From e16cc575aaf77e3e5ec2f11fdb6691b5a6858739 Mon Sep 17 00:00:00 2001 From: Livio Bieri Date: Wed, 8 Nov 2023 12:04:38 +0100 Subject: [PATCH] wip: sso flow test (error), existing --- .../sso/tests/test_sso_authorize.py | 37 ------------- .../vbv_lernwelt/sso/tests/test_sso_flow.py | 53 +++++++++++++++++++ server/vbv_lernwelt/sso/views.py | 4 -- 3 files changed, 53 insertions(+), 41 deletions(-) delete mode 100644 server/vbv_lernwelt/sso/tests/test_sso_authorize.py create mode 100644 server/vbv_lernwelt/sso/tests/test_sso_flow.py diff --git a/server/vbv_lernwelt/sso/tests/test_sso_authorize.py b/server/vbv_lernwelt/sso/tests/test_sso_authorize.py deleted file mode 100644 index 19c9a275..00000000 --- a/server/vbv_lernwelt/sso/tests/test_sso_authorize.py +++ /dev/null @@ -1,37 +0,0 @@ -import uuid -from unittest.mock import patch - -from django.test import TestCase -from django.urls import reverse - -from vbv_lernwelt.core.models import User - - -class TestSSO(TestCase): - def test_walking_skeleton(self): - self.assertTrue(True) - - @patch("vbv_lernwelt.sso.views.oauth") - @patch("vbv_lernwelt.sso.views.decode_jwt") - def test_authorize_redirects_on_success(self, mock_decode_jwt, mock_oauth_service): - # GIVEN - email = "bobby@drop.table" - - mock_oauth_service.authorize_access_token.return_value = { - "id_token": "test_token" - } - - mock_decode_jwt.return_value = { - "emails": [email], - "oid": uuid.uuid4(), - "given_name": "Bobby", - "family_name": "Drop-Table", - } - - # WHEN - response = self.client.get(reverse("sso:authorize")) - - # THEN - self.assertTrue(User.objects.filter(email=email).exists()) - self.assertEqual(response.status_code, 302) - self.assertEqual(response.url, "/") diff --git a/server/vbv_lernwelt/sso/tests/test_sso_flow.py b/server/vbv_lernwelt/sso/tests/test_sso_flow.py new file mode 100644 index 00000000..720c0912 --- /dev/null +++ b/server/vbv_lernwelt/sso/tests/test_sso_flow.py @@ -0,0 +1,53 @@ +import uuid +from unittest.mock import patch, Mock + +from authlib.integrations.base_client import OAuthError +from django.conf import settings +from django.test import TestCase +from django.urls import reverse + +from vbv_lernwelt.core.models import User + + +def decoded_token(email, oid=None, given_name="Bobby", family_name="Table"): + return { + "emails": [email], + "oid": oid or uuid.uuid4(), + "given_name": given_name, + "family_name": family_name, + } + + +class TestSSOFlow(TestCase): + @patch("vbv_lernwelt.sso.views.oauth") + @patch("vbv_lernwelt.sso.views.decode_jwt") + def test_authorize_redirects_on_success(self, mock_decode_jwt, _): + # GIVEN + email = "bobby@drop.table" + mock_decode_jwt.return_value = decoded_token(email) + + # WHEN + response = self.client.get(reverse("sso:authorize")) + + # THEN + self.assertTrue(User.objects.filter(email=email).exists()) + self.assertEqual(response.status_code, 302) + self.assertEqual(response.url, "/") # noqa + + @patch("vbv_lernwelt.sso.views.oauth") + def test_authorize_on_tampered_token(self, mock_oauth_service): + # GIVEN + client_name = settings.OAUTH["client_name"] + client_mock = Mock() + client_mock.authorize_access_token.side_effect = OAuthError() + setattr(mock_oauth_service, client_name, client_mock) + + # WHEN + response = self.client.get(reverse("sso:authorize")) + + # THEN + # sanity check that the mock was called (-> setup is correct) + self.assertEqual(client_mock.authorize_access_token.call_count, 1) + + self.assertEqual(response.status_code, 302) + self.assertEqual(response.url, "/login-error?state=someerror") # noqa diff --git a/server/vbv_lernwelt/sso/views.py b/server/vbv_lernwelt/sso/views.py index 8915ae7f..957a1b8e 100644 --- a/server/vbv_lernwelt/sso/views.py +++ b/server/vbv_lernwelt/sso/views.py @@ -22,10 +22,6 @@ def login(request): def authorize(request): - print("authorize") - print(oauth) - print(decode_jwt) - try: logger.debug(request, label="sso") token = getattr(oauth, settings.OAUTH["client_name"]).authorize_access_token(