def create_fake_client(response_type, is_public=False, require_consent=True):
"""
Create a test client, response_type argument MUST be:
'code', 'id_token' or 'id_token token'.
Return a Client object.
"""
client = Client()
client.name = 'Some Client'
client.client_id = str(random.randint(1, 999999)).zfill(6)
if is_public:
client.client_type = 'public'
client.client_secret = ''
else:
client.client_secret = str(random.randint(1, 999999)).zfill(6)
client.redirect_uris = ['http://example.com/']
client.require_consent = require_consent
client.save()
# check if response_type is a string in a python 2 and 3 compatible way
if isinstance(response_type, ("".__class__, u"".__class__)):
response_type = (response_type,)
for value in response_type:
client.response_types.add(ResponseType.objects.get(value=value))
return client
def create_api_preconditions_with_scope(user, scopes):
assert isinstance(scopes, list)
bearer = uuid.uuid4().hex
client = Client(name='test_client')
client.save()
expires_at = timezone.now() + timezone.timedelta(days=30)
t = Token(scope=scopes, access_token=bearer, user=user, expires_at=expires_at, client=client)
t.save()
return bearer
def handle(self, *args, **options):
name = options['name'][0]
client_id = options['client_id'][0]
client_secret = options['client_secret']
client_type = options['client_type']
response_type = options['response_type'][0]
redirect_uris = options['redirect_uris']
reuse_consent = options['reuse_consent']
require_consent = options['require_consent']
c = Client(name=name, client_id=client_id, client_secret=client_secret, client_type=client_type, response_type=response_type, redirect_uris=redirect_uris, reuse_consent=reuse_consent, require_consent=require_consent)
c.save()
def create_oidc_client():
factory = RequestFactory()
client = Client()
client.name = "OIDC"
client.client_id = str(random.randint(1, 999999)).zfill(6)
client.client_secret = str(random.randint(1, 999999)).zfill(6)
client.redirect_uris = ['http://example.com/']
client.require_consent = False
client.save()
client.response_types.add(ResponseType.objects.get(value='code'))
return client
def setUpTestData(cls):
super(TestRedirectManagementMiddleware, cls).setUpTestData()
cls.client_obj = Client(name="test_client",
client_id="client_id_1",
client_secret="super_client_secret_1",
response_type="code",
jwt_alg="HS256",
redirect_uris=["http://example.com/"],
terms_url="http://example-terms.com")
cls.client_obj.save()
def setUpTestData(cls):
super(TestLanguageUpdateMiddleware, cls).setUpTestData()
cls.client_obj = Client(name="test_langauge_client",
client_id="client_id_language",
client_secret="super_client_secret_5",
response_type="code",
jwt_alg="HS256",
redirect_uris=["http://example_one.com/"],
terms_url="http://example-terms.com")
cls.client_obj.save()
def setUp(self):
from contest.models import Edition
from datetime import datetime, timedelta
self.oidc_client = OIDCClient(name="test_client")
self.oidc_client.save()
self.user = get_user_model()(username="******")
self.user.save()
self.edition = Edition(year=settings.PROLOGIN_EDITION,
date_begin=datetime.now(),
date_end=datetime.now() + timedelta(days=365))
self.edition.save()
def create_fake_client(response_type, is_public=False):
"""
Create a test client, response_type argument MUST be:
'code', 'id_token' or 'id_token token'.
Return a Client object.
"""
client = Client()
client.name = 'Some Client'
client.client_id = str(random.randint(1, 999999)).zfill(6)
if is_public:
client.client_type = 'public'
client.client_secret = ''
else:
client.client_secret = str(random.randint(1, 999999)).zfill(6)
client.response_type = response_type
client.redirect_uris = ['http://example.com/']
client.save()
return client
def create_client(redirect_uris=None, name=None, response_type = 'code'):
client = Client()
client._redirect_uris = redirect_uris
client.response_type = response_type
client.name = name
client.client_id = uuid.uuid4().hex
client.client_secret = uuid.uuid4().hex
return client
def setUpTestData(cls):
super(TestSessionMiddleware, cls).setUpTestData()
cls.client = Client(name="test_client",
client_id="client_id_1",
client_secret="super_client_secret_1",
response_type="code",
jwt_alg="HS256",
redirect_uris=["http://example.com/"])
cls.client.save()
cls.user = get_user_model().objects.create(username="******",
birth_date=datetime.date(
2000, 1, 1))
cls.user.set_password("P0ppy")
cls.user.save()
def setUp(self):
super().setUp()
self.factory = RequestFactory()
self.client = {}
self.app = {}
for index, name in enumerate(["Fancy chat tool", "Fancy wiki tool"]):
self.client[index] = Client()
self.client[index].name = name
self.client[index].client_id = str(random.randint(1,
999999)).zfill(6)
self.client[index].client_secret = str(random.randint(
1, 999999)).zfill(6)
self.client[index].redirect_uris = ['http://example.com/']
self.client[index].require_consent = False
self.client[index].save()
self.client[index].response_types.add(
ResponseType.objects.get(value='code'))
self.app[index] = WebApplication(name=name,
oidc_client=self.client[index])
self.app[index].save()
self.state = uuid.uuid4().hex
def create_fake_client(response_type, is_public=False, require_consent=True):
"""
Create a test client, response_type argument MUST be:
'code', 'id_token' or 'id_token token'.
Return a Client object.
