ed897c7cb0
We don't need linking, just the ability to perform lookup
40 lines
1.4 KiB
Python
40 lines
1.4 KiB
Python
import pytest
|
|
|
|
from httmock import HTTMock
|
|
|
|
from data import model
|
|
from data.users.oidc import OIDCInternalAuth
|
|
from oauth.test.test_oidc import (id_token, oidc_service, signing_key, jwks_handler,
|
|
discovery_handler, app_config, http_client,
|
|
discovery_content)
|
|
from test.fixtures import *
|
|
|
|
@pytest.mark.parametrize('username, expect_success', [
|
|
('devtable', True),
|
|
('disabled', False)
|
|
])
|
|
def test_oidc_login(username, expect_success, app_config, id_token, jwks_handler,
|
|
discovery_handler, app):
|
|
internal_auth = OIDCInternalAuth(app_config, 'someoidc', False)
|
|
with HTTMock(jwks_handler, discovery_handler):
|
|
# Try an invalid token.
|
|
(user, err) = internal_auth.verify_credentials('someusername', 'invalidtoken')
|
|
assert err is not None
|
|
assert user is None
|
|
|
|
# Try a valid token for an unlinked user.
|
|
(user, err) = internal_auth.verify_credentials('someusername', id_token)
|
|
assert err is not None
|
|
assert user is None
|
|
|
|
# Link the user to the service.
|
|
model.user.attach_federated_login(model.user.get_user(username), 'someoidc', 'cooluser')
|
|
|
|
# Try a valid token for a linked user.
|
|
(user, err) = internal_auth.verify_credentials('someusername', id_token)
|
|
if expect_success:
|
|
assert err is None
|
|
assert user.username == username
|
|
else:
|
|
assert err is not None
|
|
assert user is None
|