Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password

2017-12-08 17:05:59 -05:00 · 2017-12-08 17:05:59 -05:00 · 524d77f527
commit 524d77f527
parent 53b762a875
50 changed files with 943 additions and 289 deletions
--- a/data/users/test/test_oidc.py
+++ b/data/users/test/test_oidc.py
@ -1,38 +0,0 @@
-import pytest
-
-from httmock import HTTMock
-
-from data import model
-from data.users.oidc import OIDCInternalAuth
-from oauth.test.test_oidc import *
-from test.fixtures import *
-
-@pytest.mark.parametrize('username, expect_success', [
-  ('devtable', True),
-  ('disabled', False)
-])
-def test_oidc_login(username, expect_success, app_config, id_token, jwks_handler,
-                    discovery_handler, app):
-  internal_auth = OIDCInternalAuth(app_config, 'someoidc', False)
-  with HTTMock(jwks_handler, discovery_handler):
-    # Try an invalid token.
-    (user, err) = internal_auth.verify_credentials('someusername', 'invalidtoken')
-    assert err is not None
-    assert user is None
-
-    # Try a valid token for an unlinked user.
-    (user, err) = internal_auth.verify_credentials('someusername', id_token)
-    assert err is not None
-    assert user is None
-
-    # Link the user to the service.
-    model.user.attach_federated_login(model.user.get_user(username), 'someoidc', 'cooluser')
-
-    # Try a valid token for a linked user.
-    (user, err) = internal_auth.verify_credentials('someusername', id_token)
-    if expect_success:
-      assert err is None
-      assert user.username == username
-    else:
-      assert err is not None
-      assert user is None
--- a/data/users/test/test_users.py
+++ b/data/users/test/test_users.py
@ -5,7 +5,6 @@ from mock import patch

 from data.database import model
 from data.users.federated import DISABLED_MESSAGE
-from data.users.oidc import OIDCInternalAuth
 from test.test_ldap import mock_ldap
 from test.test_keystone_auth import fake_keystone
 from test.test_external_jwt_authn import fake_jwt
@ -38,18 +37,11 @@ def test_auth_createuser(auth_system_builder, user1, user2, config, app):
      assert new_user is None
      assert err == DISABLED_MESSAGE

-@contextmanager
-def fake_oidc(app_config):
-  yield OIDCInternalAuth(app_config, 'someoidc', False)
-
@pytest.mark.parametrize('auth_system_builder,auth_kwargs', [
  (mock_ldap, {}),
  (fake_keystone, {'version': 3}),
  (fake_keystone, {'version': 2}),
  (fake_jwt, {}),
-  (fake_oidc, {'app_config': {
-    'SOMEOIDC_LOGIN_CONFIG': {},
-  }}),
 ])
 def test_ping(auth_system_builder, auth_kwargs, app):
  with auth_system_builder(**auth_kwargs) as auth: