def test_list_oidc_provider_configs(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app) recorder = _instrument_provider_mgt( client, 200, LIST_OIDC_PROVIDER_CONFIGS_RESPONSE) page = client.list_oidc_provider_configs() assert isinstance(page, auth.ListProviderConfigsPage) index = 0 assert len(page.provider_configs) == 2 for provider_config in page.provider_configs: self._assert_oidc_provider_config( provider_config, want_id='oidc.provider{0}'.format(index)) index += 1 assert page.next_page_token == '' assert page.has_next_page is False assert page.get_next_page() is None provider_configs = list(config for config in page.iterate_all()) assert len(provider_configs) == 2 assert len(recorder) == 1 req = recorder[0] assert req.method == 'GET' assert req.url == '{0}{1}'.format( PROVIDER_MGT_URL_PREFIX, '/tenants/tenant-id/oauthIdpConfigs?pageSize=100')
def get_tenant_client(tenant_id): # [START get_tenant_client] from firebase_admin import tenant_mgt tenant_client = tenant_mgt.auth_for_tenant(tenant_id) # [END get_tenant_client] return tenant_client
def test_update_saml_provider_config(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app) recorder = _instrument_provider_mgt(client, 200, SAML_PROVIDER_CONFIG_RESPONSE) provider_config = client.update_saml_provider_config( 'saml.provider', idp_entity_id='IDP_ENTITY_ID', sso_url='https://example.com/login', x509_certificates=['CERT1', 'CERT2'], rp_entity_id='RP_ENTITY_ID', callback_url='https://projectId.firebaseapp.com/__/auth/handler', display_name='samlProviderName', enabled=True) self._assert_saml_provider_config(provider_config) mask = [ 'displayName', 'enabled', 'idpConfig.idpCertificates', 'idpConfig.idpEntityId', 'idpConfig.ssoUrl', 'spConfig.callbackUri', 'spConfig.spEntityId', ] url = '/inboundSamlConfigs/saml.provider?updateMask={0}'.format( ','.join(mask)) self._assert_request(recorder, url, SAML_PROVIDER_CONFIG_REQUEST, method='PATCH', prefix=PROVIDER_MGT_URL_PREFIX)
def test_update_saml_provider_config(sample_tenant): client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id) provider_config = _create_saml_provider_config(client) try: provider_config = client.update_saml_provider_config( provider_config.provider_id, idp_entity_id='UPDATED_IDP_ENTITY_ID', sso_url='https://example.com/updated_login', x509_certificates=[test_auth.X509_CERTIFICATES[1]], rp_entity_id='UPDATED_RP_ENTITY_ID', callback_url= 'https://updatedProjectId.firebaseapp.com/__/auth/handler', display_name='UPDATED_SAML_DISPLAY_NAME', enabled=False) assert provider_config.idp_entity_id == 'UPDATED_IDP_ENTITY_ID' assert provider_config.sso_url == 'https://example.com/updated_login' assert provider_config.x509_certificates == [ test_auth.X509_CERTIFICATES[1] ] assert provider_config.rp_entity_id == 'UPDATED_RP_ENTITY_ID' assert provider_config.callback_url == ( 'https://updatedProjectId.firebaseapp.com/' '__/auth/handler') assert provider_config.display_name == 'UPDATED_SAML_DISPLAY_NAME' assert provider_config.enabled is False finally: client.delete_saml_provider_config(provider_config.provider_id)
def test_custom_token(sample_tenant, api_key): client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id) custom_token = client.create_custom_token('user1') id_token = _sign_in(custom_token, sample_tenant.tenant_id, api_key) claims = client.verify_id_token(id_token) assert claims['uid'] == 'user1' assert claims['firebase']['tenant'] == sample_tenant.tenant_id
def test_revoke_refresh_tokens(sample_tenant, tenant_user): valid_since = int(time.time()) time.sleep(1) client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id) client.revoke_refresh_tokens(tenant_user.uid) user = client.get_user(tenant_user.uid) assert user.tokens_valid_after_timestamp > valid_since
def test_create_user(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app) recorder = _instrument_user_mgt(client, 200, '{"localId":"testuser"}') uid = client._user_manager.create_user() assert uid == 'testuser' self._assert_request(recorder, '/accounts', {})
def test_custom_token(self, tenant_aware_custom_token_app): client = tenant_mgt.auth_for_tenant('test-tenant', app=tenant_aware_custom_token_app) custom_token = client.create_custom_token('user1') test_token_gen.verify_custom_token(custom_token, expected_claims=None, tenant_id='test-tenant')
def test_list_users(sample_tenant, tenant_user): client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id) page = client.list_users() result = None for user in page.iterate_all(): if user.uid == tenant_user.uid: result = user break assert result.tenant_id == sample_tenant.tenant_id
