Projet

Général

Profil

0005-idp_oidc-simplify-oidc_client-fixture-47900.patch

Benjamin Dauvergne, 03 décembre 2020 09:53

Télécharger (7,1 ko)

Voir les différences: 

Subject: [PATCH 5/5] idp_oidc: simplify oidc_client fixture (#47900)

* new test test_admin will test the admin view for creating OIDCClient
* default mapping are extracted in an app setting
* OIDC_CLIENT_PARAMS is now only used on the main test SSO, creatint
  less redundant tests

 src/authentic2_idp_oidc/admin.py        | 10 ++----
 src/authentic2_idp_oidc/app_settings.py | 11 ++++++
 tests/test_idp_oidc.py                  | 46 ++++++++++++++++++++-----
 3 files changed, 51 insertions(+), 16 deletions(-)
src/authentic2_idp_oidc/admin.py
21 21 
from authentic2.attributes_ng.engine import get_service_attributes
22 22 
from authentic2.forms.widgets import DatalistTextInput
23 23 

  		




  24
  
  
    
from . import models

  		




  
  24
  
    
from . import models, app_settings

  		




  25
  25
  
    

  		




  26
  26
  
    

  		




  27
  27
  
    
class OIDCClaimInlineForm(forms.ModelForm):

  		




  ......




  54
  54
  
    
        # formsets are only saved if formset.has_changed() is True, so only set initial

  		




  55
  55
  
    
        # values on the GET (display of the creation form)

  		




  56
  56
  
    
        if request.method == 'GET' and not obj:

  		




  57
  
  
    
            initial.extend([

  		




  58
  
  
    
                {'name': 'preferred_username', 'value': 'django_user_identifier', 'scopes': 'profile'},

  		




  59
  
  
    
                {'name': 'given_name', 'value': 'django_user_first_name', 'scopes': 'profile'},

  		




  60
  
  
    
                {'name': 'family_name', 'value': 'django_user_last_name', 'scopes': 'profile'},

  		




  61
  
  
    
                {'name': 'email', 'value': 'django_user_email', 'scopes': 'email'},

  		




  62
  
  
    
                {'name': 'email_verified', 'value': 'django_user_email_verified', 'scopes': 'email'},

  		




  63
  
  
    
            ])

  		




  
  57
  
    
            initial.extend(app_settings.DEFAULT_MAPPINGS)

  		




  64
  58
  
    
            self.extra = 5

  		




  65
  59
  
    
        formset = super(OIDCClaimInlineAdmin, self).get_formset(request, obj=obj, **kwargs)

  		




  66
  60
  
    
        formset.__init__ = curry(formset.__init__, initial=initial)

  		












  

    
      src/authentic2_idp_oidc/app_settings.py
    
  





  65
  65
  
    
    def REDIRECT_URI_MAX_LENGTH(self):

  		




  66
  66
  
    
        return self._setting('REDIRECT_URI_MAX_LENGTH', 1024)

  		




  67
  67
  
    

  		




  
  68
  
    
    @property

  		




  
  69
  
    
    def DEFAULT_MAPPINGS(self):

  		




  
  70
  
    
        return self._setting('DEFAULT_MAPPINGS', [

  		




  
  71
  
    
            {'name': 'preferred_username', 'value': 'django_user_identifier', 'scopes': 'profile'},

  		




  
  72
  
    
            {'name': 'given_name', 'value': 'django_user_first_name', 'scopes': 'profile'},

  		




  
  73
  
    
            {'name': 'family_name', 'value': 'django_user_last_name', 'scopes': 'profile'},

  		




  
  74
  
    
            {'name': 'email', 'value': 'django_user_email', 'scopes': 'email'},

  		




  
  75
  
    
            {'name': 'email_verified', 'value': 'django_user_email_verified', 'scopes': 'email'},

  		




  
  76
  
    
        ])

  		




  
  77
  
    

  		




  
  78
  
    

  		




  68
  79
  
    
app_settings = AppSettings('A2_IDP_OIDC_')

  		




  69
  80
  
    
app_settings.__name__ = __name__

  		




  70
  81
  
    
sys.modules[__name__] = app_settings

  		












  

    
      tests/test_idp_oidc.py
    
  





  43
  43
  
    
from authentic2_idp_oidc.utils import get_first_rsa_sig_key

  		




  44
  44
  
    
from authentic2_idp_oidc.utils import get_first_ec_sig_key

  		




  45
  45
  
    
from authentic2_idp_oidc.utils import make_sub

  		




  
  46
  
    
from authentic2_idp_oidc import app_settings

  		




  46
  47
  
    
from authentic2.a2_rbac.utils import get_default_ou

  		




  47
  48
  
    
from authentic2.utils import make_url, good_next_url

  		




  48
  49
  
    
from authentic2_auth_oidc.utils import parse_timestamp

  		




  ......




  135
  136
  
    
]

  		




  136
  137
  
    

  		




  137
  138
  
    

  		




  138
  
  
    
def make_client(app, superuser, params=None):

  		




  
  139
  
    
@pytest.mark.parametrize('other_attributes', OIDC_CLIENT_PARAMS)

  		




  
  140
  
    
def test_admin(other_attributes, app, superuser, oidc_settings):

  		




  139
  141
  
    
    Attribute.objects.create(

  		




  140
  142
  
    
        name='cityscape_image',

  		




  141
  143
  
    
        label='cityscape',

  		




  ......




