def test_get_create_remote_account(app, models_fixture): """Test create remote account.""" created_acc = RemoteAccount.create(1, 'dev', dict(somekey='somevalue')) assert created_acc retrieved_acc = RemoteAccount.get(1, 'dev') assert created_acc.id == retrieved_acc.id assert retrieved_acc.extra_data == dict(somekey='somevalue') db.session.delete(retrieved_acc) assert RemoteAccount.get(1, 'dev') is None
def test_get_create_remote_account(app, example): """Test create remote account.""" created_acc = RemoteAccount.create(1, "dev", dict(somekey="somevalue")) assert created_acc retrieved_acc = RemoteAccount.get(1, "dev") assert created_acc.id == retrieved_acc.id assert retrieved_acc.extra_data == dict(somekey="somevalue") db.session.delete(retrieved_acc) assert RemoteAccount.get(1, "dev") is None
def test_get_create_remote_account(models_fixture): """Test create remote account.""" app = models_fixture created_acc = RemoteAccount.create(1, 'dev', dict(somekey='somevalue')) assert created_acc retrieved_acc = RemoteAccount.get(1, 'dev') assert created_acc.id == retrieved_acc.id assert retrieved_acc.extra_data == dict(somekey='somevalue') db.session.delete(retrieved_acc) assert RemoteAccount.get(1, 'dev') is None
def test_get_create(self): from invenio_oauthclient.models import RemoteAccount created_acc = RemoteAccount.create(1, "dev", dict(somekey="somevalue")) assert created_acc retrieved_acc = RemoteAccount.get(1, "dev") assert created_acc.id == retrieved_acc.id assert retrieved_acc.extra_data == dict(somekey="somevalue") db.session.delete(retrieved_acc) assert RemoteAccount.get(1, "dev") is None
def test_get_create(self): from invenio_oauthclient.models import RemoteAccount, RemoteToken t = RemoteToken.create(self.u1, "dev", "mytoken", "mysecret") assert t assert t.token() == ('mytoken', 'mysecret') acc = RemoteAccount.get(self.u1, "dev") assert acc assert t.remote_account.id == acc.id assert t.token_type == '' t2 = RemoteToken.create(self.u1, "dev", "mytoken2", "mysecret2", token_type='t2') assert t2.remote_account.id == acc.id assert t2.token_type == 't2' t3 = RemoteToken.get(self.u1, "dev") t4 = RemoteToken.get(self.u1, "dev", token_type="t2") assert t4.token() != t3.token() assert RemoteToken.query.count() == 2 acc.delete() assert RemoteToken.query.count() == 0
def test_get_create_remote_token(models_fixture): """Test create remote token.""" app = models_fixture existing_email = "*****@*****.**" datastore = app.extensions['invenio-accounts'].datastore user = datastore.find_user(email=existing_email) t = RemoteToken.create(user.id, "dev", "mytoken", "mysecret") assert t assert t.token() == ('mytoken', 'mysecret') acc = RemoteAccount.get(user.id, "dev") assert acc assert t.remote_account.id == acc.id assert t.token_type == '' t2 = RemoteToken.create( user.id, "dev", "mytoken2", "mysecret2", token_type='t2' ) assert t2.remote_account.id == acc.id assert t2.token_type == 't2' t3 = RemoteToken.get(user.id, "dev") t4 = RemoteToken.get(user.id, "dev", token_type="t2") assert t4.token() != t3.token() assert RemoteToken.query.count() == 2 acc.delete() assert RemoteToken.query.count() == 0
def test_get_create_remote_token(app, models_fixture): """Test create remote token.""" existing_email = '*****@*****.**' datastore = app.extensions['invenio-accounts'].datastore user = datastore.find_user(email=existing_email) t = RemoteToken.create(user.id, 'dev', 'mytoken', 'mysecret') assert t assert t.token() == ('mytoken', 'mysecret') acc = RemoteAccount.get(user.id, 'dev') assert acc assert t.remote_account.id == acc.id assert t.token_type == '' t2 = RemoteToken.create( user.id, 'dev', 'mytoken2', 'mysecret2', token_type='t2' ) assert t2.remote_account.id == acc.id assert t2.token_type == 't2' t3 = RemoteToken.get(user.id, 'dev') t4 = RemoteToken.get(user.id, 'dev', token_type='t2') assert t4.token() != t3.token() assert RemoteToken.query.count() == 2 acc.delete() assert RemoteToken.query.count() == 0