"""
client = Client()
client.name = 'Some Client'
client.client_id = str(random.randint(1, 999999)).zfill(6)
if is_public:
client.client_type = 'public'
client.client_secret = ''
else:
client.client_secret = str(random.randint(1, 999999)).zfill(6)
client.response_type = response_type
client.redirect_uris = ['http://example.com/']
client.require_consent = require_consent
client.save()
return client
def create_fake_client(response_type, is_public=False, require_consent=True):
"""
Create a test client, response_type argument MUST be:
'code', 'id_token' or 'id_token token'.
Return a Client object.
"""
client = Client()
client.name = 'Some Client'
client.client_id = str(random.randint(1, 999999)).zfill(6)
if is_public:
client.client_type = 'public'
client.client_secret = ''
else:
client.client_secret = str(random.randint(1, 999999)).zfill(6)
client.redirect_uris = ['http://example.com/']
client.require_consent = require_consent
client.scope = ['openid', 'email']
client.save()
# check if response_type is a string in a python 2 and 3 compatible way
if isinstance(response_type, ("".__class__, u"".__class__)):
response_type = (response_type, )
for value in response_type:
client.response_types.add(ResponseType.objects.get(value=value))
return client
def django_client(request):
from django.test.client import Client
return Client(SERVER_NAME=SERVER_NAME)
class OIDCAuthorizationTest(TestCase):
def setUp(self):
from contest.models import Edition
from datetime import timedelta
from django.utils import timezone
self.oidc_client = OIDCClient(name="test_client")
self.oidc_client.save()
self.user = get_user_model()(username="******")
self.user.save()
self.edition = Edition(year=settings.PROLOGIN_EDITION,
date_begin=timezone.now(),
date_end=timezone.now() + timedelta(days=365))
self.edition.save()
def test_allowed_in_client_without_policy(self):
self.assertEqual(
oidc_authz.authorize(None, self.user, self.oidc_client), None)
def test_not_allowed_in_client_with_empty_policy(self):
from django.core.exceptions import PermissionDenied
policy = OpenIDClientPolicy(openid_client=self.oidc_client)
policy.save()
with self.assertRaises(PermissionDenied):
oidc_authz.authorize(None, self.user, self.oidc_client)
policy.delete()
def test_staff_allowed_in_staff_only_policy(self):
policy = OpenIDClientPolicy(openid_client=self.oidc_client,
allow_staff=True)
user = get_user_model()(username="******",
email="*****@*****.**",
is_staff=True)
user.save()
self.assertTrue(policy.is_user_allowed(user))
user.delete()
def test_non_staff_not_allowed_in_staff_only_policy(self):
policy = OpenIDClientPolicy(openid_client=self.oidc_client,
allow_staff=True)
user = get_user_model()(username="******", email="*****@*****.**")
user.save()
self.assertTrue(not policy.is_user_allowed(user))
user.delete()
def test_group_member_in_group_allowed(self):
from django.contrib.auth.models import Group
group = Group(name="allowed_group")
other_group = Group(name="other_group")
group.save()
other_group.save()
policy = OpenIDClientPolicy(openid_client=self.oidc_client)
policy.allow_groups.set([group, other_group])
policy.save()
user = get_user_model()(username="******",
email="*****@*****.**")
user.save()
user.groups.set([group])
user.save()
self.assertTrue(policy.is_user_allowed(user))
other_group.delete()
group.delete()
user.delete()
policy.delete()
def test_not_group_member_in_group_allowed(self):
from django.contrib.auth.models import Group
group = Group(name="allowed_group2")
group.save()
policy = OpenIDClientPolicy(openid_client=self.oidc_client)
policy.save()
policy.allow_groups.set([group])
user = get_user_model()(username="******",
email="*****@*****.**")
user.save()
self.assertTrue(not policy.is_user_allowed(user))
group.delete()
user.delete()
policy.delete()
def test_assigned_semifinal_in_assigned_semifinal(self):
from contest.models import Contestant
user = get_user_model()(username="******",
email="*****@*****.**")
user.save()
contestant = Contestant(edition=self.edition,
user=user,
assignation_semifinal=2)
contestant.save()
policy = OpenIDClientPolicy(openid_client=self.oidc_client,
allow_assigned_semifinal=True)
policy.save()
self.assertTrue(policy.is_user_allowed(user))
user.delete()
policy.delete()
def test_not_assigned_semifinal_in_assigned_semifinal(self):
from contest.models import Contestant
user = get_user_model()(username="******",
email="*****@*****.**")
user.save()
contestant = Contestant(edition=self.edition, user=user)
contestant.save()
policy = OpenIDClientPolicy(openid_client=self.oidc_client,
allow_assigned_semifinal=True)
policy.save()
self.assertFalse(policy.is_user_allowed(user))
user.delete()
policy.delete()
def test_assigned_final_in_assigned_final(self):
from contest.models import Contestant
user = get_user_model()(username="******",
email="*****@*****.**")
user.save()
contestant = Contestant(edition=self.edition,
user=user,
assignation_final=2)
contestant.save()
policy = OpenIDClientPolicy(openid_client=self.oidc_client,
allow_assigned_final=True)
self.assertTrue(policy.is_user_allowed(user))
user.delete()
policy.delete()
def test_not_assigned_final_in_assigned_final(self):
from contest.models import Contestant
user = get_user_model()(username="******",
email="*****@*****.**")
user.save()
contestant = Contestant(edition=self.edition,
user=user,
assignation_final=0)
contestant.save()
policy = OpenIDClientPolicy(openid_client=self.oidc_client,
allow_assigned_final=True)
policy.save()
self.assertFalse(policy.is_user_allowed(user))
user.delete()
policy.delete()
