43 |
43 |
from authentic2_idp_oidc.utils import get_first_rsa_sig_key
|
44 |
44 |
from authentic2_idp_oidc.utils import get_first_ec_sig_key
|
45 |
45 |
from authentic2_idp_oidc.utils import make_sub
|
|
46 |
from authentic2_idp_oidc import app_settings
|
46 |
47 |
from authentic2.a2_rbac.utils import get_default_ou
|
47 |
48 |
from authentic2.utils import make_url, good_next_url
|
48 |
49 |
from authentic2_auth_oidc.utils import parse_timestamp
|
... | ... | |
135 |
136 |
]
|
136 |
137 |
|
137 |
138 |
|
138 |
|
def make_client(app, superuser, params=None):
|
|
139 |
@pytest.mark.parametrize('other_attributes', OIDC_CLIENT_PARAMS)
|
|
140 |
def test_admin(other_attributes, app, superuser, oidc_settings):
|
139 |
141 |
Attribute.objects.create(
|
140 |
142 |
name='cityscape_image',
|
141 |
143 |
label='cityscape',
|
... | ... | |
153 |
155 |
response.form.set('ou', get_default_ou().pk)
|
154 |
156 |
response.form.set('unauthorized_url', 'https://example.com/southpark/')
|
155 |
157 |
response.form.set('redirect_uris', 'https://example.com/callbac%C3%A9')
|
156 |
|
for key, value in (params or {}).items():
|
|
158 |
for key, value in other_attributes.items():
|
157 |
159 |
response.form.set(key, value)
|
158 |
160 |
response = response.form.submit().follow()
|
159 |
161 |
assert OIDCClient.objects.count() == 1
|
160 |
|
client = OIDCClient.objects.get()
|
161 |
|
utils.logout(app)
|
|
162 |
|
|
163 |
|
|
164 |
def make_client(app, superuser, params=None):
|
|
165 |
Attribute.objects.create(
|
|
166 |
name='cityscape_image',
|
|
167 |
label='cityscape',
|
|
168 |
kind='profile_image',
|
|
169 |
asked_on_registration=True,
|
|
170 |
required=False,
|
|
171 |
user_visible=True,
|
|
172 |
user_editable=True)
|
|
173 |
|
|
174 |
client = OIDCClient(
|
|
175 |
name='oidcclient',
|
|
176 |
slug='oidcclient',
|
|
177 |
ou=get_default_ou(),
|
|
178 |
unauthorized_url='https://example.com/southpark/',
|
|
179 |
redirect_uris='https://example.com/callbac%C3%A9')
|
|
180 |
|
|
181 |
for key, value in (params or {}).items():
|
|
182 |
setattr(client, key, value)
|
|
183 |
client.save()
|
|
184 |
for mapping in app_settings.DEFAULT_MAPPINGS:
|
|
185 |
OIDCClaim.objects.create(
|
|
186 |
client=client,
|
|
187 |
name=mapping['name'],
|
|
188 |
value=mapping['value'],
|
|
189 |
scopes=mapping['scopes'])
|
162 |
190 |
return client
|
163 |
191 |
|
164 |
192 |
|
... | ... | |
167 |
195 |
return make_client(app, superuser, {})
|
168 |
196 |
|
169 |
197 |
|
170 |
|
@pytest.fixture(params=OIDC_CLIENT_PARAMS)
|
|
198 |
@pytest.fixture
|
171 |
199 |
def oidc_client(request, superuser, app, simple_user, oidc_settings):
|
172 |
|
return make_client(app, superuser, request.param)
|
|
200 |
return make_client(app, superuser, getattr(request, 'param', None) or {})
|
173 |
201 |
|
174 |
202 |
|
175 |
203 |
@pytest.fixture
|
... | ... | |
199 |
227 |
return {'Authorization': 'Bearer %s' % str(access_token)}
|
200 |
228 |
|
201 |
229 |
|
|
230 |
@pytest.mark.parametrize('oidc_client', OIDC_CLIENT_PARAMS, indirect=True)
|
202 |
231 |
@pytest.mark.parametrize('do_not_ask_again', [(True,), (False,)])
|
203 |
232 |
@pytest.mark.parametrize('login_first', [(True,), (False,)])
|
204 |
|
def test_authorization_code_sso(login_first, do_not_ask_again, oidc_settings, oidc_client, simple_user, app, caplog):
|
|
233 |
def test_authorization_code_sso(login_first, do_not_ask_again, oidc_client, oidc_settings, simple_user, app, caplog):
|
205 |
234 |
redirect_uri = oidc_client.redirect_uris.split()[0]
|
206 |
235 |
params = {
|
207 |
236 |
'client_id': oidc_client.client_id,
|
... | ... | |
450 |
479 |
assert value in location_qs[key]
|
451 |
480 |
|
452 |
481 |
|
453 |
|
def test_invalid_request(caplog, oidc_settings, oidc_client, simple_user, app):
|
|
482 |
@pytest.mark.parametrize('oidc_client', OIDC_CLIENT_PARAMS, indirect=True)
|
|
483 |
def test_invalid_request(oidc_client, caplog, oidc_settings, simple_user, app):
|
454 |
484 |
redirect_uri = oidc_client.redirect_uris.split()[0]
|
455 |
485 |
if oidc_client.authorization_flow == oidc_client.FLOW_AUTHORIZATION_CODE:
|
456 |
486 |
fragment = False
|
457 |
|
-
|