def import_users_from_json(dump_file): """Imports additional user data from JSON.""" dump_file = dump_file[0] with click.progressbar(json.load(dump_file)) as bar: for record in bar: click.echo( 'Importing user "{0}({1})"...'.format( record["id"], record["email"] ) ) user = get_user_by_person_id(record["ccid"]) if not user: click.secho( "User {0}({1}) not synced via LDAP".format( record["id"], record["email"] ), fg="red", ) continue # todo uncomment when more data # raise UserMigrationError else: client_id = current_app.config["CERN_APP_OPENID_CREDENTIALS"][ "consumer_key" ] account = RemoteAccount.get( user_id=user.id, client_id=client_id ) extra_data = account.extra_data # add legacy_id information account.extra_data.update(legacy_id=record["id"], **extra_data) db.session.add(account) patron = Patron(user.id) PatronIndexer().index(patron) db.session.commit()
def test_get_create_remote_token(app, example): """Test create remote token.""" existing_email = "*****@*****.**" datastore = app.extensions["invenio-accounts"].datastore user = datastore.find_user(email=existing_email) t = RemoteToken.create(user.id, "dev", "mytoken", "mysecret") assert t assert t.token() == ("mytoken", "mysecret") acc = RemoteAccount.get(user.id, "dev") assert acc assert t.remote_account.id == acc.id assert t.token_type == "" t2 = RemoteToken.create(user.id, "dev", "mytoken2", "mysecret2", token_type="t2") assert t2.remote_account.id == acc.id assert t2.token_type == "t2" t3 = RemoteToken.get(user.id, "dev") t4 = RemoteToken.get(user.id, "dev", token_type="t2") assert t4.token() != t3.token() assert RemoteToken.query.count() == 2 acc.delete() assert RemoteToken.query.count() == 0
def test_get_create(self): from invenio_oauthclient.models import RemoteAccount, RemoteToken t = RemoteToken.create(self.u1, "dev", "mytoken", "mysecret") assert t assert t.token() == ('mytoken', 'mysecret') acc = RemoteAccount.get(self.u1, "dev") assert acc assert t.remote_account.id == acc.id assert t.token_type == '' t2 = RemoteToken.create( self.u1, "dev", "mytoken2", "mysecret2", token_type='t2' ) assert t2.remote_account.id == acc.id assert t2.token_type == 't2' t3 = RemoteToken.get(self.u1, "dev") t4 = RemoteToken.get(self.u1, "dev", token_type="t2") assert t4.token() != t3.token() assert RemoteToken.query.count() == 2 acc.delete() assert RemoteToken.query.count() == 0
def on_identity_changed(sender, identity): """Store groups in session whenever identity changes. :param identity: The user identity where information are stored. """ if isinstance(identity, AnonymousIdentity): disconnect_identity(identity) return remote = g.get("oauth_logged_in_with_remote", None) if not remote or remote.name != "cern": # signal coming from another remote app return client_id = current_app.config['CERN_APP_CREDENTIALS']['consumer_key'] account = RemoteAccount.get( user_id=current_user.get_id(), client_id=client_id, ) groups = [] if account: resource = get_resource(remote) refresh = current_app.config.get( 'OAUTHCLIENT_CERN_REFRESH_TIMEDELTA', OAUTHCLIENT_CERN_REFRESH_TIMEDELTA ) groups.extend( account_groups_and_extra_data(account, resource, refresh_timedelta=refresh) ) extend_identity(identity, groups)
def on_identity_changed(sender, identity): """Store roles in session whenever identity changes. :param identity: The user identity where information are stored. """ if isinstance(identity, AnonymousIdentity): return client_id = current_app.config["CERN_APP_OPENID_CREDENTIALS"][ "consumer_key"] account = RemoteAccount.get(user_id=current_user.get_id(), client_id=client_id) roles = [] if account: remote = find_remote_by_client_id(client_id) resource = get_resource(remote) refresh = current_app.config.get( "OAUTHCLIENT_CERN_OPENID_REFRESH_TIMEDELTA", OAUTHCLIENT_CERN_OPENID_REFRESH_TIMEDELTA, ) roles.extend( account_roles_and_extra_data(account, resource, refresh_timedelta=refresh)) extend_identity(identity, roles)
