Changeset View
Changeset View
Standalone View
Standalone View
swh/web/tests/auth/test_views.py
Show First 20 Lines • Show All 125 Lines • ▼ Show 20 Lines | def _generate_and_test_bearer_token(client, kc_oidc_mock): | ||||
assert decrypted_token.decode("ascii") == oidc_profile["refresh_token"] | assert decrypted_token.decode("ascii") == oidc_profile["refresh_token"] | ||||
# should redirect to tokens management Web UI | # should redirect to tokens management Web UI | ||||
assert response["location"] == reverse("oidc-profile") + "#tokens" | assert response["location"] == reverse("oidc-profile") + "#tokens" | ||||
return decrypted_token | return decrypted_token | ||||
@pytest.mark.django_db(reset_sequences=True) | @pytest.mark.django_db(transaction=True, reset_sequences=True) | ||||
def test_oidc_generate_bearer_token_authenticated_user_success(client, keycloak_oidc): | def test_oidc_generate_bearer_token_authenticated_user_success(client, keycloak_oidc): | ||||
""" | """ | ||||
Authenticated user should be able to generate a bearer token using OIDC | Authenticated user should be able to generate a bearer token using OIDC | ||||
Authorization Code Flow. | Authorization Code Flow. | ||||
""" | """ | ||||
_generate_and_test_bearer_token(client, keycloak_oidc) | _generate_and_test_bearer_token(client, keycloak_oidc) | ||||
def test_oidc_list_bearer_tokens_anonymous_user(client): | def test_oidc_list_bearer_tokens_anonymous_user(client): | ||||
""" | """ | ||||
Anonymous user should be refused access with forbidden response. | Anonymous user should be refused access with forbidden response. | ||||
""" | """ | ||||
url = reverse( | url = reverse( | ||||
"oidc-list-bearer-tokens", query_params={"draw": 1, "start": 0, "length": 10} | "oidc-list-bearer-tokens", query_params={"draw": 1, "start": 0, "length": 10} | ||||
) | ) | ||||
check_http_get_response(client, url, status_code=403) | check_http_get_response(client, url, status_code=403) | ||||
@pytest.mark.django_db(reset_sequences=True) | @pytest.mark.django_db(transaction=True, reset_sequences=True) | ||||
def test_oidc_list_bearer_tokens(client, keycloak_oidc): | def test_oidc_list_bearer_tokens(client, keycloak_oidc): | ||||
""" | """ | ||||
User with correct credentials should be allowed to list his tokens. | User with correct credentials should be allowed to list his tokens. | ||||
""" | """ | ||||
nb_tokens = 3 | nb_tokens = 3 | ||||
for _ in range(nb_tokens): | for _ in range(nb_tokens): | ||||
_generate_and_test_bearer_token(client, keycloak_oidc) | _generate_and_test_bearer_token(client, keycloak_oidc) | ||||
Show All 15 Lines | |||||
def test_oidc_get_bearer_token_anonymous_user(client): | def test_oidc_get_bearer_token_anonymous_user(client): | ||||
""" | """ | ||||
Anonymous user should be refused access with forbidden response. | Anonymous user should be refused access with forbidden response. | ||||
""" | """ | ||||
url = reverse("oidc-get-bearer-token") | url = reverse("oidc-get-bearer-token") | ||||
check_http_post_response(client, url, status_code=403) | check_http_post_response(client, url, status_code=403) | ||||
@pytest.mark.django_db(reset_sequences=True) | @pytest.mark.django_db(transaction=True, reset_sequences=True) | ||||
def test_oidc_get_bearer_token(client, keycloak_oidc): | def test_oidc_get_bearer_token(client, keycloak_oidc): | ||||
""" | """ | ||||
User with correct credentials should be allowed to display a token. | User with correct credentials should be allowed to display a token. | ||||
""" | """ | ||||
nb_tokens = 3 | nb_tokens = 3 | ||||
for i in range(nb_tokens): | for i in range(nb_tokens): | ||||
token = _generate_and_test_bearer_token(client, keycloak_oidc) | token = _generate_and_test_bearer_token(client, keycloak_oidc) | ||||
