-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
✅ [#2101] Add/fix tests for OIDC for admins/regular users
- Loading branch information
Showing
1 changed file
with
207 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -20,6 +20,8 @@ | |
| GENERIC_DIGID_ERROR_MSG, | ||
| GENERIC_EHERKENNING_ERROR_MSG, | ||
| ) | ||
| from open_inwoner.configurations.choices import OpenIDDisplayChoices | ||
| from open_inwoner.configurations.models import SiteConfiguration | ||
| from open_inwoner.kvk.branches import KVK_BRANCH_SESSION_VARIABLE | ||
|
|
||
| from ..choices import LoginTypeChoices | ||
|
|
@@ -35,10 +37,15 @@ class OIDCFlowTests(TestCase): | |
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_token") | ||
| @patch( | ||
| "mozilla_django_oidc_db.mixins.OpenIDConnectConfig.get_solo", | ||
| return_value=OpenIDConnectConfig(id=1, enabled=True), | ||
| return_value=OpenIDConnectConfig(id=1, enabled=True, make_users_staff=True), | ||
| ) | ||
| @patch( | ||
| "open_inwoner.configurations.models.SiteConfiguration.get_solo", | ||
| return_value=SiteConfiguration(id=1, openid_display=OpenIDDisplayChoices.admin), | ||
| ) | ||
| def test_existing_email_updates_user( | ||
| def test_existing_email_updates_admin_user( | ||
| self, | ||
| mock_config_get_solo, | ||
| mock_get_solo, | ||
| mock_get_token, | ||
| mock_verify_token, | ||
|
|
@@ -63,18 +70,134 @@ def test_existing_email_updates_user( | |
| callback_url, {"code": "mock", "state": "mock"} | ||
| ) | ||
|
|
||
| self.assertRedirects( | ||
| callback_response, reverse("admin:index"), fetch_redirect_response=True | ||
| ) | ||
|
|
||
| user.refresh_from_db() | ||
|
|
||
| self.assertTrue(User.objects.filter(oidc_id="some_username").exists()) | ||
| self.assertEqual(user.oidc_id, "some_username") | ||
|
|
||
| db_user = User.objects.filter(oidc_id="some_username").first() | ||
|
|
||
| self.assertEqual(db_user.id, user.id) | ||
| self.assertEqual(db_user.login_type, LoginTypeChoices.oidc) | ||
| self.assertEqual(db_user.is_staff, True) | ||
|
|
||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_userinfo") | ||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.store_tokens") | ||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.verify_token") | ||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_token") | ||
| @patch( | ||
| "mozilla_django_oidc_db.mixins.OpenIDConnectConfig.get_solo", | ||
| return_value=OpenIDConnectConfig(id=1, enabled=True, make_users_staff=False), | ||
| ) | ||
| @patch( | ||
| "open_inwoner.configurations.models.SiteConfiguration.get_solo", | ||
| return_value=SiteConfiguration( | ||
| id=1, openid_display=OpenIDDisplayChoices.regular | ||
| ), | ||
| ) | ||
| def test_existing_email_updates_regular_user( | ||
| self, | ||
| mock_config_get_solo, | ||
| mock_get_solo, | ||
| mock_get_token, | ||
| mock_verify_token, | ||
| mock_store_tokens, | ||
| mock_get_userinfo, | ||
| ): | ||
| # set up a user with a colliding email address | ||
| # sub is the oidc_id field in our db | ||
| mock_get_userinfo.return_value = { | ||
| "email": "[email protected]", | ||
| "sub": "some_username", | ||
| } | ||
| user = UserFactory.create(email="[email protected]") | ||
| self.assertEqual(user.oidc_id, "") | ||
| session = self.client.session | ||
| session["oidc_states"] = {"mock": {"nonce": "nonce"}} | ||
| session.save() | ||
| callback_url = reverse("oidc_authentication_callback") | ||
|
|
||
| # enter the login flow | ||
| callback_response = self.client.get( | ||
| callback_url, {"code": "mock", "state": "mock"} | ||
| ) | ||
|
|
||
| self.assertRedirects( | ||
| callback_response, reverse("pages-root"), fetch_redirect_response=False | ||
| callback_response, reverse("pages-root"), fetch_redirect_response=True | ||
| ) | ||
|
|
||
| user.refresh_from_db() | ||
|
|
||
| self.assertTrue(User.objects.filter(oidc_id="some_username").exists()) | ||
