Have external login always make an API request to get the authorization URL

This makes the OIDC lookup lazy, ensuring that the rest of the registry and app continues working even if one OIDC provider goes down.
2017-01-23 19:06:19 -05:00 · 2017-01-23 19:06:19 -05:00 · a9791ea419
commit a9791ea419
parent fda203e4d7
9 changed files with 128 additions and 49 deletions
--- a/test/test_api_security.py
+++ b/test/test_api_security.py
@ -28,7 +28,7 @@ from endpoints.api.repositorynotification import RepositoryNotification, Reposit
 from endpoints.api.user import (PrivateRepositories, ConvertToOrganization, Recovery, Signout,
                                Signin, User, UserAuthorizationList, UserAuthorization, UserNotification,
                                VerifyUser, DetachExternal, StarredRepositoryList, StarredRepository,
-                                ClientKey)
+                                ClientKey, ExternalLoginInformation)
 from endpoints.api.repotoken import RepositoryToken, RepositoryTokenList
 from endpoints.api.prototype import PermissionPrototype, PermissionPrototypeList
 from endpoints.api.logs import UserLogs, OrgLogs, RepositoryLogs
@ -504,6 +504,24 @@ class TestSignin(ApiTestCase):
    self._run_test('POST', 403, 'devtable', {u'username': 'E9RY', u'password': 'LQ0N'})


+class TestExternalLoginInformation(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(ExternalLoginInformation, service_id='someservice')
+
+  def test_post_anonymous(self):
+    self._run_test('POST', 400, None, {})
+
+  def test_post_freshuser(self):
+    self._run_test('POST', 400, 'freshuser', {})
+
+  def test_post_reader(self):
+    self._run_test('POST', 400, 'reader', {})
+
+  def test_post_devtable(self):
+    self._run_test('POST', 400, 'devtable', {})
+
+
 class TestDetachExternal(ApiTestCase):
  def setUp(self):
    ApiTestCase.setUp(self)