mirror of
https://github.com/peeringdb/peeringdb.git
synced 2024-05-11 05:55:09 +00:00
c3b70ce09f
* Expose authentication methods on outbound federation * relock * docs * linting * docs * webauthn instead of u2f * use swk * docs * remove cruft * remove unused import * add amr claim for JWT ID token as well fix tests add test key * fix oidc validator tests * fix merge cruft --------- Co-authored-by: 20C <code@20c.com>
114 lines
2.9 KiB
Python
114 lines
2.9 KiB
Python
import pytest
|
|
from django.contrib.auth.models import Group
|
|
from oauthlib.common import Request
|
|
|
|
from mainsite.oauth2 import validators
|
|
from peeringdb_server import models
|
|
|
|
from .util import reset_group_ids
|
|
|
|
|
|
@pytest.fixture
|
|
def organization():
|
|
reset_group_ids()
|
|
return models.Organization.objects.create(name="test org", status="ok")
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def network(organization):
|
|
return models.Network.objects.create(
|
|
name="test network", org=organization, asn=123, status="ok"
|
|
)
|
|
|
|
|
|
@pytest.fixture
|
|
def verified_user(organization):
|
|
user_group = Group.objects.get(name="user")
|
|
|
|
user = models.User.objects.create_user(
|
|
"testuser", "testuser@example.net", first_name="Test", last_name="User"
|
|
)
|
|
|
|
# This makes the user verified
|
|
user_group.user_set.add(user)
|
|
|
|
organization.usergroup.user_set.add(user)
|
|
return user
|
|
|
|
|
|
@pytest.fixture
|
|
def oauth_request(verified_user):
|
|
request = Request("/")
|
|
request.user = verified_user
|
|
request.scopes = []
|
|
request.client = None
|
|
request.decoded_body = [("code", "testcode")]
|
|
return request
|
|
|
|
|
|
@pytest.mark.django_db
|
|
def test_oidc_validator_produces_profile_claims(oauth_request):
|
|
oauth_request.scopes = ["openid", "profile"]
|
|
validator = validators.OIDCValidator()
|
|
claims = validator.get_oidc_claims(None, None, oauth_request)
|
|
|
|
assert claims == {
|
|
"sub": f"{oauth_request.user.id}",
|
|
"id": oauth_request.user.id,
|
|
"family_name": "User",
|
|
"given_name": "Test",
|
|
"name": "Test User",
|
|
"verified_user": True,
|
|
"email": None,
|
|
"email_verified": None,
|
|
"networks": None,
|
|
"amr": [],
|
|
}
|
|
|
|
|
|
@pytest.mark.django_db
|
|
def test_oidc_validator_produces_email_claims(oauth_request):
|
|
oauth_request.scopes = ["openid", "email"]
|
|
validator = validators.OIDCValidator()
|
|
claims = validator.get_oidc_claims(None, None, oauth_request)
|
|
|
|
assert claims == {
|
|
"sub": f"{oauth_request.user.id}",
|
|
"id": None,
|
|
"family_name": None,
|
|
"given_name": None,
|
|
"verified_user": None,
|
|
"name": None,
|
|
"email": "testuser@example.net",
|
|
"email_verified": False,
|
|
"networks": None,
|
|
"amr": [],
|
|
}
|
|
|
|
|
|
@pytest.mark.django_db
|
|
def test_oidc_validator_produces_network_claims(oauth_request, network):
|
|
oauth_request.scopes = ["openid", "networks"]
|
|
validator = validators.OIDCValidator()
|
|
claims = validator.get_oidc_claims(None, None, oauth_request)
|
|
|
|
assert claims == {
|
|
"sub": f"{oauth_request.user.id}",
|
|
"id": None,
|
|
"family_name": None,
|
|
"given_name": None,
|
|
"verified_user": None,
|
|
"name": None,
|
|
"email": None,
|
|
"email_verified": None,
|
|
"networks": [
|
|
{
|
|
"id": network.id,
|
|
"asn": 123,
|
|
"name": "test network",
|
|
"perms": 1,
|
|
},
|
|
],
|
|
"amr": [],
|
|
}
|