diff options
Diffstat (limited to 'tests/handlers/test_oidc.py')
| -rw-r--r-- | tests/handlers/test_oidc.py | 135 |
1 files changed, 20 insertions, 115 deletions
diff --git a/tests/handlers/test_oidc.py b/tests/handlers/test_oidc.py index cfe3de5266..a25c89bd5b 100644 --- a/tests/handlers/test_oidc.py +++ b/tests/handlers/test_oidc.py @@ -252,6 +252,13 @@ class OidcHandlerTestCase(HomeserverTestCase): with patch.object(self.provider, "load_metadata", patched_load_metadata): self.get_failure(self.provider.load_jwks(force=True), RuntimeError) + # Return empty key set if JWKS are not used + self.provider._scopes = [] # not asking the openid scope + self.http_client.get_json.reset_mock() + jwks = self.get_success(self.provider.load_jwks(force=True)) + self.http_client.get_json.assert_not_called() + self.assertEqual(jwks, {"keys": []}) + @override_config({"oidc_config": DEFAULT_CONFIG}) def test_validate_config(self): """Provider metadatas are extensively validated.""" @@ -448,13 +455,7 @@ class OidcHandlerTestCase(HomeserverTestCase): self.get_success(self.handler.handle_oidc_callback(request)) auth_handler.complete_sso_login.assert_called_once_with( - expected_user_id, - "oidc", - request, - client_redirect_url, - None, - new_user=True, - auth_provider_session_id=None, + expected_user_id, "oidc", request, client_redirect_url, None, new_user=True ) self.provider._exchange_code.assert_called_once_with(code) self.provider._parse_id_token.assert_called_once_with(token, nonce=nonce) @@ -481,58 +482,17 @@ class OidcHandlerTestCase(HomeserverTestCase): self.provider._fetch_userinfo.reset_mock() # With userinfo fetching - self.provider._user_profile_method = "userinfo_endpoint" - token = { - "type": "bearer", - "access_token": "access_token", - } - self.provider._exchange_code = simple_async_mock(return_value=token) + self.provider._scopes = [] # do not ask the "openid" scope self.get_success(self.handler.handle_oidc_callback(request)) auth_handler.complete_sso_login.assert_called_once_with( - expected_user_id, - "oidc", - request, - client_redirect_url, - None, - new_user=False, - auth_provider_session_id=None, + expected_user_id, "oidc", request, client_redirect_url, None, new_user=False ) self.provider._exchange_code.assert_called_once_with(code) self.provider._parse_id_token.assert_not_called() self.provider._fetch_userinfo.assert_called_once_with(token) self.render_error.assert_not_called() - # With an ID token, userinfo fetching and sid in the ID token - self.provider._user_profile_method = "userinfo_endpoint" - token = { - "type": "bearer", - "access_token": "access_token", - "id_token": "id_token", - } - id_token = { - "sid": "abcdefgh", - } - self.provider._parse_id_token = simple_async_mock(return_value=id_token) - self.provider._exchange_code = simple_async_mock(return_value=token) - auth_handler.complete_sso_login.reset_mock() - self.provider._fetch_userinfo.reset_mock() - self.get_success(self.handler.handle_oidc_callback(request)) - - auth_handler.complete_sso_login.assert_called_once_with( - expected_user_id, - "oidc", - request, - client_redirect_url, - None, - new_user=False, - auth_provider_session_id=id_token["sid"], - ) - self.provider._exchange_code.assert_called_once_with(code) - self.provider._parse_id_token.assert_called_once_with(token, nonce=nonce) - self.provider._fetch_userinfo.assert_called_once_with(token) - self.render_error.assert_not_called() - # Handle userinfo fetching error self.provider._fetch_userinfo = simple_async_mock(raises=Exception()) self.get_success(self.handler.handle_oidc_callback(request)) @@ -816,7 +776,6 @@ class OidcHandlerTestCase(HomeserverTestCase): client_redirect_url, {"phone": "1234567"}, new_user=True, - auth_provider_session_id=None, ) @override_config({"oidc_config": DEFAULT_CONFIG}) @@ -831,13 +790,7 @@ class