| self.assertEqual(user.oidc_id, "some_username") | ||
|
|
||
| db_user = User.objects.filter(oidc_id="some_username").first() | ||
|
|
||
| self.assertEqual(db_user.id, user.id) | ||
| self.assertEqual(db_user.login_type, LoginTypeChoices.oidc) | ||
| self.assertEqual(db_user.is_staff, False) | ||
|
|
||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_userinfo") | ||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.store_tokens") | ||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.verify_token") | ||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_token") | ||
| @patch( | ||
| "mozilla_django_oidc_db.mixins.OpenIDConnectConfig.get_solo", | ||
| return_value=OpenIDConnectConfig(id=1, enabled=True, make_users_staff=False), | ||
| ) | ||
| @patch( | ||
| "open_inwoner.configurations.models.SiteConfiguration.get_solo", | ||
| return_value=SiteConfiguration( | ||
| id=1, openid_display=OpenIDDisplayChoices.regular | ||
| ), | ||
| ) | ||
| def test_existing_oidc_id_updates_regular_user( | ||
| self, | ||
| mock_config_get_solo, | ||
| mock_get_solo, | ||
| mock_get_token, | ||
| mock_verify_token, | ||
| mock_store_tokens, | ||
| mock_get_userinfo, | ||
| ): | ||
| # set up a user with a colliding email address | ||
| # sub is the oidc_id field in our db | ||
| mock_get_userinfo.return_value = { | ||
| "email": "[email protected]", | ||
| "sub": "some_username", | ||
| "first_name": "bar", | ||
| } | ||
| user = UserFactory.create( | ||
| oidc_id="some_username", first_name="Foo", login_type=LoginTypeChoices.oidc | ||
| ) | ||
| session = self.client.session | ||
| session["oidc_states"] = {"mock": {"nonce": "nonce"}} | ||
| session.save() | ||
| callback_url = reverse("oidc_authentication_callback") | ||
|
|
||
| # enter the login flow | ||
| callback_response = self.client.get( | ||
| callback_url, {"code": "mock", "state": "mock"} | ||
| ) | ||
|
|
||
| self.assertRedirects( | ||
| callback_response, reverse("pages-root"), fetch_redirect_response=True | ||
| ) | ||
|
|
||
| user.refresh_from_db() | ||
|
|
||
| self.assertTrue(User.objects.filter(oidc_id="some_username").exists()) | ||
| self.assertEqual(user.oidc_id, "some_username") | ||
|
|
||
| db_user = User.objects.filter(oidc_id="some_username").first() | ||
|
|
||
| self.assertEqual(db_user.id, user.id) | ||
| self.assertEqual(db_user.login_type, LoginTypeChoices.oidc) | ||
| self.assertEqual(db_user.is_staff, False) | ||
|
|
||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_userinfo") | ||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.store_tokens") | ||
|
|
@@ -84,8 +207,15 @@ def test_existing_email_updates_user( | |
| "mozilla_django_oidc_db.mixins.OpenIDConnectConfig.get_solo", | ||
| return_value=OpenIDConnectConfig(id=1, enabled=True), | ||
| ) | ||
| @patch( | ||
| "open_inwoner.configurations.models.SiteConfiguration.get_solo", | ||
| return_value=SiteConfiguration( | ||
| id=1, openid_display=OpenIDDisplayChoices.regular | ||
| ), | ||
| ) | ||
| def test_existing_case_sensitive_email_updates_user( | ||
| self, | ||
| mock_config_get_solo, | ||
| mock_get_solo, | ||
| mock_get_token, | ||
| mock_verify_token, | ||
|
|
@@ -124,17 +254,23 @@ def test_existing_case_sensitive_email_updates_user( | |
|
|
||
| self.assertEqual(db_user.id, user.id) | ||
| self.assertEqual(db_user.login_type, LoginTypeChoices.oidc) | ||
| self.assertEqual(db_user.is_staff, False) | ||
|
|
||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_userinfo") | ||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.store_tokens") | ||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.verify_token") | ||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_token") | ||
| @patch( | ||
| "mozilla_django_oidc_db.mixins.OpenIDConnectConfig.get_solo", | ||
| return_value=OpenIDConnectConfig(id=1, enabled=True), | ||
| return_value=OpenIDConnectConfig(id=1, enabled=True, make_users_staff=True), | ||
| ) | ||
