def setUp(self): self.factory = RequestFactory() self.middleware = SessionRefresh() self.user = User.objects.create_user('example_username')
class SessionRefreshTokenMiddlewareTestCase(TestCase): def setUp(self): self.factory = RequestFactory() self.middleware = SessionRefresh() self.user = User.objects.create_user('example_username') def test_anonymous(self, mock_middleware_random): request = self.factory.get('/foo') request.session = {} request.user = AnonymousUser() response = self.middleware.process_request(request) self.assertTrue(not response) def test_is_oidc_path(self, mock_middleware_random): request = self.factory.get('/oidc/callback/') request.user = AnonymousUser() request.session = {} response = self.middleware.process_request(request) self.assertTrue(not response) def test_is_POST(self, mock_middleware_random): request = self.factory.post('/foo') request.user = AnonymousUser() request.session = {} response = self.middleware.process_request(request) self.assertTrue(not response) def test_is_ajax(self, mock_middleware_random): mock_middleware_random.return_value = 'examplestring' request = self.factory.get( '/foo', HTTP_X_REQUESTED_WITH='XMLHttpRequest' ) request.session = {} request.user = self.user response = self.middleware.process_request(request) self.assertEqual(response.status_code, 403) # The URL to go to is available both as a header and as a key # in the JSON response. self.assertTrue(response['refresh_url']) url, qs = response['refresh_url'].split('?') self.assertEqual(url, 'http://example.com/authorize') expected_query = { 'response_type': ['code'], 'redirect_uri': ['http://testserver/callback/'], 'client_id': ['foo'], 'nonce': ['examplestring'], 'prompt': ['none'], 'scope': ['openid email'], 'state': ['examplestring'], } self.assertEqual(expected_query, parse_qs(qs)) json_payload = json.loads(response.content.decode('utf-8')) self.assertEqual(json_payload['refresh_url'], response['refresh_url']) def test_no_oidc_token_expiration_forces_renewal(self, mock_middleware_random): mock_middleware_random.return_value = 'examplestring' request = self.factory.get('/foo') request.user = self.user request.session = {} response = self.middleware.process_request(request) self.assertEqual(response.status_code, 302) url, qs = response.url.split('?') self.assertEqual(url, 'http://example.com/authorize') expected_query = { 'response_type': ['code'], 'redirect_uri': ['http://testserver/callback/'], 'client_id': ['foo'], 'nonce': ['examplestring'], 'prompt': ['none'], 'scope': ['openid email'], 'state': ['examplestring'], } self.assertEqual(expected_query, parse_qs(qs)) def test_expired_token_forces_renewal(self, mock_middleware_random): mock_middleware_random.return_value = 'examplestring' request = self.factory.get('/foo') request.user = self.user request.session = { 'oidc_token_expiration': time.time() - 10 } response = self.middleware.process_request(request) self.assertEqual(response.status_code, 302) url, qs = response.url.split('?') self.assertEqual(url, 'http://example.com/authorize') expected_query = { 'response_type': ['code'], 'redirect_uri': ['http://testserver/callback/'], 'client_id': ['foo'], 'nonce': ['examplestring'], 'prompt': ['none'], 'scope': ['openid email'], 'state': ['examplestring'], } self.assertEqual(expected_query, parse_qs(qs))
def test_is_not_refreshable_url_exempt_pattern(self): request = self.factory.get('/mdo_fake_view/') request.user = self.user request.session = dict() middleware = SessionRefresh() assert not middleware.is_refreshable_url(request)
def test_get_exempt_urls_setting_url_path(self): middleware = SessionRefresh() self.assertEqual( sorted(list(middleware.exempt_urls)), [u'/authenticate/', u'/callback/', u'/foo/', u'/logout/'] )
def test_get_exempt_urls_setting_view_name(self): middleware = SessionRefresh() self.assertEqual( sorted(list(middleware.exempt_urls)), [u'/authenticate/', u'/callback/', u'/logout/', u'/mdo_fake_view/'] )
