示例#1
0
    def test_list_oidc_provider_configs(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app)
        recorder = _instrument_provider_mgt(
            client, 200, LIST_OIDC_PROVIDER_CONFIGS_RESPONSE)

        page = client.list_oidc_provider_configs()

        assert isinstance(page, auth.ListProviderConfigsPage)
        index = 0
        assert len(page.provider_configs) == 2
        for provider_config in page.provider_configs:
            self._assert_oidc_provider_config(
                provider_config, want_id='oidc.provider{0}'.format(index))
            index += 1

        assert page.next_page_token == ''
        assert page.has_next_page is False
        assert page.get_next_page() is None
        provider_configs = list(config for config in page.iterate_all())
        assert len(provider_configs) == 2

        assert len(recorder) == 1
        req = recorder[0]
        assert req.method == 'GET'
        assert req.url == '{0}{1}'.format(
            PROVIDER_MGT_URL_PREFIX,
            '/tenants/tenant-id/oauthIdpConfigs?pageSize=100')
示例#2
0
def get_tenant_client(tenant_id):
    # [START get_tenant_client]
    from firebase_admin import tenant_mgt

    tenant_client = tenant_mgt.auth_for_tenant(tenant_id)
    # [END get_tenant_client]
    return tenant_client
示例#3
0
    def test_update_saml_provider_config(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app)
        recorder = _instrument_provider_mgt(client, 200,
                                            SAML_PROVIDER_CONFIG_RESPONSE)

        provider_config = client.update_saml_provider_config(
            'saml.provider',
            idp_entity_id='IDP_ENTITY_ID',
            sso_url='https://example.com/login',
            x509_certificates=['CERT1', 'CERT2'],
            rp_entity_id='RP_ENTITY_ID',
            callback_url='https://projectId.firebaseapp.com/__/auth/handler',
            display_name='samlProviderName',
            enabled=True)

        self._assert_saml_provider_config(provider_config)
        mask = [
            'displayName',
            'enabled',
            'idpConfig.idpCertificates',
            'idpConfig.idpEntityId',
            'idpConfig.ssoUrl',
            'spConfig.callbackUri',
            'spConfig.spEntityId',
        ]
        url = '/inboundSamlConfigs/saml.provider?updateMask={0}'.format(
            ','.join(mask))
        self._assert_request(recorder,
                             url,
                             SAML_PROVIDER_CONFIG_REQUEST,
                             method='PATCH',
                             prefix=PROVIDER_MGT_URL_PREFIX)
示例#4
0
def test_update_saml_provider_config(sample_tenant):
    client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id)
    provider_config = _create_saml_provider_config(client)
    try:
        provider_config = client.update_saml_provider_config(
            provider_config.provider_id,
            idp_entity_id='UPDATED_IDP_ENTITY_ID',
            sso_url='https://example.com/updated_login',
            x509_certificates=[test_auth.X509_CERTIFICATES[1]],
            rp_entity_id='UPDATED_RP_ENTITY_ID',
            callback_url=
            'https://updatedProjectId.firebaseapp.com/__/auth/handler',
            display_name='UPDATED_SAML_DISPLAY_NAME',
            enabled=False)
        assert provider_config.idp_entity_id == 'UPDATED_IDP_ENTITY_ID'
        assert provider_config.sso_url == 'https://example.com/updated_login'
        assert provider_config.x509_certificates == [
            test_auth.X509_CERTIFICATES[1]
        ]
        assert provider_config.rp_entity_id == 'UPDATED_RP_ENTITY_ID'
        assert provider_config.callback_url == (
            'https://updatedProjectId.firebaseapp.com/'
            '__/auth/handler')
        assert provider_config.display_name == 'UPDATED_SAML_DISPLAY_NAME'
        assert provider_config.enabled is False
    finally:
        client.delete_saml_provider_config(provider_config.provider_id)
示例#5
0
def test_custom_token(sample_tenant, api_key):
    client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id)
    custom_token = client.create_custom_token('user1')
    id_token = _sign_in(custom_token, sample_tenant.tenant_id, api_key)
    claims = client.verify_id_token(id_token)
    assert claims['uid'] == 'user1'
    assert claims['firebase']['tenant'] == sample_tenant.tenant_id
示例#6
0
def test_revoke_refresh_tokens(sample_tenant, tenant_user):
    valid_since = int(time.time())
    time.sleep(1)
    client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id)
    client.revoke_refresh_tokens(tenant_user.uid)
    user = client.get_user(tenant_user.uid)
    assert user.tokens_valid_after_timestamp > valid_since
示例#7
0
    def test_create_user(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app)
        recorder = _instrument_user_mgt(client, 200, '{"localId":"testuser"}')

