Add more test for the Auth Code Flow.
This commit is contained in:
parent
a3c1317766
commit
7583ac403b
|
@ -1,6 +1,9 @@
|
||||||
|
from django.contrib.auth import REDIRECT_FIELD_NAME
|
||||||
|
from django.contrib.auth.models import AnonymousUser
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
from django.test import RequestFactory
|
from django.test import RequestFactory
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
|
from openid_provider import settings
|
||||||
from openid_provider.tests.utils import *
|
from openid_provider.tests.utils import *
|
||||||
from openid_provider.views import *
|
from openid_provider.views import *
|
||||||
import urllib
|
import urllib
|
||||||
|
@ -13,6 +16,18 @@ class CodeFlowTestCase(TestCase):
|
||||||
self.user = create_fake_user()
|
self.user = create_fake_user()
|
||||||
self.client = create_fake_client(response_type='code')
|
self.client = create_fake_client(response_type='code')
|
||||||
|
|
||||||
|
def _create_authorize_url(self, response_type, scope=['openid', 'email']):
|
||||||
|
url = reverse('openid_provider:authorize')
|
||||||
|
url += '?client_id={0}&response_type={1}&scope={2}' \
|
||||||
|
'&redirect_uri={3}&state=abcdefg'.format(
|
||||||
|
self.client.client_id,
|
||||||
|
urllib.quote(response_type),
|
||||||
|
urllib.quote(' '.join(scope)),
|
||||||
|
urllib.quote(self.client.default_redirect_uri),
|
||||||
|
)
|
||||||
|
|
||||||
|
return url
|
||||||
|
|
||||||
def test_authorize_invalid_parameters(self):
|
def test_authorize_invalid_parameters(self):
|
||||||
"""
|
"""
|
||||||
If the request fails due to a missing, invalid, or mismatching
|
If the request fails due to a missing, invalid, or mismatching
|
||||||
|
@ -37,12 +52,8 @@ class CodeFlowTestCase(TestCase):
|
||||||
See: http://openid.net/specs/openid-connect-core-1_0.html#AuthError
|
See: http://openid.net/specs/openid-connect-core-1_0.html#AuthError
|
||||||
"""
|
"""
|
||||||
# Create an authorize request with an unsupported response_type.
|
# Create an authorize request with an unsupported response_type.
|
||||||
url = reverse('openid_provider:authorize')
|
url = self._create_authorize_url(response_type='code id_token')
|
||||||
url += '?client_id={0}&response_type=code%20id_token&scope=openid%20email' \
|
|
||||||
'&redirect_uri={1}&state=abcdefg'.format(
|
|
||||||
self.client.client_id,
|
|
||||||
urllib.quote(self.client.default_redirect_uri),
|
|
||||||
)
|
|
||||||
request = self.factory.get(url)
|
request = self.factory.get(url)
|
||||||
|
|
||||||
response = AuthorizeView.as_view()(request)
|
response = AuthorizeView.as_view()(request)
|
||||||
|
@ -50,6 +61,33 @@ class CodeFlowTestCase(TestCase):
|
||||||
self.assertEqual(response.status_code, 302)
|
self.assertEqual(response.status_code, 302)
|
||||||
self.assertEqual(response.has_header('Location'), True)
|
self.assertEqual(response.has_header('Location'), True)
|
||||||
|
|
||||||
# Check query component in the redirection URI.
|
# Should be an 'error' component in query.
|
||||||
correct_query = 'error=' in response['Location']
|
query_exists = 'error=' in response['Location']
|
||||||
self.assertEqual(correct_query, True)
|
self.assertEqual(query_exists, True)
|
||||||
|
|
||||||
|
def test_authorize_user_not_logged(self):
|
||||||
|
"""
|
||||||
|
The Authorization Server attempts to Authenticate the End-User by
|
||||||
|
redirecting to the login view.
|
||||||
|
|
||||||
|
See: http://openid.net/specs/openid-connect-core-1_0.html#Authenticates
|
||||||
|
"""
|
||||||
|
url = self._create_authorize_url(response_type='code')
|
||||||
|
|
||||||
|
request = self.factory.get(url)
|
||||||
|
request.user = AnonymousUser()
|
||||||
|
|
||||||
|
response = AuthorizeView.as_view()(request)
|
||||||
|
|
||||||
|
# Check if user was redirected to the login view.
|
||||||
|
login_url_exists = settings.get('LOGIN_URL') in response['Location']
|
||||||
|
self.assertEqual(login_url_exists, True)
|
||||||
|
|
||||||
|
# Check if the login will redirect to a valid url.
|
||||||
|
try:
|
||||||
|
next_value = response['Location'].split(REDIRECT_FIELD_NAME + '=')[1]
|
||||||
|
next_url = urllib.unquote(next_value)
|
||||||
|
is_next_ok = next_url == url
|
||||||
|
except:
|
||||||
|
is_next_ok = False
|
||||||
|
self.assertEqual(is_next_ok, True)
|
Loading…
Reference in a new issue