def on_identity_changed(sender, identity): """Store groups in session whenever identity changes. :param identity: The user identity where information are stored. """ if isinstance(identity, AnonymousIdentity): return client_id = current_app.config['CERN_APP_CREDENTIALS']['consumer_key'] account = RemoteAccount.get( user_id=current_user.get_id(), client_id=client_id, ) groups = [] if account: remote = find_remote_by_client_id(client_id) resource = get_resource(remote) refresh = current_app.config.get( 'OAUTHCLIENT_CERN_REFRESH_TIMEDELTA', OAUTHCLIENT_CERN_REFRESH_TIMEDELTA ) groups.extend( account_groups(account, resource, refresh_timedelta=refresh) ) extend_identity(identity, groups)
def on_identity_changed(sender, identity): """Store groups in session whenever identity changes. :param identity: The user identity where information are stored. """ if isinstance(identity, AnonymousIdentity): return client_id = current_app.config['CERN_APP_CREDENTIALS']['consumer_key'] account = RemoteAccount.get( user_id=current_user.get_id(), client_id=client_id, ) groups = [] if account: groups = account.extra_data.get('groups', []) remote = find_remote_by_client_id(client_id) resource = get_resource(remote) refresh = current_app.config.get('OAUTHCLIENT_CERN_REFRESH_TIMEDELTA', OAUTHCLIENT_CERN_REFRESH_TIMEDELTA) # if 'resource' exists, update groups with new ones received # else keep old ones from 'extra_data' if resource: oauth_groups = account_groups(account, resource, refresh_timedelta=refresh) groups = groups + list(set(oauth_groups) - set(groups)) extend_identity(identity, groups)
def test_get_create_remote_token(models_fixture, example): """Test create remote token.""" app = models_fixture existing_email = "*****@*****.**" datastore = app.extensions['invenio-accounts'].datastore user = datastore.find_user(email=existing_email) t = RemoteToken.create(user.id, "dev", "mytoken", "mysecret") assert t assert t.token() == ('mytoken', 'mysecret') acc = RemoteAccount.get(user.id, "dev") assert acc assert t.remote_account.id == acc.id assert t.token_type == '' t2 = RemoteToken.create(user.id, "dev", "mytoken2", "mysecret2", token_type='t2') assert t2.remote_account.id == acc.id assert t2.token_type == 't2' t3 = RemoteToken.get(user.id, "dev") t4 = RemoteToken.get(user.id, "dev", token_type="t2") assert t4.token() != t3.token() assert RemoteToken.query.count() == 2 acc.delete() assert RemoteToken.query.count() == 0
def disconnect_handler(remote, *args, **kwargs): """Handle unlinking of remote account. :param remote: The remote application. :returns: The HTML response. """ if not current_user.is_authenticated: return current_app.login_manager.unauthorized() remote_account = RemoteAccount.get(user_id=current_user.get_id(), client_id=remote.consumer_key) external_method = 'github' external_ids = [ i.id for i in current_user.external_identifiers if i.method == external_method ] if external_ids: oauth_unlink_external_id( dict(id=external_ids[0], method=external_method)) if remote_account: with db.session.begin_nested(): remote_account.delete() return redirect(url_for('invenio_oauthclient_settings.index'))
def __init__(self, id, revision_id=None): """Create a `Patron` instance.""" super(Patron, self).__init__(id, revision_id) client_id = current_app.config.get( "CERN_APP_CREDENTIALS", {}).get("consumer_key") or "CLIENT_ID" remote_user = RemoteAccount.get(id, client_id) self.extra_info = None if remote_user: self.extra_info = remote_user.extra_data
