diff --git a/tests/handlers/test_oidc.py b/tests/handlers/test_oidc.py
index cfe3de5266..a25c89bd5b 100644
--- a/tests/handlers/test_oidc.py
+++ b/tests/handlers/test_oidc.py
@@ -252,6 +252,13 @@ class OidcHandlerTestCase(HomeserverTestCase):
with patch.object(self.provider, "load_metadata", patched_load_metadata):
self.get_failure(self.provider.load_jwks(force=True), RuntimeError)
+ # Return empty key set if JWKS are not used
+ self.provider._scopes = [] # not asking the openid scope
+ self.http_client.get_json.reset_mock()
+ jwks = self.get_success(self.provider.load_jwks(force=True))
+ self.http_client.get_json.assert_not_called()
+ self.assertEqual(jwks, {"keys": []})
+
@override_config({"oidc_config": DEFAULT_CONFIG})
def test_validate_config(self):
"""Provider metadatas are extensively validated."""
@@ -448,13 +455,7 @@ class OidcHandlerTestCase(HomeserverTestCase):
self.get_success(self.handler.handle_oidc_callback(request))
auth_handler.complete_sso_login.assert_called_once_with(
- expected_user_id,
- "oidc",
- request,
- client_redirect_url,
- None,
- new_user=True,
- auth_provider_session_id=None,
+ expected_user_id, "oidc", request, client_redirect_url, None, new_user=True
)
self.provider._exchange_code.assert_called_once_with(code)
self.provider._parse_id_token.assert_called_once_with(token, nonce=nonce)
@@ -481,58 +482,17 @@ class OidcHandlerTestCase(HomeserverTestCase):
self.provider._fetch_userinfo.reset_mock()
# With userinfo fetching
- self.provider._user_profile_method = "userinfo_endpoint"
- token = {
- "type": "bearer",
- "access_token": "access_token",
- }
- self.provider._exchange_code = simple_async_mock(return_value=token)
+ self.provider._scopes = [] # do not ask the "openid" scope
self.get_success(self.handler.handle_oidc_callback(request))
auth_handler.complete_sso_login.assert_called_once_with(
- expected_user_id,
- "oidc",
- request,
- client_redirect_url,
- None,
- new_user=False,
- auth_provider_session_id=None,
+ expected_user_id, "oidc", request, client_redirect_url, None, new_user=False
)
self.provider._exchange_code.assert_called_once_with(code)
self.provider._parse_id_token.assert_not_called()
self.provider._fetch_userinfo.assert_called_once_with(token)
self.render_error.assert_not_called()
- # With an ID token, userinfo fetching and sid in the ID token
- self.provider._user_profile_method = "userinfo_endpoint"
- token = {
- "type": "bearer",
- "access_token": "access_token",
- "id_token": "id_token",
- }
- id_token = {
- "sid": "abcdefgh",
- }
- self.provider._parse_id_token = simple_async_mock(return_value=id_token)
- self.provider._exchange_code = simple_async_mock(return_value=token)
- auth_handler.complete_sso_login.reset_mock()
- self.provider._fetch_userinfo.reset_mock()
- self.get_success(self.handler.handle_oidc_callback(request))
-
- auth_handler.complete_sso_login.assert_called_once_with(
- expected_user_id,
- "oidc",
- request,
- client_redirect_url,
- None,
- new_user=False,
- auth_provider_session_id=id_token["sid"],
- )
- self.provider._exchange_code.assert_called_once_with(code)
- self.provider._parse_id_token.assert_called_once_with(token, nonce=nonce)
- self.provider._fetch_userinfo.assert_called_once_with(token)
- self.render_error.assert_not_called()
-
# Handle userinfo fetching error
self.provider._fetch_userinfo = simple_async_mock(raises=Exception())
self.get_success(self.handler.handle_oidc_callback(request))
@@ -816,7 +776,6 @@ class OidcHandlerTestCase(HomeserverTestCase):
client_redirect_url,
{"phone": "1234567"},
new_user=True,
- auth_provider_session_id=None,
)
@override_config({"oidc_config": DEFAULT_CONFIG})
@@ -831,13 +790,7 @@ class OidcHandlerTestCase(HomeserverTestCase):
}
self.get_success(_make_callback_with_userinfo(self.hs, userinfo))
auth_handler.complete_sso_login.assert_called_once_with(
- "@test_user:test",
- "oidc",
- ANY,
- ANY,
- None,
- new_user=True,
- auth_provider_session_id=None,
+ "@test_user:test", "oidc", ANY, ANY, None, new_user=True
)
auth_handler.complete_sso_login.reset_mock()
@@ -848,13 +801,7 @@ class OidcHandlerTestCase(HomeserverTestCase):
}
self.get_success(_make_callback_with_userinfo(self.hs, userinfo))
auth_handler.complete_sso_login.assert_called_once_with(
- "@test_user_2:test",
- "oidc",
- ANY,
- ANY,
- None,
- new_user=True,
- auth_provider_session_id=None,
+ "@test_user_2:test", "oidc", ANY, ANY, None, new_user=True
)
auth_handler.complete_sso_login.reset_mock()
@@ -891,26 +838,14 @@ class OidcHandlerTestCase(HomeserverTestCase):
}
self.get_success(_make_callback_with_userinfo(self.hs, userinfo))
auth_handler.complete_sso_login.assert_called_once_with(
- user.to_string(),
- "oidc",
- ANY,
- ANY,
- None,
- new_user=False,
- auth_provider_session_id=None,
+ user.to_string(), "oidc", ANY, ANY, None, new_user=False
)
auth_handler.complete_sso_login.reset_mock()
