Skip to content

Commit

Permalink
Test Get user info
Browse files Browse the repository at this point in the history
  • Loading branch information
@armanddidierjean
armanddidierjean committed Jan 14, 2024
1 parent 34bdcf2 commit 75faf2f
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 11 deletions.
2 changes: 1 addition & 1 deletion .env.test
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ SQLITE_DB = "test.db" # If set, the application use a SQLite database instead of
# Authorization using JWT #
ACCESS_TOKEN_SECRET_KEY="YWZOHliiI53lJMJc5BI_WbGbA4GF2T7Wbt1airIhOXEa3c021c4-1c55-4182-b141-7778bcc8fac4" # Note: modifing this token requires to update the common `test_check_settings_mocking` test
RSA_PRIVATE_PEM_STRING = "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA1tpj3TZDkJakp2RygsM392pQbcmNBOGFT8FlETcRG/JVFT7k\niClJu+CVOJSVD0epfpYp93cYepfw74SezYnBCyuoLJ2yg5Qh4KlCrWmvwM7vhFIN\nx0xddIQi+Gm0T3dxGtv4Ga50TYX4SV4FE3ctJG9m3pyNF6POODp5tMJvShQWYTto\nW9qNhltZ8Z+14bq2INV/efpT47WuMT+VD/fa9/WwopAtgBcQOvq57fv5+DaPOIVR\n9BiP7F+pv+v6wQ373hI22QzCMsA4Whl+BmWFKcFoBDOBRjlW5VqhJWJkWZIRP0q+\nVAZHk2xJK+0YFc9jmaC+ExMtuyHYK0RnQK/8LQIDAQABAoIBABxJ8v4sZ+cAvrs/\nkYhAFf1gpShfck7jNr9SknEa1Aje9m7usf5vmULAhkVF4v55DAsb0HjB2JpDqTiQ\nOKyNZ7qFzAXb2aZTecZv4tScZsS3OngsqZ3FI0T1JPmaSWBxNJY5wkf3XV7btd5L\nH9X5ShtTA7Np33XuXneu01mGhEq3boLro+vfXMHV5QHyle1F4LUFWEqtP0UmZ5wA\nrro0Y7pA8R88tu5X4iWEjQPnAsbRixwFQ9LNMD8+40e1UIguobRySnP5umErHaIh\nKui7ZijLjbZh/dPS0IfpgahL1K6s9XhT3mD9WMvAvMkNtLewHIZZukG45mOQBrjF\nvvyYxoECgYEA+EY6YimGw0IKnUuf+5uZRXST7kDMENz1Flkcj8oZvo47hdX8/lDN\ni0y7gm3VNfHAK2R2KZPmSbtXA0DvS7kmx1/CFcmwkaakhuU5dyCHldWwSaTME3IE\nxjSZfTvlAiq9i6nUflgfkKo3Bdsiq8TYOUAv25S2SwYDH9Tx0fQwwGECgYEA3Ynt\nCHc8e4YRlGT65UQmEZ8cptmqVRyY4ClMU1xht7Pn0G1JwKRraiEL5/LndwscWf3h\nDygQuArJ28pp4d22FEW1LeXozXYUjJoz3anIA45IZ1OihS7Cx7tJB51/QNJeFdF4\nEX/XHaVukHyYSsAxkwCUYOw3cSgZOSEddL5Wf00CgYEA7JlIlDmMwtFR+jqSmJ3c\n//Kr8zZvAnb/Xa/IZ0MrK4yyLsYR1m48o06Ztx9iO4lKIFAZx1+563QL5P7hzOEC\nkqev90GA8hzD2AXksKEgdOrymAvjq3hSEm0YBN+qS1ldzxYmec0TL7L2wq7lqJnr\nkQuZUAG1g2OUYKZ3WSUDvKECgYEAv24NSkFuG/avfiD7w9xtYNCye2KekskROLG2\n6FltfsWQTEQDdNkekChaF2WHqRAKwaBlNymRuNZpsuhnMerZCQ9rDWwbDF86RnyA\n0MuCr7/kxJQ6XQcY/GnTIydu7F5bOlM0gzqKcW2f6m4fUohczf+0N0QmbDsQAJOi\n1lwadgkCgYEA3tkCBJIPTQecfjWiLqSocS6SrwXU+r3Jw6kI3/IB6ban/nsFdHSb\nnADST7f2zZatN6XALwsLU7f2R09R39ub0AJPyfToxo7MngR1rvaUYooF3rLlaU32\n8DqGvGpLkZkwbtcDmcX1zQoHjUo7RvoShZoapr59ihfrkiiEsXOkuGw=\n-----END RSA PRIVATE KEY-----\n"
AUTH_CLIENTS=[["5507cc3a-fd29-11ec-b939-0242ac120002", null, ["http://127.0.0.1:8000/docs"], "AppAuthClient"], ["453be50-326a-465b-ad50-d4a87e1e487a", "secret", ["http://127.0.0.1:8000/docs"], "AppAuthClient"]]
AUTH_CLIENTS=[["AppAuthClientWithPKCE", null, ["http://127.0.0.1:8000/docs"], "AppAuthClient"], ["AppAuthClientWithClientSecret", "secret", ["http://127.0.0.1:8000/docs"], "AppAuthClient"], ["BaseAuthClient", "secret", ["http://127.0.0.1:8000/docs"], "BaseAuthClient"]]

