Page Menu
Home
Software Heritage
Search
Configure Global Search
Log In
Files
F9343916
keycloak_mock.py
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
4 KB
Subscribers
None
keycloak_mock.py
View Options
# Copyright (C) 2020 The Software Heritage developers
# See the AUTHORS file at the top-level directory of this distribution
# License: GNU Affero General Public License version 3, or any later version
# See top-level LICENSE file for more information
from
copy
import
copy
from
unittest.mock
import
Mock
from
django.utils
import
timezone
from
swh.web.auth.keycloak
import
KeycloakOpenIDConnect
from
swh.web.auth.utils
import
OIDC_SWH_WEB_CLIENT_ID
from
swh.web.config
import
get_config
from
.sample_data
import
oidc_profile
,
realm_public_key
,
userinfo
class
KeycloackOpenIDConnectMock
(
KeycloakOpenIDConnect
):
def
__init__
(
self
,
auth_success
=
True
,
exp
=
None
,
user_groups
=
[],
user_permissions
=
[]
):
swhweb_config
=
get_config
()
super
()
.
__init__
(
swhweb_config
[
"keycloak"
][
"server_url"
],
swhweb_config
[
"keycloak"
][
"realm_name"
],
OIDC_SWH_WEB_CLIENT_ID
,
)
self
.
auth_success
=
auth_success
self
.
exp
=
exp
self
.
user_groups
=
user_groups
self
.
user_permissions
=
user_permissions
self
.
_keycloak
.
public_key
=
lambda
:
realm_public_key
self
.
_keycloak
.
well_know
=
lambda
:
{
"issuer"
:
f
"{self.server_url}realms/{self.realm_name}"
,
"authorization_endpoint"
:
(
f
"{self.server_url}realms/"
f
"{self.realm_name}/protocol/"
"openid-connect/auth"
),
"token_endpoint"
:
(
f
"{self.server_url}realms/{self.realm_name}/"
"protocol/openid-connect/token"
),
"token_introspection_endpoint"
:
(
f
"{self.server_url}realms/"
f
"{self.realm_name}/protocol/"
"openid-connect/token/"
"introspect"
),
"userinfo_endpoint"
:
(
f
"{self.server_url}realms/{self.realm_name}/"
"protocol/openid-connect/userinfo"
),
"end_session_endpoint"
:
(
f
"{self.server_url}realms/"
f
"{self.realm_name}/protocol/"
"openid-connect/logout"
),
"jwks_uri"
:
(
f
"{self.server_url}realms/{self.realm_name}/"
"protocol/openid-connect/certs"
),
}
self
.
authorization_code
=
Mock
()
self
.
userinfo
=
Mock
()
self
.
logout
=
Mock
()
if
auth_success
:
self
.
authorization_code
.
return_value
=
copy
(
oidc_profile
)
self
.
userinfo
.
return_value
=
copy
(
userinfo
)
else
:
self
.
authorization_url
=
Mock
()
exception
=
Exception
(
"Authentication failed"
)
self
.
authorization_code
.
side_effect
=
exception
self
.
authorization_url
.
side_effect
=
exception
self
.
userinfo
.
side_effect
=
exception
self
.
logout
.
side_effect
=
exception
def
decode_token
(
self
,
token
):
options
=
{}
if
self
.
auth_success
:
# skip signature expiration check as we use a static oidc_profile
# for the tests with expired tokens in it
options
[
"verify_exp"
]
=
False
decoded
=
super
()
.
decode_token
(
token
,
options
)
# tweak auth and exp time for tests
expire_in
=
decoded
[
"exp"
]
-
decoded
[
"auth_time"
]
if
self
.
exp
is
not
None
:
decoded
[
"exp"
]
=
self
.
exp
decoded
[
"auth_time"
]
=
self
.
exp
-
expire_in
else
:
decoded
[
"auth_time"
]
=
int
(
timezone
.
now
()
.
timestamp
())
decoded
[
"exp"
]
=
decoded
[
"auth_time"
]
+
expire_in
decoded
[
"groups"
]
=
self
.
user_groups
if
self
.
user_permissions
:
decoded
[
"resource_access"
][
self
.
client_id
]
=
{
"roles"
:
self
.
user_permissions
}
return
decoded
def
mock_keycloak
(
mocker
,
auth_success
=
True
,
exp
=
None
,
user_groups
=
[],
user_permissions
=
[]
):
kc_oidc_mock
=
KeycloackOpenIDConnectMock
(
auth_success
,
exp
,
user_groups
,
user_permissions
)
mock_get_oidc_client
=
mocker
.
patch
(
"swh.web.auth.views.get_oidc_client"
)
mock_get_oidc_client
.
return_value
=
kc_oidc_mock
mocker
.
patch
(
"swh.web.auth.backends._oidc_client"
,
kc_oidc_mock
)
return
kc_oidc_mock
File Metadata
Details
Attached
Mime Type
text/x-python
Expires
Fri, Jul 4, 1:57 PM (1 d, 23 h ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3296463
Attached To
rDWAPPS Web applications
Event Timeline
Log In to Comment