From 75faf2f877375598fe1888bb437ff18c41c1d70a Mon Sep 17 00:00:00 2001 From: armanddidierjean <95971503+armanddidierjean@users.noreply.github.com> Date: Sun, 14 Jan 2024 16:55:35 +0100 Subject: [PATCH] Test Get user info --- .env.test | 2 +- tests/test_auth.py | 73 +++++++++++++++++++++++++++++++++++++++------- 2 files changed, 64 insertions(+), 11 deletions(-) diff --git a/.env.test b/.env.test index 068d998ba5..f3c9a6ba41 100644 --- a/.env.test +++ b/.env.test @@ -7,7 +7,7 @@ SQLITE_DB = "test.db" # If set, the application use a SQLite database instead of # Authorization using JWT # ACCESS_TOKEN_SECRET_KEY="YWZOHliiI53lJMJc5BI_WbGbA4GF2T7Wbt1airIhOXEa3c021c4-1c55-4182-b141-7778bcc8fac4" # Note: modifing this token requires to update the common `test_check_settings_mocking` test RSA_PRIVATE_PEM_STRING = "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA1tpj3TZDkJakp2RygsM392pQbcmNBOGFT8FlETcRG/JVFT7k\niClJu+CVOJSVD0epfpYp93cYepfw74SezYnBCyuoLJ2yg5Qh4KlCrWmvwM7vhFIN\nx0xddIQi+Gm0T3dxGtv4Ga50TYX4SV4FE3ctJG9m3pyNF6POODp5tMJvShQWYTto\nW9qNhltZ8Z+14bq2INV/efpT47WuMT+VD/fa9/WwopAtgBcQOvq57fv5+DaPOIVR\n9BiP7F+pv+v6wQ373hI22QzCMsA4Whl+BmWFKcFoBDOBRjlW5VqhJWJkWZIRP0q+\nVAZHk2xJK+0YFc9jmaC+ExMtuyHYK0RnQK/8LQIDAQABAoIBABxJ8v4sZ+cAvrs/\nkYhAFf1gpShfck7jNr9SknEa1Aje9m7usf5vmULAhkVF4v55DAsb0HjB2JpDqTiQ\nOKyNZ7qFzAXb2aZTecZv4tScZsS3OngsqZ3FI0T1JPmaSWBxNJY5wkf3XV7btd5L\nH9X5ShtTA7Np33XuXneu01mGhEq3boLro+vfXMHV5QHyle1F4LUFWEqtP0UmZ5wA\nrro0Y7pA8R88tu5X4iWEjQPnAsbRixwFQ9LNMD8+40e1UIguobRySnP5umErHaIh\nKui7ZijLjbZh/dPS0IfpgahL1K6s9XhT3mD9WMvAvMkNtLewHIZZukG45mOQBrjF\nvvyYxoECgYEA+EY6YimGw0IKnUuf+5uZRXST7kDMENz1Flkcj8oZvo47hdX8/lDN\ni0y7gm3VNfHAK2R2KZPmSbtXA0DvS7kmx1/CFcmwkaakhuU5dyCHldWwSaTME3IE\nxjSZfTvlAiq9i6nUflgfkKo3Bdsiq8TYOUAv25S2SwYDH9Tx0fQwwGECgYEA3Ynt\nCHc8e4YRlGT65UQmEZ8cptmqVRyY4ClMU1xht7Pn0G1JwKRraiEL5/LndwscWf3h\nDygQuArJ28pp4d22FEW1LeXozXYUjJoz3anIA45IZ1OihS7Cx7tJB51/QNJeFdF4\nEX/XHaVukHyYSsAxkwCUYOw3cSgZOSEddL5Wf00CgYEA7JlIlDmMwtFR+jqSmJ3c\n//Kr8zZvAnb/Xa/IZ0MrK4yyLsYR1m48o06Ztx9iO4lKIFAZx1+563QL5P7hzOEC\nkqev90GA8hzD2AXksKEgdOrymAvjq3hSEm0YBN+qS1ldzxYmec0TL7L2wq7lqJnr\nkQuZUAG1g2OUYKZ3WSUDvKECgYEAv24NSkFuG/avfiD7w9xtYNCye2KekskROLG2\n6FltfsWQTEQDdNkekChaF2WHqRAKwaBlNymRuNZpsuhnMerZCQ9rDWwbDF86RnyA\n0MuCr7/kxJQ6XQcY/GnTIydu7F5bOlM0gzqKcW2f6m4fUohczf+0N0QmbDsQAJOi\n1lwadgkCgYEA3tkCBJIPTQecfjWiLqSocS6SrwXU+r3Jw6kI3/IB6ban/nsFdHSb\nnADST7f2zZatN6XALwsLU7f2R09R39ub0AJPyfToxo7MngR1rvaUYooF3rLlaU32\n8DqGvGpLkZkwbtcDmcX1zQoHjUo7RvoShZoapr59ihfrkiiEsXOkuGw=\n-----END RSA PRIVATE KEY-----\n" -AUTH_CLIENTS=[["5507cc3a-fd29-11ec-b939-0242ac120002", null, ["http://127.0.0.1:8000/docs"], "AppAuthClient"], ["453be50-326a-465b-ad50-d4a87e1e487a", "secret", ["http://127.0.0.1:8000/docs"], "AppAuthClient"]] +AUTH_CLIENTS=[["AppAuthClientWithPKCE", null, ["http://127.0.0.1:8000/docs"], "AppAuthClient"], ["AppAuthClientWithClientSecret", "secret", ["http://127.0.0.1:8000/docs"], "AppAuthClient"], ["BaseAuthClient", "secret", ["http://127.0.0.1:8000/docs"], "BaseAuthClient"]] # OIDC # # Host or url of the API, used for Openid connect discovery endpoint diff --git a/tests/test_auth.py b/tests/test_auth.py index 4d85d9b1c3..48650528d6 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -11,9 +11,12 @@ from tests.commons import event_loop # noqa from tests.commons import add_object_to_db, client +user: models_core.CoreUser + @pytest_asyncio.fixture(scope="module", autouse=True) async def init_objects(): + global user user = models_core.CoreUser( id=str(uuid.uuid4()), email="email@myecl.fr", @@ -55,7 +58,7 @@ def test_authorization_code_flow_PKCE(): code_verifier = "AntoineMonBelAntoine" code_challenge = "ws9GS3kBIFwDfNghvEk7GRlDvbUkSmZen8q2R4v3lBU=" # base64.urlsafe_b64encode(hashlib.sha256("AntoineMonBelAntoine".encode()).digest()) data = { - "client_id": "5507cc3a-fd29-11ec-b939-0242ac120002", + "client_id": "AppAuthClientWithPKCE", "redirect_uri": "http://127.0.0.1:8000/docs", "response_type": "code", "scope": "API openid", @@ -82,7 +85,7 @@ def