class SessionRefreshTokenMiddlewareTestCase(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.middleware = SessionRefresh()
self.user = User.objects.create_user('example_username')
def test_anonymous(self, mock_middleware_random):
request = self.factory.get('/foo')
request.session = {}
request.user = AnonymousUser()
response = self.middleware.process_request(request)
self.assertTrue(not response)
def test_is_oidc_path(self, mock_middleware_random):
request = self.factory.get('/oidc/callback/')
request.user = AnonymousUser()
request.session = {}
response = self.middleware.process_request(request)
self.assertTrue(not response)
def test_is_POST(self, mock_middleware_random):
request = self.factory.post('/foo')
request.user = AnonymousUser()
request.session = {}
response = self.middleware.process_request(request)
self.assertTrue(not response)
def test_is_ajax(self, mock_middleware_random):
mock_middleware_random.return_value = 'examplestring'
request = self.factory.get(
'/foo',
HTTP_X_REQUESTED_WITH='XMLHttpRequest'
)
request.session = {}
request.user = self.user
response = self.middleware.process_request(request)
self.assertEqual(response.status_code, 403)
# The URL to go to is available both as a header and as a key
# in the JSON response.
self.assertTrue(response['refresh_url'])
url, qs = response['refresh_url'].split('?')
self.assertEqual(url, 'http://example.com/authorize')
expected_query = {
'response_type': ['code'],
'redirect_uri': ['http://testserver/callback/'],
'client_id': ['foo'],
'nonce': ['examplestring'],
'prompt': ['none'],
'scope': ['openid email'],
'state': ['examplestring'],
}
self.assertEqual(expected_query, parse_qs(qs))
json_payload = json.loads(response.content.decode('utf-8'))
self.assertEqual(json_payload['refresh_url'], response['refresh_url'])
def test_no_oidc_token_expiration_forces_renewal(self, mock_middleware_random):
mock_middleware_random.return_value = 'examplestring'
request = self.factory.get('/foo')
request.user = self.user
request.session = {}
response = self.middleware.process_request(request)
self.assertEqual(response.status_code, 302)
url, qs = response.url.split('?')
self.assertEqual(url, 'http://example.com/authorize')
expected_query = {
'response_type': ['code'],
'redirect_uri': ['http://testserver/callback/'],
'client_id': ['foo'],
'nonce': ['examplestring'],
'prompt': ['none'],
'scope': ['openid email'],
'state': ['examplestring'],
}
self.assertEqual(expected_query, parse_qs(qs))
def test_expired_token_forces_renewal(self, mock_middleware_random):
mock_middleware_random.return_value = 'examplestring'
request = self.factory.get('/foo')
request.user = self.user
request.session = {
'oidc_token_expiration': time.time() - 10
}
response = self.middleware.process_request(request)
self.assertEqual(response.status_code, 302)
url, qs = response.url.split('?')
self.assertEqual(url, 'http://example.com/authorize')
expected_query = {
'response_type': ['code'],
'redirect_uri': ['http://testserver/callback/'],
'client_id': ['foo'],
'nonce': ['examplestring'],
'prompt': ['none'],
'scope': ['openid email'],
'state': ['examplestring'],
}
self.assertEqual(expected_query, parse_qs(qs))
class SessionRefreshTokenMiddlewareTestCase(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.middleware = SessionRefresh()
self.user = User.objects.create_user('example_username')
def test_anonymous(self):
request = self.factory.get('/foo')
request.session = {}
request.user = AnonymousUser()
response = self.middleware.process_request(request)
self.assertTrue(not response)
def test_is_oidc_path(self):
request = self.factory.get('/oidc/callback/')
request.user = AnonymousUser()
request.session = {}
response = self.middleware.process_request(request)
self.assertTrue(not response)
def test_is_POST(self):
request = self.factory.post('/foo')
request.user = AnonymousUser()
request.session = {}
response = self.middleware.process_request(request)
self.assertTrue(not response)
@override_settings(
OIDC_OP_AUTHORIZATION_ENDPOINT='http://example.com/authorize')
@override_settings(OIDC_RP_CLIENT_ID='foo')
@override_settings(OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS=120)
@patch('mozilla_django_oidc.middleware.get_random_string')
def test_is_ajax(self, mock_random_string):
mock_random_string.return_value = 'examplestring'
request = self.factory.get('/foo',
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
request.session = {}
request.user = self.user
response = self.middleware.process_request(request)
self.assertEqual(response.status_code, 403)
# The URL to go to is available both as a header and as a key
# in the JSON response.
self.assertTrue(response['refresh_url'])
url, qs = response['refresh_url'].split('?')
self.assertEqual(url, 'http://example.com/authorize')
expected_query = {
'response_type': ['code'],
'redirect_uri': ['http://testserver/callback/'],
'client_id': ['foo'],
'nonce': ['examplestring'],
'prompt': ['none'],
'scope': ['openid email'],
'state': ['examplestring'],
}
self.assertEqual(expected_query, parse_qs(qs))
json_payload = json.loads(response.content.decode('utf-8'))
self.assertEqual(json_payload['refresh_url'], response['refresh_url'])
@override_settings(
OIDC_OP_AUTHORIZATION_ENDPOINT='http://example.com/authorize')
@override_settings(OIDC_RP_CLIENT_ID='foo')
@override_settings(OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS=120)
@override_settings(
OIDC_AUTH_REQUEST_EXTRA_PARAMS={'custom_parameter': 'custom_value'})
@patch('mozilla_django_oidc.middleware.get_random_string')
def test_no_oidc_token_expiration_forces_renewal(self, mock_random_string):
mock_random_string.return_value = 'examplestring'
request = self.factory.get('/foo')
request.user = self.user
request.session = {}
response = self.middleware.process_request(request)
self.assertEqual(response.status_code, 302)
url, qs = response.url.split('?')
self.assertEqual(url, 'http://example.com/authorize')
expected_query = {
'response_type': ['code'],
'redirect_uri': ['http://testserver/callback/'],
'client_id': ['foo'],
'nonce': ['examplestring'],
'prompt': ['none'],
'scope': ['openid email'],
'state': ['examplestring'],
'custom_parameter': ['custom_value'],
}
self.assertEqual(expected_query, parse_qs(qs))
@override_settings(
OIDC_OP_AUTHORIZATION_ENDPOINT='http://example.com/authorize')
@override_settings(OIDC_RP_CLIENT_ID='foo')
@override_settings(OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS=120)
@patch('mozilla_django_oidc.middleware.get_random_string')
def test_expired_token_forces_renewal(self, mock_random_string):
mock_random_string.return_value = 'examplestring'
request = self.factory.get('/foo')
request.user = self.user
request.session = {'oidc_id_token_expiration': time.time() - 10}
response = self.middleware.process_request(request)
self.assertEqual(response.status_code, 302)
url, qs = response.url.split('?')
self.assertEqual(url, 'http://example.com/authorize')
expected_query = {
'response_type': ['code'],
'redirect_uri': ['http://testserver/callback/'],
'client_id': ['foo'],
'nonce': ['examplestring'],
'prompt': ['none'],
'scope': ['openid email'],
'state': ['examplestring'],
}
self.assertEqual(expected_query, parse_qs(qs))