# Subsequent calls should map to the same mxid.
self.get_success(_make_callback_with_userinfo(self.hs, userinfo))
auth_handler.complete_sso_login.assert_called_once_with(
- user.to_string(),
- "oidc",
- ANY,
- ANY,
- None,
- new_user=False,
- auth_provider_session_id=None,
+ user.to_string(), "oidc", ANY, ANY, None, new_user=False
)
auth_handler.complete_sso_login.reset_mock()
@@ -925,13 +860,7 @@ class OidcHandlerTestCase(HomeserverTestCase):
}
self.get_success(_make_callback_with_userinfo(self.hs, userinfo))
auth_handler.complete_sso_login.assert_called_once_with(
- user.to_string(),
- "oidc",
- ANY,
- ANY,
- None,
- new_user=False,
- auth_provider_session_id=None,
+ user.to_string(), "oidc", ANY, ANY, None, new_user=False
)
auth_handler.complete_sso_login.reset_mock()
@@ -967,13 +896,7 @@ class OidcHandlerTestCase(HomeserverTestCase):
self.get_success(_make_callback_with_userinfo(self.hs, userinfo))
auth_handler.complete_sso_login.assert_called_once_with(
- "@TEST_USER_2:test",
- "oidc",
- ANY,
- ANY,
- None,
- new_user=False,
- auth_provider_session_id=None,
+ "@TEST_USER_2:test", "oidc", ANY, ANY, None, new_user=False
)
@override_config({"oidc_config": DEFAULT_CONFIG})
@@ -1011,13 +934,7 @@ class OidcHandlerTestCase(HomeserverTestCase):
# test_user is already taken, so test_user1 gets registered instead.
auth_handler.complete_sso_login.assert_called_once_with(
- "@test_user1:test",
- "oidc",
- ANY,
- ANY,
- None,
- new_user=True,
- auth_provider_session_id=None,
+ "@test_user1:test", "oidc", ANY, ANY, None, new_user=True
)
auth_handler.complete_sso_login.reset_mock()
@@ -1101,13 +1018,7 @@ class OidcHandlerTestCase(HomeserverTestCase):
# check that the auth handler got called as expected
auth_handler.complete_sso_login.assert_called_once_with(
- "@tester:test",
- "oidc",
- ANY,
- ANY,
- None,
- new_user=True,
- auth_provider_session_id=None,
+ "@tester:test", "oidc", ANY, ANY, None, new_user=True
)
@override_config(
@@ -1132,13 +1043,7 @@ class OidcHandlerTestCase(HomeserverTestCase):
# check that the auth handler got called as expected
auth_handler.complete_sso_login.assert_called_once_with(
- "@tester:test",
- "oidc",
- ANY,
- ANY,
- None,
- new_user=True,
- auth_provider_session_id=None,
+ "@tester:test", "oidc", ANY, ANY, None, new_user=True
)
@override_config(
@@ -1251,7 +1156,7 @@ async def _make_callback_with_userinfo(
handler = hs.get_oidc_handler()
provider = handler._providers["oidc"]
- provider._exchange_code = simple_async_mock(return_value={"id_token": ""})
+ provider._exchange_code = simple_async_mock(return_value={})
provider._parse_id_token = simple_async_mock(return_value=userinfo)
provider._fetch_userinfo = simple_async_mock(return_value=userinfo)
|
