Skip to content
Snippets Groups Projects
Verified Commit 8ae0863a authored by Antoine R. Dumont's avatar Antoine R. Dumont
Browse files

swh.auth: Add basic test for the well known endpoint 

Related to T3079
parent a0727184
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
mypy.ini
+ 2
2
View file @ 8ae0863a
......@@ -11,5 +11,5 @@ ignore_missing_imports = True
[mypy-pytest.*]
ignore_missing_imports = True
# [mypy-add_your_lib_here.*]
# ignore_missing_imports = True
[mypy-keycloak.*]
ignore_missing_imports = True
requirements-test.txt
+ 1
0
View file @ 8ae0863a
pytest
requests_mock
swh/auth/tests/conftest.py 0 → 100644
+ 176
0
View file @ 8ae0863a
# Copyright (C) 2021 The Software Heritage developers
# See the AUTHORS file at the top-level directory of this distribution
# License: GNU Affero General Public License version 3, or any later version
# See top-level LICENSE file for more information
import pytest
SERVER_URL = "http://keycloak:8080/keycloak/auth/"
REALM = "SoftwareHeritage"
WELL_KNOWN = {
"issuer": f"{SERVER_URL}realms/SoftwareHeritage",
"well-known": f"{SERVER_URL}realms/{REALM}/.well-known/openid-configuration",
"authorization_endpoint": f"{SERVER_URL}realms/{REALM}/protocol/openid-connect/auth", # noqa
"token_endpoint": f"{SERVER_URL}realms/{REALM}/protocol/openid-connect/token",
"introspection_endpoint": f"{SERVER_URL}realms/{REALM}/protocol/openid-connect/token/introspect", # noqa
"userinfo_endpoint": f"{SERVER_URL}realms/{REALM}/protocol/openid-connect/userinfo",
"end_session_endpoint": f"{SERVER_URL}realms/{REALM}/protocol/openid-connect/logout", # noqa
"jwks_uri": "{SERVER_URL}realms/{REALM}/protocol/openid-connect/certs",
"check_session_iframe": "{SERVER_URL}realms/{REALM}/protocol/openid-connect/login-status-iframe.html", # noqa
"grant_types_supported": [
"authorization_code",
"implicit",
"refresh_token",
"password",
"client_credentials",
],
"response_types_supported": [
"code",
"none",
"id_token",
"token",
"id_token token",
"code id_token",
"code token",
"code id_token token",
],
"subject_types_supported": ["public", "pairwise"],
"id_token_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512",
],
"id_token_encryption_alg_values_supported": ["RSA-OAEP", "RSA-OAEP-256", "RSA1_5"],
"id_token_encryption_enc_values_supported": [
"A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512",
],
"userinfo_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512",
"none",
],
"request_object_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512",
"none",
],
"response_modes_supported": ["query", "fragment", "form_post"],
"registration_endpoint": "{SERVER_URL}realms/{REALM}/clients-registrations/openid-connect", # noqa
"token_endpoint_auth_methods_supported": [
"private_key_jwt",
"client_secret_basic",
"client_secret_post",
"tls_client_auth",
"client_secret_jwt",
],
"token_endpoint_auth_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512",
],
"claims_supported": [
"aud",
"sub",
"iss",
"auth_time",
"name",
"given_name",
"family_name",
"preferred_username",
"email",
"acr",
],
"claim_types_supported": ["normal"],
"claims_parameter_supported": True,
"scopes_supported": [
"openid",
"microprofile-jwt",
"web-origins",
"roles",
"phone",
"address",
"email",
"profile",
"offline_access",
],
"request_parameter_supported": True,
"request_uri_parameter_supported": True,
"require_request_uri_registration": True,
"code_challenge_methods_supported": ["plain", "S256"],
"tls_client_certificate_bound_access_tokens": True,
"revocation_endpoint": "{SERVER_URL}realms/{REALM}/protocol/openid-connect/revoke",
"revocation_endpoint_auth_methods_supported": [
"private_key_jwt",
"client_secret_basic",
"client_secret_post",
"tls_client_auth",
"client_secret_jwt",
],
"revocation_endpoint_auth_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512",
],
"backchannel_logout_supported": True,
"backchannel_logout_session_supported": True,
}
@pytest.fixture
def mock_keycloak(requests_mock):
requests_mock.get(WELL_KNOWN["well-known"], json=WELL_KNOWN)
return requests_mock
swh/auth/tests/test_auth.py 0 → 100644
+ 25
0
View file @ 8ae0863a
# Copyright (C) 2021 The Software Heritage developers
# See the AUTHORS file at the top-level directory of this distribution
# License: GNU Affero General Public License version 3, or any later version
# See top-level LICENSE file for more information
import pytest
from swh.auth import KeycloakOpenIDConnect
from .conftest import REALM, SERVER_URL, WELL_KNOWN
@pytest.fixture
def keycloak_open_id_connect():
return KeycloakOpenIDConnect(
server_url=SERVER_URL, realm_name=REALM, client_id="client-id",
)
def test_auth_well_known(mock_keycloak, keycloak_open_id_connect):
well_known_result = keycloak_open_id_connect.well_known()
assert well_known_result is not None
assert well_known_result == WELL_KNOWN
assert mock_keycloak.called
swh/auth/tests/test_nothing.py deleted 100644 → 0
+ 0
3
View file @ a0727184
def test_nothing():
# Placeholder; remove this when we add actual tests
pass
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment