19 |
19 |
import functools
|
20 |
20 |
import json
|
21 |
21 |
import urllib.parse
|
|
22 |
from unittest import mock
|
22 |
23 |
|
23 |
24 |
import pytest
|
24 |
25 |
from django.contrib.auth import get_user_model
|
... | ... | |
40 |
41 |
from authentic2.utils.misc import good_next_url, make_url
|
41 |
42 |
from authentic2_auth_oidc.utils import parse_timestamp
|
42 |
43 |
from authentic2_idp_oidc.models import OIDCAccessToken, OIDCAuthorization, OIDCClaim, OIDCClient, OIDCCode
|
43 |
|
from authentic2_idp_oidc.utils import base64url, get_first_ec_sig_key, get_first_rsa_sig_key, make_sub
|
|
44 |
from authentic2_idp_oidc.utils import (
|
|
45 |
base64url,
|
|
46 |
get_first_ec_sig_key,
|
|
47 |
get_first_rsa_sig_key,
|
|
48 |
get_session_id,
|
|
49 |
make_sub,
|
|
50 |
)
|
44 |
51 |
|
45 |
52 |
from .. import utils
|
46 |
53 |
from .conftest import bearer_authentication_headers, client_authentication_headers
|
... | ... | |
202 |
209 |
@pytest.mark.parametrize('do_not_ask_again', [(True,), (False,)])
|
203 |
210 |
@pytest.mark.parametrize('login_first', [(True,), (False,)])
|
204 |
211 |
def test_authorization_code_sso(
|
205 |
|
login_first, do_not_ask_again, oidc_client, oidc_settings, simple_user, app, caplog
|
|
212 |
login_first, do_not_ask_again, oidc_client, oidc_settings, simple_user, app, caplog, rf
|
206 |
213 |
):
|
207 |
214 |
redirect_uri = oidc_client.redirect_uris.split()[0]
|
208 |
215 |
params = {
|
... | ... | |
398 |
405 |
response = app.get(make_url('account_management'))
|
399 |
406 |
response = response.click('Logout')
|
400 |
407 |
if oidc_client.frontchannel_logout_uri:
|
401 |
|
iframes = response.pyquery('iframe[src="https://example.com/southpark/logout/"]')
|
|
408 |
iframes = response.pyquery('iframe[src^="https://example.com/southpark/logout/"]')
|
402 |
409 |
assert iframes
|
|
410 |
src = iframes.attr('src')
|
|
411 |
assert '?' in src
|
|
412 |
src_qd = QueryDict(src.split('?', 1)[1])
|
|
413 |
assert 'iss' in src_qd and src_qd['iss'] == 'http://testserver/'
|
|
414 |
assert 'sid' in src_qd and src_qd['sid'] == get_session_id(
|
|
415 |
mock.Mock(session=app.session), oidc_client
|
|
416 |
)
|
403 |
417 |
if oidc_client.frontchannel_timeout:
|
404 |
418 |
assert iframes.attr('onload').endswith(', %d)' % oidc_client.frontchannel_timeout)
|
405 |
419 |
else:
|
406 |
|
-
|