🔧 [#2101] Add OIDC admin config to admin index fixture #1021
Conversation
stevenbal
force-pushed
the
fix/2101-oidc-admin-issues
branch
4 times, most recently
from
d6433bc to
65afe3d
Compare
stevenbal
force-pushed
the
fix/2101-oidc-admin-issues
branch
from
65afe3d to
85e3e92
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## develop #1021 +/- ##
===========================================
+ Coverage 94.84% 94.85% +0.01%
===========================================
Files 880 880
Lines 30725 30805 +80
===========================================
+ Hits 29141 29221 +80
Misses 1584 1584 ☔ View full report in Codecov by Sentry. |
stevenbal
force-pushed
the
fix/2101-oidc-admin-issues
branch
3 times, most recently
from
11f9df2 to
0efc77e
Compare
| self.assertTrue(User.objects.filter(oidc_id="some_username").exists()) | ||
| self.assertEqual(user.oidc_id, "some_username") | ||
|
|
||
| db_user = User.objects.filter(oidc_id="some_username").first() |
There was a problem hiding this comment.
In general tests are stronger if instead of .filter()/.first() (or .exists()) for single records to just use a .get() so it will also communicate and test the record must exists and cannot be multiple.
Also the test itself seems weird? I don't quite get what it tries to prove: isn't user the same record as db_user?
There was a problem hiding this comment.
You're right, the tests were a bit messy already and I was adding stuff around that 😅.
I cleaned it up, the test is supposed to verify that an existing admin user (that is not yet OIDC), is updated if a user with the same email logs in with OIDC
| user.refresh_from_db() | ||
|
|
||
| self.assertTrue(User.objects.filter(oidc_id="some_username").exists()) | ||
| self.assertEqual(user.oidc_id, "some_username") | ||
|
|
||
| db_user = User.objects.filter(oidc_id="some_username").first() | ||
|
|
||
| self.assertEqual(db_user.id, user.id) | ||
| self.assertEqual(db_user.login_type, LoginTypeChoices.oidc) | ||
| self.assertEqual(db_user.is_staff, False) |
There was a problem hiding this comment.
Same as above, not quite clear what is tested here.
| user.refresh_from_db() | ||
|
|
||
| self.assertTrue(User.objects.filter(oidc_id="some_username").exists()) | ||
| self.assertEqual(user.oidc_id, "some_username") | ||
|
|
||
| db_user = User.objects.filter(oidc_id="some_username").first() | ||
|
|
||
| self.assertEqual(db_user.id, user.id) | ||
| self.assertEqual(db_user.login_type, LoginTypeChoices.oidc) | ||
| self.assertEqual(db_user.is_staff, False) |
| callback_response, reverse("admin:index"), fetch_redirect_response=True | ||
| ) | ||
|
|
||
| new_user = User.objects.filter(email="[email protected]").first() |
There was a problem hiding this comment.
Here it is more clear as new_user and the test title work together.
Nevertheless the filter()/first() is a bit floppy and should just be a .get() (note there is even a assertIsNotNone(new_user) there to work around .first()
| new_user = User.objects.filter(email="[email protected]").first() | ||
|
|
||
| self.assertIsNotNone(new_user) |
| @@ -34,10 +36,15 @@ class OIDCFlowTests(TestCase): | |||
| @patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_token") | |||
| @patch( | |||
| "mozilla_django_oidc_db.mixins.OpenIDConnectConfig.get_solo", | |||
| return_value=OpenIDConnectConfig(id=1, enabled=True), | |||
| return_value=OpenIDConnectConfig(id=1, enabled=True, make_users_staff=True), | |||
There was a problem hiding this comment.
I've seen this patch+return_value often without the id=1 not sure if it matters.
There was a problem hiding this comment.
It does appear to be necessary in some cases, when the user groups are updated:
default_groups = self.config.default_groups.all()
...
ValueError: "<OpenIDConnectConfig: OpenID Connect configuration>" needs to have a value for field "id" before this many-to-many relationship can be used.
I'll check in which cases I can remove it
There was a problem hiding this comment.
Don't worry too much, it was just an observation. The error makes sense if something in the test needs a saved instance, like we have some ForeignKey's to solo objects so we can use inline-admins.
| user.refresh_from_db() | ||
|
|
||
| self.assertTrue(User.objects.filter(oidc_id="some_username").exists()) | ||
| self.assertEqual(user.oidc_id, "some_username") |
There was a problem hiding this comment.
The filter/exists line tests the same thing as the user.refresh_from_db() + self.assertEqual(user.oidc_id, "some_username")
issue: https://taiga.maykinmedia.nl/project/open-inwoner/issue/2101 previously, if a user logged in with credentials for which there was no User in django yet, the User object would be created but the user would not actually be authenticated (and thus have to log in a second time)
ensure OIDC users: * are redirected to the admin if OIDC is enabled for admins * get is_staff is true when the User instance is created
stevenbal
force-pushed
the
fix/2101-oidc-admin-issues
branch
from
0efc77e to
4282281
Compare
stevenbal
force-pushed
the
fix/2101-oidc-admin-issues
branch
from
4282281 to
b388419
Compare
🔧 [#2101] Add OIDC admin config to admin index fixture
issue: https://taiga.maykinmedia.nl/project/open-inwoner/issue/2101
Fixes two issues:
is_staffattribute is set for those users (according to the OIDC config) and they are redirected to the admin interface