OidcHandlerTestCase(HomeserverTestCase): } self.get_success(_make_callback_with_userinfo(self.hs, userinfo)) auth_handler.complete_sso_login.assert_called_once_with( - "@test_user:test", - "oidc", - ANY, - ANY, - None, - new_user=True, - auth_provider_session_id=None, + "@test_user:test", "oidc", ANY, ANY, None, new_user=True ) auth_handler.complete_sso_login.reset_mock() @@ -848,13 +801,7 @@ class OidcHandlerTestCase(HomeserverTestCase): } self.get_success(_make_callback_with_userinfo(self.hs, userinfo)) auth_handler.complete_sso_login.assert_called_once_with( - "@test_user_2:test", - "oidc", - ANY, - ANY, - None, - new_user=True, - auth_provider_session_id=None, + "@test_user_2:test", "oidc", ANY, ANY, None, new_user=True ) auth_handler.complete_sso_login.reset_mock() @@ -891,26 +838,14 @@ class OidcHandlerTestCase(HomeserverTestCase): } self.get_success(_make_callback_with_userinfo(self.hs, userinfo)) auth_handler.complete_sso_login.assert_called_once_with( - user.to_string(), - "oidc", - ANY, - ANY, - None, - new_user=False, - auth_provider_session_id=None, + user.to_string(), "oidc", ANY, ANY, None, new_user=False ) auth_handler.complete_sso_login.reset_mock() # Subsequent calls should map to the same mxid. self.get_success(_make_callback_with_userinfo(self.hs, userinfo)) auth_handler.complete_sso_login.assert_called_once_with( - user.to_string(), - "oidc", - ANY, - ANY, - None, - new_user=False, - auth_provider_session_id=None, + user.to_string(), "oidc", ANY, ANY, None, new_user=False ) auth_handler.complete_sso_login.reset_mock() @@ -925,13 +860,7 @@ class OidcHandlerTestCase(HomeserverTestCase): } self.get_success(_make_callback_with_userinfo(self.hs, userinfo)) auth_handler.complete_sso_login.assert_called_once_with( - user.to_string(), - "oidc", - ANY, - ANY, - None, - new_user=False, - auth_provider_session_id=None, + user.to_string(), "oidc", ANY, ANY, None, new_user=False ) auth_handler.complete_sso_login.reset_mock() @@ -967,13 +896,7 @@ class OidcHandlerTestCase(HomeserverTestCase): self.get_success(_make_callback_with_userinfo(self.hs, userinfo)) auth_handler.complete_sso_login.assert_called_once_with( - "@TEST_USER_2:test", - "oidc", - ANY, - ANY, - None, - new_user=False, - auth_provider_session_id=None, + "@TEST_USER_2:test", "oidc", ANY, ANY, None, new_user=False ) @override_config({"oidc_config": DEFAULT_CONFIG}) @@ -1011,13 +934,7 @@ class OidcHandlerTestCase(HomeserverTestCase): # test_user is already taken, so test_user1 gets registered instead. auth_handler.complete_sso_login.assert_called_once_with( - "@test_user1:test", - "oidc", - ANY, - ANY, - None, - new_user=True, - auth_provider_session_id=None, + "@test_user1:test", "oidc", ANY, ANY, None, new_user=True ) auth_handler.complete_sso_login.reset_mock() @@ -1101,13 +1018,7 @@ class OidcHandlerTestCase(HomeserverTestCase): # check that the auth handler got called as expected auth_handler.complete_sso_login.assert_called_once_with( - "@tester:test", - "oidc", - ANY, - ANY, - None, - new_user=True, - auth_provider_session_id=None, + "@tester:test", "oidc", ANY, ANY, None, new_user=True ) @override_config( @@ -1132,13 +1043,7 @@ class OidcHandlerTestCase(HomeserverTestCase): # check that the auth handler got called as expected auth_handler.complete_sso_login.assert_called_once_with( - "@tester:test", - "oidc", - ANY, - ANY, - None, - new_user=True, - auth_provider_session_id=None, + "@tester:test", "oidc", ANY, ANY, None, new_user=True ) @override_config( @@ -1251,7 +1156,7 @@ async def _make_callback_with_userinfo( handler = hs.get_oidc_handler() provider = handler._providers["oidc"] - provider._exchange_code = simple_async_mock(return_value={"id_token": ""}) + provider._exchange_code = simple_async_mock(return_value={}) provider._parse_id_token = simple_async_mock(return_value=userinfo) provider._fetch_userinfo = simple_async_mock(return_value=userinfo) |