mirror of
https://gitlab.crans.org/bde/nk20
synced 2025-11-08 07:49:49 +01:00
ropb implementation #137
This commit is contained in:
quark
@@ -3,6 +3,7 @@
|
||||
|
||||
import base64
|
||||
|
||||
from django.contrib.auth.hashers import PBKDF2PasswordHasher
|
||||
from django.contrib.auth.models import User
|
||||
from django.test import TestCase
|
||||
from member.models import Membership, Club
|
||||
@@ -12,15 +13,20 @@ from oauth2_provider.models import Application, AccessToken
|
||||
from ..models import Role, Permission
|
||||
|
||||
|
||||
class OAuth2TestCase(TestCase):
|
||||
class OAuth2FlowTestCase(TestCase):
|
||||
fixtures = ('initial', )
|
||||
|
||||
def setUp(self):
|
||||
self.user_password = "toto1234"
|
||||
hasher = PBKDF2PasswordHasher()
|
||||
|
||||
self.user = User.objects.create(
|
||||
username="toto",
|
||||
password="toto1234",
|
||||
password=hasher.encode(self.user_password, hasher.salt()),
|
||||
)
|
||||
|
||||
|
||||
|
||||
NoteUser.objects.create(user=self.user)
|
||||
membership = Membership.objects.create(user=self.user, club_id=1)
|
||||
membership.roles.add(Role.objects.get(name="Adhérent⋅e BDE"))
|
||||
@@ -47,14 +53,67 @@ class OAuth2TestCase(TestCase):
|
||||
"""
|
||||
Ensure OAuth2 Resource Owner Password Credentials Flow work
|
||||
"""
|
||||
pass
|
||||
app = Application.objects.create(
|
||||
name="Test ROPB",
|
||||
client_type=Application.CLIENT_CONFIDENTIAL,
|
||||
authorization_grant_type=Application.GRANT_PASSWORD,
|
||||
user=self.user,
|
||||
hash_client_secret=False,
|
||||
algorithm=Application.NO_ALGORITHM,
|
||||
)
|
||||
|
||||
credential = base64.b64encode(f'{app.client_id}:{app.client_secret}'.encode('utf-8')).decode()
|
||||
|
||||
# No token without real password
|
||||
resp = self.client.post('/o/token/',
|
||||
data={"grant_type": "password",
|
||||
"username": self.user,
|
||||
"password": "password"},
|
||||
**{"Content-Type": 'application/x-www-form-urlencoded',
|
||||
"Http_Authorization": f'Basic {credential}'}
|
||||
)
|
||||
|
||||
self.assertEqual(resp.status_code, 400)
|
||||
|
||||
resp = self.client.post('/o/token/',
|
||||
data={"grant_type": "password",
|
||||
"username": self.user,
|
||||
"password": self.user_password},
|
||||
**{"Content-Type": 'application/x-www-form-urlencoded',
|
||||
"HTTP_Authorization": f'Basic {credential}'}
|
||||
)
|
||||
|
||||
self.assertEqual(resp.status_code, 200)
|
||||
|
||||
access_token = AccessToken.objects.get(token=resp.json()['access_token'])
|
||||
self.assertEqual('refresh_token' in resp.json(), True)
|
||||
|
||||
self.assertEqual(access_token.scope, '0_0') # token do nothing
|
||||
|
||||
# RFC6749 4.3.2 allows use of scope in ROPB token access request
|
||||
|
||||
resp = self.client.post('/o/token/',
|
||||
data={"grant_type": "password",
|
||||
#"client_id": app.client_id,
|
||||
"username": self.user,
|
||||
"password": self.user_password,
|
||||
"scope": self.base_scope},
|
||||
**{"Content-Type": 'application/x-www-form-urlencoded',
|
||||
"HTTP_Authorization": f'Basic {credential}'}
|
||||
)
|
||||
|
||||
token = AccessToken.objects.get(token=resp.json()['access_token'])
|
||||
|
||||
self.assertEqual(token.scope, self.base_scope) # token do nothing more than base_scope
|
||||
|
||||
|
||||
|
||||
def test_oauth2_client_credentials(self):
|
||||
"""
|
||||
Ensure OAuth2 Client Credentials work
|
||||
"""
|
||||
app = Application.objects.create(
|
||||
name="Test credentials",
|
||||
name="Test client_credentials",
|
||||
client_type=Application.CLIENT_CONFIDENTIAL,
|
||||
authorization_grant_type=Application.GRANT_CLIENT_CREDENTIALS,
|
||||
user=self.user,
|
||||
|
||||
Reference in New Issue
Block a user