def test_unauthorized_signup(remote, models_fixture): """Test unauthorized redirect on signup callback handler.""" app = models_fixture datastore = app.extensions['invenio-accounts'].datastore existing_email = '*****@*****.**' user = datastore.find_user(email=existing_email) example_response = {'access_token': 'test_access_token'} example_account_info = { 'user': { 'email': existing_email, 'external_id': '1234', 'external_method': 'test_method' } } # Mock remote app's handler current_oauthclient.signup_handlers[remote.name] = { 'info': lambda resp: example_account_info, } _security.confirmable = True _security.login_without_confirmation = False user.confirmed_at = None app.config['OAUTHCLIENT_REMOTE_APPS'][remote.name] = {} resp = authorized_signup_handler(example_response, remote) check_redirect_location(resp, lambda x: x.startswith('/login/'))
def test_unauthorized_signup(remote, models_fixture): """Test unauthorized redirect on signup callback handler.""" app = models_fixture datastore = app.extensions['invenio-accounts'].datastore existing_email = '*****@*****.**' user = datastore.find_user(email=existing_email) example_response = {'access_token': 'test_access_token'} example_account_info = {'user': { 'email': existing_email, 'external_id': '1234', 'external_method': 'test_method' }} # Mock remote app's handler current_oauthclient.signup_handlers[remote.name] = { 'info': lambda resp: example_account_info, } _security.confirmable = True _security.login_without_confirmation = False user.confirmed_at = None app.config['OAUTHCLIENT_REMOTE_APPS'][remote.name] = {} resp = authorized_signup_handler(example_response, remote) check_redirect_location(resp, lambda x: x.startswith('/login/'))
def test_authorized_rest_handler(app_rest): """Test authorized callback handler.""" oauth = current_oauthclient.oauth remote = oauth.remote_apps['github'] # General error example_response = {'error': 'error'} resp = authorized_rest(example_response, remote) expected_url_args = { "message": "Authorization with remote service failed.", "code": 400, } check_response_redirect_url_args(resp, expected_url_args) # Bad verification error example_response = {'error': 'bad_verification_code'} resp = authorized_rest(example_response, remote) check_redirect_location(resp, '/oauth/login/github/') # Incorrect client credentials example_response = {'error': 'incorrect_client_credentials'} with pytest.raises(OAuthResponseError): authorized_rest(example_response, remote) # Redirect uri mismatch example_response = {'error': 'redirect_uri_mismatch'} with pytest.raises(OAuthResponseError): authorized_rest(example_response, remote)
def test_valid_authorized_userprofiles(userprofiles_fixture): """Test authorized signup handler with userprofiles enabled.""" app = userprofiles_fixture with app.test_client() as client: _authorized_valid_config(app) resp = client.post( url_for('shibboleth_authenticator.authorized', remote_app='idp'), data=dict(SAMLResponse=_load_file('valid.xml.base64'))) assert resp.status_code == 302 assert current_user.email == '*****@*****.**' assert current_user.is_authenticated _authorized_valid_config(app) resp = client.post( url_for('shibboleth_authenticator.authorized', remote_app='idp'), data=dict(SAMLResponse=_load_file('expired.xml.base64'))) assert resp.status_code == 403 assert not current_user.is_authenticated from shibboleth_authenticator.views import serializer # test valid request with next parameter next_url = '/test/redirect' state = serializer.dumps({ 'app': 'idp', 'sid': _create_identifier(), 'next': next_url, }) resp = client.post(url_for('shibboleth_authenticator.authorized', remote_app='idp'), data=dict( SAMLResponse=_load_file('valid.xml.base64'), RelayState=state, )) check_redirect_location(resp, lambda x: x.endswith(next_url)) assert current_user.email == '*****@*****.**' assert current_user.is_authenticated # test invalid state token state = serializer.dumps({ 'app': 'idp', 'sid': 'invalid', 'next': next_url, }) resp = client.post(url_for('shibboleth_authenticator.authorized', remote_app='idp'), data=dict( SAMLResponse=_load_file('valid.xml.base64'), RelayState=state, )) assert resp.status_code == 400 resp = client.post(url_for('shibboleth_authenticator.authorized', remote_app='idp'), data=dict( SAMLResponse=_load_file('valid.xml.base64'), RelayState='', )) assert resp.status_code == 400
def test_already_linked_exception(app): """Test error when service is already linked to another account.""" @oauth_error_handler def mock_handler(): raise AlreadyLinkedError(None, None) resp = mock_handler() check_redirect_location(resp, '/account/settings/linkedaccounts/')
def test_authorized_handler(app, remote): """Test authorized callback handler.""" # General error example_response = {'error': 'error'} resp = authorized(example_response, remote) check_redirect_location(resp, '/') # Bad verification error example_response = {'error': 'bad_verification_code'} resp = authorized(example_response, remote) check_redirect_location(resp, '/oauth/login/github/') # Incorrect client credentials example_response = {'error': 'incorrect_client_credentials'} with pytest.raises(OAuthResponseError): authorized(example_response, remote) # Redirect uri mismatch example_response = {'error': 'redirect_uri_mismatch'} with pytest.raises(OAuthResponseError): authorized(example_response, remote)
def test_authorized_signup_handler(remote, models_fixture): """Test authorized signup handler.""" datastore = models_fixture.extensions['invenio-accounts'].datastore user = datastore.find_user(email='*****@*****.**') example_response = {'access_token': 'test_access_token'} # Mock remote app's handler current_oauthclient.signup_handlers[remote.name] = { 'setup': lambda token, resp: None } # Authenticate user oauth_authenticate('dev', user) # Mock next url next_url = '/test/redirect' session[token_session_key(remote.name) + '_next_url'] = next_url # Check user is redirected to next_url resp = authorized_signup_handler(example_response, remote) check_redirect_location(resp, next_url)
def test_signup_handler(remote, app, models_fixture): """Test signup handler.""" datastore = app.extensions['invenio-accounts'].datastore existing_email = '*****@*****.**' user = datastore.find_user(email=existing_email) # Already authenticated login_user(user) assert current_user.is_authenticated resp1 = signup_handler(remote) check_redirect_location(resp1, '/') logout_user() assert not current_user.is_authenticated # No OAuth token resp2 = signup_handler(remote) check_redirect_location(resp2, '/') # Not coming from authorized request token = RemoteToken.create(user.id, 'testkey', 'mytoken', 'mysecret') token_setter(remote, token, 'mysecret') with pytest.raises(BuildError): signup_handler(remote)
def test_signup_handler(remote, models_fixture): """Test signup handler.""" app = models_fixture datastore = app.extensions['invenio-accounts'].datastore existing_email = '*****@*****.**' user = datastore.find_user(email=existing_email) # Already authenticated login_user(user) assert current_user.is_authenticated resp1 = signup_handler(remote) check_redirect_location(resp1, '/') logout_user() assert not current_user.is_authenticated # No OAuth token resp2 = signup_handler(remote) check_redirect_location(resp2, '/') # Not coming from authorized request token = RemoteToken.create(user.id, 'testkey', 'mytoken', 'mysecret') token_setter(remote, token, 'mysecret') with pytest.raises(BuildError): signup_handler(remote)
def test_unauthorized_disconnect(app, remote): """Test disconnect handler when user is not authenticated.""" resp = disconnect_handler(remote) check_redirect_location(resp, lambda x: x.startswith('/login/'))