def test_log_out_the_user_if_the_id_token_is_not_valid(self, rf):
request = rf.get('/oidc/cb/', {
'state': 'state',
'code': 'authcode',
})
SessionMiddleware().process_request(request)
request.session.save()
backend = OIDCAuthBackend()
user = backend.authenticate('nonce', request)
request.session['oidc_auth_id_token_exp_timestamp'] = \
(tz.now() - dt.timedelta(minutes=1)).timestamp()
request.session['oidc_auth_refresh_token'] = 'this_is_a_refresh_token'
auth.login(request, user)
request.user = user
httpretty.register_uri(httpretty.POST,
oidc_rp_settings.PROVIDER_TOKEN_ENDPOINT,
body=json.dumps({
'id_token': 'badidtoken',
'access_token': 'accesstoken',
'refresh_token': 'refreshtoken',
}),
content_type='text/json')
middleware = OIDCRefreshIDTokenMiddleware(lambda r: 'OK')
middleware(request)
assert not request.user.is_authenticated
def test_can_properly_handle_the_case_where_a_user_was_authenticated_using_the_model_backend(
self, rf):
request = rf.get('/')
SessionMiddleware().process_request(request)
request.session.save()
user = get_user_model().objects.create_user('test', '*****@*****.**', 'insecure')
request.user = user
auth.authenticate(username='******', password='******')
auth.login(request, user)
middleware = OIDCRefreshIDTokenMiddleware(lambda r: 'OK')
middleware(request)
assert request.user == user
assert request.user.is_authenticated
def test_do_nothing_if_the_access_token_is_still_valid(self, rf):
request = rf.get('/oidc/cb/', {'state': 'state', 'code': 'authcode', })
SessionMiddleware().process_request(request)
request.session.save()
backend = OIDCAuthBackend()
user = backend.authenticate(request, 'nonce')
request.session['oidc_auth_id_token_exp_timestamp'] = \
(tz.now() + dt.timedelta(minutes=1)).timestamp()
request.session['oidc_auth_refresh_token'] = 'this_is_a_refresh_token'
auth.login(request, user)
request.user = user
middleware = OIDCRefreshIDTokenMiddleware(lambda r: 'OK')
middleware(request)
assert request.session['oidc_auth_refresh_token'] == 'this_is_a_refresh_token'