Changeset View
Changeset View
Standalone View
Standalone View
swh/web/tests/auth/test_views.py
# Copyright (C) 2020-2021 The Software Heritage developers | # Copyright (C) 2020-2021 The Software Heritage developers | ||||
# See the AUTHORS file at the top-level directory of this distribution | # See the AUTHORS file at the top-level directory of this distribution | ||||
# License: GNU Affero General Public License version 3, or any later version | # License: GNU Affero General Public License version 3, or any later version | ||||
# See top-level LICENSE file for more information | # See top-level LICENSE file for more information | ||||
import json | import json | ||||
from urllib.parse import urljoin, urlparse | from urllib.parse import urljoin, urlparse | ||||
import uuid | import uuid | ||||
import pytest | import pytest | ||||
from django.http import QueryDict | from django.http import QueryDict | ||||
from swh.auth.keycloak import KeycloakError | |||||
from swh.web.auth.models import OIDCUserOfflineTokens | from swh.web.auth.models import OIDCUserOfflineTokens | ||||
from swh.web.auth.utils import OIDC_SWH_WEB_CLIENT_ID, decrypt_data | from swh.web.auth.utils import OIDC_SWH_WEB_CLIENT_ID, decrypt_data | ||||
from swh.web.common.utils import reverse | from swh.web.common.utils import reverse | ||||
from swh.web.config import get_config | from swh.web.config import get_config | ||||
from swh.web.tests.django_asserts import assert_contains | from swh.web.tests.django_asserts import assert_contains | ||||
from swh.web.tests.utils import ( | from swh.web.tests.utils import ( | ||||
check_html_get_response, | check_html_get_response, | ||||
check_http_get_response, | check_http_get_response, | ||||
▲ Show 20 Lines • Show All 176 Lines • ▼ Show 20 Lines | for i in range(nb_tokens): | ||||
url, | url, | ||||
status_code=200, | status_code=200, | ||||
data={"token_id": i + 1}, | data={"token_id": i + 1}, | ||||
content_type="text/plain", | content_type="text/plain", | ||||
) | ) | ||||
assert response.content == token | assert response.content == token | ||||
@pytest.mark.django_db | |||||
def test_oidc_get_bearer_token_expired_token(client, keycloak_oidc): | |||||
""" | |||||
User with correct credentials should be allowed to display a token. | |||||
""" | |||||
_generate_and_test_bearer_token(client, keycloak_oidc) | |||||
for kc_err_msg in ("Offline session not active", "Offline user session not found"): | |||||
kc_error_dict = { | |||||
"error": "invalid_grant", | |||||
"error_description": kc_err_msg, | |||||
} | |||||
keycloak_oidc.refresh_token.side_effect = KeycloakError( | |||||
error_message=json.dumps(kc_error_dict).encode(), response_code=400 | |||||
) | |||||
url = reverse("oidc-get-bearer-token") | |||||
response = check_http_post_response( | |||||
client, | |||||
url, | |||||
status_code=400, | |||||
data={"token_id": 1}, | |||||
content_type="text/plain", | |||||
) | |||||
assert ( | |||||
response.content == b"Bearer token has expired, please generate a new one." | |||||
) | |||||
def test_oidc_revoke_bearer_tokens_anonymous_user(client): | def test_oidc_revoke_bearer_tokens_anonymous_user(client): | ||||
""" | """ | ||||
Anonymous user should be refused access with forbidden response. | Anonymous user should be refused access with forbidden response. | ||||
""" | """ | ||||
url = reverse("oidc-revoke-bearer-tokens") | url = reverse("oidc-revoke-bearer-tokens") | ||||
check_http_post_response(client, url, status_code=403) | check_http_post_response(client, url, status_code=403) | ||||
▲ Show 20 Lines • Show All 59 Lines • Show Last 20 Lines |