Esempio n. 1
0
def create_fake_client(response_type, is_public=False, require_consent=True):
    """
    Create a test client, response_type argument MUST be:
    'code', 'id_token' or 'id_token token'.

    Return a Client object.
    """
    client = Client()
    client.name = 'Some Client'
    client.client_id = str(random.randint(1, 999999)).zfill(6)
    if is_public:
        client.client_type = 'public'
        client.client_secret = ''
    else:
        client.client_secret = str(random.randint(1, 999999)).zfill(6)
    client.redirect_uris = ['http://example.com/']
    client.require_consent = require_consent

    client.save()

    # check if response_type is a string in a python 2 and 3 compatible way
    if isinstance(response_type, ("".__class__, u"".__class__)):
        response_type = (response_type,)
    for value in response_type:
        client.response_types.add(ResponseType.objects.get(value=value))

    return client
Esempio n. 2
0
def create_api_preconditions_with_scope(user, scopes):
    assert isinstance(scopes, list)
    bearer = uuid.uuid4().hex

    client = Client(name='test_client')
    client.save()

    expires_at = timezone.now() + timezone.timedelta(days=30)
    t = Token(scope=scopes, access_token=bearer, user=user, expires_at=expires_at, client=client)
    t.save()

    return bearer
Esempio n. 3
0
    def handle(self, *args, **options):
        name = options['name'][0]
        client_id = options['client_id'][0]
        client_secret = options['client_secret']
        client_type = options['client_type']
        response_type = options['response_type'][0]
        redirect_uris = options['redirect_uris']
        reuse_consent = options['reuse_consent']
        require_consent = options['require_consent']

        c = Client(name=name, client_id=client_id, client_secret=client_secret, client_type=client_type, response_type=response_type, redirect_uris=redirect_uris, reuse_consent=reuse_consent, require_consent=require_consent)
        c.save()
Esempio n. 4
0
def create_oidc_client():
    factory = RequestFactory()
    client = Client()
    client.name = "OIDC"
    client.client_id = str(random.randint(1, 999999)).zfill(6)
    client.client_secret = str(random.randint(1, 999999)).zfill(6)
    client.redirect_uris = ['http://example.com/']
    client.require_consent = False
    client.save()
    client.response_types.add(ResponseType.objects.get(value='code'))
    return client
Esempio n. 5
0
 def setUpTestData(cls):
     super(TestRedirectManagementMiddleware, cls).setUpTestData()
     cls.client_obj = Client(name="test_client",
                             client_id="client_id_1",
                             client_secret="super_client_secret_1",
                             response_type="code",
                             jwt_alg="HS256",
                             redirect_uris=["http://example.com/"],
                             terms_url="http://example-terms.com")
     cls.client_obj.save()
Esempio n. 6
0
 def setUpTestData(cls):
     super(TestLanguageUpdateMiddleware, cls).setUpTestData()
     cls.client_obj = Client(name="test_langauge_client",
                             client_id="client_id_language",
                             client_secret="super_client_secret_5",
                             response_type="code",
                             jwt_alg="HS256",
                             redirect_uris=["http://example_one.com/"],
                             terms_url="http://example-terms.com")
     cls.client_obj.save()
Esempio n. 7
0
File: tests.py Progetto: e-n-0/site
 def setUp(self):
     from contest.models import Edition
     from datetime import datetime, timedelta
     self.oidc_client = OIDCClient(name="test_client")
     self.oidc_client.save()
     self.user = get_user_model()(username="******")
     self.user.save()
     self.edition = Edition(year=settings.PROLOGIN_EDITION,
                            date_begin=datetime.now(),
                            date_end=datetime.now() + timedelta(days=365))
     self.edition.save()
Esempio n. 8
0
def create_fake_client(response_type, is_public=False):
    """
    Create a test client, response_type argument MUST be:
    'code', 'id_token' or 'id_token token'.

