Skip to content

Commit

Permalink
Merge pull request #3 from rglauco/op_test_revision
Browse files Browse the repository at this point in the history 
Op test revision
  • Loading branch information
@rglauco
rglauco committed Jul 6, 2023
2 parents 1b2f8c1 + a09e236 commit 04098d2
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 54 deletions.
66 changes: 33 additions & 33 deletions spid_cie_oidc/provider/tests/test_03_refresh_token.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,12 @@
from spid_cie_oidc.entity.jwtse import create_jws, verify_jws
from spid_cie_oidc.entity.models import (
FederationEntityConfiguration,
FetchedEntityStatement,
FetchedEntityStatement,
TrustChain
)
from spid_cie_oidc.entity.tests.settings import TA_SUB
from spid_cie_oidc.entity.utils import (
datetime_from_timestamp,
datetime_from_timestamp,
exp_from_now,
iat_now
)
Expand All @@ -27,10 +27,10 @@
RP_SUB = rp_conf["sub"]
RP_CLIENT_ID = rp_conf["metadata"]["openid_relying_party"]["client_id"]

class RefreshTokenTest(TestCase):

class RefreshTokenTest(TestCase):

def setUp(self):
def setUp(self):
self.op_local_conf = deepcopy(op_conf)
FederationEntityConfiguration.objects.create(**self.op_local_conf)
self.ta_fes = FetchedEntityStatement.objects.create(
Expand All @@ -42,7 +42,7 @@ def setUp(self):
self.trust_chain = TrustChain.objects.create(
sub=RP_SUB,
exp=datetime_from_timestamp(exp_from_now(33)),
jwks = [],
jwks=[],
metadata=RP_METADATA,
status="valid",
trust_anchor=self.ta_fes,
Expand All @@ -67,61 +67,61 @@ def setUp(self):
}
self.rt_jws = create_jws(refresh_token, op_conf_priv_jwk)
session = OidcSession.objects.create(
user=User.objects.create(username = "username"),
user=User.objects.create(username="username"),
user_uid="",
nonce="",
authz_request={"scope": "offline_access", "prompt": "consent", "nonce": "123", "acr_values":["https://www.spid.gov.it/SpidL2"]},
client_id="",
authz_request={"scope": "offline_access", "prompt": "consent", "nonce": "123",
"acr_values": ["https://www.spid.gov.it/SpidL2", "https://www.spid.gov.it/SpidL1"]},
client_id=RP_SUB,
auth_code="code",
)
IssuedToken.objects.create(
refresh_token = self.rt_jws,
session = session,
expires = timezone.localtime()
refresh_token=self.rt_jws,
session=session,
expires=timezone.localtime()
)

def test_grant_refresh_token(self):
client = Client()
url = reverse("oidc_provider_token_endpoint")
request = dict(
client_id = RP_CLIENT_ID,
client_assertion = self.ca_jws,
client_assertion_type = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
refresh_token = self.rt_jws,
grant_type="refresh_token",
code = "code",
code_verifier = "code_verifier"
client_id=RP_CLIENT_ID,
client_assertion=self.ca_jws,
client_assertion_type="urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
refresh_token=self.rt_jws,
grant_type="refresh_token"
# code = "code",
# code_verifier = "code_verifier"

)
res = client.post(url, request)
self.assertTrue(res.status_code == 200)
refresh_token = verify_jws(res.json().get("refresh_token"), op_conf_priv_jwk)
self.assertEqual(refresh_token["sub"], RP_SUB)
self.assertEqual(refresh_token["aud"], RP_SUB)

@override_settings(OIDCFED_PROVIDER_MAX_REFRESH = 1)
@override_settings(OIDCFED_PROVIDER_MAX_REFRESH=1)
def test_grant_refresh_token_two_times(self):
client = Client()
url = reverse("oidc_provider_token_endpoint")
request = dict(
client_id = RP_CLIENT_ID,
client_assertion = self.ca_jws,
client_assertion_type = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
refresh_token = self.rt_jws,
client_id=RP_CLIENT_ID,
client_assertion=self.ca_jws,
client_assertion_type="urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
refresh_token=self.rt_jws,
grant_type="refresh_token",
code = "code",
code_verifier = "code_verifier"
code="code",
code_verifier="code_verifier"
)
res = client.post(url, request)
self.assertTrue(res.status_code == 200)
request = dict(
client_id = RP_CLIENT_ID,
client_assertion = self.ca_jws,
client_assertion_type = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
refresh_token = res.json()["refresh_token"],
client_id=RP_CLIENT_ID,
client_assertion=self.ca_jws,
client_assertion_type="urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
refresh_token=res.json()["refresh_token"],
grant_type="refresh_token",
code = "code",
code_verifier = "code_verifier"
code="code",
code_verifier="code_verifier"
)
res = client.post(url, request)
self.assertTrue(res.status_code == 400)

