def test_get_login(self):
with oidc_settings.override(DEFAULT_PROVIDER={}):
response = self.client.get('/oidc/login/')
tools.assert_equal(response.status_code, 200)
tools.assert_true(
any(t.name == 'oidc/login.html' for t in response.templates))
def test_get_default_provider__no_updates(self, ProviderMock):
provider = self.create_bogus_object(self.configs)
ProviderMock.objects.get_or_create.return_value = (provider, False)
with oidc_settings.override(DEFAULT_PROVIDER=self.configs):
got_provider = get_default_provider()
self.assertIs(provider, got_provider)
assert not ProviderMock.save.called, 'Save should not have been called!'
def test_get_default_provider__no_updates(self, ProviderMock):
provider = self.create_bogus_object(self.configs)
ProviderMock.objects.get_or_create.return_value = (provider, False)
with oidc_settings.override(DEFAULT_PROVIDER=self.configs):
got_provider = get_default_provider()
self.assertIs(provider, got_provider)
assert not ProviderMock.save.called, 'Save should not have been called!'
def test_login_default_provider(self, get_mock):
configs = dict(self.configs,
authorization_endpoint='http://default.example.it/authorize')
get_mock.return_value.status_code = 200
get_mock.return_value.json.return_value = configs
with oidc_settings.override(DEFAULT_PROVIDER=configs):
response = self.client.get('/oidc/login/')
tools.assert_equal(response.status_code, 302)
redirect_url = urlparse(response['Location'])
tools.assert_equal('default.example.it', redirect_url.hostname)
def test_post_token_endpoint_with_invalid_ssl(self, post_mock):
with oidc_settings.override(VERIFY_SSL=False):
response = mock.MagicMock()
response.status_code = 200
response.json.return_value = {
'access_token': '12345',
'refresh_token': '12345',
'expires_in': 3600,
'token_type': 'Bearer',
'id_token': (
'eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzc'
'yI6ICJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwKICJzdWIiOiAiMjQ4Mjg5'
'NzYxMDAxIiwKICJhdWQiOiAiczZCaGRSa3F0MyIsCiAibm9uY2UiOiAibi0wUzZ'
'fV3pBMk1qIiwKICJleHAiOiAxMzExMjgxOTcwLAogImlhdCI6IDEzMTEyODA5Nz'
'AKfQ.ggW8hZ1EuVLuxNuuIJKX_V8a_OMXzR0EHR9R6jgdqrOOF4daGU96Sr_P6q'
'Jp6IcmD3HP99Obi1PRs-cwh3LO-p146waJ8IhehcwL7F09JdijmBqkvPeB2T9CJ'
'NqeGpe-gccMg4vfKjkM8FcGvnzZUN4_KSP0aAp1tOJ1zZwgjxqGByKHiOtX7Tpd'
'QyHE5lcMiKPXfEIQILVq0pc_E2DzL7emopWoaoZTF_m0_N0YzFC6g6EJbOEoRoS'
'K5hoDalrcvRYLSrQAZZKflyuVCyixEoV9GfNQC3_osjzw2PAithfubEEBLuVVk4'
'XUVrWOLrLl0nx7RkKU8NXNHq-rvKMzqg'),
}
post_mock.return_value = response
state = 'abcde'
Nonce.objects.create(issuer_url='http://example.it', state=state, redirect_url='http://back.to.me')
provider = OpenIDProvider.objects.create(issuer='http://example.it',
client_id='12345',
client_secret='abcde',
token_endpoint='http://example.it/token',
authorization_endpoint='http://a.b/',
userinfo_endpoint='http://a.b/',
jwks_uri='http://a.b/')
session = self.client.session
session['oidc_state'] = state
session.save()
user = UserModel.objects.create(username='******')
OpenIDUser.objects.create(sub='foobar', issuer=provider, user=user)
with mock.patch.object(OpenIDProvider, 'verify_id_token') as mock_verify_id_token:
mock_verify_id_token.return_value = {'sub': 'foobar'}
self.client.get('/oidc/complete/', data={
'state': state,
'code': '12345'
})
post_mock.assert_called_with(provider.token_endpoint, params={
'grant_type': 'authorization_code',
'code': '12345',
'redirect_uri': 'http://testserver/oidc/complete/'
}, auth=provider.client_credentials, verify=False)
def test_login_default_provider(self, get_mock):
configs = dict(
self.configs,
authorization_endpoint='http://default.example.it/authorize')
get_mock.return_value.status_code = 200
get_mock.return_value.json.return_value = configs
with oidc_settings.override(DEFAULT_PROVIDER=configs):
response = self.client.get('/oidc/login/')
tools.assert_equal(response.status_code, 302)
redirect_url = urlparse(response['Location'])
tools.assert_equal('default.example.it', redirect_url.hostname)
def test_get_default_provider__with_updates(self, ProviderMock):
new_url = 'https://another-url.bogus'
new_configs = dict(self.configs, authorization_endpoint=new_url)