url = reverse("oidc-get-bearer-token") | url = reverse("oidc-get-bearer-token") | ||||
response = check_http_post_response( | response = check_http_post_response( | ||||
client, | client, | ||||
url, | url, | ||||
status_code=200, | status_code=200, | ||||
data={"token_id": i + 1}, | data={"token_id": i + 1}, | ||||
content_type="text/plain", | content_type="text/plain", | ||||
) | ) | ||||
assert response.content == token | assert response.content == token | ||||
@pytest.mark.django_db(reset_sequences=True) | @pytest.mark.django_db(transaction=True, reset_sequences=True) | ||||
def test_oidc_get_bearer_token_expired_token(client, keycloak_oidc): | def test_oidc_get_bearer_token_expired_token(client, keycloak_oidc): | ||||
""" | """ | ||||
User with correct credentials should be allowed to display a token. | User with correct credentials should be allowed to display a token. | ||||
""" | """ | ||||
_generate_and_test_bearer_token(client, keycloak_oidc) | _generate_and_test_bearer_token(client, keycloak_oidc) | ||||
for kc_err_msg in ("Offline session not active", "Offline user session not found"): | for kc_err_msg in ("Offline session not active", "Offline user session not found"): | ||||
Show All 24 Lines | |||||
def test_oidc_revoke_bearer_tokens_anonymous_user(client): | def test_oidc_revoke_bearer_tokens_anonymous_user(client): | ||||
""" | """ | ||||
Anonymous user should be refused access with forbidden response. | Anonymous user should be refused access with forbidden response. | ||||
""" | """ | ||||
url = reverse("oidc-revoke-bearer-tokens") | url = reverse("oidc-revoke-bearer-tokens") | ||||
check_http_post_response(client, url, status_code=403) | check_http_post_response(client, url, status_code=403) | ||||
@pytest.mark.django_db(reset_sequences=True) | @pytest.mark.django_db(transaction=True, reset_sequences=True) | ||||
def test_oidc_revoke_bearer_tokens(client, keycloak_oidc): | def test_oidc_revoke_bearer_tokens(client, keycloak_oidc): | ||||
""" | """ | ||||
User with correct credentials should be allowed to revoke tokens. | User with correct credentials should be allowed to revoke tokens. | ||||
""" | """ | ||||
nb_tokens = 3 | nb_tokens = 3 | ||||
for _ in range(nb_tokens): | for _ in range(nb_tokens): | ||||
_generate_and_test_bearer_token(client, keycloak_oidc) | _generate_and_test_bearer_token(client, keycloak_oidc) | ||||
Show All 17 Lines | def test_oidc_profile_view_anonymous_user(client): | ||||
requesting profile view. | requesting profile view. | ||||
""" | """ | ||||
url = reverse("oidc-profile") | url = reverse("oidc-profile") | ||||
login_url = reverse("oidc-login", query_params={"next_path": url}) | login_url = reverse("oidc-login", query_params={"next_path": url}) | ||||
resp = check_http_get_response(client, url, status_code=302) | resp = check_http_get_response(client, url, status_code=302) | ||||
assert resp["location"] == login_url | assert resp["location"] == login_url | ||||
@pytest.mark.django_db(reset_sequences=True) | @pytest.mark.django_db(transaction=True, reset_sequences=True) | ||||
def test_oidc_profile_view(client, keycloak_oidc): | def test_oidc_profile_view(client, keycloak_oidc): | ||||
""" | """ | ||||
Authenticated users should be able to request the profile page | Authenticated users should be able to request the profile page | ||||
and link to Keycloak account UI should be present. | and link to Keycloak account UI should be present. | ||||
""" | """ | ||||
url = reverse("oidc-profile") | url = reverse("oidc-profile") | ||||
kc_config = get_config()["keycloak"] | kc_config = get_config()["keycloak"] | ||||
client_permissions = ["perm1", "perm2"] | client_permissions = ["perm1", "perm2"] | ||||
Show All 16 Lines |