Changeset View
Changeset View
Standalone View
Standalone View
swh/web/tests/auth/test_views.py
| Show First 20 Lines • Show All 125 Lines • ▼ Show 20 Lines | def _generate_and_test_bearer_token(client, kc_oidc_mock): | ||||
| assert decrypted_token.decode("ascii") == oidc_profile["refresh_token"] | assert decrypted_token.decode("ascii") == oidc_profile["refresh_token"] | ||||
| # should redirect to tokens management Web UI | # should redirect to tokens management Web UI | ||||
| assert response["location"] == reverse("oidc-profile") + "#tokens" | assert response["location"] == reverse("oidc-profile") + "#tokens" | ||||
| return decrypted_token | return decrypted_token | ||||
| @pytest.mark.django_db(reset_sequences=True) | @pytest.mark.django_db(transaction=True, reset_sequences=True) | ||||
| def test_oidc_generate_bearer_token_authenticated_user_success(client, keycloak_oidc): | def test_oidc_generate_bearer_token_authenticated_user_success(client, keycloak_oidc): | ||||
| """ | """ | ||||
| Authenticated user should be able to generate a bearer token using OIDC | Authenticated user should be able to generate a bearer token using OIDC | ||||
| Authorization Code Flow. | Authorization Code Flow. | ||||
| """ | """ | ||||
| _generate_and_test_bearer_token(client, keycloak_oidc) | _generate_and_test_bearer_token(client, keycloak_oidc) | ||||
| def test_oidc_list_bearer_tokens_anonymous_user(client): | def test_oidc_list_bearer_tokens_anonymous_user(client): | ||||
| """ | """ | ||||
| Anonymous user should be refused access with forbidden response. | Anonymous user should be refused access with forbidden response. | ||||
| """ | """ | ||||
| url = reverse( | url = reverse( | ||||
| "oidc-list-bearer-tokens", query_params={"draw": 1, "start": 0, "length": 10} | "oidc-list-bearer-tokens", query_params={"draw": 1, "start": 0, "length": 10} | ||||
| ) | ) | ||||
| check_http_get_response(client, url, status_code=403) | check_http_get_response(client, url, status_code=403) | ||||
| @pytest.mark.django_db(reset_sequences=True) | @pytest.mark.django_db(transaction=True, reset_sequences=True) | ||||
| def test_oidc_list_bearer_tokens(client, keycloak_oidc): | def test_oidc_list_bearer_tokens(client, keycloak_oidc): | ||||
| """ | """ | ||||
| User with correct credentials should be allowed to list his tokens. | User with correct credentials should be allowed to list his tokens. | ||||
| """ | """ | ||||
| nb_tokens = 3 | nb_tokens = 3 | ||||
| for _ in range(nb_tokens): | for _ in range(nb_tokens): | ||||
| _generate_and_test_bearer_token(client, keycloak_oidc) | _generate_and_test_bearer_token(client, keycloak_oidc) | ||||
| Show All 15 Lines | |||||
| def test_oidc_get_bearer_token_anonymous_user(client): | def test_oidc_get_bearer_token_anonymous_user(client): | ||||
| """ | """ | ||||
| Anonymous user should be refused access with forbidden response. | Anonymous user should be refused access with forbidden response. | ||||
| """ | """ | ||||
| url = reverse("oidc-get-bearer-token") | url = reverse("oidc-get-bearer-token") | ||||
| check_http_post_response(client, url, status_code=403) | check_http_post_response(client, url, status_code=403) | ||||
| @pytest.mark.django_db(reset_sequences=True) | @pytest.mark.django_db(transaction=True, reset_sequences=True) | ||||
| def test_oidc_get_bearer_token(client, keycloak_oidc): | def test_oidc_get_bearer_token(client, keycloak_oidc): | ||||
| """ | """ | ||||
| User with correct credentials should be allowed to display a token. | User with correct credentials should be allowed to display a token. | ||||
| """ | """ | ||||
| nb_tokens = 3 | nb_tokens = 3 | ||||
| for i in range(nb_tokens): | for i in range(nb_tokens): | ||||
| token = _generate_and_test_bearer_token(client, keycloak_oidc) | token = _generate_and_test_bearer_token(client, keycloak_oidc) | ||||