def __init__(self, id, revision_id=None): """Create a `Patron` instance.""" super().__init__(id, revision_id) self.extra_info = None client_id = current_app.config["CERN_APP_OPENID_CREDENTIALS"][ "consumer_key"] remote_user = RemoteAccount.get(id, client_id) if remote_user: self.extra_info = remote_user.extra_data
def get_remote_account_by_id(user_id): cern_app_id = current_app.config.get('CERN_APP_CREDENTIALS_KEY') account = RemoteAccount.get(user_id=user_id, client_id=cern_app_id) email = account.user.email if account else get_user_email_by_id(user_id) profile = account.extra_data if account else {} if 'groups' in profile.keys(): del profile['groups'] return dict(email=email, profile=profile)
def test_repr(models_fixture): """Test representation of RemoteAccount adn RemoteToken.""" datastore = models_fixture.extensions['invenio-accounts'].datastore user = datastore.find_user(email='*****@*****.**') assert 'Remote Token <token_type=type access_token=mytoken>' == \ repr(RemoteToken.create(user.id, 'dev', 'mytoken', 'mysecret', token_type='type')) assert 'Remote Account <id=1, user_id=1>' == \ repr(RemoteAccount.get(user.id, 'dev'))
def test_repr(app, models_fixture): """Test representation of RemoteAccount and RemoteToken.""" datastore = app.extensions['invenio-accounts'].datastore user = datastore.find_user(email='*****@*****.**') assert 'Remote Token <token_type=type access_token=****oken>' == \ repr(RemoteToken.create(user.id, 'dev', 'mytoken', 'mysecret', token_type='type')) assert 'Remote Account <id=1, user_id=1>' == \ repr(RemoteAccount.get(user.id, 'dev'))
def test_utilities(models_fixture): """Test utilities.""" app = models_fixture datastore = app.extensions['invenio-accounts'].datastore assert obj_or_import_string('invenio_oauthclient.errors') # User existing_email = '*****@*****.**' user = datastore.find_user(email=existing_email) # Authenticate assert not _get_external_id({}) assert not oauth_authenticate('dev', user, require_existing_link=True) _security.confirmable = True _security.login_without_confirmation = False user.confirmed_at = None assert not oauth_authenticate('dev', user) # Tokens t = RemoteToken.create(user.id, 'dev', 'mytoken', 'mysecret') assert \ RemoteToken.get(user.id, 'dev', access_token='mytoken') == \ RemoteToken.get_by_token('dev', 'mytoken') assert oauth_get_user('dev', access_token=t.access_token) == user assert \ oauth_get_user('dev', account_info={ 'user': { 'email': existing_email } }) == user # Link user to external id external_id = {'id': '123', 'method': 'test_method'} oauth_link_external_id(user, external_id) with pytest.raises(AlreadyLinkedError): oauth_link_external_id(user, external_id) assert oauth_get_user('dev', account_info={ 'external_id': external_id['id'], 'external_method': external_id['method'] }) == user # Cleanup oauth_unlink_external_id(external_id) acc = RemoteAccount.get(user.id, 'dev') acc.delete()
def disconnect_handler(remote, *args, **kwargs): """Handle unlinking of remote account.""" if not current_user.is_authenticated: return current_app.login_manager.unauthorized() account = RemoteAccount.get(user_id=current_user.get_id(), client_id=remote.consumer_key) orcid = account.extra_data.get('orcid') if orcid: oauth_unlink_external_id(dict(id=orcid, method='orcid')) if account: with db.session.begin_nested(): account.delete() return redirect(url_for('invenio_oauthclient_settings.index'))
def _disconnect(remote, *args, **kwargs): """Handle unlinking of remote account.""" if not current_user.is_authenticated: return current_app.login_manager.unauthorized() account = RemoteAccount.get(user_id=current_user.get_id(), client_id=remote.consumer_key) external_id = account.extra_data.get("external_id") if external_id: oauth_unlink_external_id(dict(id=external_id, method="cern_openid")) if account: with db.session.begin_nested(): account.delete() disconnect_identity(g.identity)
