37 |
37 |
|
38 |
38 |
from authentic2.a2_rbac.models import OrganizationalUnit, Role
|
39 |
39 |
from authentic2.a2_rbac.utils import get_default_ou
|
|
40 |
from authentic2.custom_user.models import Profile, ProfileType
|
40 |
41 |
from authentic2.models import Attribute, AuthorizedRole
|
41 |
42 |
from authentic2.utils.misc import good_next_url, make_url
|
42 |
43 |
from authentic2_auth_oidc.utils import parse_timestamp
|
... | ... | |
751 |
752 |
response, 'consent_required', 'Consent is required but prompt parameter is "none"', message=False
|
752 |
753 |
)
|
753 |
754 |
|
|
755 |
# prompt is none, but account selection is required, corner case without error
|
|
756 |
oidc_client.activate_user_profiles = True
|
|
757 |
oidc_client.save()
|
|
758 |
profile_type_manager = ProfileType.objects.create(
|
|
759 |
name='One Manager Type',
|
|
760 |
slug='one-manager-type',
|
|
761 |
)
|
|
762 |
profile_type_delegate = ProfileType.objects.create(
|
|
763 |
name='One Delegate Type',
|
|
764 |
slug='one-delegate-type',
|
|
765 |
)
|
|
766 |
profile_manager = Profile.objects.create(
|
|
767 |
user=simple_user,
|
|
768 |
profile_type=profile_type_manager,
|
|
769 |
identifier='Entity 789',
|
|
770 |
email='manager@example789.org',
|
|
771 |
)
|
|
772 |
profile_delegate = Profile.objects.create(
|
|
773 |
user=simple_user,
|
|
774 |
profile_type=profile_type_delegate,
|
|
775 |
identifier='Entity 1011',
|
|
776 |
email='delegate@example1011.org',
|
|
777 |
)
|
|
778 |
# authorization exists
|
|
779 |
authorize = OIDCAuthorization.objects.create(
|
|
780 |
client=oidc_client,
|
|
781 |
user=simple_user,
|
|
782 |
scopes='openid profile email',
|
|
783 |
expired=now() + datetime.timedelta(days=2),
|
|
784 |
)
|
|
785 |
response = app.get(
|
|
786 |
make_url(
|
|
787 |
'oidc-authorize',
|
|
788 |
params={
|
|
789 |
'client_id': oidc_client.client_id,
|
|
790 |
'redirect_uri': redirect_uri,
|
|
791 |
'response_type': response_type,
|
|
792 |
'scope': 'openid',
|
|
793 |
'prompt': 'none',
|
|
794 |
},
|
|
795 |
)
|
|
796 |
)
|
|
797 |
if oidc_client.authorization_flow == OIDCClient.FLOW_IMPLICIT:
|
|
798 |
assert 'access_token' in response.location
|
|
799 |
assert 'id_token' in response.location
|
|
800 |
assert 'expires_in' in response.location
|
|
801 |
assert 'token_type' in response.location
|
|
802 |
elif oidc_client.authorization_flow == oidc_client.FLOW_AUTHORIZATION_CODE:
|
|
803 |
assert 'code' in response.location
|
|
804 |
|
|
805 |
profile_manager.delete()
|
|
806 |
profile_delegate.delete()
|
|
807 |
authorize.delete()
|
|
808 |
|
754 |
809 |
# user do not consent
|
755 |
810 |
response = app.get(
|
756 |
811 |
make_url(
|
757 |
|
-
|