class BackendsKeycloakAuthorizationBaseGetKeycloakPermissionsTestCase(
MockTestCaseMixin, TestCase):
def setUp(self):
self.backend = KeycloakAuthorizationBase()
self.profile = RemoteUserOpenIdConnectProfileFactory()
self.setup_mock(
'django_keycloak.services.oidc_profile.get_entitlement',
return_value={
'authorization': {
'permissions': [{
'resource_set_name': 'Resource',
'scopes': ['Read', 'Update']
}, {
'resource_set_name': 'Resource2'
}]
}
})
def test_get_keycloak_permissions(self):
"""
Case: The permissions are requested from Keycloak, which are returned
by get_entitlement as a decoded RPT.
Expect: The permissions are extracted from the RPT and are returned
in a list.
"""
permissions = self.backend.get_keycloak_permissions(
user_obj=self.profile.user)
self.assertListEqual(['Read_Resource', 'Update_Resource', 'Resource2'],
permissions)
def setUp(self):
self.backend = KeycloakAuthorizationBase()
self.profile = OpenIdConnectProfileFactory(user__is_active=True)
self.setup_mock(
'django_keycloak.services.oidc_profile.get_entitlement',
return_value={
'authorization': {
'permissions': [{
'resource_set_name': 'Resource',
'scopes': ['Read', 'Update']
}, {
'resource_set_name': 'Resource2'
}]
}
})
class BackendsKeycloakAuthorizationBaseHasPermTestCase(MockTestCaseMixin,
TestCase):
def setUp(self):
self.backend = KeycloakAuthorizationBase()
self.profile = OpenIdConnectProfileFactory(user__is_active=True)
self.setup_mock(
'django_keycloak.services.oidc_profile.get_entitlement',
return_value={
'authorization': {
'permissions': [{
'resource_set_name': 'Resource',
'scopes': ['Read', 'Update']
}, {
'resource_set_name': 'Resource2'
}]
}
})
def test_resource_scope_should_have_permission(self):
"""
Case: Permission is expected that is available to the user.
Expected: Permission granted.
"""
permission = self.backend.has_perm(user_obj=self.profile.user,
perm='Read_Resource')
self.assertTrue(permission)
def test_resource_no_scope_should_not_have_permission(self):
""""
Case: Permission is formatted as resource only which does not exist as
such in the RPT.
Expected: Permission denied.
"""
permission = self.backend.has_perm(user_obj=self.profile.user,
perm='Resource')
self.assertFalse(permission)
def test_resource_other_scope_should_not_have_permission(self):
""""
Case: Permission is expected with a scope that is not available to
the user according to the RPT.
Expected: Permission denied.
"""
permission = self.backend.has_perm(user_obj=self.profile.user,
perm='Create_Resource')
self.assertFalse(permission)
def test_other_resource_other_scope_should_not_have_permission(self):
""""
Case: Permission is expected that is not available to the user
according to the RPT.
Expected: Permission denied.
"""
permission = self.backend.has_perm(user_obj=self.profile.user,
perm='OtherScope_OtherResource')
self.assertFalse(permission)
def test_resource_no_scope_should_have_permission(self):
""""
Case: Permission is expected with no scope provided, but scope is
also not provided in the RPT.
Expected: Permission granted.
"""
permission = self.backend.has_perm(user_obj=self.profile.user,
perm='Resource2')
self.assertTrue(permission)