| url = reverse("oidc-get-bearer-token") | url = reverse("oidc-get-bearer-token") | ||||
| response = check_http_post_response( | response = check_http_post_response( | ||||
| client, | client, | ||||
| url, | url, | ||||
| status_code=200, | status_code=200, | ||||
| data={"token_id": i + 1}, | data={"token_id": i + 1}, | ||||
| content_type="text/plain", | content_type="text/plain", | ||||
| ) | ) | ||||
| assert response.content == token | assert response.content == token | ||||
| @pytest.mark.django_db(reset_sequences=True) | @pytest.mark.django_db(transaction=True, reset_sequences=True) | ||||
| def test_oidc_get_bearer_token_expired_token(client, keycloak_oidc): | def test_oidc_get_bearer_token_expired_token(client, keycloak_oidc): | ||||
| """ | """ | ||||
| User with correct credentials should be allowed to display a token. | User with correct credentials should be allowed to display a token. | ||||
| """ | """ | ||||
| _generate_and_test_bearer_token(client, keycloak_oidc) | _generate_and_test_bearer_token(client, keycloak_oidc) | ||||
| for kc_err_msg in ("Offline session not active", "Offline user session not found"): | for kc_err_msg in ("Offline session not active", "Offline user session not found"): | ||||
| Show All 24 Lines | |||||
| def test_oidc_revoke_bearer_tokens_anonymous_user(client): | def test_oidc_revoke_bearer_tokens_anonymous_user(client): | ||||
| """ | """ | ||||
| Anonymous user should be refused access with forbidden response. | Anonymous user should be refused access with forbidden response. | ||||
| """ | """ | ||||
| url = reverse("oidc-revoke-bearer-tokens") | url = reverse("oidc-revoke-bearer-tokens") | ||||
| check_http_post_response(client, url, status_code=403) | check_http_post_response(client, url, status_code=403) | ||||
| @pytest.mark.django_db(reset_sequences=True) | @pytest.mark.django_db(transaction=True, reset_sequences=True) | ||||
| def test_oidc_revoke_bearer_tokens(client, keycloak_oidc): | def test_oidc_revoke_bearer_tokens(client, keycloak_oidc): | ||||
| """ | """ | ||||
| User with correct credentials should be allowed to revoke tokens. | User with correct credentials should be allowed to revoke tokens. | ||||
| """ | """ | ||||
| nb_tokens = 3 | nb_tokens = 3 | ||||
| for _ in range(nb_tokens): | for _ in range(nb_tokens): | ||||
| _generate_and_test_bearer_token(client, keycloak_oidc) | _generate_and_test_bearer_token(client, keycloak_oidc) | ||||
| Show All 17 Lines | def test_oidc_profile_view_anonymous_user(client): | ||||
| requesting profile view. | requesting profile view. | ||||
| """ | """ | ||||
| url = reverse("oidc-profile") | url = reverse("oidc-profile") | ||||
| login_url = reverse("oidc-login", query_params={"next_path": url}) | login_url = reverse("oidc-login", query_params={"next_path": url}) | ||||
| resp = check_http_get_response(client, url, status_code=302) | resp = check_http_get_response(client, url, status_code=302) | ||||
| assert resp["location"] == login_url | assert resp["location"] == login_url | ||||
| @pytest.mark.django_db(reset_sequences=True) | @pytest.mark.django_db(transaction=True, reset_sequences=True) | ||||
| def test_oidc_profile_view(client, keycloak_oidc): | def test_oidc_profile_view(client, keycloak_oidc): | ||||
| """ | """ | ||||
| Authenticated users should be able to request the profile page | Authenticated users should be able to request the profile page | ||||
| and link to Keycloak account UI should be present. | and link to Keycloak account UI should be present. | ||||
| """ | """ | ||||
| url = reverse("oidc-profile") | url = reverse("oidc-profile") | ||||
| kc_config = get_config()["keycloak"] | kc_config = get_config()["keycloak"] | ||||
| client_permissions = ["perm1", "perm2"] | client_permissions = ["perm1", "perm2"] | ||||
| Show All 16 Lines | |||||