class SessionRefreshTokenMiddlewareTestCase(TestCase): def setUp(self): self.factory = RequestFactory() self.middleware = SessionRefresh() self.user = User.objects.create_user('example_username') def test_anonymous(self): request = self.factory.get('/foo') request.session = {} request.user = AnonymousUser() response = self.middleware.process_request(request) self.assertTrue(not response) def test_is_oidc_path(self): request = self.factory.get('/oidc/callback/') request.user = AnonymousUser() request.session = {} response = self.middleware.process_request(request) self.assertTrue(not response) def test_is_POST(self): request = self.factory.post('/foo') request.user = AnonymousUser() request.session = {} response = self.middleware.process_request(request) self.assertTrue(not response) @override_settings( OIDC_OP_AUTHORIZATION_ENDPOINT='http://example.com/authorize') @override_settings(OIDC_RP_CLIENT_ID='foo') @override_settings(OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS=120) @patch('mozilla_django_oidc.middleware.get_random_string') def test_is_ajax(self, mock_random_string): mock_random_string.return_value = 'examplestring' request = self.factory.get('/foo', HTTP_X_REQUESTED_WITH='XMLHttpRequest') request.session = {} request.user = self.user response = self.middleware.process_request(request) self.assertEqual(response.status_code, 403) # The URL to go to is available both as a header and as a key # in the JSON response. self.assertTrue(response['refresh_url']) url, qs = response['refresh_url'].split('?') self.assertEqual(url, 'http://example.com/authorize') expected_query = { 'response_type': ['code'], 'redirect_uri': ['http://testserver/callback/'], 'client_id': ['foo'], 'nonce': ['examplestring'], 'prompt': ['none'], 'scope': ['openid email'], 'state': ['examplestring'], } self.assertEqual(expected_query, parse_qs(qs)) json_payload = json.loads(response.content.decode('utf-8')) self.assertEqual(json_payload['refresh_url'], response['refresh_url']) @override_settings( OIDC_OP_AUTHORIZATION_ENDPOINT='http://example.com/authorize') @override_settings(OIDC_RP_CLIENT_ID='foo') @override_settings(OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS=120) @override_settings( OIDC_AUTH_REQUEST_EXTRA_PARAMS={'custom_parameter': 'custom_value'}) @patch('mozilla_django_oidc.middleware.get_random_string') def test_no_oidc_token_expiration_forces_renewal(self, mock_random_string): mock_random_string.return_value = 'examplestring' request = self.factory.get('/foo') request.user = self.user request.session = {} response = self.middleware.process_request(request) self.assertEqual(response.status_code, 302) url, qs = response.url.split('?') self.assertEqual(url, 'http://example.com/authorize') expected_query = { 'response_type': ['code'], 'redirect_uri': ['http://testserver/callback/'], 'client_id': ['foo'], 'nonce': ['examplestring'], 'prompt': ['none'], 'scope': ['openid email'], 'state': ['examplestring'], 'custom_parameter': ['custom_value'], } self.assertEqual(expected_query, parse_qs(qs)) @override_settings( OIDC_OP_AUTHORIZATION_ENDPOINT='http://example.com/authorize') @override_settings(OIDC_RP_CLIENT_ID='foo') @override_settings(OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS=120) @patch('mozilla_django_oidc.middleware.get_random_string') def test_expired_token_forces_renewal(self, mock_random_string): mock_random_string.return_value = 'examplestring' request = self.factory.get('/foo') request.user = self.user request.session = {'oidc_id_token_expiration': time.time() - 10} response = self.middleware.process_request(request) self.assertEqual(response.status_code, 302) url, qs = response.url.split('?') self.assertEqual(url, 'http://example.com/authorize') expected_query = { 'response_type': ['code'], 'redirect_uri': ['http://testserver/callback/'], 'client_id': ['foo'], 'nonce': ['examplestring'], 'prompt': ['none'], 'scope': ['openid email'], 'state': ['examplestring'], } self.assertEqual(expected_query, parse_qs(qs))