Differential D5578 Diff 19937 swh/auth/tests/django/test_backends.py

Changeset View

Standalone View

swh/auth/tests/django/test_backends.py

	Show First 20 Lines • Show All 137 Lines • ▼ Show 20 Lines


	@pytest.mark.django_db			@pytest.mark.django_db
	def test_oidc_code_pkce_auth_backend_permissions(keycloak_oidc, request_factory):			def test_oidc_code_pkce_auth_backend_permissions(keycloak_oidc, request_factory):
	"""			"""
	Checks that a permission defined with OpenID Connect is correctly mapped			Checks that a permission defined with OpenID Connect is correctly mapped
	to a Django one when logging from Web UI.			to a Django one when logging from Web UI.
	"""			"""
	permission = "webapp.some-permission"			realm_permission = "swh.some-permission"
	keycloak_oidc.user_permissions = [permission]			client_permission = "webapp.some-permission"
				keycloak_oidc.realm_permissions = [realm_permission]
				keycloak_oidc.client_permissions = [client_permission]
	user = _authenticate_user(request_factory)			user = _authenticate_user(request_factory)
	assert user.has_perm(permission)			assert user.has_perm(realm_permission)
	assert user.get_all_permissions() == {permission}			assert user.has_perm(client_permission)
	assert user.get_group_permissions() == {permission}			assert user.get_all_permissions() == {realm_permission, client_permission}
				assert user.get_group_permissions() == {realm_permission, client_permission}
	assert user.has_module_perms("webapp")			assert user.has_module_perms("webapp")
	assert not user.has_module_perms("foo")			assert not user.has_module_perms("foo")


	@pytest.mark.django_db			@pytest.mark.django_db
	def test_drf_oidc_bearer_token_auth_backend_success(keycloak_oidc, api_request_factory):			def test_drf_oidc_bearer_token_auth_backend_success(keycloak_oidc, api_request_factory):
	"""			"""
	Checks successful login based on OpenID Connect bearer token Django REST			Checks successful login based on OpenID Connect bearer token Django REST
	▲ Show 20 Lines • Show All 74 Lines • ▼ Show 20 Lines
	@pytest.mark.django_db			@pytest.mark.django_db
	def test_drf_oidc_bearer_token_auth_backend_permissions(			def test_drf_oidc_bearer_token_auth_backend_permissions(
	keycloak_oidc, api_request_factory			keycloak_oidc, api_request_factory
	):			):
	"""			"""
	Checks that a permission defined with OpenID Connect is correctly mapped			Checks that a permission defined with OpenID Connect is correctly mapped
	to a Django one when using bearer token authentication.			to a Django one when using bearer token authentication.
	"""			"""
	permission = "webapp.some-permission"			realm_permission = "swh.some-permission"
	keycloak_oidc.user_permissions = [permission]			client_permission = "webapp.some-permission"
				keycloak_oidc.realm_permissions = [realm_permission]
				keycloak_oidc.client_permissions = [client_permission]

	drf_auth_backend = OIDCBearerTokenAuthentication()			drf_auth_backend = OIDCBearerTokenAuthentication()
	oidc_profile = keycloak_oidc.login()			oidc_profile = keycloak_oidc.login()
	refresh_token = oidc_profile["refresh_token"]			refresh_token = oidc_profile["refresh_token"]
	url = reverse("api-test")			url = reverse("api-test")
	request = api_request_factory.get(url, HTTP_AUTHORIZATION=f"Bearer {refresh_token}")			request = api_request_factory.get(url, HTTP_AUTHORIZATION=f"Bearer {refresh_token}")
	user, _ = drf_auth_backend.authenticate(request)			user, _ = drf_auth_backend.authenticate(request)

	assert user.has_perm(permission)			assert user.has_perm(realm_permission)
	assert user.get_all_permissions() == {permission}			assert user.has_perm(client_permission)
	assert user.get_group_permissions() == {permission}			assert user.get_all_permissions() == {realm_permission, client_permission}
				assert user.get_group_permissions() == {realm_permission, client_permission}
	assert user.has_module_perms("webapp")			assert user.has_module_perms("webapp")
	assert not user.has_module_perms("foo")			assert not user.has_module_perms("foo")