        uid = client._user_manager.create_user()

        assert uid == 'testuser'
        self._assert_request(recorder, '/accounts', {})
示例#8
0
    def test_custom_token(self, tenant_aware_custom_token_app):
        client = tenant_mgt.auth_for_tenant('test-tenant',
                                            app=tenant_aware_custom_token_app)

        custom_token = client.create_custom_token('user1')

        test_token_gen.verify_custom_token(custom_token,
                                           expected_claims=None,
                                           tenant_id='test-tenant')
示例#9
0
def test_list_users(sample_tenant, tenant_user):
    client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id)
    page = client.list_users()
    result = None
    for user in page.iterate_all():
        if user.uid == tenant_user.uid:
            result = user
            break
    assert result.tenant_id == sample_tenant.tenant_id
示例#10
0
    def test_delete_user(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app)
        recorder = _instrument_user_mgt(client, 200,
                                        '{"kind":"deleteresponse"}')

        client.delete_user('testuser')

        self._assert_request(recorder, '/accounts:delete',
                             {'localId': 'testuser'})
示例#11
0
    def test_valid_token(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('test-tenant', app=tenant_mgt_app)
        client._token_verifier.request = test_token_gen.MOCK_REQUEST

        claims = client.verify_id_token(
            test_token_gen.TEST_ID_TOKEN_WITH_TENANT)

        assert claims['admin'] is True
        assert claims['uid'] == claims['sub']
        assert claims['firebase']['tenant'] == 'test-tenant'
示例#12
0
def test_get_oidc_provider_config(sample_tenant, oidc_provider):
    client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id)
    provider_config = client.get_oidc_provider_config(
        oidc_provider.provider_id)
    assert isinstance(provider_config, auth.OIDCProviderConfig)
    assert provider_config.provider_id == oidc_provider.provider_id
    assert provider_config.client_id == 'OIDC_CLIENT_ID'
    assert provider_config.issuer == 'https://oidc.com/issuer'
    assert provider_config.display_name == 'OIDC_DISPLAY_NAME'
    assert provider_config.enabled is True
示例#13
0
def test_list_saml_provider_configs(sample_tenant, saml_provider):
    client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id)
    page = client.list_saml_provider_configs()
    result = None
    for provider_config in page.iterate_all():
        if provider_config.provider_id == saml_provider.provider_id:
            result = provider_config
            break

    assert result is not None
示例#14
0
    def test_custom_token_with_claims(self, tenant_aware_custom_token_app):
        client = tenant_mgt.auth_for_tenant('test-tenant',
                                            app=tenant_aware_custom_token_app)
        claims = {'admin': True}

        custom_token = client.create_custom_token('user1', claims)

        test_token_gen.verify_custom_token(custom_token,
                                           expected_claims=claims,
                                           tenant_id='test-tenant')
示例#15
0
    def test_set_custom_user_claims(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app)
        recorder = _instrument_user_mgt(client, 200, '{"localId":"testuser"}')
        claims = {'admin': True}

        client.set_custom_user_claims('testuser', claims)

        self._assert_request(recorder, '/accounts:update', {
            'localId': 'testuser',
            'customAttributes': json.dumps(claims),
        })
示例#16
0
    def test_get_user_by_phone_number(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app)
        recorder = _instrument_user_mgt(client, 200, MOCK_GET_USER_RESPONSE)

        user = client.get_user_by_phone_number('+1234567890')