30 changes: 14 additions & 16 deletions spid_cie_oidc/provider/tests/test_11_user_access_history.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@

from django.contrib.auth import get_user_model
from django.test import Client, TestCase
from django.urls import reverse
Expand All @@ -8,13 +7,13 @@

class UserAccessHistoryTest(TestCase):

def setUp(self):
def setUp(self):
self.user = get_user_model().objects.create(
username="test",
first_name="test",
last_name="test",
email="test@test.it",
is_staff = True
is_staff=True
)
self.user.set_password("test")
self.user.save()
Expand All @@ -23,11 +22,11 @@ def setUp(self):
user_uid="uid",
nonce="",
authz_request={
"scope": "openid",
"nonce": "123",
"acr_values" : ["https://www.spid.gov.it/SpidL2"],
"redirect_uri" : rp_conf["metadata"]["openid_relying_party"]["redirect_uris"][0],
"state" : "state",
"scope": "openid",
"nonce": "123",
"acr_values": ["https://www.spid.gov.it/SpidL2"],
"redirect_uri": rp_conf["metadata"]["openid_relying_party"]["redirect_uris"][0],
"state": "state",
},
client_id="",
auth_code="auth_code",
Expand All @@ -37,22 +36,21 @@ def setUp(self):
user_uid="uid",
nonce="1234",
authz_request={
"scope": "openid",
"nonce": "1234",
"acr_values" : ["https://www.spid.gov.it/SpidL2"],
"redirect_uri" : rp_conf["metadata"]["openid_relying_party"]["redirect_uris"][0],
"state" : "state",
"scope": "openid",
"nonce": "1234",
"acr_values": ["https://www.spid.gov.it/SpidL2"],
"redirect_uri": rp_conf["metadata"]["openid_relying_party"]["redirect_uris"][0],
"state": "state",
},
client_id="",
auth_code="code",
)


def test_user_access_history(self):
client = Client()
client.login(username="test", password="test")
session = client.session
session.update({"oidc": {"auth_code": "code"}, "user_uid" : "uid"})
session.update({"oidc": {"auth_code": "code"}, "user_uid": "uid"})
session.save()
url = reverse("oidc_provider_access_history")
res = client.get(url)
Expand All @@ -63,7 +61,7 @@ def test_user_access_history_revoke(self):
client = Client()
client.login(username="test", password="test")
session = client.session
session.update({"oidc": {"auth_code": "code"}, "user_uid" : "uid"})
session.update({"oidc": {"auth_code": "code"}, "user_uid": "uid"})
session.save()
url = reverse("oidc_provider_revoke_session")
res = client.get(url, {"auth_code": "auth_code"})
Expand Down
2 changes: 1 addition & 1 deletion spid_cie_oidc/provider/views/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -322,7 +322,7 @@ def get_refresh_token(
"sub": sub,
"at_hash": left_hash(jwt_at, "HS256"),
"c_hash": left_hash(authz.auth_code, "HS256"),
"aud": [authz.client_id],
"aud": authz.client_id,
"iss": iss_sub,
}
refresh_token.update(commons)
Expand Down
5 changes: 1 addition & 4 deletions spid_cie_oidc/relying_party/views/rp_extend_session.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
@login_required
def oidc_rp_extend_session(request):
"""
Call the token revocation endpoint of the op
Call the token endpoint of the op
"""
auth_tokens = OidcAuthenticationToken.objects.filter(
user=request.user
Expand All @@ -53,11 +53,8 @@ def oidc_rp_extend_session(request):
return HttpResponseRedirect(default_logout_url)

auth_token = auth_tokens.last()
refresh_token = auth_token.refresh_token
#logger.info(refresh_token)

authz = auth_token.authz_request
provider_conf = authz.provider_configuration

rp_conf = FederationEntityConfiguration.objects.filter(
sub=authz.client_id,
Expand Down

0 comments on commit 04098d2

Please sign in to comment.