Python OpenIdConnectProfileFactory Examples

Example #1

class ServicesKeycloakOpenIDProfileGetActiveAccessTokenTestCase(
        MockTestCaseMixin, TestCase):

    def setUp(self):
        self.oidc_profile = OpenIdConnectProfileFactory(
            access_token='access-token',
            expires_before=datetime(2018, 3, 5, 1, 0, 0),
            refresh_token='refresh-token',
            refresh_expires_before=datetime(2018, 3, 5, 2, 0, 0)
        )
        self.oidc_profile.realm.client.openid_api_client = mock.MagicMock(
            spec_set=KeycloakOpenidConnect)
        self.oidc_profile.realm.client.openid_api_client.refresh_token\
            .return_value = {
                'access_token': 'new-access-token',
                'expires_in': 600,
                'refresh_token': 'new-refresh-token',
                'refresh_expires_in': 3600
            }

    @freeze_time('2018-03-05 00:59:00')
    def test_not_expired(self):
        """
        Case: access token get fetched and is not yet expired
        Expected: current token is returned
        """
        access_token = django_keycloak.services.oidc_profile\
            .get_active_access_token(oidc_profile=self.oidc_profile)

        self.assertEqual(access_token, 'access-token')
        self.assertFalse(
            self.oidc_profile.realm.client.openid_api_client.refresh_token
                .called
        )

    @freeze_time('2018-03-05 01:01:00')
    def test_expired(self):
        """
        Case: access token get requested but current one is expired
        Expected: A new one get requested
        """
        access_token = django_keycloak.services.oidc_profile \
            .get_active_access_token(oidc_profile=self.oidc_profile)

        self.assertEqual(access_token, 'new-access-token')
        self.oidc_profile.realm.client.openid_api_client.refresh_token\
            .assert_called_once_with(refresh_token='refresh-token')

        self.oidc_profile.refresh_from_db()
        self.assertEqual(self.oidc_profile.access_token, 'new-access-token')
        self.assertEqual(self.oidc_profile.expires_before,
                         datetime(2018, 3, 5, 1, 11, 0))
        self.assertEqual(self.oidc_profile.refresh_token, 'new-refresh-token')
        self.assertEqual(self.oidc_profile.refresh_expires_before,
                         datetime(2018, 3, 5, 2, 1, 0))

Example #2

 def setUp(self):
     self.oidc_profile = OpenIdConnectProfileFactory(
         access_token='access-token',
         expires_before=datetime(2018, 3, 5, 1, 0, 0),
         refresh_token='refresh-token',
         refresh_expires_before=datetime(2018, 3, 5, 2, 0, 0))
     self.oidc_profile.realm.client.openid_api_client = mock.MagicMock(
         spec_set=KeycloakOpenidConnect)
     self.oidc_profile.realm.client.openid_api_client.refresh_token\
         .return_value = {
             'access_token': 'new-access-token',
             'expires_in': 600,
             'refresh_token': 'new-refresh-token',
             'refresh_expires_in': 3600
         }

Example #3

    def test_update_with_existing_profile_new_user(self):
        """
        Case: oidc profile is requested based on a provided id token.
        The profile exists, but the user doesn't.
        Expected: oidc user is created with information from the id token
        and linked to the profile.
        """
        existing_profile = OpenIdConnectProfileFactory(
            access_token='access-token',
            expires_before=datetime(2018, 3, 5, 1, 0, 0),
            refresh_token='refresh-token',
            sub='some-sub')

        profile = django_keycloak.services.oidc_profile. \
            get_or_create_from_id_token(
                client=self.client, id_token='some-id-token'
            )

        self.client.openid_api_client.decode_token.assert_called_with(
            token='some-id-token',
            key=dict(),
            algorithms=['signing-alg'],
            issuer='https://issuer')

        self.assertEqual(profile.sub, 'some-sub')
        self.assertEqual(profile.pk, existing_profile.pk)
        self.assertEqual(profile.user.username, 'some-sub')
        self.assertEqual(profile.user.email, '*****@*****.**')
        self.assertEqual(profile.user.first_name, 'Some given name')
        self.assertEqual(profile.user.last_name, 'Some family name')

Example #4

File: test_has_perm.py Project: tqvuong/django-keycloak

    def setUp(self):
        self.backend = KeycloakAuthorizationBase()

        self.profile = OpenIdConnectProfileFactory(user__is_active=True)

        self.setup_mock(
            'django_keycloak.services.oidc_profile.get_entitlement',
            return_value={
                'authorization': {
                    'permissions': [{
                        'resource_set_name': 'Resource',
                        'scopes': ['Read', 'Update']
                    }, {
                        'resource_set_name': 'Resource2'
                    }]
                }
            })

Example #5

File: test_get_entitlement.py Project: vsafin/django-keycloak

    def setUp(self):
        self.mocked_get_active_access_token = self.setup_mock(
            'django_keycloak.services.oidc_profile'
            '.get_active_access_token')

        self.oidc_profile = OpenIdConnectProfileFactory(
            access_token='access-token',
            expires_before=datetime(2018, 3, 5, 1, 0, 0),
            refresh_token='refresh-token')
        self.oidc_profile.realm.client.openid_api_client = mock.MagicMock(
            spec_set=KeycloakOpenidConnect)
        self.oidc_profile.realm.client.authz_api_client = mock.MagicMock(
            spec_set=KeycloakAuthz)
        self.oidc_profile.realm.client.authz_api_client.entitlement\
            .return_value = {
                'rpt': 'RPT_VALUE'
            }
        self.oidc_profile.realm.certs = {'cert': 'cert-value'}