Fix bug with missing & in authorization URL for OIDC
Also adds testing to ensure we don't break this again
This commit is contained in:
Joseph Schorr
parent
4c0ab81ac8
commit
22a39c3007
8 changed files with 131 additions and 86 deletions
|
|
@ -154,6 +154,16 @@ def discovery_handler(discovery_content):
|
|||
|
||||
return handler
|
||||
|
||||
@pytest.fixture()
|
||||
def authorize_handler(discovery_content):
|
||||
@urlmatch(netloc=r'fakeoidc', path=r'/authorize')
|
||||
def handler(_, request):
|
||||
parsed = urlparse.urlparse(request.url)
|
||||
params = urlparse.parse_qs(parsed.query)
|
||||
return json.dumps({'authorized': True, 'scope': params['scope'][0], 'state': params['state'][0]})
|
||||
|
||||
return handler
|
||||
|
||||
@pytest.fixture()
|
||||
def token_handler(oidc_service, id_token, valid_code):
|
||||
@urlmatch(netloc=r'fakeoidc', path=r'/token')
|
||||
|
|
@ -237,16 +247,19 @@ def test_basic_config(oidc_service):
|
|||
def test_discovery(oidc_service, http_client, discovery_content, discovery_handler):
|
||||
with HTTMock(discovery_handler):
|
||||
auth = discovery_content['authorization_endpoint'] + '?response_type=code'
|
||||
assert oidc_service.authorize_endpoint() == auth
|
||||
assert oidc_service.authorize_endpoint().to_url() == auth
|
||||
assert oidc_service.token_endpoint().to_url() == discovery_content['token_endpoint']
|
||||
|
||||
if discovery_content['userinfo_endpoint'] is None:
|
||||
assert oidc_service.user_endpoint() is None
|
||||
else:
|
||||
assert oidc_service.user_endpoint().to_url() == discovery_content['userinfo_endpoint']
|
||||
|
||||
assert oidc_service.token_endpoint() == discovery_content['token_endpoint']
|
||||
assert oidc_service.user_endpoint() == discovery_content['userinfo_endpoint']
|
||||
assert set(oidc_service.get_login_scopes()) == set(discovery_content['scopes_supported'])
|
||||
|
||||
def test_discovery_with_params(oidc_withparams_service, http_client, discovery_content, discovery_handler):
|
||||
with HTTMock(discovery_handler):
|
||||
auth = discovery_content['authorization_endpoint'] + '?response_type=code&some=param'
|
||||
assert 'some=param' in oidc_withparams_service.authorize_endpoint()
|
||||
assert 'some=param' in oidc_withparams_service.authorize_endpoint().to_url()
|
||||
|
||||
def test_filtered_discovery(another_oidc_service, http_client, discovery_content, discovery_handler):
|
||||
with HTTMock(discovery_handler):
|
||||
|
|
@ -260,6 +273,17 @@ def test_public_config(oidc_service, discovery_handler):
|
|||
assert 'CLIENT_SECRET' not in oidc_service.get_public_config()
|
||||
assert 'bar' not in oidc_service.get_public_config().values()
|
||||
|
||||
def test_auth_url(oidc_service, discovery_handler, http_client, authorize_handler):
|
||||
config = {'PREFERRED_URL_SCHEME': 'https', 'SERVER_HOSTNAME': 'someserver'}
|
||||
|
||||
with HTTMock(discovery_handler, authorize_handler):
|
||||
auth_url = oidc_service.get_auth_url(config, '', 'some csrf token', ['one', 'two'])
|
||||
|
||||
# Hit the URL and ensure it works.
|
||||
result = http_client.get(auth_url).json()
|
||||
assert result['state'] == 'some csrf token'
|
||||
assert result['scope'] == 'one two'
|
||||
|
||||
def test_exchange_code_invalidcode(oidc_service, discovery_handler, app_config, http_client,
|
||||
token_handler):
|
||||
with HTTMock(token_handler, discovery_handler):
|
||||
|
|
|
|||
Reference in a new issue