def create_fake_client(response_type, is_public=False, require_consent=True): """ Create a test client, response_type argument MUST be: 'code', 'id_token' or 'id_token token'. Return a Client object. """ client = Client() client.name = 'Some Client' client.client_id = str(random.randint(1, 999999)).zfill(6) if is_public: client.client_type = 'public' client.client_secret = '' else: client.client_secret = str(random.randint(1, 999999)).zfill(6) client.redirect_uris = ['http://example.com/'] client.require_consent = require_consent client.scope = ['openid', 'email'] client.save() # check if response_type is a string in a python 2 and 3 compatible way if isinstance(response_type, ("".__class__, u"".__class__)): response_type = (response_type, ) for value in response_type: client.response_types.add(ResponseType.objects.get(value=value)) return client
def create_fake_client(response_type, is_public=False, require_consent=True): """ Create a test client, response_type argument MUST be: 'code', 'id_token' or 'id_token token'. Return a Client object. """ client = Client() client.name = 'Some Client' client.client_id = str(random.randint(1, 999999)).zfill(6) if is_public: client.client_type = 'public' client.client_secret = '' else: client.client_secret = str(random.randint(1, 999999)).zfill(6) client.redirect_uris = ['http://example.com/'] client.require_consent = require_consent client.save() # check if response_type is a string in a python 2 and 3 compatible way if isinstance(response_type, ("".__class__, u"".__class__)): response_type = (response_type,) for value in response_type: client.response_types.add(ResponseType.objects.get(value=value)) return client
def create_oidc_client(): factory = RequestFactory() client = Client() client.name = "OIDC" client.client_id = str(random.randint(1, 999999)).zfill(6) client.client_secret = str(random.randint(1, 999999)).zfill(6) client.redirect_uris = ['http://example.com/'] client.require_consent = False client.save() client.response_types.add(ResponseType.objects.get(value='code')) return client
def create_api_preconditions_with_scope(user, scopes): assert isinstance(scopes, list) bearer = uuid.uuid4().hex client = Client(name='test_client') client.save() expires_at = timezone.now() + timezone.timedelta(days=30) t = Token(scope=scopes, access_token=bearer, user=user, expires_at=expires_at, client=client) t.save() return bearer
def handle(self, *args, **options): name = options['name'][0] client_id = options['client_id'][0] client_secret = options['client_secret'] client_type = options['client_type'] response_type = options['response_type'][0] redirect_uris = options['redirect_uris'] reuse_consent = options['reuse_consent'] require_consent = options['require_consent'] c = Client(name=name, client_id=client_id, client_secret=client_secret, client_type=client_type, response_type=response_type, redirect_uris=redirect_uris, reuse_consent=reuse_consent, require_consent=require_consent) c.save()
def create_fake_client(response_type, is_public=False): """ Create a test client, response_type argument MUST be: 'code', 'id_token' or 'id_token token'. Return a Client object. """ client = Client() client.name = 'Some Client' client.client_id = str(random.randint(1, 999999)).zfill(6) if is_public: client.client_type = 'public' client.client_secret = '' else: client.client_secret = str(random.randint(1, 999999)).zfill(6) client.response_type = response_type client.redirect_uris = ['http://example.com/'] client.save() return client
class OIDCAuthorizationTest(TestCase): def setUp(self): from contest.models import Edition from datetime import timedelta from django.utils import timezone self.oidc_client = OIDCClient(name="test_client") self.oidc_client.save() self.user = get_user_model()(username="******") self.user.save() self.edition = Edition(year=settings.PROLOGIN_EDITION, date_begin=timezone.now(), date_end=timezone.now() + timedelta(days=365)) self.edition.save() def test_allowed_in_client_without_policy(self): self.assertEqual( oidc_authz.authorize(None, self.user, self.oidc_client), None) def test_not_allowed_in_client_with_empty_policy(self): from django.core.exceptions import PermissionDenied policy = OpenIDClientPolicy(openid_client=self.oidc_client) policy.save() with self.assertRaises(PermissionDenied): oidc_authz.authorize(None, self.user, self.oidc_client) policy.delete() def test_staff_allowed_in_staff_only_policy(self): policy = OpenIDClientPolicy(openid_client=self.oidc_client, allow_staff=True) user = get_user_model()(username="******", email="*****@*****.**", is_staff=True) user.save() self.assertTrue(policy.is_user_allowed(user)) user.delete() def test_non_staff_not_allowed_in_staff_only_policy(self): policy = OpenIDClientPolicy(openid_client=self.oidc_client, allow_staff=True) user = get_user_model()(username="******", email="*****@*****.**") user.save() self.assertTrue(not policy.is_user_allowed(user)) user.delete() def test_group_member_in_group_allowed(self): from django.contrib.auth.models import Group group = Group(name="allowed_group") other_group = Group(name="other_group") group.save() other_group.save() policy = OpenIDClientPolicy(openid_client=self.oidc_client) policy.allow_groups.set([group, other_group]) policy.save() user = get_user_model()(username="******", email="*****@*****.**") user.save() user.groups.set([group]) user.save() self.assertTrue(policy.is_user_allowed(user)) other_group.delete() group.delete() user.delete() policy.delete() def test_not_group_member_in_group_allowed(self): from django.contrib.auth.models import Group group = Group(name="allowed_group2") group.save() policy = OpenIDClientPolicy(openid_client=self.oidc_client) policy.save() policy.allow_groups.set([group]) user = get_user_model()(username="******", email="*****@*****.**") user.save() self.assertTrue(not policy.is_user_allowed(user)) group.delete() user.delete() policy.delete() def test_assigned_semifinal_in_assigned_semifinal(self): from contest.models import Contestant user = get_user_model()(username="******", email="*****@*****.**") user.save() contestant = Contestant(edition=self.edition, user=user, assignation_semifinal=2) contestant.save() policy = OpenIDClientPolicy(openid_client=self.oidc_client, allow_assigned_semifinal=True) policy.save() self.assertTrue(policy.is_user_allowed(user)) user.delete() policy.delete() def test_not_assigned_semifinal_in_assigned_semifinal(self): from contest.models import Contestant user = get_user_model()(username="******", email="*****@*****.**") user.save() contestant = Contestant(edition=self.edition, user=user) contestant.save() policy = OpenIDClientPolicy(openid_client=self.oidc_client, allow_assigned_semifinal=True) policy.save() self.assertFalse(policy.is_user_allowed(user)) user.delete() policy.delete() def test_assigned_final_in_assigned_final(self): from contest.models import Contestant user = get_user_model()(username="******", email="*****@*****.**") user.save() contestant = Contestant(edition=self.edition, user=user, assignation_final=2) contestant.save() policy = OpenIDClientPolicy(openid_client=self.oidc_client, allow_assigned_final=True) self.assertTrue(policy.is_user_allowed(user)) user.delete() policy.delete() def test_not_assigned_final_in_assigned_final(self): from contest.models import Contestant user = get_user_model()(username="******", email="*****@*****.**") user.save() contestant = Contestant(edition=self.edition, user=user, assignation_final=0) contestant.save() policy = OpenIDClientPolicy(openid_client=self.oidc_client, allow_assigned_final=True) policy.save() self.assertFalse(policy.is_user_allowed(user)) user.delete() policy.delete()