async def test_introspect_exception():
openid_bearer = OIDCUser("openid_url", "id", "secret")
openid_bearer.openid_config = OIDCConfig.parse_obj(discovery)
mock_async_client = mock.MagicMock(spec=AsyncClient)
async def mock_request(*args, **kwargs):
mock_response = mock.MagicMock(spec=Response)
mock_response.status_code = 400
mock_response.text = "error"
mock_response.json.return_value = {"error": "error"}
return mock_response
mock_async_client.post.side_effect = mock_request
with pytest.raises(HTTPException) as exception:
await openid_bearer.introspect_token(mock_async_client, access_token)
assert exception.value.detail == "error"
mock_async_client.post.assert_called_once_with(
discovery["introspect_endpoint"],
auth=MockBasicAuth("id", "secret"),
headers={"Content-Type": "application/x-www-form-urlencoded"},
params={"token": access_token},
)
async def test_OIDCUser_incompatible_schema():
mock_request = mock.MagicMock(spec=Request)
mock_request.headers = {"Authorization": "basic creds"}
openid_bearer = OIDCUser("openid_url", "id", "secret")
openid_bearer.openid_config = OIDCConfig.parse_obj(discovery)
with pytest.raises(HTTPException) as exception:
await openid_bearer(mock_request)
assert exception.value.status_code == 403
async def test_OIDCUser_disabled():
mock_request = mock.MagicMock(spec=Request)
mock_request.headers = {"Authorization": "Bearer creds"}
async def mock_introspect_token(client, token):
return {"wrong_data": "wrong_data"}
openid_bearer = OIDCUser("openid_url", "id", "secret", enabled=False)
openid_bearer.openid_config = OIDCConfig.parse_obj(discovery)
openid_bearer.introspect_token = mock_introspect_token # type:ignore
result = await openid_bearer(mock_request)
assert result is None
async def test_OIDCUser_no_creds_no_error():
mock_request = mock.MagicMock(spec=Request)
mock_request.headers = {}
async def mock_introspect_token(client, token):
return {"wrong_data": "wrong_data"}
openid_bearer = OIDCUser("openid_url", "id", "secret", auto_error=False)
openid_bearer.openid_config = OIDCConfig.parse_obj(discovery)
openid_bearer.introspect_token = mock_introspect_token # type:ignore
result = await openid_bearer(mock_request, None) # type:ignore
assert result is None
async def test_OIDCUser_invalid():
mock_request = mock.MagicMock(spec=Request)
mock_request.headers = {"Authorization": "Bearer creds"}
async def mock_introspect_token(client, token):
return {"wrong_data": "wrong_data"}
openid_bearer = OIDCUser("openid_url", "id", "secret")
openid_bearer.openid_config = OIDCConfig.parse_obj(discovery)
openid_bearer.introspect_token = mock_introspect_token # type:ignore
with pytest.raises(HTTPException) as exception:
await openid_bearer(mock_request)
assert exception.value.status_code == 401
async def test_OIDCUser_with_token():
mock_request = mock.MagicMock(spec=Request)
mock_request.headers = {"Authorization": "Bearer creds"}
async def mock_introspect_token(client, token):
return user_info_matching
openid_bearer = OIDCUser("openid_url", "id", "secret")
openid_bearer.openid_config = OIDCConfig.parse_obj(discovery)
openid_bearer.introspect_token = mock_introspect_token # type:ignore
result = await openid_bearer(mock_request, token="creds") # noqa: S106
assert result == user_info_matching
async def test_introspect_token(make_mock_async_client):
openid_bearer = OIDCUser("openid_url", "id", "secret")
openid_bearer.openid_config = OIDCConfig.parse_obj(discovery)
mock_async_client = make_mock_async_client(user_info_matching)
result = await openid_bearer.introspect_token(mock_async_client,
access_token)
assert result == user_info_matching
mock_async_client.post.assert_called_once_with(
discovery["introspect_endpoint"],
auth=MockBasicAuth("id", "secret"),
headers={"Content-Type": "application/x-www-form-urlencoded"},
params={"token": access_token},
)