old_provider = self.create_bogus_object(self.configs)
old_provider.save = mock.Mock()
ProviderMock.objects.get_or_create.return_value = (old_provider, False)
with oidc_settings.override(DEFAULT_PROVIDER=new_configs):
got_provider = get_default_provider()
old_provider.save.assert_called_with()
self.assertEqual(old_provider.authorization_endpoint, new_url)
def test_get_default_provider__with_updates(self, ProviderMock):
new_url = 'https://another-url.bogus'
new_configs = dict(self.configs, authorization_endpoint=new_url)
old_provider = self.create_bogus_object(self.configs)
old_provider.save = mock.Mock()
ProviderMock.objects.get_or_create.return_value = (old_provider, False)
with oidc_settings.override(DEFAULT_PROVIDER=new_configs):
got_provider = get_default_provider()
old_provider.save.assert_called_with()
self.assertEqual(old_provider.authorization_endpoint, new_url)
def test_post_login(self, get_mock):
get_mock.return_value = self.response_mock
with oidc_settings.override(DEFAULT_PROVIDER=self.configs):
response = self.client.post('/oidc/login/', data={
'issuer': 'http://example.it'
})
tools.assert_equal(response.status_code, 302)
redirect_url = urlparse(response['Location'])
tools.assert_equal('http://example.it', '%s://%s' % (redirect_url.scheme, redirect_url.hostname))
params = parse_qs(redirect_url.query)
tools.assert_equal(set(params.keys()),
{'response_type', 'scope', 'client_id', 'state'})
def test_post_login(self, get_mock):
get_mock.return_value = self.response_mock
with oidc_settings.override(DEFAULT_PROVIDER=self.configs):
response = self.client.post('/oidc/login/',
data={'issuer': 'http://example.it'})
tools.assert_equal(response.status_code, 302)
redirect_url = urlparse(response['Location'])
tools.assert_equal(
'http://example.it',
'%s://%s' % (redirect_url.scheme, redirect_url.hostname))
params = parse_qs(redirect_url.query)
tools.assert_equal(set(params.keys()),
{'response_type', 'scope', 'client_id', 'state'})
def test_post_token_endpoint_with_invalid_ssl(self, post_mock):
with oidc_settings.override(VERIFY_SSL=False):
response = mock.MagicMock()
response.status_code = 200
response.json.return_value = {
'access_token':
'12345',
'refresh_token':
'12345',
'expires_in':
3600,
'token_type':
'Bearer',
'id_token':
('eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzc'
'yI6ICJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwKICJzdWIiOiAiMjQ4Mjg5'
'NzYxMDAxIiwKICJhdWQiOiAiczZCaGRSa3F0MyIsCiAibm9uY2UiOiAibi0wUzZ'
'fV3pBMk1qIiwKICJleHAiOiAxMzExMjgxOTcwLAogImlhdCI6IDEzMTEyODA5Nz'
'AKfQ.ggW8hZ1EuVLuxNuuIJKX_V8a_OMXzR0EHR9R6jgdqrOOF4daGU96Sr_P6q'
'Jp6IcmD3HP99Obi1PRs-cwh3LO-p146waJ8IhehcwL7F09JdijmBqkvPeB2T9CJ'
'NqeGpe-gccMg4vfKjkM8FcGvnzZUN4_KSP0aAp1tOJ1zZwgjxqGByKHiOtX7Tpd'
'QyHE5lcMiKPXfEIQILVq0pc_E2DzL7emopWoaoZTF_m0_N0YzFC6g6EJbOEoRoS'
'K5hoDalrcvRYLSrQAZZKflyuVCyixEoV9GfNQC3_osjzw2PAithfubEEBLuVVk4'
'XUVrWOLrLl0nx7RkKU8NXNHq-rvKMzqg'),
}
post_mock.return_value = response
state = 'abcde'
Nonce.objects.create(issuer_url='http://example.it',
state=state,
redirect_url='http://back.to.me')
provider = OpenIDProvider.objects.create(
issuer='http://example.it',
client_id='12345',
client_secret='abcde',
token_endpoint='http://example.it/token',
authorization_endpoint='http://a.b/',
userinfo_endpoint='http://a.b/',
jwks_uri='http://a.b/')
session = self.client.session
session['oidc_state'] = state
session.save()
user = UserModel.objects.create(username='******')
OpenIDUser.objects.create(sub='foobar', issuer=provider, user=user)
with mock.patch.object(OpenIDProvider,
'verify_id_token') as mock_verify_id_token:
mock_verify_id_token.return_value = {'sub': 'foobar'}
self.client.get('/oidc/complete/',
data={
'state': state,
'code': '12345'
})
post_mock.assert_called_with(provider.token_endpoint,
params={
'grant_type':
'authorization_code',
'code':
'12345',
'redirect_uri':
'http://testserver/oidc/complete/'
},
auth=provider.client_credentials,
verify=False)
def test_get_login(self):
with oidc_settings.override(DEFAULT_PROVIDER={}):
response = self.client.get('/oidc/login/')
tools.assert_equal(response.status_code, 200)
tools.assert_true(any(t.name == 'oidc/login.html' for t in response.templates))