class ClientFactory(DjangoModelFactory):
name = Faker("company")
client_id = LazyFunction(lambda: hex_string(64))
client_secret = LazyFunction(lambda: hex_string(64))
scopes = ["openid", "profile", "email", "address"]
scope = LazyAttribute(lambda o: " ".join(o.scopes))
class Meta:
model = Client
exclude = ["scopes"]
def test_oidc(browser, oidc_client, oidc_provider, oidc_scopes, person,
user_account, user_password):
oidc_session = SimpleNamespace(
state=hex_string(16),
nonce=hex_string(16),
)
auth_req = oidc_client.construct_AuthorizationRequest(
request_args={
'client_id': oidc_client.client_id,
'response_type': 'code',
'scope': oidc_scopes,
'nonce': oidc_session.nonce,
'redirect_uri': oidc_provider.redirect_uris[0],
'state': oidc_session.state,
})
auth_url = auth_req.request(oidc_client.authorization_endpoint)
browser.visit(auth_url)
browser.find_by_name('username').fill(user_account.username)
browser.find_by_name('password').fill(user_password)
browser.find_by_value('Log in').click()
browser.find_by_value('Authorize').click()
auth_resp = oidc_client.parse_response(
AuthorizationResponse,
info=browser.url,
sformat='urlencoded',
)
assert auth_resp['state'] == oidc_session.state
oidc_client.do_access_token_request(
state=oidc_session.state,
request_args={
'code': auth_resp['code'],
},
authn_method='client_secret_basic',
)
user_info = oidc_client.do_user_info_request(
state=oidc_session.state,
behavior='use_authorization_header',
)
assert user_info['sub'] == str(user_account.pk)
assert user_info['name'] == person.full_name
assert user_info['given_name'] == person.first_name
assert user_info['family_name'] == person.last_name
if person.nickname:
assert user_info['nickname'] == person.nickname
assert user_info['preferred_username'] == user_account.username
assert user_info['birthdate'] == person.date_of_birth.isoformat()
assert user_info['email'] == person.email
def test_oidc(
browser,
oidc_client,
oidc_provider,
oidc_scopes,
person,
user_account,
user_password,
):
oidc_session = SimpleNamespace(state=hex_string(16), nonce=hex_string(16))
auth_req = oidc_client.construct_AuthorizationRequest(
request_args={
"client_id": oidc_client.client_id,
"response_type": "code",
"scope": oidc_scopes,
"nonce": oidc_session.nonce,
"redirect_uri": oidc_provider.redirect_uris[0],
"state": oidc_session.state,
})
auth_url = auth_req.request(oidc_client.authorization_endpoint)
browser.visit(auth_url)
browser.find_by_name("username").fill(user_account.username)
browser.find_by_name("password").fill(user_password)
browser.find_by_value("Log in").click()
browser.find_by_value("Authorize").click()
auth_resp = oidc_client.parse_response(AuthorizationResponse,
info=browser.url,
sformat="urlencoded")
assert auth_resp["state"] == oidc_session.state
oidc_client.do_access_token_request(
state=oidc_session.state,
request_args={"code": auth_resp["code"]},
authn_method="client_secret_basic",
)
user_info = oidc_client.do_user_info_request(
state=oidc_session.state, behavior="use_authorization_header")
assert user_info["sub"] == str(user_account.pk)
assert user_info["name"] == person.full_name
assert user_info["given_name"] == person.first_name
assert user_info["family_name"] == person.last_name
if person.nickname:
assert user_info["nickname"] == person.nickname
assert user_info["preferred_username"] == user_account.username
assert user_info["birthdate"] == person.date_of_birth.isoformat()
assert user_info["email"] == person.email
class ClientFactory(DjangoModelFactory):
name = Faker('company')
client_id = LazyFunction(lambda: hex_string(64))
client_secret = LazyFunction(lambda: hex_string(64))
scopes = ['openid', 'profile', 'email', 'address']
scope = LazyAttribute(lambda o: ' '.join(o.scopes))
class Meta:
model = Client
exclude = [
'scopes',
]
def user_password():
return hex_string(16)
def save(self, *args, **kwargs):
if not self.token:
self.token = hex_string(length=AUTH_TOKEN_LENGTH)
super().save(*args, **kwargs)