def test_delete_user(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app) recorder = _instrument_user_mgt(client, 200, '{"kind":"deleteresponse"}') client.delete_user('testuser') self._assert_request(recorder, '/accounts:delete', {'localId': 'testuser'})
def test_valid_token(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('test-tenant', app=tenant_mgt_app) client._token_verifier.request = test_token_gen.MOCK_REQUEST claims = client.verify_id_token( test_token_gen.TEST_ID_TOKEN_WITH_TENANT) assert claims['admin'] is True assert claims['uid'] == claims['sub'] assert claims['firebase']['tenant'] == 'test-tenant'
def test_get_oidc_provider_config(sample_tenant, oidc_provider): client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id) provider_config = client.get_oidc_provider_config( oidc_provider.provider_id) assert isinstance(provider_config, auth.OIDCProviderConfig) assert provider_config.provider_id == oidc_provider.provider_id assert provider_config.client_id == 'OIDC_CLIENT_ID' assert provider_config.issuer == 'https://oidc.com/issuer' assert provider_config.display_name == 'OIDC_DISPLAY_NAME' assert provider_config.enabled is True
def test_list_saml_provider_configs(sample_tenant, saml_provider): client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id) page = client.list_saml_provider_configs() result = None for provider_config in page.iterate_all(): if provider_config.provider_id == saml_provider.provider_id: result = provider_config break assert result is not None
def test_custom_token_with_claims(self, tenant_aware_custom_token_app): client = tenant_mgt.auth_for_tenant('test-tenant', app=tenant_aware_custom_token_app) claims = {'admin': True} custom_token = client.create_custom_token('user1', claims) test_token_gen.verify_custom_token(custom_token, expected_claims=claims, tenant_id='test-tenant')
def test_set_custom_user_claims(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app) recorder = _instrument_user_mgt(client, 200, '{"localId":"testuser"}') claims = {'admin': True} client.set_custom_user_claims('testuser', claims) self._assert_request(recorder, '/accounts:update', { 'localId': 'testuser', 'customAttributes': json.dumps(claims), })
def test_get_user_by_phone_number(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app) recorder = _instrument_user_mgt(client, 200, MOCK_GET_USER_RESPONSE) user = client.get_user_by_phone_number('+1234567890') assert isinstance(user, auth.UserRecord) assert user.uid == 'testuser' assert user.email == '*****@*****.**' self._assert_request(recorder, '/accounts:lookup', {'phoneNumber': ['+1234567890']})
def test_delete_saml_provider_config(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app) recorder = _instrument_provider_mgt(client, 200, '{}') client.delete_saml_provider_config('saml.provider') assert len(recorder) == 1 req = recorder[0] assert req.method == 'DELETE' assert req.url == '{0}/tenants/tenant-id/inboundSamlConfigs/saml.provider'.format( PROVIDER_MGT_URL_PREFIX)
def test_tenant_not_found(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app) _instrument_user_mgt(client, 500, TENANT_NOT_FOUND_RESPONSE) with pytest.raises(tenant_mgt.TenantNotFoundError) as excinfo: client.get_user('testuser') error_msg = 'No tenant found for the given identifier (TENANT_NOT_FOUND).' assert excinfo.value.code == exceptions.NOT_FOUND assert str(excinfo.value) == error_msg assert excinfo.value.http_response is not None assert excinfo.value.cause is not None
def test_invalid_tenant_id(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('other-tenant', app=tenant_mgt_app) client._token_verifier.request = test_token_gen.MOCK_REQUEST with pytest.raises(tenant_mgt.TenantIdMismatchError) as excinfo: client.verify_id_token(test_token_gen.TEST_ID_TOKEN_WITH_TENANT) assert 'Invalid tenant ID: test-tenant' in str(excinfo.value) assert isinstance(excinfo.value, exceptions.InvalidArgumentError) assert excinfo.value.cause is None assert excinfo.value.http_response is None
def test_import_users(sample_tenant): client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id) user = auth.ImportUserRecord(uid=_random_uid(), email=_random_email()) result = client.import_users([user]) try: assert result.success_count == 1 assert result.failure_count == 0 saved_user = client.get_user(user.uid) assert saved_user.email == user.email finally: client.delete_user(user.uid)
def test_update_user(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app) recorder = _instrument_user_mgt(client, 200, '{"localId":"testuser"}') uid = client._user_manager.update_user('testuser', email='*****@*****.**') assert uid == 'testuser' self._assert_request(recorder, '/accounts:update', { 'localId': 'testuser', 'email': '*****@*****.**', })
