quay/util/config/validators/test/test_validate_oidc.py

import json
import pytest

from httmock import urlmatch, HTTMock

from oauth.oidc import OIDC_WELLKNOWN
from util.config.validators import ConfigValidationException
from util.config.validators.validate_oidc import OIDCLoginValidator

from test.fixtures import *

@pytest.mark.parametrize('unvalidated_config', [
  ({'SOMETHING_LOGIN_CONFIG': {}}),
  ({'SOMETHING_LOGIN_CONFIG': {'OIDC_SERVER': 'foo'}}),
  ({'SOMETHING_LOGIN_CONFIG': {'OIDC_SERVER': 'foo', 'CLIENT_ID': 'foobar'}}),
  ({'SOMETHING_LOGIN_CONFIG': {'OIDC_SERVER': 'foo', 'CLIENT_SECRET': 'foobar'}}),
])
def test_validate_invalid_oidc_login_config(unvalidated_config, app):
  validator = OIDCLoginValidator()

  with pytest.raises(ConfigValidationException):
    validator.validate(unvalidated_config, None, None)

def test_validate_oidc_login(app):
  url_hit = [False]
  @urlmatch(netloc=r'someserver', path=r'/\.well-known/openid-configuration')
  def handler(_, __):
    url_hit[0] = True
    data = {
      'token_endpoint': 'foobar',
    }
    return {'status_code': 200, 'content': json.dumps(data)}

  with HTTMock(handler):
    validator = OIDCLoginValidator()
    validator.validate({
      'SOMETHING_LOGIN_CONFIG': {
        'CLIENT_ID': 'foo',
        'CLIENT_SECRET': 'bar',
        'OIDC_SERVER': 'http://someserver',
        'DEBUGGING': True, # Allows for HTTP.
      },
    }, None, None)

  assert url_hit[0]
Add config validator for OIDC logins 2017-02-28 21:18:19 +00:00			`import json`
			`import pytest`

			`from httmock import urlmatch, HTTMock`

			`from oauth.oidc import OIDC_WELLKNOWN`
			`from util.config.validators import ConfigValidationException`
			`from util.config.validators.validate_oidc import OIDCLoginValidator`

Change config validator tests to use the shared fixtures 2017-04-24 18:52:30 +00:00			`from test.fixtures import *`

Add config validator for OIDC logins 2017-02-28 21:18:19 +00:00			`@pytest.mark.parametrize('unvalidated_config', [`
			`({'SOMETHING_LOGIN_CONFIG': {}}),`
Add client ID and client secret to OIDC config validator 2017-04-07 15:33:02 +00:00			`({'SOMETHING_LOGIN_CONFIG': {'OIDC_SERVER': 'foo'}}),`
			`({'SOMETHING_LOGIN_CONFIG': {'OIDC_SERVER': 'foo', 'CLIENT_ID': 'foobar'}}),`
			`({'SOMETHING_LOGIN_CONFIG': {'OIDC_SERVER': 'foo', 'CLIENT_SECRET': 'foobar'}}),`
Add config validator for OIDC logins 2017-02-28 21:18:19 +00:00			`])`
Change config validator tests to use the shared fixtures 2017-04-24 18:52:30 +00:00			`def test_validate_invalid_oidc_login_config(unvalidated_config, app):`
Add config validator for OIDC logins 2017-02-28 21:18:19 +00:00			`validator = OIDCLoginValidator()`

			`with pytest.raises(ConfigValidationException):`
			`validator.validate(unvalidated_config, None, None)`

Change config validator tests to use the shared fixtures 2017-04-24 18:52:30 +00:00			`def test_validate_oidc_login(app):`
Add config validator for OIDC logins 2017-02-28 21:18:19 +00:00			`url_hit = [False]`
			`@urlmatch(netloc=r'someserver', path=r'/\.well-known/openid-configuration')`
			`def handler(_, __):`
			`url_hit[0] = True`
			`data = {`
Enable support in OIDC for endpoints without user info support The user info endpoint is apparently optional. 2017-07-21 19:56:46 +00:00			`'token_endpoint': 'foobar',`
Add config validator for OIDC logins 2017-02-28 21:18:19 +00:00			`}`
			`return {'status_code': 200, 'content': json.dumps(data)}`

			`with HTTMock(handler):`
			`validator = OIDCLoginValidator()`
			`validator.validate({`
			`'SOMETHING_LOGIN_CONFIG': {`
Add client ID and client secret to OIDC config validator 2017-04-07 15:33:02 +00:00			`'CLIENT_ID': 'foo',`
			`'CLIENT_SECRET': 'bar',`
Add config validator for OIDC logins 2017-02-28 21:18:19 +00:00			`'OIDC_SERVER': 'http://someserver',`
			`'DEBUGGING': True, # Allows for HTTP.`
			`},`
			`}, None, None)`

			`assert url_hit[0]`