def test_utilities(models_fixture): """Test utilities.""" app = models_fixture datastore = app.extensions['invenio-accounts'].datastore assert obj_or_import_string('invenio_oauthclient.errors') # User existing_email = '*****@*****.**' user = datastore.find_user(email=existing_email) # Authenticate assert not _get_external_id({}) assert not oauth_authenticate('dev', user, require_existing_link=True) _security.confirmable = True _security.login_without_confirmation = False user.confirmed_at = None assert not oauth_authenticate('dev', user) # Tokens t = RemoteToken.create(user.id, 'dev', 'mytoken', 'mysecret') assert \ RemoteToken.get(user.id, 'dev', access_token='mytoken') == \ RemoteToken.get_by_token('dev', 'mytoken') assert oauth_get_user('dev', access_token=t.access_token) == user assert \ oauth_get_user('dev', account_info={'user': {'email': existing_email}}) == user # Link user to external id external_id = {'id': '123', 'method': 'test_method'} oauth_link_external_id(user, external_id) with pytest.raises(AlreadyLinkedError): oauth_link_external_id(user, external_id) assert oauth_get_user('dev', account_info={ 'external_id': external_id['id'], 'external_method': external_id['method'] }) == user # Cleanup oauth_unlink_external_id(external_id) acc = RemoteAccount.get(user.id, 'dev') acc.delete()
def _disconnect(remote, *args, **kwargs): """Handle unlinking of remote account. :param remote: The remote application. """ if not current_user.is_authenticated: return current_app.login_manager.unauthorized() account = RemoteAccount.get(user_id=current_user.get_id(), client_id=remote.consumer_key) orcid = account.extra_data.get('orcid') if orcid: oauth_unlink_external_id({'id': orcid, 'method': 'orcid'}) if account: with db.session.begin_nested(): account.delete()
def disconnect_handler(remote, *args, **kwargs): """Handle unlinking of remote account.""" if not current_user.is_authenticated: return current_app.login_manager.unauthorized() account = RemoteAccount.get(user_id=current_user.get_id(), client_id=remote.consumer_key) external_id = account.extra_data.get('external_id') if external_id: oauth_unlink_external_id(dict(id=external_id, method='cern')) if account: with db.session.begin_nested(): account.delete() disconnect_identity(g.identity) return redirect(url_for('invenio_oauthclient_settings.index'))
def _disconnect(remote, *args, **kwargs): """Common logic for handling disconnection of remote accounts.""" if not current_user.is_authenticated: return current_app.login_manager.unauthorized() account = RemoteAccount.get(user_id=current_user.get_id(), client_id=remote.consumer_key) keycloak_id = account.extra_data.get("keycloak_id") if keycloak_id: external_id = {"id": keycloak_id, "method": remote.name} oauth_unlink_external_id(external_id) if account: with db.session.begin_nested(): account.delete()
def disconnect_handler(remote, *args, **kwargs): """Handle unlinking of remote account.""" from invenio_oauthclient.utils import oauth_unlink_external_id from invenio_oauthclient.models import RemoteAccount if not current_user.is_authenticated(): return current_app.login_manager.unauthorized() account = RemoteAccount.get(user_id=current_user.get_id(), client_id=remote.consumer_key) orcid = account.extra_data.get('orcid') if orcid: oauth_unlink_external_id(dict(id=orcid, method='orcid')) if account: account.delete() return redirect(url_for('oauthclient_settings.index'))
def handle_disconnect(self, remote, *args, **kwargs): """Handle unlinking of remote account. :param remote: The remote application. """ if not current_user.is_authenticated: return current_app.login_manager.unauthorized() account = RemoteAccount.get(user_id=current_user.get_id(), client_id=remote.consumer_key) sub = account.extra_data.get('sub') if sub: oauth_unlink_external_id({'id': sub, 'method': self.name}) if account: with db.session.begin_nested(): account.delete() return redirect(url_for('invenio_oauthclient_settings.index'))
