Changeset View
Changeset View
Standalone View
Standalone View
swh/web/tests/auth/keycloak_mock.py
| Show All 10 Lines | |||||
| from swh.web.auth.keycloak import KeycloakOpenIDConnect | from swh.web.auth.keycloak import KeycloakOpenIDConnect | ||||
| from swh.web.auth.utils import OIDC_SWH_WEB_CLIENT_ID | from swh.web.auth.utils import OIDC_SWH_WEB_CLIENT_ID | ||||
| from swh.web.config import get_config | from swh.web.config import get_config | ||||
| from .sample_data import oidc_profile, realm_public_key, userinfo | from .sample_data import oidc_profile, realm_public_key, userinfo | ||||
| class KeycloackOpenIDConnectMock(KeycloakOpenIDConnect): | class KeycloackOpenIDConnectMock(KeycloakOpenIDConnect): | ||||
| def __init__(self, auth_success=True, exp=None): | def __init__( | ||||
| self, auth_success=True, exp=None, user_groups=[], user_permissions=[] | |||||
| ): | |||||
| swhweb_config = get_config() | swhweb_config = get_config() | ||||
| super().__init__( | super().__init__( | ||||
| swhweb_config["keycloak"]["server_url"], | swhweb_config["keycloak"]["server_url"], | ||||
| swhweb_config["keycloak"]["realm_name"], | swhweb_config["keycloak"]["realm_name"], | ||||
| OIDC_SWH_WEB_CLIENT_ID, | OIDC_SWH_WEB_CLIENT_ID, | ||||
| ) | ) | ||||
| self.auth_success = auth_success | self.auth_success = auth_success | ||||
| self.exp = exp | self.exp = exp | ||||
| self.user_groups = user_groups | |||||
| self.user_permissions = user_permissions | |||||
| self._keycloak.public_key = lambda: realm_public_key | self._keycloak.public_key = lambda: realm_public_key | ||||
| self._keycloak.well_know = lambda: { | self._keycloak.well_know = lambda: { | ||||
| "issuer": f"{self.server_url}realms/{self.realm_name}", | "issuer": f"{self.server_url}realms/{self.realm_name}", | ||||
| "authorization_endpoint": ( | "authorization_endpoint": ( | ||||
| f"{self.server_url}realms/" | f"{self.server_url}realms/" | ||||
| f"{self.realm_name}/protocol/" | f"{self.realm_name}/protocol/" | ||||
| "openid-connect/auth" | "openid-connect/auth" | ||||
| ), | ), | ||||
| ▲ Show 20 Lines • Show All 45 Lines • ▼ Show 20 Lines | def decode_token(self, token): | ||||
| # tweak auth and exp time for tests | # tweak auth and exp time for tests | ||||
| expire_in = decoded["exp"] - decoded["auth_time"] | expire_in = decoded["exp"] - decoded["auth_time"] | ||||
| if self.exp is not None: | if self.exp is not None: | ||||
| decoded["exp"] = self.exp | decoded["exp"] = self.exp | ||||
| decoded["auth_time"] = self.exp - expire_in | decoded["auth_time"] = self.exp - expire_in | ||||
| else: | else: | ||||
| decoded["auth_time"] = int(timezone.now().timestamp()) | decoded["auth_time"] = int(timezone.now().timestamp()) | ||||
| decoded["exp"] = decoded["auth_time"] + expire_in | decoded["exp"] = decoded["auth_time"] + expire_in | ||||
| decoded["groups"] = ["/staff"] | decoded["groups"] = self.user_groups | ||||
| if self.user_permissions: | |||||
| decoded["resource_access"][self.client_id] = { | |||||
| "roles": self.user_permissions | |||||
| } | |||||
| return decoded | return decoded | ||||
| def mock_keycloak(mocker, auth_success=True, exp=None): | def mock_keycloak( | ||||
| kc_oidc_mock = KeycloackOpenIDConnectMock(auth_success, exp) | mocker, auth_success=True, exp=None, user_groups=[], user_permissions=[] | ||||
| ): | |||||
| kc_oidc_mock = KeycloackOpenIDConnectMock( | |||||
| auth_success, exp, user_groups, user_permissions | |||||
| ) | |||||
| mock_get_oidc_client = mocker.patch("swh.web.auth.views.get_oidc_client") | mock_get_oidc_client = mocker.patch("swh.web.auth.views.get_oidc_client") | ||||
| mock_get_oidc_client.return_value = kc_oidc_mock | mock_get_oidc_client.return_value = kc_oidc_mock | ||||
| mocker.patch("swh.web.auth.backends._oidc_client", kc_oidc_mock) | mocker.patch("swh.web.auth.backends._oidc_client", kc_oidc_mock) | ||||
| return kc_oidc_mock | return kc_oidc_mock | ||||