diff --git a/swh/auth/tests/conftest.py b/swh/auth/tests/conftest.py index a89e3eb..2a622cd 100644 --- a/swh/auth/tests/conftest.py +++ b/swh/auth/tests/conftest.py @@ -1,38 +1,39 @@ # Copyright (C) 2021 The Software Heritage developers # See the AUTHORS file at the top-level directory of this distribution # License: GNU Affero General Public License version 3, or any later version # See top-level LICENSE file for more information import pytest from swh.auth import KeycloakOpenIDConnect from .sample_data import OIDC_PROFILE, REALM, SERVER_URL, USER_INFO, WELL_KNOWN @pytest.fixture def keycloak_open_id_connect(): return KeycloakOpenIDConnect( server_url=SERVER_URL, realm_name=REALM, client_id="client-id", ) @pytest.fixture def mock_keycloak(requests_mock): """Keycloak with most endpoints available. """ requests_mock.get(WELL_KNOWN["well-known"], json=WELL_KNOWN) requests_mock.post(WELL_KNOWN["token_endpoint"], json=OIDC_PROFILE) requests_mock.get(WELL_KNOWN["userinfo_endpoint"], json=USER_INFO) + requests_mock.post(WELL_KNOWN["end_session_endpoint"], status_code=204) return requests_mock @pytest.fixture def mock_keycloak_refused_auth(requests_mock): """Keycloak with token endpoint refusing authentication. """ requests_mock.post(WELL_KNOWN["token_endpoint"], status_code=401) return requests_mock diff --git a/swh/auth/tests/test_auth.py b/swh/auth/tests/test_auth.py index 673b515..54d56d9 100644 --- a/swh/auth/tests/test_auth.py +++ b/swh/auth/tests/test_auth.py @@ -1,77 +1,83 @@ # Copyright (C) 2021 The Software Heritage developers # See the AUTHORS file at the top-level directory of this distribution # License: GNU Affero General Public License version 3, or any later version # See top-level LICENSE file for more information from urllib.parse import parse_qs, urlparse from keycloak.exceptions import KeycloakAuthenticationError, KeycloakConnectionError import pytest from .sample_data import OIDC_PROFILE, USER_INFO, WELL_KNOWN def test_auth_connection_failure(keycloak_open_id_connect): with pytest.raises(KeycloakConnectionError): keycloak_open_id_connect.well_known() def test_auth_well_known(mock_keycloak, keycloak_open_id_connect): well_known_result = keycloak_open_id_connect.well_known() assert well_known_result is not None assert well_known_result == WELL_KNOWN assert mock_keycloak.called def test_auth_authorization_url(mock_keycloak, keycloak_open_id_connect): actual_auth_uri = keycloak_open_id_connect.authorization_url( "http://redirect-uri", foo="bar" ) expected_auth_url = WELL_KNOWN["authorization_endpoint"] parsed_result = urlparse(actual_auth_uri) assert expected_auth_url.endswith(parsed_result.path) parsed_query = parse_qs(parsed_result.query) assert parsed_query == { "client_id": ["client-id"], "response_type": ["code"], "redirect_uri": ["http://redirect-uri"], "foo": ["bar"], } assert mock_keycloak.called def test_auth_authorization_code_fail( mock_keycloak_refused_auth, keycloak_open_id_connect ): with pytest.raises(KeycloakAuthenticationError): keycloak_open_id_connect.authorization_code("auth-code", "redirect-uri") assert mock_keycloak_refused_auth.called def test_auth_authorization_code(mock_keycloak, keycloak_open_id_connect): actual_response = keycloak_open_id_connect.authorization_code( "auth-code", "redirect-uri" ) assert actual_response == OIDC_PROFILE assert mock_keycloak.called def test_auth_refresh_token(mock_keycloak, keycloak_open_id_connect): actual_result = keycloak_open_id_connect.refresh_token("refresh-token") assert actual_result is not None assert mock_keycloak.called def test_auth_userinfo(mock_keycloak, keycloak_open_id_connect): actual_user_info = keycloak_open_id_connect.userinfo("refresh-token") assert actual_user_info == USER_INFO assert mock_keycloak.called + + +def test_auth_logout(mock_keycloak, keycloak_open_id_connect): + keycloak_open_id_connect.logout("refresh-token") + + assert mock_keycloak.called