Added openid_connect tests

src/keycloak/openid_connect.py

@@ -1,3 +1,5 @@
+from collections import OrderedDict
+
 try:
     from urllib.parse import urlencode
 except ImportError:
@@ -123,10 +125,10 @@ def authorization_url(self, response_type='code', redirect_uri=None,
         :return: URL to redirect the resource owner to
         :rtype: str
         """
-        payload = {
-            'response_type': response_type,
-            'client_id': self._client_id
-        }
+        payload = OrderedDict(
+            response_type=response_type,
+            client_id=self._client_id
+        )
         if redirect_uri:
             payload['redirect_uri'] = redirect_uri
 
@@ -180,7 +182,7 @@ def refresh_token(self, refresh_token, grant_type='refresh_token',
         """
         if scope:
             return self._token_request(grant_type=grant_type,
-                                       refresh_token=refresh_token, scope=None)
+                                       refresh_token=refresh_token, scope=scope)
         else:
             return self._token_request(grant_type=grant_type,
                                        refresh_token=refresh_token)

tests/keycloak/test_openid_connect.py

@@ -0,0 +1,137 @@
+import mock
+
+from unittest import TestCase
+
+from keycloak.openid_connect import KeycloakOpenidConnect
+from keycloak.realm import KeycloakRealm
+from keycloak.well_known import KeycloakWellKnown
+
+
+class KeycloakOpenidConnectTestCase(TestCase):
+
+    def setUp(self):
+        self.realm = mock.MagicMock(spec_set=KeycloakRealm)
+        self.client_id = 'client-id'
+        self.client_secret = 'client-secret'
+
+        self.openid_client = KeycloakOpenidConnect(
+            realm=self.realm,
+            client_id=self.client_id,
+            client_secret=self.client_secret
+        )
+        self.openid_client.well_known.contents = {
+            'end_session_endpoint': 'https://logout',
+            'jwks_uri': 'https://certs',
+            'userinfo_endpoint': 'https://userinfo',
+            'authorization_endpoint': 'https://authorization',
+            'token_endpoint': 'https://token'
+        }
+
+
+    def test_well_known(self):
+        """
+        Case: .well-known is requested
+        Expected: it's returned and the second time the same is returned
+        """
+        well_known = self.openid_client.well_known
+
+        self.assertIsInstance(well_known, KeycloakWellKnown)
+        self.assertEqual(well_known, self.openid_client.well_known)
+
+    @mock.patch('keycloak.openid_connect.jwt')
+    def test_decode_token(self, patched_jwt):
+        self.openid_client.decode_token(token='test-token', key='test-key')
+        patched_jwt.decode.assert_called_once_with('test-token', 'test-key',
+                                                   algorithms=['RS256'],
+                                                   audience=self.client_id)
+
+    def test_logout(self):
+
+        result = self.openid_client.logout(refresh_token='refresh-token')
+        self.realm.client.post.assert_called_once_with(
+            'https://logout',
+            data={
+                'refresh_token': 'refresh-token',
+                'client_id': self.client_id,
+                'client_secret': self.client_secret
+            }
+        )
+        self.assertEqual(result, self.realm.client.post.return_value)
+
+    def test_certs(self):
+        result = self.openid_client.certs()
+        self.realm.client.get('https://certs')
+
+        self.assertEqual(result, self.realm.client.get.return_value)
+
+    def test_userinfo(self):
+        result = self.openid_client.userinfo(token='token')
+        self.realm.client.get.assert_called_once_with(
+            'https://userinfo',
+            headers={
+                'Authorization': 'Bearer token'
+            }
+        )
+        self.assertEqual(result, self.realm.client.get.return_value)
+
+    def test_authorization_url(self):
+        result = self.openid_client.authorization_url(
+            redirect_uri='https://redirect-url',
+            scope='scope other-scope',
+            state='some-state'
+        )
+        self.assertEqual(
+            result,
+            'https://authorization?response_type=code&client_id=client-id&'
+            'redirect_uri=https%3A%2F%2Fredirect-url&scope=scope+other-scope&'
+            'state=some-state'
+        )
+
+    def test_authorization_code(self):
+        response = self.openid_client.authorization_code(
+            code='some-code',
+            redirect_uri='https://redirect-uri'
+        )
+        self.realm.client.post.assert_called_once_with(
+            'https://token',
+            data={
+                'grant_type': 'authorization_code',
+                'client_id': self.client_id,
+                'client_secret': self.client_secret,
+                'code': 'some-code',
+                'redirect_uri': 'https://redirect-uri'
+            }
+        )
+        self.assertEqual(response, self.realm.client.post.return_value)
+
+    def test_client_credentials(self):
+        response = self.openid_client.client_credentials(
+            scope='scope another-scope'
+        )
+        self.realm.client.post.assert_called_once_with(
+            'https://token',
+            data={
+                'grant_type': 'client_credentials',
+                'client_id': self.client_id,
+                'client_secret': self.client_secret,
+                'scope': 'scope another-scope'
+            }
+        )
+        self.assertEqual(response, self.realm.client.post.return_value)
+
+    def test_refresh_token(self):
+        response = self.openid_client.refresh_token(
+            refresh_token='refresh-token',
+            scope='scope another-scope',
+        )
+        self.realm.client.post.assert_called_once_with(
+            'https://token',
+            data={
+                'grant_type': 'refresh_token',
+                'client_id': self.client_id,
+                'client_secret': self.client_secret,
+                'scope': 'scope another-scope',
+                'refresh_token': 'refresh-token'
+            }
+        )
+        self.assertEqual(response, self.realm.client.post.return_value)