Page MenuHomeSoftware Heritage
Differential D4697 Diff 17031 swh/web/tests/auth/test_middlewares.py

Changeset View

Standalone View

View Options

swh/web/tests/auth/test_middlewares.py

# Copyright (C) 2020 The Software Heritage developers # Copyright (C) 2020 The Software Heritage developers
# See the AUTHORS file at the top-level directory of this distribution # See the AUTHORS file at the top-level directory of this distribution
# License: GNU Affero General Public License version 3, or any later version # License: GNU Affero General Public License version 3, or any later version
# See top-level LICENSE file for more information # See top-level LICENSE file for more information
from datetime import datetime
import pytest import pytest
from django.core.cache import cache
from django.test import modify_settings from django.test import modify_settings
from swh.web.common.utils import reverse from swh.web.common.utils import reverse
from swh.web.tests.utils import check_html_get_response from swh.web.tests.utils import check_html_get_response
from .keycloak_mock import mock_keycloak from .keycloak_mock import mock_keycloak
@pytest.mark.django_db @pytest.mark.django_db
@modify_settings( @modify_settings(
MIDDLEWARE={"remove": ["swh.web.auth.middlewares.OIDCSessionRefreshMiddleware"]} MIDDLEWARE={"remove": ["swh.web.auth.middlewares.OIDCSessionExpiredMiddleware"]}
) )
def test_oidc_session_refresh_middleware_disabled(client, mocker): def test_oidc_session_expired_middleware_disabled(client, mocker):
# authenticate but make session expires immediately # authenticate user
kc_oidc_mock = mock_keycloak(mocker, exp=int(datetime.now().timestamp())) kc_oidc_mock = mock_keycloak(mocker)
client.login(code="", code_verifier="", redirect_uri="") client.login(code="", code_verifier="", redirect_uri="")
kc_oidc_mock.authorization_code.assert_called() kc_oidc_mock.authorization_code.assert_called()
url = reverse("swh-web-homepage") url = reverse("swh-web-homepage")
# no redirection for silent refresh
# visit url first to get user from response
response = check_html_get_response(client, url, status_code=200)
# simulate OIDC session expiration
cache.delete(f"oidc_user_{response.wsgi_request.user.id}")
# no redirection when session has expired
check_html_get_response(client, url, status_code=200) check_html_get_response(client, url, status_code=200)
@pytest.mark.django_db @pytest.mark.django_db
def test_oidc_session_refresh_middleware_enabled(client, mocker): def test_oidc_session_expired_middleware_enabled(client, mocker):
# authenticate but make session expires immediately # authenticate user
kc_oidc_mock = mock_keycloak(mocker, exp=int(datetime.now().timestamp())) kc_oidc_mock = mock_keycloak(mocker)
client.login(code="", code_verifier="", redirect_uri="") client.login(code="", code_verifier="", redirect_uri="")
kc_oidc_mock.authorization_code.assert_called() kc_oidc_mock.authorization_code.assert_called()
url = reverse("swh-web-homepage") url = reverse("swh-web-homepage")
# should redirect for silent session refresh # visit url first to get user from response
response = check_html_get_response(client, url, status_code=200)
# simulate OIDC session expiration
cache.delete(f"oidc_user_{response.wsgi_request.user.id}")
# should redirect to logout page
resp = check_html_get_response(client, url, status_code=302) resp = check_html_get_response(client, url, status_code=302)
silent_refresh_url = reverse( silent_refresh_url = reverse(
"oidc-login", query_params={"next_path": url, "prompt": "none"} "logout", query_params={"next_path": url, "remote_user": 1}
) )
assert resp["location"] == silent_refresh_url assert resp["location"] == silent_refresh_url
About · Developer information · Legal