# OIDC #
# Host or url of the API, used for Openid connect discovery endpoint
Expand Down
73 changes: 63 additions & 10 deletions tests/test_auth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,12 @@
from tests.commons import event_loop # noqa
from tests.commons import add_object_to_db, client

user: models_core.CoreUser


@pytest_asyncio.fixture(scope="module", autouse=True)
async def init_objects():
global user
user = models_core.CoreUser(
id=str(uuid.uuid4()),
email="[email protected]",
Expand Down Expand Up @@ -55,7 +58,7 @@ def test_authorization_code_flow_PKCE():
code_verifier = "AntoineMonBelAntoine"
code_challenge = "ws9GS3kBIFwDfNghvEk7GRlDvbUkSmZen8q2R4v3lBU=" # base64.urlsafe_b64encode(hashlib.sha256("AntoineMonBelAntoine".encode()).digest())
data = {
"client_id": "5507cc3a-fd29-11ec-b939-0242ac120002",
"client_id": "AppAuthClientWithPKCE",
"redirect_uri": "http://127.0.0.1:8000/docs",
"response_type": "code",
"scope": "API openid",
Expand All @@ -82,7 +85,7 @@ def test_authorization_code_flow_PKCE():
"grant_type": "authorization_code",
"code": code,
"redirect_uri": "http://127.0.0.1:8000/docs",
"client_id": "5507cc3a-fd29-11ec-b939-0242ac120002",
"client_id": "AppAuthClientWithPKCE",
"code_verifier": code_verifier,
}

Expand All @@ -99,7 +102,7 @@ def test_authorization_code_flow_PKCE():
data = {
"grant_type": "refresh_token",
"refresh_token": refresh_token,
"client_id": "5507cc3a-fd29-11ec-b939-0242ac120002",
"client_id": "AppAuthClientWithPKCE",
}
response = client.post("/auth/token", data=data)

Expand All @@ -113,7 +116,7 @@ def test_authorization_code_flow_PKCE():
data = {
"grant_type": "refresh_token",
"refresh_token": used_refresh_token,
"client_id": "5507cc3a-fd29-11ec-b939-0242ac120002",
"client_id": "AppAuthClientWithPKCE",
}
response = client.post("/auth/token", data=data) # Try token reuse

Expand All @@ -122,7 +125,7 @@ def test_authorization_code_flow_PKCE():
data = {
"grant_type": "refresh_token",
"refresh_token": valid_refresh_token,
"client_id": "5507cc3a-fd29-11ec-b939-0242ac120002",
"client_id": "AppAuthClientWithPKCE",
}
response = client.post(
"/auth/token", data=data
Expand All @@ -133,7 +136,7 @@ def test_authorization_code_flow_PKCE():

def test_authorization_code_flow_secret():
data = {
"client_id": "453be50-326a-465b-ad50-d4a87e1e487a",
"client_id": "AppAuthClientWithClientSecret",
"client_secret": "secret",
"redirect_uri": "http://127.0.0.1:8000/docs",
"response_type": "code",
Expand All @@ -159,7 +162,7 @@ def test_authorization_code_flow_secret():
"grant_type": "authorization_code",
"code": code,
"redirect_uri": "http://127.0.0.1:8000/docs",
"client_id": "453be50-326a-465b-ad50-d4a87e1e487a",
"client_id": "AppAuthClientWithClientSecret",
"client_secret": "secret",
}

Expand All @@ -176,7 +179,7 @@ def test_authorization_code_flow_secret():
data = {
"grant_type": "refresh_token",
"refresh_token": refresh_token,
"client_id": "453be50-326a-465b-ad50-d4a87e1e487a",
"client_id": "AppAuthClientWithClientSecret",
"client_secret": "secret",
}
response = client.post("/auth/token", data=data)
Expand All @@ -191,7 +194,7 @@ def test_authorization_code_flow_secret():
data = {
"grant_type": "refresh_token",
"refresh_token": used_refresh_token,
"client_id": "453be50-326a-465b-ad50-d4a87e1e487a",
"client_id": "AppAuthClientWithClientSecret",
"client_secret": "secret",
}
response = client.post("/auth/token", data=data) # Try token reuse
Expand All @@ -201,11 +204,61 @@ def test_authorization_code_flow_secret():
data = {
"grant_type": "refresh_token",
"refresh_token": valid_refresh_token,
"client_id": "453be50-326a-465b-ad50-d4a87e1e487a",
"client_id": "AppAuthClientWithClientSecret",
"client_secret": "secret",
}
response = client.post(
"/auth/token", data=data
) # Verify that the token has been revoked due to the reuse attempt

assert response.status_code == 400


def test_get_user_info():
# We first need an access token to query user info endpoints #
data = {
"client_id": "BaseAuthClient",
"client_secret": "secret",
"redirect_uri": "http://127.0.0.1:8000/docs",
"response_type": "code",
"scope": "openid",
"state": "azerty",
"email": "[email protected]",
"password": "azerty",
}
response = client.post(
"/auth/authorization-flow/authorize-validation",
data=data,
follow_redirects=False,
)
assert response.status_code == 302

url = urlparse(response.headers["Location"])
query = parse_qs(url.query)
code = query["code"][0]

data = {
"grant_type": "authorization_code",
"code": code,
"redirect_uri": "http://127.0.0.1:8000/docs",
"client_id": "BaseAuthClient",
"client_secret": "secret",
}

response = client.post("/auth/token", data=data)
assert response.status_code == 200
json = response.json()

access_token = json["access_token"]

# Query user info endpoint #
response = client.get(
"/auth/userinfo",
headers={"Authorization": f"Bearer {access_token}"},
)

assert response.status_code == 200
json = response.json()

global user
assert json["name"] == user.firstname

0 comments on commit 75faf2f

Please sign in to comment.