def setUp(self):
     self.factory = RequestFactory()
     self.middleware = SessionRefresh()
     self.user = User.objects.create_user('example_username')
class SessionRefreshTokenMiddlewareTestCase(TestCase):
    def setUp(self):
        self.factory = RequestFactory()
        self.middleware = SessionRefresh()
        self.user = User.objects.create_user('example_username')

    def test_anonymous(self, mock_middleware_random):
        request = self.factory.get('/foo')
        request.session = {}
        request.user = AnonymousUser()
        response = self.middleware.process_request(request)
        self.assertTrue(not response)

    def test_is_oidc_path(self, mock_middleware_random):
        request = self.factory.get('/oidc/callback/')
        request.user = AnonymousUser()
        request.session = {}
        response = self.middleware.process_request(request)
        self.assertTrue(not response)

    def test_is_POST(self, mock_middleware_random):
        request = self.factory.post('/foo')
        request.user = AnonymousUser()
        request.session = {}
        response = self.middleware.process_request(request)
        self.assertTrue(not response)

    def test_is_ajax(self, mock_middleware_random):
        mock_middleware_random.return_value = 'examplestring'

        request = self.factory.get(
            '/foo',
            HTTP_X_REQUESTED_WITH='XMLHttpRequest'
        )
        request.session = {}
        request.user = self.user

        response = self.middleware.process_request(request)
        self.assertEqual(response.status_code, 403)
        # The URL to go to is available both as a header and as a key
        # in the JSON response.
        self.assertTrue(response['refresh_url'])
        url, qs = response['refresh_url'].split('?')
        self.assertEqual(url, 'http://example.com/authorize')
        expected_query = {
            'response_type': ['code'],
            'redirect_uri': ['http://testserver/callback/'],
            'client_id': ['foo'],
            'nonce': ['examplestring'],
            'prompt': ['none'],
            'scope': ['openid email'],
            'state': ['examplestring'],
        }
        self.assertEqual(expected_query, parse_qs(qs))
        json_payload = json.loads(response.content.decode('utf-8'))
        self.assertEqual(json_payload['refresh_url'], response['refresh_url'])

    def test_no_oidc_token_expiration_forces_renewal(self, mock_middleware_random):
        mock_middleware_random.return_value = 'examplestring'

        request = self.factory.get('/foo')
        request.user = self.user
        request.session = {}

        response = self.middleware.process_request(request)

        self.assertEqual(response.status_code, 302)
        url, qs = response.url.split('?')
        self.assertEqual(url, 'http://example.com/authorize')
        expected_query = {
            'response_type': ['code'],
            'redirect_uri': ['http://testserver/callback/'],
            'client_id': ['foo'],
            'nonce': ['examplestring'],
            'prompt': ['none'],
            'scope': ['openid email'],
            'state': ['examplestring'],
        }
        self.assertEqual(expected_query, parse_qs(qs))

    def test_expired_token_forces_renewal(self, mock_middleware_random):
        mock_middleware_random.return_value = 'examplestring'

        request = self.factory.get('/foo')
        request.user = self.user
        request.session = {
            'oidc_token_expiration': time.time() - 10
        }

        response = self.middleware.process_request(request)

        self.assertEqual(response.status_code, 302)
        url, qs = response.url.split('?')
        self.assertEqual(url, 'http://example.com/authorize')
        expected_query = {
            'response_type': ['code'],
            'redirect_uri': ['http://testserver/callback/'],
            'client_id': ['foo'],
            'nonce': ['examplestring'],
            'prompt': ['none'],
            'scope': ['openid email'],
            'state': ['examplestring'],
        }
        self.assertEqual(expected_query, parse_qs(qs))
 def test_is_not_refreshable_url_exempt_pattern(self):
     request = self.factory.get('/mdo_fake_view/')
     request.user = self.user
     request.session = dict()
     middleware = SessionRefresh()
     assert not middleware.is_refreshable_url(request)
 def test_get_exempt_urls_setting_url_path(self):
     middleware = SessionRefresh()
     self.assertEqual(
         sorted(list(middleware.exempt_urls)),
         [u'/authenticate/', u'/callback/', u'/foo/', u'/logout/']
     )
 def test_get_exempt_urls_setting_view_name(self):
     middleware = SessionRefresh()
     self.assertEqual(
         sorted(list(middleware.exempt_urls)),
         [u'/authenticate/', u'/callback/', u'/logout/', u'/mdo_fake_view/']
     )
예제 #6
0
class SessionRefreshTokenMiddlewareTestCase(TestCase):
    def setUp(self):
        self.factory = RequestFactory()
        self.middleware = SessionRefresh()
        self.user = User.objects.create_user('example_username')

