django-oidc-provider/oidc_provider/tests/cases/test_end_session_endpoint.py

78 lines
2.7 KiB
Python
Raw Normal View History

2016-11-01 19:01:03 +00:00
from django.core.management import call_command
2018-02-01 17:00:57 +00:00
try:
from django.urls import reverse
except ImportError:
from django.core.urlresolvers import reverse
2015-07-24 10:13:31 +00:00
from django.test import TestCase
2016-11-01 19:01:03 +00:00
from oidc_provider.lib.utils.token import (
create_id_token,
encode_id_token,
)
from oidc_provider import settings
from oidc_provider.tests.app.utils import (
create_fake_client,
create_fake_user,
)
import mock
2015-07-24 10:13:31 +00:00
2016-11-01 15:15:48 +00:00
class EndSessionTestCase(TestCase):
2016-11-01 19:01:03 +00:00
"""
See: http://openid.net/specs/openid-connect-session-1_0.html#RPLogout
"""
2015-09-25 20:24:58 +00:00
2015-07-24 10:13:31 +00:00
def setUp(self):
2016-11-01 19:01:03 +00:00
call_command('creatersakey')
2015-07-24 10:13:31 +00:00
self.user = create_fake_user()
2016-11-01 19:01:03 +00:00
self.oidc_client = create_fake_client('id_token')
self.LOGOUT_URL = 'http://example.com/logged-out/'
self.oidc_client.post_logout_redirect_uris = [self.LOGOUT_URL]
self.oidc_client.save()
2015-07-24 10:13:31 +00:00
2016-11-01 19:01:03 +00:00
self.url = reverse('oidc_provider:end-session')
2015-07-24 10:13:31 +00:00
def test_redirects_when_aud_is_str(self):
2016-11-01 19:01:03 +00:00
query_params = {
'post_logout_redirect_uri': self.LOGOUT_URL,
}
response = self.client.get(self.url, query_params)
# With no id_token the OP MUST NOT redirect to the requested
# redirect_uri.
self.assertRedirects(
response, settings.get('OIDC_LOGIN_URL'),
fetch_redirect_response=False)
2016-11-01 19:01:03 +00:00
id_token_dic = create_id_token(
user=self.user, aud=self.oidc_client.client_id)
2016-11-01 19:01:03 +00:00
id_token = encode_id_token(id_token_dic, self.oidc_client)
2015-07-24 10:13:31 +00:00
2016-11-01 19:01:03 +00:00
query_params['id_token_hint'] = id_token
2015-07-24 10:13:31 +00:00
2016-11-01 19:01:03 +00:00
response = self.client.get(self.url, query_params)
self.assertRedirects(
response, self.LOGOUT_URL, fetch_redirect_response=False)
def test_redirects_when_aud_is_list(self):
"""Check with 'aud' containing a list of str."""
query_params = {
'post_logout_redirect_uri': self.LOGOUT_URL,
}
id_token_dic = create_id_token(
user=self.user, aud=self.oidc_client.client_id)
id_token_dic['aud'] = [id_token_dic['aud']]
id_token = encode_id_token(id_token_dic, self.oidc_client)
query_params['id_token_hint'] = id_token
response = self.client.get(self.url, query_params)
self.assertRedirects(
response, self.LOGOUT_URL, fetch_redirect_response=False)
@mock.patch(settings.get('OIDC_AFTER_END_SESSION_HOOK'))
def test_call_post_end_session_hook(self, hook_function):
self.client.get(self.url)
self.assertTrue(hook_function.called, 'OIDC_AFTER_END_SESSION_HOOK should be called')
2017-08-08 22:41:42 +00:00
self.assertTrue(
hook_function.call_count == 1,
'OIDC_AFTER_END_SESSION_HOOK should be called once but was {}'.format(hook_function.call_count))