  153
  155
  
    
    response.form.set('ou', get_default_ou().pk)

  		




  154
  156
  
    
    response.form.set('unauthorized_url', 'https://example.com/southpark/')

  		




  155
  157
  
    
    response.form.set('redirect_uris', 'https://example.com/callbac%C3%A9')

  		




  156
  
  
    
    for key, value in (params or {}).items():

  		




  
  158
  
    
    for key, value in other_attributes.items():

  		




  157
  159
  
    
        response.form.set(key, value)

  		




  158
  160
  
    
    response = response.form.submit().follow()

  		




  159
  161
  
    
    assert OIDCClient.objects.count() == 1

  		




  160
  
  
    
    client = OIDCClient.objects.get()

  		




  161
  
  
    
    utils.logout(app)

  		




  
  162
  
    

  		




  
  163
  
    

  		




  
  164
  
    
def make_client(app, superuser, params=None):

  		




  
  165
  
    
    Attribute.objects.create(

  		




  
  166
  
    
        name='cityscape_image',

  		




  
  167
  
    
        label='cityscape',

  		




  
  168
  
    
        kind='profile_image',

  		




  
  169
  
    
        asked_on_registration=True,

  		




  
  170
  
    
        required=False,

  		




  
  171
  
    
        user_visible=True,

  		




  
  172
  
    
        user_editable=True)

  		




  
  173
  
    

  		




  
  174
  
    
    client = OIDCClient(

  		




  
  175
  
    
        name='oidcclient',

  		




  
  176
  
    
        slug='oidcclient',

  		




  
  177
  
    
        ou=get_default_ou(),

  		




  
  178
  
    
        unauthorized_url='https://example.com/southpark/',

  		




  
  179
  
    
        redirect_uris='https://example.com/callbac%C3%A9')

  		




  
  180
  
    

  		




  
  181
  
    
    for key, value in (params or {}).items():

  		




  
  182
  
    
        setattr(client, key, value)

  		




  
  183
  
    
    client.save()

  		




  
  184
  
    
    for mapping in app_settings.DEFAULT_MAPPINGS:

  		




  
  185
  
    
        OIDCClaim.objects.create(

  		




  
  186
  
    
            client=client,

  		




  
  187
  
    
            name=mapping['name'],

  		




  
  188
  
    
            value=mapping['value'],

  		




  
  189
  
    
            scopes=mapping['scopes'])

  		




  162
  190
  
    
    return client

  		




  163
  191
  
    

  		




  164
  192
  
    

  		




  ......




  167
  195
  
    
    return make_client(app, superuser, {})

  		




  168
  196
  
    

  		




  169
  197
  
    

  		




  170
  
  
    
@pytest.fixture(params=OIDC_CLIENT_PARAMS)

  		




  
  198
  
    
@pytest.fixture

  		




  171
  199
  
    
def oidc_client(request, superuser, app, simple_user, oidc_settings):

  		




  172
  
  
    
    return make_client(app, superuser, request.param)

  		




  
  200
  
    
    return make_client(app, superuser, getattr(request, 'param', None) or {})

  		




  173
  201
  
    

  		




  174
  202
  
    

  		




  175
  203
  
    
@pytest.fixture

  		




  ......




  199
  227
  
    
    return {'Authorization': 'Bearer %s' % str(access_token)}

  		




  200
  228
  
    

  		




  201
  229
  
    

  		




  
  230
  
    
@pytest.mark.parametrize('oidc_client', OIDC_CLIENT_PARAMS, indirect=True)

  		




  202
  231
  
    
@pytest.mark.parametrize('do_not_ask_again', [(True,), (False,)])

  		




  203
  232
  
    
@pytest.mark.parametrize('login_first', [(True,), (False,)])

  		




  204
  
  
    
def test_authorization_code_sso(login_first, do_not_ask_again, oidc_settings, oidc_client, simple_user, app, caplog):

  		




  
  233
  
    
def test_authorization_code_sso(login_first, do_not_ask_again, oidc_client, oidc_settings, simple_user, app, caplog):

  		




  205
  234
  
    
    redirect_uri = oidc_client.redirect_uris.split()[0]

  		




  206
  235
  
    
    params = {

  		




  207
  236
  
    
        'client_id': oidc_client.client_id,

  		




  ......




  450
  479
  
    
            assert value in location_qs[key]

  		




  451
  480
  
    

  		




  452
  481
  
    

  		




  453
  
  
    
def test_invalid_request(caplog, oidc_settings, oidc_client, simple_user, app):

  		




  
  482
  
    
@pytest.mark.parametrize('oidc_client', OIDC_CLIENT_PARAMS, indirect=True)

  		




  
  483
  
    
def test_invalid_request(oidc_client, caplog, oidc_settings, simple_user, app):

  		




  454
  484
  
    
    redirect_uri = oidc_client.redirect_uris.split()[0]

  		




  455
  485
  
    
    if oidc_client.authorization_flow == oidc_client.FLOW_AUTHORIZATION_CODE:

  		




  456
  486
  
    
        fragment = False

  		




  457
  
  
    
-