    def test_anonymous(self):
        request = self.factory.get('/foo')
        request.session = {}
        request.user = AnonymousUser()
        response = self.middleware.process_request(request)
        self.assertTrue(not response)

    def test_is_oidc_path(self):
        request = self.factory.get('/oidc/callback/')
        request.user = AnonymousUser()
        request.session = {}
        response = self.middleware.process_request(request)
        self.assertTrue(not response)

    def test_is_POST(self):
        request = self.factory.post('/foo')
        request.user = AnonymousUser()
        request.session = {}
        response = self.middleware.process_request(request)
        self.assertTrue(not response)

    @override_settings(
        OIDC_OP_AUTHORIZATION_ENDPOINT='http://example.com/authorize')
    @override_settings(OIDC_RP_CLIENT_ID='foo')
    @override_settings(OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS=120)
    @patch('mozilla_django_oidc.middleware.get_random_string')
    def test_is_ajax(self, mock_random_string):
        mock_random_string.return_value = 'examplestring'

        request = self.factory.get('/foo',
                                   HTTP_X_REQUESTED_WITH='XMLHttpRequest')
        request.session = {}
        request.user = self.user

        response = self.middleware.process_request(request)
        self.assertEqual(response.status_code, 403)
        # The URL to go to is available both as a header and as a key
        # in the JSON response.
        self.assertTrue(response['refresh_url'])
        url, qs = response['refresh_url'].split('?')
        self.assertEqual(url, 'http://example.com/authorize')
        expected_query = {
            'response_type': ['code'],
            'redirect_uri': ['http://testserver/callback/'],
            'client_id': ['foo'],
            'nonce': ['examplestring'],
            'prompt': ['none'],
            'scope': ['openid email'],
            'state': ['examplestring'],
        }
        self.assertEqual(expected_query, parse_qs(qs))
        json_payload = json.loads(response.content.decode('utf-8'))
        self.assertEqual(json_payload['refresh_url'], response['refresh_url'])

    @override_settings(
        OIDC_OP_AUTHORIZATION_ENDPOINT='http://example.com/authorize')
    @override_settings(OIDC_RP_CLIENT_ID='foo')
    @override_settings(OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS=120)
    @override_settings(
        OIDC_AUTH_REQUEST_EXTRA_PARAMS={'custom_parameter': 'custom_value'})
    @patch('mozilla_django_oidc.middleware.get_random_string')
    def test_no_oidc_token_expiration_forces_renewal(self, mock_random_string):
        mock_random_string.return_value = 'examplestring'

        request = self.factory.get('/foo')
        request.user = self.user
        request.session = {}

        response = self.middleware.process_request(request)

        self.assertEqual(response.status_code, 302)
        url, qs = response.url.split('?')
        self.assertEqual(url, 'http://example.com/authorize')
        expected_query = {
            'response_type': ['code'],
            'redirect_uri': ['http://testserver/callback/'],
            'client_id': ['foo'],
            'nonce': ['examplestring'],
            'prompt': ['none'],
            'scope': ['openid email'],
            'state': ['examplestring'],
            'custom_parameter': ['custom_value'],
        }
        self.assertEqual(expected_query, parse_qs(qs))

    @override_settings(
        OIDC_OP_AUTHORIZATION_ENDPOINT='http://example.com/authorize')
    @override_settings(OIDC_RP_CLIENT_ID='foo')
    @override_settings(OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS=120)
    @patch('mozilla_django_oidc.middleware.get_random_string')
    def test_expired_token_forces_renewal(self, mock_random_string):
        mock_random_string.return_value = 'examplestring'

        request = self.factory.get('/foo')
        request.user = self.user
        request.session = {'oidc_id_token_expiration': time.time() - 10}

        response = self.middleware.process_request(request)

        self.assertEqual(response.status_code, 302)
        url, qs = response.url.split('?')
        self.assertEqual(url, 'http://example.com/authorize')
        expected_query = {
            'response_type': ['code'],
            'redirect_uri': ['http://testserver/callback/'],
            'client_id': ['foo'],
            'nonce': ['examplestring'],
            'prompt': ['none'],
            'scope': ['openid email'],
            'state': ['examplestring'],
        }
        self.assertEqual(expected_query, parse_qs(qs))