def test_get_profile():
with requests_mock.Mocker() as m:
m.get('https://test.com/api/v1/user/me/', json={'a': 'b'})
token = {
'access_token': 'eswfld123kjhn1v5423',
'refresh_token': 'asdfkljh23490sdf',
'token_type': 'Bearer',
'expires_in': '30',
}
mock_request = mock.Mock(session={'_authbroker_token': token})
mock_request.build_absolute_uri.return_value = 'https://test.com'
client = get_client(request=mock_request)
assert get_profile(client) == {'a': 'b'}
def test_get_client():
token = {
'access_token': 'eswfld123kjhn1v5423',
'refresh_token': 'asdfkljh23490sdf',
'token_type': 'Bearer',
'expires_in': '30',
}
mock_request = mock.Mock(session={'_authbroker_token': token})
mock_request.build_absolute_uri.return_value = 'https://test.com'
client = get_client(request=mock_request)
assert isinstance(client, OAuth2Session)
assert client.scope == get_scope()
assert client.client_id == settings.AUTHBROKER_CLIENT_ID
assert client.token == token
def test_settings_override_scope(settings):
token = {
'access_token': 'eswfld123kjhn1v5423',
'refresh_token': 'asdfkljh23490sdf',
'token_type': 'Bearer',
'expires_in': '30',
}
new_scope = 'read write data-hub:internal-front-end'
settings.AUTHBROKER_STAFF_SSO_SCOPE = new_scope
mock_request = mock.Mock(session={'_authbroker_token': token})
mock_request.build_absolute_uri.return_value = 'https://test.com'
client = get_client(request=mock_request,)
assert isinstance(client, OAuth2Session)
assert client.scope == new_scope
def get(self, request, *args, **kwargs):
auth_code = request.GET.get('code', None)
if not auth_code:
return HttpResponseBadRequest()
state = self.request.session.get(TOKEN_SESSION_KEY + '_oauth_state',
None)
if not state:
return HttpResponseServerError()
try:
token = get_client(self.request).fetch_token(
TOKEN_URL,
client_secret=settings.AUTHBROKER_CLIENT_SECRET,
code=auth_code)
self.request.session[TOKEN_SESSION_KEY] = dict(token)
del self.request.session[TOKEN_SESSION_KEY + '_oauth_state']
# NOTE: the BaseException will be removed or narrowed at a later date. The try/except block is
# here due to reports of the app raising a 500 if the url is copied. Current theory is that
# somehow the url with the authcode is being copied, which would cause `fetch_token` to raise
# an exception. However, looking at the fetch_code method, I'm not entirely sure what exceptions it
# would raise in this instance.
except BaseException:
capture_exception()
# create the user
user = authenticate(request)
if user is not None:
login(request, user)
next_url = get_next_url(request) or getattr(settings,
'LOGIN_REDIRECT_URL', '/')
return redirect(next_url)
def get_redirect_url(self, *args, **kwargs):
"""Redirect to staff-sso"""
auth_url_extra_kwargs = {}
# Allow for compatibility with https://github.com/uktrade/mock-sso
# during testing. See tests/settings.py for details.
test_sso_token = getattr(
settings,
'TEST_SSO_PROVIDER_SET_RETURNED_ACCESS_TOKEN',
None,
)
if test_sso_token:
auth_url_extra_kwargs['code'] = test_sso_token
authorization_url, state = get_client(self.request).authorization_url(
AUTHORISATION_URL,
**auth_url_extra_kwargs,
)
self.request.session[REDIRECT_SESSION_FIELD_NAME] = get_next_url(
self.request)
self.request.session[TOKEN_SESSION_KEY + '_oauth_state'] = state
return authorization_url
def authenticate(self, request, **kwargs):
client = get_client(request)
if has_valid_token(client):
profile = get_profile(client)
return self.get_or_create_user(profile)
return None