        assert isinstance(user, auth.UserRecord)
        assert user.uid == 'testuser'
        assert user.email == '*****@*****.**'
        self._assert_request(recorder, '/accounts:lookup',
                             {'phoneNumber': ['+1234567890']})
示例#17
0
    def test_delete_saml_provider_config(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app)
        recorder = _instrument_provider_mgt(client, 200, '{}')

        client.delete_saml_provider_config('saml.provider')

        assert len(recorder) == 1
        req = recorder[0]
        assert req.method == 'DELETE'
        assert req.url == '{0}/tenants/tenant-id/inboundSamlConfigs/saml.provider'.format(
            PROVIDER_MGT_URL_PREFIX)
示例#18
0
    def test_tenant_not_found(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app)
        _instrument_user_mgt(client, 500, TENANT_NOT_FOUND_RESPONSE)
        with pytest.raises(tenant_mgt.TenantNotFoundError) as excinfo:
            client.get_user('testuser')

        error_msg = 'No tenant found for the given identifier (TENANT_NOT_FOUND).'
        assert excinfo.value.code == exceptions.NOT_FOUND
        assert str(excinfo.value) == error_msg
        assert excinfo.value.http_response is not None
        assert excinfo.value.cause is not None
示例#19
0
    def test_invalid_tenant_id(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('other-tenant', app=tenant_mgt_app)
        client._token_verifier.request = test_token_gen.MOCK_REQUEST

        with pytest.raises(tenant_mgt.TenantIdMismatchError) as excinfo:
            client.verify_id_token(test_token_gen.TEST_ID_TOKEN_WITH_TENANT)

        assert 'Invalid tenant ID: test-tenant' in str(excinfo.value)
        assert isinstance(excinfo.value, exceptions.InvalidArgumentError)
        assert excinfo.value.cause is None
        assert excinfo.value.http_response is None
示例#20
0
def test_import_users(sample_tenant):
    client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id)
    user = auth.ImportUserRecord(uid=_random_uid(), email=_random_email())
    result = client.import_users([user])
    try:
        assert result.success_count == 1
        assert result.failure_count == 0
        saved_user = client.get_user(user.uid)
        assert saved_user.email == user.email
    finally:
        client.delete_user(user.uid)
示例#21
0
    def test_update_user(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app)
        recorder = _instrument_user_mgt(client, 200, '{"localId":"testuser"}')

        uid = client._user_manager.update_user('testuser',
                                               email='*****@*****.**')

        assert uid == 'testuser'
        self._assert_request(recorder, '/accounts:update', {
            'localId': 'testuser',
            'email': '*****@*****.**',
        })
示例#22
0
def test_update_user(sample_tenant):
    client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id)
    user = client.create_user()
    try:
        email = _random_email()
        phone = _random_phone()
        user = client.update_user(user.uid, email=email, phone_number=phone)
        assert user.tenant_id == sample_tenant.tenant_id
        assert user.email == email
        assert user.phone_number == phone
    finally:
        client.delete_user(user.uid)
示例#23
0
    def test_get_saml_provider_config(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app)
        recorder = _instrument_provider_mgt(client, 200,
                                            SAML_PROVIDER_CONFIG_RESPONSE)

        provider_config = client.get_saml_provider_config('saml.provider')

        self._assert_saml_provider_config(provider_config)
        assert len(recorder) == 1
        req = recorder[0]
        assert req.method == 'GET'
        assert req.url == '{0}/tenants/tenant-id/inboundSamlConfigs/saml.provider'.format(
            PROVIDER_MGT_URL_PREFIX)
示例#24
0
    def test_revoke_refresh_tokens(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app)
        recorder = _instrument_user_mgt(client, 200, '{"localId":"testuser"}')

        client.revoke_refresh_tokens('testuser')

        assert len(recorder) == 1
        req = recorder[0]
        assert req.method == 'POST'
        assert req.url == '{0}/tenants/tenant-id/accounts:update'.format(
            USER_MGT_URL_PREFIX)
        body = json.loads(req.body.decode())
        assert body['localId'] == 'testuser'
        assert 'validSince' in body
示例#25
0
    def test_generate_password_reset_link(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app)
        recorder = _instrument_user_mgt(client, 200,
                                        '{"oobLink":"https://testlink"}')