def disconnect_handler(remote, *args, **kwargs): """Handle unlinking of remote account.""" if not current_user.is_authenticated: return current_app.login_manager.unauthorized() remote_account = RemoteAccount.get(user_id=current_user.get_id(), client_id=remote.consumer_key) external_method = 'github' external_ids = [i.id for i in current_user.external_identifiers if i.method == external_method] if external_ids: oauth_unlink_external_id(dict(id=external_ids[0], method=external_method)) if remote_account: with db.session.begin_nested(): remote_account.delete() return redirect(url_for('invenio_oauthclient_settings.index'))
def test_utilities(models_fixture): """Test utilities.""" app = models_fixture datastore = app.extensions["invenio-accounts"].datastore assert obj_or_import_string("invenio_oauthclient.errors") # User existing_email = "*****@*****.**" user = datastore.find_user(email=existing_email) # Authenticate assert not _get_external_id({}) assert not oauth_authenticate("dev", user, require_existing_link=True) _security.confirmable = True _security.login_without_confirmation = False user.confirmed_at = None assert not oauth_authenticate("dev", user) # Tokens t = RemoteToken.create(user.id, "dev", "mytoken", "mysecret") assert RemoteToken.get(user.id, "dev", access_token="mytoken") == RemoteToken.get_by_token("dev", "mytoken") assert oauth_get_user("dev", access_token=t.access_token) == user assert oauth_get_user("dev", account_info={"user": {"email": existing_email}}) == user # Link user to external id external_id = {"id": "123", "method": "test_method"} oauth_link_external_id(user, external_id) with pytest.raises(AlreadyLinkedError): oauth_link_external_id(user, external_id) assert ( oauth_get_user("dev", account_info={"external_id": external_id["id"], "external_method": external_id["method"]}) == user ) # Cleanup oauth_unlink_external_id(external_id) acc = RemoteAccount.get(user.id, "dev") acc.delete()
def disconnect_handler(remote, *args, **kwargs): """Handle unlinking of remote account. This default handler will just delete the remote account link. You may wish to extend this module to perform clean-up in the remote service before removing the link (e.g. removing install webhooks). :param remote: The remote application. :returns: Redirect response. """ if not current_user.is_authenticated: return current_app.login_manager.unauthorized() with db.session.begin_nested(): account = RemoteAccount.get(user_id=current_user.get_id(), client_id=remote.consumer_key) if account: account.delete() db.session.commit() return redirect('/')
def on_identity_changed(sender, identity): """Store roles in session whenever identity changes. :param identity: The user identity where information are stored. """ if isinstance(identity, AnonymousIdentity): disconnect_identity(identity) return remote = g.get("oauth_logged_in_with_remote", None) if not remote or remote.name != "cern_openid": # signal coming from another remote app return logged_in_via_token = hasattr(current_user, 'login_via_oauth2') \ and getattr(current_user, 'login_via_oauth2') client_id = current_app.config["CERN_APP_OPENID_CREDENTIALS"][ "consumer_key"] remote_account = RemoteAccount.get(user_id=current_user.get_id(), client_id=client_id) roles = [] if remote_account and not logged_in_via_token: refresh = current_app.config.get( "OAUTHCLIENT_CERN_OPENID_REFRESH_TIMEDELTA", OAUTHCLIENT_CERN_OPENID_REFRESH_TIMEDELTA, ) if refresh: resource = get_resource(remote) roles.extend( account_roles_and_extra_data(remote_account, resource, refresh_timedelta=refresh)) else: roles.extend(remote_account.extra_data["roles"]) elif remote_account and logged_in_via_token: roles.extend(remote_account.extra_data["roles"]) extend_identity(identity, roles)
