Changeset View
Changeset View
Standalone View
Standalone View
swh/web/tests/auth/test_views.py
Show First 20 Lines • Show All 162 Lines • ▼ Show 20 Lines | |||||
def test_oidc_login_complete_view_missing_parameters(client, mocker): | def test_oidc_login_complete_view_missing_parameters(client, mocker): | ||||
# simulate login process has been initialized | # simulate login process has been initialized | ||||
session = client.session | session = client.session | ||||
session['login_data'] = { | session['login_data'] = { | ||||
'code_verifier': '', | 'code_verifier': '', | ||||
'state': str(uuid.uuid4()), | 'state': str(uuid.uuid4()), | ||||
'redirect_uri': '', | 'redirect_uri': '', | ||||
'next': None, | 'next_path': '', | ||||
'prompt': '', | |||||
} | } | ||||
session.save() | session.save() | ||||
# user initiates login process | # user initiates login process | ||||
login_url = reverse('oidc-login-complete') | login_url = reverse('oidc-login-complete') | ||||
response = client.get(login_url) | response = client.get(login_url) | ||||
request = response.wsgi_request | request = response.wsgi_request | ||||
Show All 11 Lines | def test_oidc_login_complete_wrong_csrf_token(client, mocker): | ||||
mock_keycloak(mocker) | mock_keycloak(mocker) | ||||
# simulate login process has been initialized | # simulate login process has been initialized | ||||
session = client.session | session = client.session | ||||
session['login_data'] = { | session['login_data'] = { | ||||
'code_verifier': '', | 'code_verifier': '', | ||||
'state': str(uuid.uuid4()), | 'state': str(uuid.uuid4()), | ||||
'redirect_uri': '', | 'redirect_uri': '', | ||||
'next': None, | 'next_path': '', | ||||
'prompt': '', | |||||
} | } | ||||
session.save() | session.save() | ||||
# user initiates login process | # user initiates login process | ||||
login_url = reverse('oidc-login-complete', | login_url = reverse('oidc-login-complete', | ||||
query_params={'code': 'some-code', | query_params={'code': 'some-code', | ||||
'state': 'some-state'}) | 'state': 'some-state'}) | ||||
Show All 15 Lines | def test_oidc_login_complete_wrong_code_verifier(client, mocker): | ||||
mock_keycloak(mocker, auth_success=False) | mock_keycloak(mocker, auth_success=False) | ||||
# simulate login process has been initialized | # simulate login process has been initialized | ||||
session = client.session | session = client.session | ||||
session['login_data'] = { | session['login_data'] = { | ||||
'code_verifier': '', | 'code_verifier': '', | ||||
'state': str(uuid.uuid4()), | 'state': str(uuid.uuid4()), | ||||
'redirect_uri': '', | 'redirect_uri': '', | ||||
'next': None, | 'next_path': '', | ||||
'prompt': '', | |||||
} | } | ||||
session.save() | session.save() | ||||
# check authentication error is reported | # check authentication error is reported | ||||
login_url = reverse('oidc-login-complete', | login_url = reverse('oidc-login-complete', | ||||
query_params={'code': 'some-code', | query_params={'code': 'some-code', | ||||
'state': session['login_data']['state']}) | 'state': session['login_data']['state']}) | ||||
Show All 28 Lines | def test_oidc_logout_view_failure(client, mocker): | ||||
request = response.wsgi_request | request = response.wsgi_request | ||||
# should render an error page | # should render an error page | ||||
assert_template_used(response, "error.html") | assert_template_used(response, "error.html") | ||||
assert_contains(response, err_msg, status_code=500) | assert_contains(response, err_msg, status_code=500) | ||||
# user should be logged out from Django anyway | # user should be logged out from Django anyway | ||||
assert isinstance(request.user, AnonymousUser) | assert isinstance(request.user, AnonymousUser) | ||||
@pytest.mark.django_db | |||||
def test_oidc_silent_refresh_failure(client, mocker): | |||||
# mock Keycloak client | |||||
mock_keycloak(mocker) | |||||
next_path = reverse('swh-web-homepage') | |||||
# silent session refresh initialization | |||||
login_url = reverse('oidc-login', query_params={'next_path': next_path, | |||||
'prompt': 'none'}) | |||||
response = client.get(login_url) | |||||
request = response.wsgi_request | |||||
login_data = request.session['login_data'] | |||||
# check prompt value has been registered in user session | |||||
assert 'prompt' in login_data | |||||
assert login_data['prompt'] == 'none' | |||||
# simulate a failed silent session refresh | |||||
session_state = str(uuid.uuid4()) | |||||
login_complete_url = reverse('oidc-login-complete', | |||||
query_params={'error': 'login_required', | |||||
'state': login_data['state'], | |||||
'session_state': session_state}) | |||||
# login process finalization | |||||
response = client.get(login_complete_url) | |||||
request = response.wsgi_request | |||||
# should redirect to logout page | |||||
assert response.status_code == 302 | |||||
logout_url = reverse('logout', query_params={'next_path': next_path, | |||||
'remote_user': 1}) | |||||
assert response['location'] == logout_url |