        link = client.generate_password_reset_link('*****@*****.**')

        assert link == 'https://testlink'
        self._assert_request(
            recorder, '/accounts:sendOobCode', {
                'email': '*****@*****.**',
                'requestType': 'PASSWORD_RESET',
                'returnOobLink': True,
            })
示例#26
0
    def test_generate_email_verification_link(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app)
        recorder = _instrument_user_mgt(client, 200,
                                        '{"oobLink":"https://testlink"}')

        link = client.generate_email_verification_link('*****@*****.**')

        assert link == 'https://testlink'
        self._assert_request(
            recorder, '/accounts:sendOobCode', {
                'email': '*****@*****.**',
                'requestType': 'VERIFY_EMAIL',
                'returnOobLink': True,
            })
示例#27
0
def test_get_saml_provider_config(sample_tenant, saml_provider):
    client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id)
    provider_config = client.get_saml_provider_config(
        saml_provider.provider_id)
    assert isinstance(provider_config, auth.SAMLProviderConfig)
    assert provider_config.provider_id == saml_provider.provider_id
    assert provider_config.idp_entity_id == 'IDP_ENTITY_ID'
    assert provider_config.sso_url == 'https://example.com/login'
    assert provider_config.x509_certificates == [
        test_auth.X509_CERTIFICATES[0]
    ]
    assert provider_config.rp_entity_id == 'RP_ENTITY_ID'
    assert provider_config.callback_url == 'https://projectId.firebaseapp.com/__/auth/handler'
    assert provider_config.display_name == 'SAML_DISPLAY_NAME'
    assert provider_config.enabled is True
示例#28
0
def test_update_oidc_provider_config(sample_tenant):
    client = tenant_mgt.auth_for_tenant(sample_tenant.tenant_id)
    provider_config = _create_oidc_provider_config(client)
    try:
        provider_config = client.update_oidc_provider_config(
            provider_config.provider_id,
            client_id='UPDATED_OIDC_CLIENT_ID',
            issuer='https://oidc.com/updated_issuer',
            display_name='UPDATED_OIDC_DISPLAY_NAME',
            enabled=False)
        assert provider_config.client_id == 'UPDATED_OIDC_CLIENT_ID'
        assert provider_config.issuer == 'https://oidc.com/updated_issuer'
        assert provider_config.display_name == 'UPDATED_OIDC_DISPLAY_NAME'
        assert provider_config.enabled is False
    finally:
        client.delete_oidc_provider_config(provider_config.provider_id)
示例#29
0
    def test_generate_sign_in_with_email_link(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app)
        recorder = _instrument_user_mgt(client, 200,
                                        '{"oobLink":"https://testlink"}')
        settings = auth.ActionCodeSettings(url='http://localhost')

        link = client.generate_sign_in_with_email_link('*****@*****.**',
                                                       settings)

        assert link == 'https://testlink'
        self._assert_request(
            recorder, '/accounts:sendOobCode', {
                'email': '*****@*****.**',
                'requestType': 'EMAIL_SIGNIN',
                'returnOobLink': True,
                'continueUrl': 'http://localhost',
            })
示例#30
0
    def test_create_oidc_provider_config(self, tenant_mgt_app):
        client = tenant_mgt.auth_for_tenant('tenant-id', app=tenant_mgt_app)
        recorder = _instrument_provider_mgt(client, 200,
                                            OIDC_PROVIDER_CONFIG_RESPONSE)

        provider_config = client.create_oidc_provider_config(
            'oidc.provider',
            client_id='CLIENT_ID',
            issuer='https://oidc.com/issuer',
            display_name='oidcProviderName',
            enabled=True)

        self._assert_oidc_provider_config(provider_config)
        self._assert_request(recorder,
                             '/oauthIdpConfigs?oauthIdpConfigId=oidc.provider',
                             OIDC_PROVIDER_CONFIG_REQUEST,
                             prefix=PROVIDER_MGT_URL_PREFIX)