def _disconnect(remote, *args, **kwargs): """Handle unlinking of remote account. :param remote: The remote application. """ if not current_user.is_authenticated: return current_app.login_manager.unauthorized() remote_account = RemoteAccount.get(user_id=current_user.get_id(), client_id=remote.consumer_key) external_method = 'openaire_aai' external_ids = [ i.id for i in current_user.external_identifiers if i.method == external_method ] if external_ids: oauth_unlink_external_id( dict(id=external_ids[0], method=external_method)) if remote_account: with db.session.begin_nested(): remote_account.delete()
def disconnect_handler(remote, *args, **kwargs): """Handle unlinking of remote account. This default handler will just delete the remote account link. You may wish to extend this module to perform clean-up in the remote service before removing the link (e.g. removing install webhooks). :param remote: The remote application. :returns: Redirect response. """ if not current_user.is_authenticated: return current_app.login_manager.unauthorized() with db.session.begin_nested(): account = RemoteAccount.get( user_id=current_user.get_id(), client_id=remote.consumer_key ) if account: account.delete() db.session.commit() return redirect('/')
def account(self): """Return remote account.""" return RemoteAccount.get(self.user_id, self.remote.consumer_key)
def get_account(user_id=None): """Retrieve linked GitHub account.""" return RemoteAccount.get(user_id or current_user.get_id(), get_client_id())
def test_identity_changed(app_rest, example_cern_openid_rest, models_fixture): def _init(): ioc = app_rest.extensions['oauthlib.client'] # setup the user account via cern_openid with app_rest.test_client() as c: # Ensure remote apps have been loaded (due to before first request) resp = c.get( url_for('invenio_oauthclient.rest_login', remote_app='cern_openid')) assert resp.status_code == 302 example_response, example_token, example_account_info = \ example_cern_openid_rest mock_response(app_rest.extensions['oauthlib.client'], 'cern_openid', example_token) mock_remote_get(ioc, 'cern_openid', example_response) resp = c.get( url_for('invenio_oauthclient.rest_authorized', remote_app='cern_openid', code='test', state=get_state('cern_openid'))) assert resp.status_code == 302 expected_url_args = { "message": "Successfully authorized.", "code": 200, } check_response_redirect_url_args(resp, expected_url_args) assert len(g.identity.provides) == 3 def _test_with_token(user, remote_account): with app_rest.test_request_context(): # mark user as logged in via token user.login_via_oauth2 = True # check if the initial roles are there login_user(user) assert current_user.login_via_oauth2 assert len(g.identity.provides) == 3 logout_user() # remove the cern roles remote_account.extra_data.update(roles=[]) # login the user again login_user(user) # check if the cern roles are not fetched from the provider assert len(g.identity.provides) == 2 logout_user() def _test_without_token(user, remote_account): user.login_via_oauth2 = False current_app.config['OAUTHCLIENT_CERN_OPENID_REFRESH_TIMEDELTA'] = False login_user(user) # check that the roles are not refreshed from provider assert len(g.identity.provides) == 2 logout_user() current_app.config['OAUTHCLIENT_CERN_OPENID_REFRESH_TIMEDELTA'] \ = timedelta(microseconds=1) login_user(user) # check if roles refreshed from the provider assert len(g.identity.provides) == 3 _init() datastore = app_rest.extensions['invenio-accounts'].datastore user = datastore.find_user(email='*****@*****.**') assert user client_id = current_app.config["CERN_APP_OPENID_CREDENTIALS"][ "consumer_key"] # make sure the roles are cleaned remote_account = RemoteAccount.get(user_id=user.get_id(), client_id=client_id) _test_with_token(user, remote_account) _test_without_token(user, remote_account)