Changeset View
Changeset View
Standalone View
Standalone View
swh/web/tests/auth/test_views.py
| Show First 20 Lines • Show All 162 Lines • ▼ Show 20 Lines | |||||
| def test_oidc_login_complete_view_missing_parameters(client, mocker): | def test_oidc_login_complete_view_missing_parameters(client, mocker): | ||||
| # simulate login process has been initialized | # simulate login process has been initialized | ||||
| session = client.session | session = client.session | ||||
| session['login_data'] = { | session['login_data'] = { | ||||
| 'code_verifier': '', | 'code_verifier': '', | ||||
| 'state': str(uuid.uuid4()), | 'state': str(uuid.uuid4()), | ||||
| 'redirect_uri': '', | 'redirect_uri': '', | ||||
| 'next': None, | 'next_path': '', | ||||
| 'prompt': '', | |||||
| } | } | ||||
| session.save() | session.save() | ||||
| # user initiates login process | # user initiates login process | ||||
| login_url = reverse('oidc-login-complete') | login_url = reverse('oidc-login-complete') | ||||
| response = client.get(login_url) | response = client.get(login_url) | ||||
| request = response.wsgi_request | request = response.wsgi_request | ||||
| Show All 11 Lines | def test_oidc_login_complete_wrong_csrf_token(client, mocker): | ||||
| mock_keycloak(mocker) | mock_keycloak(mocker) | ||||
| # simulate login process has been initialized | # simulate login process has been initialized | ||||
| session = client.session | session = client.session | ||||
| session['login_data'] = { | session['login_data'] = { | ||||
| 'code_verifier': '', | 'code_verifier': '', | ||||
| 'state': str(uuid.uuid4()), | 'state': str(uuid.uuid4()), | ||||
| 'redirect_uri': '', | 'redirect_uri': '', | ||||
| 'next': None, | 'next_path': '', | ||||
| 'prompt': '', | |||||
| } | } | ||||
| session.save() | session.save() | ||||
| # user initiates login process | # user initiates login process | ||||
| login_url = reverse('oidc-login-complete', | login_url = reverse('oidc-login-complete', | ||||
| query_params={'code': 'some-code', | query_params={'code': 'some-code', | ||||
| 'state': 'some-state'}) | 'state': 'some-state'}) | ||||
| Show All 15 Lines | def test_oidc_login_complete_wrong_code_verifier(client, mocker): | ||||
| mock_keycloak(mocker, auth_success=False) | mock_keycloak(mocker, auth_success=False) | ||||
| # simulate login process has been initialized | # simulate login process has been initialized | ||||
| session = client.session | session = client.session | ||||
| session['login_data'] = { | session['login_data'] = { | ||||
| 'code_verifier': '', | 'code_verifier': '', | ||||
| 'state': str(uuid.uuid4()), | 'state': str(uuid.uuid4()), | ||||
| 'redirect_uri': '', | 'redirect_uri': '', | ||||
| 'next': None, | 'next_path': '', | ||||
| 'prompt': '', | |||||
| } | } | ||||
| session.save() | session.save() | ||||
| # check authentication error is reported | # check authentication error is reported | ||||
| login_url = reverse('oidc-login-complete', | login_url = reverse('oidc-login-complete', | ||||
| query_params={'code': 'some-code', | query_params={'code': 'some-code', | ||||
| 'state': session['login_data']['state']}) | 'state': session['login_data']['state']}) | ||||
| Show All 28 Lines | def test_oidc_logout_view_failure(client, mocker): | ||||
| request = response.wsgi_request | request = response.wsgi_request | ||||
| # should render an error page | # should render an error page | ||||
| assert_template_used(response, "error.html") | assert_template_used(response, "error.html") | ||||
| assert_contains(response, err_msg, status_code=500) | assert_contains(response, err_msg, status_code=500) | ||||
| # user should be logged out from Django anyway | # user should be logged out from Django anyway | ||||
| assert isinstance(request.user, AnonymousUser) | assert isinstance(request.user, AnonymousUser) | ||||
| @pytest.mark.django_db | |||||
| def test_oidc_silent_refresh_failure(client, mocker): | |||||
| # mock Keycloak client | |||||
| mock_keycloak(mocker) | |||||
| next_path = reverse('swh-web-homepage') | |||||
| # silent session refresh initialization | |||||
| login_url = reverse('oidc-login', query_params={'next_path': next_path, | |||||
| 'prompt': 'none'}) | |||||
| response = client.get(login_url) | |||||
| request = response.wsgi_request | |||||
| login_data = request.session['login_data'] | |||||
| # check prompt value has been registered in user session | |||||
| assert 'prompt' in login_data | |||||
| assert login_data['prompt'] == 'none' | |||||
| # simulate a failed silent session refresh | |||||
| session_state = str(uuid.uuid4()) | |||||
| login_complete_url = reverse('oidc-login-complete', | |||||
| query_params={'error': 'login_required', | |||||
| 'state': login_data['state'], | |||||
| 'session_state': session_state}) | |||||
| # login process finalization | |||||
| response = client.get(login_complete_url) | |||||
| request = response.wsgi_request | |||||
| # should redirect to logout page | |||||
| assert response.status_code == 302 | |||||
| logout_url = reverse('logout', query_params={'next_path': next_path, | |||||
| 'remote_user': 1}) | |||||
| assert response['location'] == logout_url | |||||