Differential D4697 Diff 17031 swh/web/tests/auth/test_backends.py

Changeset View

Standalone View

swh/web/tests/auth/test_backends.py

# Copyright (C) 2020 The Software Heritage developers		# Copyright (C) 2020 The Software Heritage developers
# See the AUTHORS file at the top-level directory of this distribution		# See the AUTHORS file at the top-level directory of this distribution
# License: GNU Affero General Public License version 3, or any later version		# License: GNU Affero General Public License version 3, or any later version
# See top-level LICENSE file for more information		# See top-level LICENSE file for more information

from datetime import datetime, timedelta		from datetime import datetime, timedelta
		from unittest.mock import Mock

import pytest		import pytest

from django.conf import settings		from django.conf import settings
from django.contrib.auth import authenticate, get_backends		from django.contrib.auth import authenticate, get_backends
from rest_framework.exceptions import AuthenticationFailed		from rest_framework.exceptions import AuthenticationFailed

from swh.web.auth.backends import OIDCBearerTokenAuthentication		from swh.web.auth.backends import OIDCBearerTokenAuthentication
▲ Show 20 Lines • Show All 73 Lines • ▼ Show 20 Lines	def test_oidc_code_pkce_auth_backend_failure(mocker, request_factory):
mock_keycloak(mocker, auth_success=False)		mock_keycloak(mocker, auth_success=False)

user = _authenticate_user(request_factory)		user = _authenticate_user(request_factory)

assert user is None		assert user is None


@pytest.mark.django_db		@pytest.mark.django_db
		def test_oidc_code_pkce_auth_backend_refresh_token_success(mocker, request_factory):
		"""
		Checks access token renewal success using refresh token.
		"""
		kc_oidc_mock = mock_keycloak(mocker)

		oidc_profile = sample_data.oidc_profile
		decoded_token = kc_oidc_mock.decode_token(oidc_profile["access_token"])
		new_access_token = "new_access_token"

		def _refresh_token(refresh_token):
		oidc_profile = dict(sample_data.oidc_profile)
		oidc_profile["access_token"] = new_access_token
		return oidc_profile

		def _decode_token(access_token):
		if access_token != new_access_token:
		raise Exception("access token token has expired")
		else:
		return decoded_token

		kc_oidc_mock.decode_token = Mock()
		kc_oidc_mock.decode_token.side_effect = _decode_token
		kc_oidc_mock.refresh_token.side_effect = _refresh_token

		user = _authenticate_user(request_factory)

		kc_oidc_mock.refresh_token.assert_called_with(
		sample_data.oidc_profile["refresh_token"]
		)

		assert user is not None


		@pytest.mark.django_db
		def test_oidc_code_pkce_auth_backend_refresh_token_failure(mocker, request_factory):
		"""
		Checks access token renewal failure using refresh token.
		"""
		kc_oidc_mock = mock_keycloak(mocker)

		def _refresh_token(refresh_token):
		raise Exception("OIDC session has expired")

		def _decode_token(access_token):
		raise Exception("access token token has expired")

		kc_oidc_mock.decode_token = Mock()
		kc_oidc_mock.decode_token.side_effect = _decode_token
		kc_oidc_mock.refresh_token.side_effect = _refresh_token

		user = _authenticate_user(request_factory)

		kc_oidc_mock.refresh_token.assert_called_with(
		sample_data.oidc_profile["refresh_token"]
		)

		assert user is None


		@pytest.mark.django_db
def test_oidc_code_pkce_auth_backend_permissions(mocker, request_factory):		def test_oidc_code_pkce_auth_backend_permissions(mocker, request_factory):
"""		"""
Checks that a permission defined with OpenID Connect is correctly mapped		Checks that a permission defined with OpenID Connect is correctly mapped
to a Django one when logging from Web UI.		to a Django one when logging from Web UI.
"""		"""
permission = "webapp.some-permission"		permission = "webapp.some-permission"
mock_keycloak(mocker, user_permissions=[permission])		mock_keycloak(mocker, user_permissions=[permission])
user = _authenticate_user(request_factory)		user = _authenticate_user(request_factory)
▲ Show 20 Lines • Show All 103 Lines • Show Last 20 Lines