diff options
| author | Shay <hillerys@element.io> | 2023-08-22 07:15:34 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-22 14:15:34 +0000 |
| commit | 69048f7b4848ab6a4ae6cb233f8cbf36d73c0ba1 (patch) | |
| tree | 36358213ec30b624ac550e77c9df7f318776676e /tests/handlers | |
| parent | Bump serde from 1.0.183 to 1.0.184 (#16139) (diff) | |
| download | synapse-69048f7b4848ab6a4ae6cb233f8cbf36d73c0ba1.tar.xz | |
Add an admin endpoint to allow authorizing server to signal token revocations (#16125)
Diffstat (limited to 'tests/handlers')
| -rw-r--r-- | tests/handlers/test_oauth_delegation.py | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/tests/handlers/test_oauth_delegation.py b/tests/handlers/test_oauth_delegation.py index 1456b675a7..b891e84690 100644 --- a/tests/handlers/test_oauth_delegation.py +++ b/tests/handlers/test_oauth_delegation.py @@ -14,7 +14,7 @@ from http import HTTPStatus from typing import Any, Dict, Union -from unittest.mock import ANY, Mock +from unittest.mock import ANY, AsyncMock, Mock from urllib.parse import parse_qs from signedjson.key import ( @@ -588,6 +588,38 @@ class MSC3861OAuthDelegation(HomeserverTestCase): ) self.assertEqual(self.http_client.request.call_count, 2) + def test_revocation_endpoint(self) -> None: + # mock introspection response and then admin verification response + self.http_client.request = AsyncMock( + side_effect=[ + FakeResponse.json( + code=200, payload={"active": True, "jti": "open_sesame"} + ), + FakeResponse.json( + code=200, + payload={ + "active": True, + "sub": SUBJECT, + "scope": " ".join([SYNAPSE_ADMIN_SCOPE, MATRIX_USER_SCOPE]), + "username": USERNAME, + }, + ), + ] + ) + + # cache a token to delete + introspection_token = self.get_success( + self.auth._introspect_token("open_sesame") # type: ignore[attr-defined] + ) + self.assertEqual(self.auth._token_cache.get("open_sesame"), introspection_token) # type: ignore[attr-defined] + + # delete the revoked token + introspection_token_id = "open_sesame" + url = f"/_synapse/admin/v1/OIDC_token_revocation/{introspection_token_id}" + channel = self.make_request("DELETE", url, access_token="mockAccessToken") + self.assertEqual(channel.code, 200) + self.assertEqual(self.auth._token_cache.get("open_sesame"), None) # type: ignore[attr-defined] + def make_device_keys(self, user_id: str, device_id: str) -> JsonDict: # We only generate a master key to simplify the test. master_signing_key = generate_signing_key(device_id) |