quay/data/users/test/test_oidc.py

import pytest

from httmock import HTTMock

from data import model
from data.users.oidc import OIDCInternalAuth
from oauth.test.test_oidc import (id_token, oidc_service, signing_key, jwks_handler,
                                  discovery_handler, app_config, http_client,
                                  discovery_content)
from test.fixtures import *

@pytest.mark.parametrize('username, expect_success', [
  ('devtable', True),
  ('disabled', False)
])
def test_oidc_login(username, expect_success, app_config, id_token, jwks_handler,
                    discovery_handler, app):
  internal_auth = OIDCInternalAuth(app_config, 'someoidc', False)
  with HTTMock(jwks_handler, discovery_handler):
    # Try an invalid token.
    (user, err) = internal_auth.verify_credentials('someusername', 'invalidtoken')
    assert err is not None
    assert user is None

    # Try a valid token for an unlinked user.
    (user, err) = internal_auth.verify_credentials('someusername', id_token)
    assert err is not None
    assert user is None

    # Link the user to the service.
    model.user.attach_federated_login(model.user.get_user(username), 'someoidc', 'cooluser')

    # Try a valid token for a linked user.
    (user, err) = internal_auth.verify_credentials('someusername', id_token)
    if expect_success:
      assert err is None
      assert user.username == username
    else:
      assert err is not None
      assert user is None
Change OIDC engine to not be federated We don't need linking, just the ability to perform lookup 2017-06-09 21:21:37 +00:00			`import pytest`

Add support for using OIDC tokens via the Docker CLI 2017-06-08 17:13:22 +00:00			`from httmock import HTTMock`

Change OIDC engine to not be federated We don't need linking, just the ability to perform lookup 2017-06-09 21:21:37 +00:00			`from data import model`
Add support for using OIDC tokens via the Docker CLI 2017-06-08 17:13:22 +00:00			`from data.users.oidc import OIDCInternalAuth`
			`from oauth.test.test_oidc import (id_token, oidc_service, signing_key, jwks_handler,`
			`discovery_handler, app_config, http_client,`
			`discovery_content)`
Change OIDC engine to not be federated We don't need linking, just the ability to perform lookup 2017-06-09 21:21:37 +00:00			`from test.fixtures import *`
Add support for using OIDC tokens via the Docker CLI 2017-06-08 17:13:22 +00:00
Change OIDC engine to not be federated We don't need linking, just the ability to perform lookup 2017-06-09 21:21:37 +00:00			`@pytest.mark.parametrize('username, expect_success', [`
			`('devtable', True),`
			`('disabled', False)`
			`])`
			`def test_oidc_login(username, expect_success, app_config, id_token, jwks_handler,`
			`discovery_handler, app):`
Add support for using OIDC tokens via the Docker CLI 2017-06-08 17:13:22 +00:00			`internal_auth = OIDCInternalAuth(app_config, 'someoidc', False)`
			`with HTTMock(jwks_handler, discovery_handler):`
			`# Try an invalid token.`
			`(user, err) = internal_auth.verify_credentials('someusername', 'invalidtoken')`
			`assert err is not None`
			`assert user is None`
Change OIDC engine to not be federated We don't need linking, just the ability to perform lookup 2017-06-09 21:21:37 +00:00
			`# Try a valid token for an unlinked user.`
			`(user, err) = internal_auth.verify_credentials('someusername', id_token)`
			`assert err is not None`
			`assert user is None`

			`# Link the user to the service.`
			`model.user.attach_federated_login(model.user.get_user(username), 'someoidc', 'cooluser')`

			`# Try a valid token for a linked user.`
			`(user, err) = internal_auth.verify_credentials('someusername', id_token)`
			`if expect_success:`
			`assert err is None`
			`assert user.username == username`
			`else:`
			`assert err is not None`
			`assert user is None`