Changeset View
Changeset View
Standalone View
Standalone View
swh/auth/tests/django/test_views.py
| Show First 20 Lines • Show All 112 Lines • ▼ Show 20 Lines | def test_oidc_logout_view_success(client, keycloak_oidc): | ||||
| """ | """ | ||||
| Simulate a successful logout operation with OpenID Connect. | Simulate a successful logout operation with OpenID Connect. | ||||
| """ | """ | ||||
| # login our test user | # login our test user | ||||
| client.login(code="", code_verifier="", redirect_uri="") | client.login(code="", code_verifier="", redirect_uri="") | ||||
| keycloak_oidc.authorization_code.assert_called() | keycloak_oidc.authorization_code.assert_called() | ||||
| # user initiates logout | # user initiates logout | ||||
| next_path = reverse("root") | next = reverse("root") | ||||
| oidc_logout_url = reverse("oidc-logout", query_params={"next_path": next_path}) | oidc_logout_url = reverse("oidc-logout", query_params={"next": next}) | ||||
| # should redirect to logout page | # should redirect to logout page | ||||
| response = client.get(oidc_logout_url) | response = client.get(oidc_logout_url) | ||||
| assert response.status_code == 302 | assert response.status_code == 302 | ||||
| request = response.wsgi_request | request = response.wsgi_request | ||||
| assert response["location"] == next_path | assert response["location"] == next | ||||
| # should have been logged out in Keycloak | # should have been logged out in Keycloak | ||||
| oidc_profile = keycloak_oidc.login() | oidc_profile = keycloak_oidc.login() | ||||
| keycloak_oidc.logout.assert_called_with(oidc_profile["refresh_token"]) | keycloak_oidc.logout.assert_called_with(oidc_profile["refresh_token"]) | ||||
| # check effective logout in Django | # check effective logout in Django | ||||
| assert isinstance(request.user, AnonymousUser) | assert isinstance(request.user, AnonymousUser) | ||||
| Show All 33 Lines | |||||
| def test_oidc_login_complete_view_missing_parameters(client): | def test_oidc_login_complete_view_missing_parameters(client): | ||||
| # simulate login process has been initialized | # simulate login process has been initialized | ||||
| session = client.session | session = client.session | ||||
| session["login_data"] = { | session["login_data"] = { | ||||
| "code_verifier": "", | "code_verifier": "", | ||||
| "state": str(uuid.uuid4()), | "state": str(uuid.uuid4()), | ||||
| "redirect_uri": "", | "redirect_uri": "", | ||||
| "next_path": "", | "next": "", | ||||
| } | } | ||||
| session.save() | session.save() | ||||
| # user initiates login process | # user initiates login process | ||||
| login_url = reverse("oidc-login-complete") | login_url = reverse("oidc-login-complete") | ||||
| # should return with error | # should return with error | ||||
| response = client.get(login_url) | response = client.get(login_url) | ||||
| Show All 9 Lines | |||||
| def test_oidc_login_complete_wrong_csrf_token(client, keycloak_oidc): | def test_oidc_login_complete_wrong_csrf_token(client, keycloak_oidc): | ||||
| # simulate login process has been initialized | # simulate login process has been initialized | ||||
| session = client.session | session = client.session | ||||
| session["login_data"] = { | session["login_data"] = { | ||||
| "code_verifier": "", | "code_verifier": "", | ||||
| "state": str(uuid.uuid4()), | "state": str(uuid.uuid4()), | ||||
| "redirect_uri": "", | "redirect_uri": "", | ||||
| "next_path": "", | "next": "", | ||||
| } | } | ||||
| session.save() | session.save() | ||||
| # user initiates login process | # user initiates login process | ||||
| login_url = reverse( | login_url = reverse( | ||||
| "oidc-login-complete", query_params={"code": "some-code", "state": "some-state"} | "oidc-login-complete", query_params={"code": "some-code", "state": "some-state"} | ||||
| ) | ) | ||||
| Show All 14 Lines | def test_oidc_login_complete_wrong_code_verifier(client, keycloak_oidc): | ||||
| keycloak_oidc.set_auth_success(False) | keycloak_oidc.set_auth_success(False) | ||||
| # simulate login process has been initialized | # simulate login process has been initialized | ||||
| session = client.session | session = client.session | ||||
| session["login_data"] = { | session["login_data"] = { | ||||
| "code_verifier": "", | "code_verifier": "", | ||||
| "state": str(uuid.uuid4()), | "state": str(uuid.uuid4()), | ||||
| "redirect_uri": "", | "redirect_uri": "", | ||||
| "next_path": "", | "next": "", | ||||
| } | } | ||||
| session.save() | session.save() | ||||
| # check authentication error is reported | # check authentication error is reported | ||||
| login_url = reverse( | login_url = reverse( | ||||
| "oidc-login-complete", | "oidc-login-complete", | ||||
| query_params={"code": "some-code", "state": session["login_data"]["state"]}, | query_params={"code": "some-code", "state": session["login_data"]["state"]}, | ||||
| ) | ) | ||||
| Show All 37 Lines | |||||