test_authorization_code_flow_PKCE(): "grant_type": "authorization_code", "code": code, "redirect_uri": "http://127.0.0.1:8000/docs", - "client_id": "5507cc3a-fd29-11ec-b939-0242ac120002", + "client_id": "AppAuthClientWithPKCE", "code_verifier": code_verifier, } @@ -99,7 +102,7 @@ def test_authorization_code_flow_PKCE(): data = { "grant_type": "refresh_token", "refresh_token": refresh_token, - "client_id": "5507cc3a-fd29-11ec-b939-0242ac120002", + "client_id": "AppAuthClientWithPKCE", } response = client.post("/auth/token", data=data) @@ -113,7 +116,7 @@ def test_authorization_code_flow_PKCE(): data = { "grant_type": "refresh_token", "refresh_token": used_refresh_token, - "client_id": "5507cc3a-fd29-11ec-b939-0242ac120002", + "client_id": "AppAuthClientWithPKCE", } response = client.post("/auth/token", data=data) # Try token reuse @@ -122,7 +125,7 @@ def test_authorization_code_flow_PKCE(): data = { "grant_type": "refresh_token", "refresh_token": valid_refresh_token, - "client_id": "5507cc3a-fd29-11ec-b939-0242ac120002", + "client_id": "AppAuthClientWithPKCE", } response = client.post( "/auth/token", data=data @@ -133,7 +136,7 @@ def test_authorization_code_flow_PKCE(): def test_authorization_code_flow_secret(): data = { - "client_id": "453be50-326a-465b-ad50-d4a87e1e487a", + "client_id": "AppAuthClientWithClientSecret", "client_secret": "secret", "redirect_uri": "http://127.0.0.1:8000/docs", "response_type": "code", @@ -159,7 +162,7 @@ def test_authorization_code_flow_secret(): "grant_type": "authorization_code", "code": code, "redirect_uri": "http://127.0.0.1:8000/docs", - "client_id": "453be50-326a-465b-ad50-d4a87e1e487a", + "client_id": "AppAuthClientWithClientSecret", "client_secret": "secret", } @@ -176,7 +179,7 @@ def test_authorization_code_flow_secret(): data = { "grant_type": "refresh_token", "refresh_token": refresh_token, - "client_id": "453be50-326a-465b-ad50-d4a87e1e487a", + "client_id": "AppAuthClientWithClientSecret", "client_secret": "secret", } response = client.post("/auth/token", data=data) @@ -191,7 +194,7 @@ def test_authorization_code_flow_secret(): data = { "grant_type": "refresh_token", "refresh_token": used_refresh_token, - "client_id": "453be50-326a-465b-ad50-d4a87e1e487a", + "client_id": "AppAuthClientWithClientSecret", "client_secret": "secret", } response = client.post("/auth/token", data=data) # Try token reuse @@ -201,7 +204,7 @@ def test_authorization_code_flow_secret(): data = { "grant_type": "refresh_token", "refresh_token": valid_refresh_token, - "client_id": "453be50-326a-465b-ad50-d4a87e1e487a", + "client_id": "AppAuthClientWithClientSecret", "client_secret": "secret", } response = client.post( @@ -209,3 +212,53 @@ def test_authorization_code_flow_secret(): ) # Verify that the token has been revoked due to the reuse attempt assert response.status_code == 400 + + +def test_get_user_info(): + # We first need an access token to query user info endpoints # + data = { + "client_id": "BaseAuthClient", + "client_secret": "secret", + "redirect_uri": "http://127.0.0.1:8000/docs", + "response_type": "code", + "scope": "openid", + "state": "azerty", + "email": "email@myecl.fr", + "password": "azerty", + } + response = client.post( + "/auth/authorization-flow/authorize-validation", + data=data, + follow_redirects=False, + ) + assert response.status_code == 302 + + url = urlparse(response.headers["Location"]) + query = parse_qs(url.query) + code = query["code"][0] + + data = { + "grant_type": "authorization_code", + "code": code, + "redirect_uri": "http://127.0.0.1:8000/docs", + "client_id": "BaseAuthClient", + "client_secret": "secret", + } + + response = client.post("/auth/token", data=data) + assert response.status_code == 200 + json = response.json() + + access_token = json["access_token"] + + # Query user info endpoint # + response = client.get( + "/auth/userinfo", + headers={"Authorization": f"Bearer {access_token}"}, + ) + + assert response.status_code == 200 + json = response.json() + + global user + assert json["name"] == user.firstname