorization.objects.filter(
|
|
1663 |
client_ct=ContentType.objects.get_for_model(OIDCClient)).count() == 1
|
|
1664 |
|
|
1665 |
# revoke the only OU authz
|
1646 |
1666 |
response = response.forms[0].submit()
|
1647 |
1667 |
response = response.follow()
|
1648 |
1668 |
assert len(response.html.find_all(
|
1649 |
1669 |
'button', {'class': 'authorized-oauth-services--revoke-button'})) == 1
|
1650 |
|
assert "You have granted one service access to your account profile data." in response.text
|
|
1670 |
assert OIDCAuthorization.objects.filter(
|
|
1671 |
client_ct=ContentType.objects.get_for_model(OU)).count() == 0
|
1651 |
|
-
|