def test_update_user(sample_tenant): client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id) user = client.create_user() try: email = _random_email() phone = _random_phone() user = client.update_user(user.uid, email=email, phone_number=phone) assert user.tenant_id == sample_tenant.tenant_id assert user.email == email assert user.phone_number == phone finally: client.delete_user(user.uid)
def test_get_saml_provider_config(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app) recorder = _instrument_provider_mgt(client, 200, SAML_PROVIDER_CONFIG_RESPONSE) provider_config = client.get_saml_provider_config('saml.provider') self._assert_saml_provider_config(provider_config) assert len(recorder) == 1 req = recorder[0] assert req.method == 'GET' assert req.url == '{0}/tenants/tenant-id/inboundSamlConfigs/saml.provider'.format( PROVIDER_MGT_URL_PREFIX)
def test_revoke_refresh_tokens(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app) recorder = _instrument_user_mgt(client, 200, '{"localId":"testuser"}') client.revoke_refresh_tokens('testuser') assert len(recorder) == 1 req = recorder[0] assert req.method == 'POST' assert req.url == '{0}/tenants/tenant-id/accounts:update'.format( USER_MGT_URL_PREFIX) body = json.loads(req.body.decode()) assert body['localId'] == 'testuser' assert 'validSince' in body
def test_generate_password_reset_link(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app) recorder = _instrument_user_mgt(client, 200, '{"oobLink":"https://testlink"}') link = client.generate_password_reset_link('*****@*****.**') assert link == 'https://testlink' self._assert_request( recorder, '/accounts:sendOobCode', { 'email': '*****@*****.**', 'requestType': 'PASSWORD_RESET', 'returnOobLink': True, })
def test_generate_email_verification_link(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app) recorder = _instrument_user_mgt(client, 200, '{"oobLink":"https://testlink"}') link = client.generate_email_verification_link('*****@*****.**') assert link == 'https://testlink' self._assert_request( recorder, '/accounts:sendOobCode', { 'email': '*****@*****.**', 'requestType': 'VERIFY_EMAIL', 'returnOobLink': True, })
def test_get_saml_provider_config(sample_tenant, saml_provider): client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id) provider_config = client.get_saml_provider_config( saml_provider.provider_id) assert isinstance(provider_config, auth.SAMLProviderConfig) assert provider_config.provider_id == saml_provider.provider_id assert provider_config.idp_entity_id == 'IDP_ENTITY_ID' assert provider_config.sso_url == 'https://example.com/login' assert provider_config.x509_certificates == [ test_auth.X509_CERTIFICATES[0] ] assert provider_config.rp_entity_id == 'RP_ENTITY_ID' assert provider_config.callback_url == 'https://projectId.firebaseapp.com/__/auth/handler' assert provider_config.display_name == 'SAML_DISPLAY_NAME' assert provider_config.enabled is True
def test_update_oidc_provider_config(sample_tenant): client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id) provider_config = _create_oidc_provider_config(client) try: provider_config = client.update_oidc_provider_config( provider_config.provider_id, client_id='UPDATED_OIDC_CLIENT_ID', issuer='https://oidc.com/updated_issuer', display_name='UPDATED_OIDC_DISPLAY_NAME', enabled=False) assert provider_config.client_id == 'UPDATED_OIDC_CLIENT_ID' assert provider_config.issuer == 'https://oidc.com/updated_issuer' assert provider_config.display_name == 'UPDATED_OIDC_DISPLAY_NAME' assert provider_config.enabled is False finally: client.delete_oidc_provider_config(provider_config.provider_id)
def test_generate_sign_in_with_email_link(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app) recorder = _instrument_user_mgt(client, 200, '{"oobLink":"https://testlink"}') settings = auth.ActionCodeSettings(url='http://localhost') link = client.generate_sign_in_with_email_link('*****@*****.**', settings) assert link == 'https://testlink' self._assert_request( recorder, '/accounts:sendOobCode', { 'email': '*****@*****.**', 'requestType': 'EMAIL_SIGNIN', 'returnOobLink': True, 'continueUrl': 'http://localhost', })
def test_create_oidc_provider_config(self, tenant_mgt_app): client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app) recorder = _instrument_provider_mgt(client, 200, OIDC_PROVIDER_CONFIG_RESPONSE) provider_config = client.create_oidc_provider_config( 'oidc.provider', client_id='CLIENT_ID', issuer='https://oidc.com/issuer', display_name='oidcProviderName', enabled=True) self._assert_oidc_provider_config(provider_config) self._assert_request(recorder, '/oauthIdpConfigs?oauthIdpConfigId=oidc.provider', OIDC_PROVIDER_CONFIG_REQUEST, prefix=PROVIDER_MGT_URL_PREFIX)