diff options
author | David Robertson <davidr@element.io> | 2023-12-06 13:48:09 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-12-06 13:48:09 +0000 |
commit | fcf3c493c2c985dbfea3cac8eb0d4a079067cfaf (patch) | |
tree | 06847a36e1f4b51a4e43384a4bc7c6bf71f64a44 /tests | |
parent | Revert postgres logical replication deltaas (diff) | |
download | synapse-fcf3c493c2c985dbfea3cac8eb0d4a079067cfaf.tar.xz |
Expose OIDC discovery information under the CSAPI (#16726)
Co-authored-by: Quentin Gliech <quenting@element.io>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/rest/client/test_auth_issuer.py | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/tests/rest/client/test_auth_issuer.py b/tests/rest/client/test_auth_issuer.py new file mode 100644 index 0000000000..964baeec32 --- /dev/null +++ b/tests/rest/client/test_auth_issuer.py @@ -0,0 +1,59 @@ +# Copyright 2023 The Matrix.org Foundation C.I.C. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +from http import HTTPStatus + +from synapse.rest.client import auth_issuer + +from tests.unittest import HomeserverTestCase, override_config, skip_unless +from tests.utils import HAS_AUTHLIB + +ISSUER = "https://account.example.com/" + + +class AuthIssuerTestCase(HomeserverTestCase): + servlets = [ + auth_issuer.register_servlets, + ] + + def test_returns_404_when_msc3861_disabled(self) -> None: + # Make an unauthenticated request for the discovery info. + channel = self.make_request( + "GET", + "/_matrix/client/unstable/org.matrix.msc2965/auth_issuer", + ) + self.assertEqual(channel.code, HTTPStatus.NOT_FOUND) + + @skip_unless(HAS_AUTHLIB, "requires authlib") + @override_config( + { + "disable_registration": True, + "experimental_features": { + "msc3861": { + "enabled": True, + "issuer": ISSUER, + "client_id": "David Lister", + "client_auth_method": "client_secret_post", + "client_secret": "Who shot Mister Burns?", + } + }, + } + ) + def test_returns_issuer_when_oidc_enabled(self) -> None: + # Make an unauthenticated request for the discovery info. + channel = self.make_request( + "GET", + "/_matrix/client/unstable/org.matrix.msc2965/auth_issuer", + ) + self.assertEqual(channel.code, HTTPStatus.OK) + self.assertEqual(channel.json_body, {"issuer": ISSUER}) |