From f2ad0ef1f5ff4e0475c2ee76c8a31d3c633599bb Mon Sep 17 00:00:00 2001 From: Daniel Mursa Date: Thu, 28 Nov 2024 15:16:36 +0100 Subject: [PATCH] [#480] Enable AdminOIDCConfigurationStep and add tests --- src/objects/conf/base.py | 1 + .../tests/config/test_oidc_configuration.py | 98 +++++++++++++++++++ 2 files changed, 99 insertions(+) create mode 100644 src/objects/tests/config/test_oidc_configuration.py diff --git a/src/objects/conf/base.py b/src/objects/conf/base.py index 479c6d90..31bf7bcf 100644 --- a/src/objects/conf/base.py +++ b/src/objects/conf/base.py @@ -88,6 +88,7 @@ # Django setup configuration # SETUP_CONFIGURATION_STEPS = [ + "mozilla_django_oidc_db.setup_configuration.steps.AdminOIDCConfigurationStep", "objects.config.site.SiteConfigurationStep", "objects.config.objecttypes.ObjecttypesStep", "objects.config.demo.DemoUserStep", diff --git a/src/objects/tests/config/test_oidc_configuration.py b/src/objects/tests/config/test_oidc_configuration.py new file mode 100644 index 00000000..6a8cb524 --- /dev/null +++ b/src/objects/tests/config/test_oidc_configuration.py @@ -0,0 +1,98 @@ +from django.test import TestCase + +from django_setup_configuration.exceptions import ( + ConfigurationException, + PrerequisiteFailed, +) +from django_setup_configuration.test_utils import build_step_config_from_sources + +from mozilla_django_oidc_db.models import OpenIDConnectConfig +from mozilla_django_oidc_db.setup_configuration.steps import AdminOIDCConfigurationStep + +KEYCLOAK_BASE_URL = "http://localhost:8080/realms/test/protocol/openid-connect" + + +class AdminOIDCConfigurationTests(TestCase): + + def setUp(self): + OpenIDConnectConfig.clear_cache() + + def test_execute_step(self): + object_source = { + "oidc_db_config_enable": True, + "oidc_db_config_admin_auth": { + "oidc_rp_client_id": "client-id", + "oidc_rp_client_secret": "client-secret", + "endpoint_config": { + "oidc_op_authorization_endpoint": f"{KEYCLOAK_BASE_URL}/auth", + "oidc_op_token_endpoint": f"{KEYCLOAK_BASE_URL}/token", + "oidc_op_user_endpoint": f"{KEYCLOAK_BASE_URL}/userinfo", + }, + }, + } + setup_config_model = build_step_config_from_sources( + AdminOIDCConfigurationStep, + object_source=object_source, + ) + step = AdminOIDCConfigurationStep() + step.execute(setup_config_model) + + config = OpenIDConnectConfig.get_solo() + + self.assertTrue(config.enabled) + self.assertEqual(config.oidc_rp_client_id, "client-id") + self.assertEqual(config.oidc_rp_client_secret, "client-secret") + self.assertEqual( + config.oidc_op_authorization_endpoint, f"{KEYCLOAK_BASE_URL}/auth" + ) + self.assertEqual(config.oidc_op_token_endpoint, f"{KEYCLOAK_BASE_URL}/token") + self.assertEqual(config.oidc_op_user_endpoint, f"{KEYCLOAK_BASE_URL}/userinfo") + + # Default mozilla_django_oidc_db configurations + self.assertEqual(config.username_claim, ["sub"]) + self.assertEqual(config.groups_claim, ["roles"]) + self.assertEqual( + config.claim_mapping, + { + "last_name": ["family_name"], + "first_name": ["given_name"], + "email": ["email"], + }, + ) + + self.assertEqual(config.default_groups.all().count(), 0) + self.assertEqual(config.superuser_group_names, []) + self.assertFalse(config.make_users_staff) + + def test_configuration_failed(self): + with self.assertRaises(ConfigurationException): + setup_config_model = build_step_config_from_sources( + AdminOIDCConfigurationStep, + yaml_source="", + ) + AdminOIDCConfigurationStep().execute(setup_config_model) + + self.assertFalse(OpenIDConnectConfig.get_solo().enabled) + + def test_validate_requirements_failed(self): + object_source = { + "oidc_db_config_enable": True, + "oidc_db_config_admin_auth": { + "oidc_rp_client_id": "client-id", + "oidc_rp_client_secret": "client-secret", + "endpoint_config": { + "oidc_op_authorization_endpoint": "", + "oidc_op_token_endpoint": "", + "oidc_op_user_endpoint": "", + }, + }, + } + + with self.assertRaises(PrerequisiteFailed): + setup_config_model = build_step_config_from_sources( + AdminOIDCConfigurationStep, + object_source=object_source, + ) + AdminOIDCConfigurationStep().execute(setup_config_model) + + self.assertFalse(OpenIDConnectConfig.get_solo().enabled)