    Return a Client object.
    """
    client = Client()
    client.name = 'Some Client'
    client.client_id = str(random.randint(1, 999999)).zfill(6)
    if is_public:
        client.client_type = 'public'
        client.client_secret = ''
    else:
        client.client_secret = str(random.randint(1, 999999)).zfill(6)
    client.response_type = response_type
    client.redirect_uris = ['http://example.com/']

    client.save()

    return client
def create_client(redirect_uris=None, name=None, response_type = 'code'):
    client = Client()
    client._redirect_uris = redirect_uris
    client.response_type = response_type    
    client.name = name
    client.client_id = uuid.uuid4().hex
    client.client_secret = uuid.uuid4().hex
    
    return client
Esempio n. 10
0
    def setUpTestData(cls):
        super(TestSessionMiddleware, cls).setUpTestData()
        cls.client = Client(name="test_client",
                            client_id="client_id_1",
                            client_secret="super_client_secret_1",
                            response_type="code",
                            jwt_alg="HS256",
                            redirect_uris=["http://example.com/"])
        cls.client.save()

        cls.user = get_user_model().objects.create(username="******",
                                                   birth_date=datetime.date(
                                                       2000, 1, 1))
        cls.user.set_password("P0ppy")
        cls.user.save()
Esempio n. 11
0
 def setUp(self):
     super().setUp()
     self.factory = RequestFactory()
     self.client = {}
     self.app = {}
     for index, name in enumerate(["Fancy chat tool", "Fancy wiki tool"]):
         self.client[index] = Client()
         self.client[index].name = name
         self.client[index].client_id = str(random.randint(1,
                                                           999999)).zfill(6)
         self.client[index].client_secret = str(random.randint(
             1, 999999)).zfill(6)
         self.client[index].redirect_uris = ['http://example.com/']
         self.client[index].require_consent = False
         self.client[index].save()
         self.client[index].response_types.add(
             ResponseType.objects.get(value='code'))
         self.app[index] = WebApplication(name=name,
                                          oidc_client=self.client[index])
         self.app[index].save()
     self.state = uuid.uuid4().hex
Esempio n. 12
0
def create_fake_client(response_type, is_public=False, require_consent=True):
    """
    Create a test client, response_type argument MUST be:
    'code', 'id_token' or 'id_token token'.

    Return a Client object.
    """
    client = Client()
    client.name = 'Some Client'
    client.client_id = str(random.randint(1, 999999)).zfill(6)
    if is_public:
        client.client_type = 'public'
        client.client_secret = ''
    else:
        client.client_secret = str(random.randint(1, 999999)).zfill(6)
    client.response_type = response_type
    client.redirect_uris = ['http://example.com/']
    client.require_consent = require_consent

    client.save()

    return client
Esempio n. 13
0
def create_fake_client(response_type, is_public=False, require_consent=True):
    """
    Create a test client, response_type argument MUST be:
    'code', 'id_token' or 'id_token token'.

    Return a Client object.
    """
    client = Client()
    client.name = 'Some Client'
    client.client_id = str(random.randint(1, 999999)).zfill(6)
    if is_public:
        client.client_type = 'public'
        client.client_secret = ''
    else:
        client.client_secret = str(random.randint(1, 999999)).zfill(6)
    client.redirect_uris = ['http://example.com/']
    client.require_consent = require_consent
    client.scope = ['openid', 'email']
    client.save()

    # check if response_type is a string in a python 2 and 3 compatible way
    if isinstance(response_type, ("".__class__, u"".__class__)):
        response_type = (response_type, )
    for value in response_type:
        client.response_types.add(ResponseType.objects.get(value=value))

    return client
Esempio n. 14
0
def django_client(request):
    from django.test.client import Client
    return Client(SERVER_NAME=SERVER_NAME)
Esempio n. 15
0
class OIDCAuthorizationTest(TestCase):
    def setUp(self):
        from contest.models import Edition
        from datetime import timedelta
        from django.utils import timezone
        self.oidc_client = OIDCClient(name="test_client")
        self.oidc_client.save()
        self.user = get_user_model()(username="******")
        self.user.save()
        self.edition = Edition(year=settings.PROLOGIN_EDITION,
                               date_begin=timezone.now(),
                               date_end=timezone.now() + timedelta(days=365))
        self.edition.save()

    def test_allowed_in_client_without_policy(self):
        self.assertEqual(
            oidc_authz.authorize(None, self.user, self.oidc_client), None)

