def oauth_client_B(app, request, db_session):
"""
Create a second, different OAuth2 (confidential) client and add it to the
database along with a test user for the client.
"""
url = "https://oauth-test-client-B.net"
client_id = "test-client-B"
client_secret = fence.utils.random_str(50)
hashed_secret = bcrypt.hashpw(client_secret.encode("utf-8"),
bcrypt.gensalt()).decode("utf-8")
test_user = db_session.query(
models.User).filter_by(username="******").first()
if not test_user:
test_user = models.User(username="******", is_admin=False)
db_session.add(test_user)
db_session.add(
models.Client(
client_id=client_id,
client_secret=hashed_secret,
user=test_user,
allowed_scopes=["openid", "user", "fence"],
redirect_uris=[url],
description="",
is_confidential=True,
name="testclientb",
grant_types=["authorization_code", "refresh_token"],
))
db_session.commit()
return Dict(client_id=client_id, client_secret=client_secret, url=url)
def oauth_client_B(app, request, db_session):
"""
Create a second, different OAuth2 client and add it to the database along
with a test user for the client.
"""
url = 'https://oauth-test-client-B.net'
client_id = 'test-client-B'
client_secret = fence.utils.random_str(50)
hashed_secret = bcrypt.hashpw(client_secret, bcrypt.gensalt())
test_user = (
db_session
.query(models.User)
.filter_by(username='******')
.first()
)
if not test_user:
test_user = models.User(username='******', is_admin=False)
db_session.add(test_user)
db_session.add(models.Client(
client_id=client_id, client_secret=hashed_secret, user=test_user,
allowed_scopes=['openid', 'user'], _redirect_uris=url, description='',
is_confidential=True, name='testclientb'
))
db_session.commit()
return Dict(client_id=client_id, client_secret=client_secret, url=url)
def fence_oauth_client(app, db_session, oauth_user, fence_oauth_client_url):
"""
Register an OAuth client for a new fence instance to use as an oauth client
of another fence instance.
"""
client_id = 'fence_instance'
client_secret = fence.utils.random_str(50)
hashed_secret = bcrypt.hashpw(client_secret, bcrypt.gensalt())
test_user = (
db_session
.query(models.User)
.filter_by(id=oauth_user.user_id)
.first()
)
db_session.add(models.Client(
client_id=client_id, client_secret=hashed_secret, user=test_user,
allowed_scopes=['openid', 'user'],
_redirect_uris=fence_oauth_client_url, description='',
is_confidential=True, name='fence_oauth_client'
))
db_session.commit()
return Dict(
client_id=client_id, client_secret=client_secret,
url=fence_oauth_client_url
)
def oauth_client(app, db_session, oauth_user):
"""
Create a confidential OAuth2 client and add it to the database along with a
test user for the client.
"""
url = "https://oauth-test-client.net"
client_id = "test-client"
client_secret = fence.utils.random_str(50)
hashed_secret = bcrypt.hashpw(client_secret, bcrypt.gensalt())
test_user = db_session.query(
models.User).filter_by(id=oauth_user.user_id).first()
db_session.add(
models.Client(
client_id=client_id,
client_secret=hashed_secret,
user=test_user,
allowed_scopes=["openid", "user", "fence"],
redirect_uris=[url],
description="",
is_confidential=True,
name="testclient",
grant_types=["authorization_code", "refresh_token"],
))
db_session.commit()
return Dict(client_id=client_id, client_secret=client_secret, url=url)
def fence_oauth_client(app, db_session, oauth_user, fence_oauth_client_url):
"""
Register an OAuth client for a new fence instance to use as an oauth client
of another fence instance.
"""
client_id = "fence_instance"
client_secret = fence.utils.random_str(50)
hashed_secret = bcrypt.hashpw(client_secret, bcrypt.gensalt())
test_user = db_session.query(
models.User).filter_by(id=oauth_user.user_id).first()
db_session.add(
models.Client(
client_id=client_id,
client_secret=hashed_secret,
user=test_user,
allowed_scopes=["openid", "user"],
redirect_uris=fence_oauth_client_url,
description="",
is_confidential=True,
name="fence_oauth_client",
))
# FIXME: If this is added back,
# tests/multi_tenant/test_multi_tenant.py::test_redirect_from_oauth
# will hang on a postgres command during db migration scripts
# (specifically "ALTER TABLE client ALTER COLUMN client_secret DROP NOT NULL")
# NOTE: It seems like there's a transaction in postgres that isn't complete by the
# time that ALTER comes around. and then that ALTER deadlocks with the
# other transaction somehow. :tableflip:
# Tests still pass without this code so... :shrug:
# db_session.commit()
return Dict(client_id=client_id,
client_secret=client_secret,
url=fence_oauth_client_url)
def oauth_client_public(app, db_session, oauth_user):
"""
Create a public OAuth2 client.
"""
url = "https://oauth-test-client-public.net"
client_id = "test-client-public"
test_user = db_session.query(
models.User).filter_by(id=oauth_user.user_id).first()
db_session.add(
models.Client(
client_id=client_id,
user=test_user,
allowed_scopes=["openid", "user", "fence"],
redirect_uris=[url],
description="",
is_confidential=False,
name="testclient-public",
grant_types=["authorization_code", "refresh_token"],
))
db_session.commit()
return Dict(client_id=client_id, url=url)
def oauth_client(app, db_session, oauth_user):
"""
Create a confidential OAuth2 client and add it to the database along with a
test user for the client.
"""
url = 'https://oauth-test-client.net'
client_id = 'test-client'
client_secret = fence.utils.random_str(50)
hashed_secret = bcrypt.hashpw(client_secret, bcrypt.gensalt())
test_user = (
db_session
.query(models.User)
.filter_by(id=oauth_user.user_id)
.first()
)
db_session.add(models.Client(
client_id=client_id, client_secret=hashed_secret, user=test_user,
allowed_scopes=['openid', 'user'], _redirect_uris=url, description='',
is_confidential=True, name='testclient'
))
db_session.commit()
return Dict(client_id=client_id, client_secret=client_secret, url=url)
