Changeset View
Changeset View
Standalone View
Standalone View
swh/web/tests/auth/test_views.py
| # Copyright (C) 2020-2021 The Software Heritage developers | # Copyright (C) 2020-2021 The Software Heritage developers | ||||
| # See the AUTHORS file at the top-level directory of this distribution | # See the AUTHORS file at the top-level directory of this distribution | ||||
| # License: GNU Affero General Public License version 3, or any later version | # License: GNU Affero General Public License version 3, or any later version | ||||
| # See top-level LICENSE file for more information | # See top-level LICENSE file for more information | ||||
| import json | import json | ||||
| from urllib.parse import urljoin, urlparse | from urllib.parse import urljoin, urlparse | ||||
| import uuid | import uuid | ||||
| import pytest | import pytest | ||||
| from django.http import QueryDict | from django.http import QueryDict | ||||
| from swh.auth.keycloak import KeycloakError | |||||
| from swh.web.auth.models import OIDCUserOfflineTokens | from swh.web.auth.models import OIDCUserOfflineTokens | ||||
| from swh.web.auth.utils import OIDC_SWH_WEB_CLIENT_ID, decrypt_data | from swh.web.auth.utils import OIDC_SWH_WEB_CLIENT_ID, decrypt_data | ||||
| from swh.web.common.utils import reverse | from swh.web.common.utils import reverse | ||||
| from swh.web.config import get_config | from swh.web.config import get_config | ||||
| from swh.web.tests.django_asserts import assert_contains | from swh.web.tests.django_asserts import assert_contains | ||||
| from swh.web.tests.utils import ( | from swh.web.tests.utils import ( | ||||
| check_html_get_response, | check_html_get_response, | ||||
| check_http_get_response, | check_http_get_response, | ||||
| ▲ Show 20 Lines • Show All 176 Lines • ▼ Show 20 Lines | for i in range(nb_tokens): | ||||
| url, | url, | ||||
| status_code=200, | status_code=200, | ||||
| data={"token_id": i + 1}, | data={"token_id": i + 1}, | ||||
| content_type="text/plain", | content_type="text/plain", | ||||
| ) | ) | ||||
| assert response.content == token | assert response.content == token | ||||
| @pytest.mark.django_db | |||||
| def test_oidc_get_bearer_token_expired_token(client, keycloak_oidc): | |||||
| """ | |||||
| User with correct credentials should be allowed to display a token. | |||||
| """ | |||||
| _generate_and_test_bearer_token(client, keycloak_oidc) | |||||
| for kc_err_msg in ("Offline session not active", "Offline user session not found"): | |||||
| kc_error_dict = { | |||||
| "error": "invalid_grant", | |||||
| "error_description": kc_err_msg, | |||||
| } | |||||
| keycloak_oidc.refresh_token.side_effect = KeycloakError( | |||||
| error_message=json.dumps(kc_error_dict).encode(), response_code=400 | |||||
| ) | |||||
| url = reverse("oidc-get-bearer-token") | |||||
| response = check_http_post_response( | |||||
| client, | |||||
| url, | |||||
| status_code=400, | |||||
| data={"token_id": 1}, | |||||
| content_type="text/plain", | |||||
| ) | |||||
| assert ( | |||||
| response.content == b"Bearer token has expired, please generate a new one." | |||||
| ) | |||||
| def test_oidc_revoke_bearer_tokens_anonymous_user(client): | def test_oidc_revoke_bearer_tokens_anonymous_user(client): | ||||
| """ | """ | ||||
| Anonymous user should be refused access with forbidden response. | Anonymous user should be refused access with forbidden response. | ||||
| """ | """ | ||||
| url = reverse("oidc-revoke-bearer-tokens") | url = reverse("oidc-revoke-bearer-tokens") | ||||
| check_http_post_response(client, url, status_code=403) | check_http_post_response(client, url, status_code=403) | ||||
| ▲ Show 20 Lines • Show All 59 Lines • Show Last 20 Lines | |||||