    def test_not_allowed_in_client_with_empty_policy(self):
        from django.core.exceptions import PermissionDenied
        policy = OpenIDClientPolicy(openid_client=self.oidc_client)
        policy.save()

        with self.assertRaises(PermissionDenied):
            oidc_authz.authorize(None, self.user, self.oidc_client)

        policy.delete()

    def test_staff_allowed_in_staff_only_policy(self):
        policy = OpenIDClientPolicy(openid_client=self.oidc_client,
                                    allow_staff=True)
        user = get_user_model()(username="******",
                                email="*****@*****.**",
                                is_staff=True)
        user.save()

        self.assertTrue(policy.is_user_allowed(user))

        user.delete()

    def test_non_staff_not_allowed_in_staff_only_policy(self):
        policy = OpenIDClientPolicy(openid_client=self.oidc_client,
                                    allow_staff=True)
        user = get_user_model()(username="******", email="*****@*****.**")
        user.save()

        self.assertTrue(not policy.is_user_allowed(user))

        user.delete()

    def test_group_member_in_group_allowed(self):
        from django.contrib.auth.models import Group
        group = Group(name="allowed_group")
        other_group = Group(name="other_group")
        group.save()
        other_group.save()

        policy = OpenIDClientPolicy(openid_client=self.oidc_client)
        policy.allow_groups.set([group, other_group])
        policy.save()

        user = get_user_model()(username="******",
                                email="*****@*****.**")
        user.save()
        user.groups.set([group])
        user.save()

        self.assertTrue(policy.is_user_allowed(user))

        other_group.delete()
        group.delete()
        user.delete()
        policy.delete()

    def test_not_group_member_in_group_allowed(self):
        from django.contrib.auth.models import Group
        group = Group(name="allowed_group2")
        group.save()
        policy = OpenIDClientPolicy(openid_client=self.oidc_client)
        policy.save()
        policy.allow_groups.set([group])

        user = get_user_model()(username="******",
                                email="*****@*****.**")
        user.save()
        self.assertTrue(not policy.is_user_allowed(user))

        group.delete()
        user.delete()
        policy.delete()

    def test_assigned_semifinal_in_assigned_semifinal(self):
        from contest.models import Contestant
        user = get_user_model()(username="******",
                                email="*****@*****.**")
        user.save()
        contestant = Contestant(edition=self.edition,
                                user=user,
                                assignation_semifinal=2)
        contestant.save()
        policy = OpenIDClientPolicy(openid_client=self.oidc_client,
                                    allow_assigned_semifinal=True)
        policy.save()

        self.assertTrue(policy.is_user_allowed(user))

        user.delete()
        policy.delete()

    def test_not_assigned_semifinal_in_assigned_semifinal(self):
        from contest.models import Contestant
        user = get_user_model()(username="******",
                                email="*****@*****.**")
        user.save()
        contestant = Contestant(edition=self.edition, user=user)
        contestant.save()
        policy = OpenIDClientPolicy(openid_client=self.oidc_client,
                                    allow_assigned_semifinal=True)
        policy.save()

        self.assertFalse(policy.is_user_allowed(user))

        user.delete()
        policy.delete()

    def test_assigned_final_in_assigned_final(self):
        from contest.models import Contestant
        user = get_user_model()(username="******",
                                email="*****@*****.**")
        user.save()
        contestant = Contestant(edition=self.edition,
                                user=user,
                                assignation_final=2)
        contestant.save()
        policy = OpenIDClientPolicy(openid_client=self.oidc_client,
                                    allow_assigned_final=True)

        self.assertTrue(policy.is_user_allowed(user))

        user.delete()
        policy.delete()

    def test_not_assigned_final_in_assigned_final(self):
        from contest.models import Contestant
        user = get_user_model()(username="******",
                                email="*****@*****.**")
        user.save()
        contestant = Contestant(edition=self.edition,
                                user=user,
                                assignation_final=0)
        contestant.save()
        policy = OpenIDClientPolicy(openid_client=self.oidc_client,
                                    allow_assigned_final=True)
        policy.save()

        self.assertFalse(policy.is_user_allowed(user))

        user.delete()
        policy.delete()