def test_does_not_need_refresh(self):
authn = OIDCAuthentication(
self.app,
provider_configuration_info={'issuer': ISSUER},
client_registration_info={
'client_id': 'foo',
'session_refresh_interval_seconds': 1
},
)
client_mock = MagicMock()
callback_mock = MagicMock()
now = time.time()
callback_mock.__name__ = 'test_callback' # required for Python 2
authn.client = client_mock
id_token = IdToken(**{'sub': 'sub1', 'nonce': 'nonce', 'exp': 0})
with self.app.test_request_context('/'):
flask.session['destination'] = '/'
flask.session['access_token'] = 'test token'
flask.session['id_token'] = id_token.to_dict()
flask.session['id_token_jwt'] = id_token.to_jwt()
flask.session['last_authenticated'] = now + 100
authn.oidc_auth(callback_mock)()
session = Session(
flask_session=flask.session,
client_registration_info=authn.client_registration_info)
assert session.needs_refresh() is False
def test_dont_reauthenticate_with_valid_id_token(self):
authn = OIDCAuthentication(self.app, provider_configuration_info={'issuer': ISSUER},
client_registration_info={'client_id': 'foo'})
client_mock = MagicMock()
callback_mock = MagicMock()
callback_mock.__name__ = 'test_callback' # required for Python 2
authn.client = client_mock
with self.app.test_request_context('/'):
flask.session['destination'] = '/'
flask.session['id_token'] = {'exp': time.time() + 25}
authn.oidc_auth(callback_mock)()
assert not client_mock.construct_AuthorizationRequest.called
assert callback_mock.called is True
def test_reauthenticate_if_no_session(self):
authn = OIDCAuthentication(
self.app,
provider_configuration_info={'issuer': ISSUER},
client_registration_info={'client_id': 'foo'})
client_mock = MagicMock()
callback_mock = MagicMock()
callback_mock.__name__ = 'test_callback' # required for Python 2
authn.client = client_mock
with self.app.test_request_context('/'):
authn.oidc_auth(callback_mock)()
assert client_mock.construct_AuthorizationRequest.called
assert not callback_mock.called
def test_dont_reauthenticate_with_valid_id_token(self):
authn = OIDCAuthentication(
self.app,
provider_configuration_info={'issuer': ISSUER},
client_registration_info={'client_id': 'foo'})
client_mock = MagicMock()
callback_mock = MagicMock()
callback_mock.__name__ = 'test_callback' # required for Python 2
authn.client = client_mock
with self.app.test_request_context('/'):
flask.session['destination'] = '/'
flask.session['access_token'] = 'test token'
authn.oidc_auth(callback_mock)()
assert not client_mock.construct_AuthorizationRequest.called
assert callback_mock.called is True
def test_reauthenticate_if_no_session(self):
authn = OIDCAuthentication(
self.app,
provider_configuration_info={'issuer': ISSUER},
client_registration_info={'client_id': 'foo'},
)
client_mock = MagicMock()
callback_mock = MagicMock()
callback_mock.__name__ = 'test_callback' # required for Python 2
authn.client = client_mock
id_token = IdToken(**{'sub': 'sub1', 'nonce': 'nonce'})
with self.app.test_request_context('/'):
flask.session['destination'] = '/'
flask.session['access_token'] = None
flask.session['id_token_jwt'] = None
authn.oidc_auth(callback_mock)()
assert client_mock.construct_AuthorizationRequest.called is True
assert callback_mock.called is False
def test_dont_reauthenticate_silent_if_authentication_not_expired(self):
authn = OIDCAuthentication(
self.app,
provider_configuration_info={'issuer': ISSUER},
client_registration_info={
'client_id': 'foo',
'session_refresh_interval_seconds': 999
})
client_mock = MagicMock()
callback_mock = MagicMock()
callback_mock.__name__ = 'test_callback' # required for Python 2
authn.client = client_mock
with self.app.test_request_context('/'):
flask.session['last_authenticated'] = time.time(
) # freshly authenticated
authn.oidc_auth(callback_mock)()
assert not client_mock.construct_AuthorizationRequest.called
assert callback_mock.called
def test_authenticated_session(self):
authn = OIDCAuthentication(
self.app,
provider_configuration_info={'issuer': ISSUER},
client_registration_info={'client_id': 'foo'},
)
client_mock = MagicMock()
callback_mock = MagicMock()
callback_mock.__name__ = 'test_callback' # required for Python 2
authn.client = client_mock
id_token = IdToken(**{'sub': 'sub1', 'nonce': 'nonce', 'exp': 0})
with self.app.test_request_context('/'):
flask.session['destination'] = '/'
flask.session['access_token'] = 'test token'
flask.session['id_token'] = id_token.to_dict()
flask.session['id_token_jwt'] = id_token.to_jwt()
authn.oidc_auth(callback_mock)()
session = Session(
flask_session=flask.session,
client_registration_info=authn.client_registration_info)
assert session.authenticated() is True
def test_unauthenticated_session_with_refresh(self):
authn = OIDCAuthentication(
self.app,
provider_configuration_info={'issuer': ISSUER},
client_registration_info={
'client_id': 'foo',
'session_refresh_interval_seconds': 300
},
)
client_mock = MagicMock()
callback_mock = MagicMock()
callback_mock.__name__ = 'test_callback' # required for Python 2
authn.client = client_mock
id_token = IdToken(**{'sub': 'sub1', 'nonce': 'nonce', 'exp': 0})
with self.app.test_request_context('/'):
flask.session['destination'] = '/'
authn.oidc_auth(callback_mock)()
session = Session(
flask_session=flask.session,
client_registration_info=authn.client_registration_info)
assert session.authenticated() is False
def test_reauthenticate_silent_if_refresh_expired(self):
authn = OIDCAuthentication(
self.app,
provider_configuration_info={'issuer': ISSUER},
client_registration_info={
'client_id': 'foo',
'session_refresh_interval_seconds': 1
},
)
client_mock = MagicMock()
callback_mock = MagicMock()
callback_mock.__name__ = 'test_callback' # required for Python 2
authn.client = client_mock
id_token = IdToken(**{'sub': 'sub1', 'nonce': 'nonce', 'exp': 0})
with self.app.test_request_context('/'):
flask.session['destination'] = '/'
flask.session['access_token'] = 'test token'
flask.session['id_token'] = id_token.to_dict()
flask.session['id_token_jwt'] = id_token.to_jwt()
flask.session['last_authenticated'] = 1
authn.oidc_auth(callback_mock)()
assert client_mock.construct_AuthorizationRequest.called is True
assert callback_mock.called is False