| def test_new_user_is_created_when_new_email( | ||
| @patch( | ||
| "open_inwoner.configurations.models.SiteConfiguration.get_solo", | ||
| return_value=SiteConfiguration(id=1, openid_display=OpenIDDisplayChoices.admin), | ||
| ) | ||
| def test_new_admin_user_is_created_when_new_email( | ||
| self, | ||
| mock_config_get_solo, | ||
| mock_get_solo, | ||
| mock_get_token, | ||
| mock_verify_token, | ||
|
|
@@ -160,13 +296,67 @@ def test_new_user_is_created_when_new_email( | |
| ) | ||
|
|
||
| self.assertRedirects( | ||
| callback_response, reverse("pages-root"), fetch_redirect_response=False | ||
| callback_response, reverse("admin:index"), fetch_redirect_response=True | ||
| ) | ||
|
|
||
| new_user = User.objects.filter(email="[email protected]").first() | ||
|
|
||
| self.assertIsNotNone(new_user) | ||
| self.assertEqual(new_user.oidc_id, "some_username") | ||
| self.assertEqual(new_user.login_type, LoginTypeChoices.oidc) | ||
| self.assertEqual(new_user.is_staff, True) | ||
|
|
||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_userinfo") | ||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.store_tokens") | ||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.verify_token") | ||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_token") | ||
| @patch( | ||
| "mozilla_django_oidc_db.mixins.OpenIDConnectConfig.get_solo", | ||
| return_value=OpenIDConnectConfig(id=1, enabled=True, make_users_staff=False), | ||
| ) | ||
| @patch( | ||
| "open_inwoner.configurations.models.SiteConfiguration.get_solo", | ||
| return_value=SiteConfiguration( | ||
| id=1, openid_display=OpenIDDisplayChoices.regular | ||
| ), | ||
| ) | ||
| def test_new_regular_user_is_created_when_new_email( | ||
| self, | ||
| mock_config_get_solo, | ||
| mock_get_solo, | ||
| mock_get_token, | ||
| mock_verify_token, | ||
| mock_store_tokens, | ||
| mock_get_userinfo, | ||
| ): | ||
| # set up a user with a non existing email address | ||
| mock_get_userinfo.return_value = { | ||
| "email": "[email protected]", | ||
| "sub": "some_username", | ||
| } | ||
| UserFactory.create(email="[email protected]") | ||
| session = self.client.session | ||
| session["oidc_states"] = {"mock": {"nonce": "nonce"}} | ||
| session.save() | ||
| callback_url = reverse("oidc_authentication_callback") | ||
|
|
||
| self.assertFalse(User.objects.filter(email="[email protected]").exists()) | ||
|
|
||
| # enter the login flow | ||
| callback_response = self.client.get( | ||
| callback_url, {"code": "mock", "state": "mock"} | ||
| ) | ||
|
|
||
| self.assertRedirects( | ||
| callback_response, reverse("pages-root"), fetch_redirect_response=True | ||
| ) | ||
| new_user = User.objects.filter(email="[email protected]") | ||
|
|
||
| self.assertTrue(new_user.exists()) | ||
| self.assertEqual(new_user.get().oidc_id, "some_username") | ||
| self.assertEqual(new_user.get().login_type, LoginTypeChoices.oidc) | ||
| new_user = User.objects.filter(email="[email protected]").first() | ||
|
|
||
| self.assertIsNotNone(new_user) | ||
| self.assertEqual(new_user.oidc_id, "some_username") | ||
| self.assertEqual(new_user.login_type, LoginTypeChoices.oidc) | ||
| self.assertEqual(new_user.is_staff, False) | ||
|
|
||
| def test_error_page_direct_access_forbidden(self): | ||
| error_url = reverse("admin-oidc-error") | ||
|
|
@@ -183,8 +373,15 @@ def test_error_page_direct_access_forbidden(self): | |
| "mozilla_django_oidc_db.mixins.OpenIDConnectConfig.get_solo", | ||
| return_value=OpenIDConnectConfig(id=1, enabled=True), | ||
| ) | ||
| @patch( | ||
| "open_inwoner.configurations.models.SiteConfiguration.get_solo", | ||
| return_value=SiteConfiguration( | ||
| id=1, openid_display=OpenIDDisplayChoices.regular | ||
| ), | ||
| ) | ||
| def test_error_first_cleared_after_succesful_login( | ||
| self, | ||
| mock_config_get_solo, | ||
| mock_get_solo, | ||
| mock_get_token, | ||
| mock_verify_token, | ||
|
|
||