Add tests

5 years ago · 0dde28f2cc
5 changed files with 226 additions and 0 deletions
--- a/app/server/tests/cassettes/TestOktaOAuth2SocialAuth.test_fetch_permissions_is_admin.yaml
+++ b/app/server/tests/cassettes/TestOktaOAuth2SocialAuth.test_fetch_permissions_is_admin.yaml
@ -0,0 +1,38 @@
+interactions:
+- request:
+    body: ""
+    headers:
+      Accept:
+      - '*/*'
+      Accept-Encoding:
+      - gzip, deflate
+      Connection:
+      - keep-alive
+      Content-Length:
+      - '54'
+      Content-Type:
+      - application/json
+      User-Agent:
+      - python-requests/2.21.0
+    method: POST
+    uri: https://dev-000000.okta.com/oauth2/v1/userinfo
+  response:
+    body:
+      string: '{"sub":"agaga42hrey546","groups":["admin-group"]}'
+    headers:
+      Cache-Control:
+      - no-cache, no-store
+      Content-Type:
+      - application/json;charset=UTF-8
+      Date:
+      - Fri, 24 Apr 2020 02:54:39 GMT
+      Strict-Transport-Security:
+      - max-age=315360000
+      Transfer-Encoding:
+      - chunked
+      Vary:
+      - Accept-Encoding
+    status:
+      code: 200
+      message: OK
+version: 1
--- a/app/server/tests/cassettes/TestOktaOAuth2SocialAuth.test_fetch_permissions_not_admin.yaml
+++ b/app/server/tests/cassettes/TestOktaOAuth2SocialAuth.test_fetch_permissions_not_admin.yaml
@ -0,0 +1,38 @@
+interactions:
+- request:
+    body: ""
+    headers:
+      Accept:
+      - '*/*'
+      Accept-Encoding:
+      - gzip, deflate
+      Connection:
+      - keep-alive
+      Content-Length:
+      - '54'
+      Content-Type:
+      - application/json
+      User-Agent:
+      - python-requests/2.21.0
+    method: POST
+    uri: https://dev-000000.okta.com/oauth2/v1/userinfo
+  response:
+    body:
+      string: '{"sub":"agaga42hrey546","groups":["user-group"]}'
+    headers:
+      Cache-Control:
+      - no-cache, no-store
+      Content-Type:
+      - application/json;charset=UTF-8
+      Date:
+      - Fri, 24 Apr 2020 02:54:39 GMT
+      Strict-Transport-Security:
+      - max-age=315360000
+      Transfer-Encoding:
+      - chunked
+      Vary:
+      - Accept-Encoding
+    status:
+      code: 200
+      message: OK
+version: 1
--- a/app/server/tests/cassettes/TestOktaOpenIdConnectSocialAuth.test_fetch_permissions_is_admin.yaml
+++ b/app/server/tests/cassettes/TestOktaOpenIdConnectSocialAuth.test_fetch_permissions_is_admin.yaml
@ -0,0 +1,38 @@
+interactions:
+- request:
+    body: ""
+    headers:
+      Accept:
+      - '*/*'
+      Accept-Encoding:
+      - gzip, deflate
+      Connection:
+      - keep-alive
+      Content-Length:
+      - '54'
+      Content-Type:
+      - application/json
+      User-Agent:
+      - python-requests/2.21.0
+    method: POST
+    uri: https://dev-000000.okta.com/oauth2/v1/userinfo
+  response:
+    body:
+      string: '{"sub":"agaga42hrey546","groups":["admin-group"]}'
+    headers:
+      Cache-Control:
+      - no-cache, no-store
+      Content-Type:
+      - application/json;charset=UTF-8
+      Date:
+      - Fri, 24 Apr 2020 02:54:39 GMT
+      Strict-Transport-Security:
+      - max-age=315360000
+      Transfer-Encoding:
+      - chunked
+      Vary:
+      - Accept-Encoding
+    status:
+      code: 200
+      message: OK
+version: 1
--- a/app/server/tests/cassettes/TestOktaOpenIdConnectSocialAuth.test_fetch_permissions_not_admin.yaml
+++ b/app/server/tests/cassettes/TestOktaOpenIdConnectSocialAuth.test_fetch_permissions_not_admin.yaml
@ -0,0 +1,38 @@
+interactions:
+- request:
+    body: ""
+    headers:
+      Accept:
+      - '*/*'
+      Accept-Encoding:
+      - gzip, deflate
+      Connection:
+      - keep-alive
+      Content-Length:
+      - '54'
+      Content-Type:
+      - application/json
+      User-Agent:
+      - python-requests/2.21.0
+    method: POST
+    uri: https://dev-000000.okta.com/oauth2/v1/userinfo
+  response:
+    body:
+      string: '{"sub":"agaga42hrey546","groups":["user-group"]}'
+    headers:
+      Cache-Control:
+      - no-cache, no-store
+      Content-Type:
+      - application/json;charset=UTF-8
+      Date:
+      - Fri, 24 Apr 2020 02:54:39 GMT
+      Strict-Transport-Security:
+      - max-age=315360000
+      Transfer-Encoding:
+      - chunked
+      Vary:
+      - Accept-Encoding
+    status:
+      code: 200
+      message: OK
+version: 1
--- a/app/server/tests/test_social_auth.py
+++ b/app/server/tests/test_social_auth.py
@ -2,6 +2,8 @@ from django.contrib.auth import get_user_model
 from django.test import TestCase, override_settings
 from social_core.backends.azuread_tenant import AzureADTenantOAuth2
 from social_core.backends.github import GithubOAuth2
+from social_core.backends.okta import OktaOAuth2
+from social_core.backends.okta_openidconnect import OktaOpenIdConnect
 from vcr_unittest import VCRMixin

 from .. import social_auth
@ -93,3 +95,75 @@ class TestAzureADTenantSocialAuth(VCRTestCase):
        )

        self.assertFalse(user.is_superuser)
+
+
+@override_settings(SOCIAL_AUTH_OKTA_OAUTH2_KEY='0000000000aaaaaaaaaa')  # nosec
+@override_settings(SOCIAL_AUTH_OKTA_OAUTH2_SECRET='bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb=')  # nosec
+@override_settings(SOCIAL_AUTH_OKTA_OAUTH2_API_URL='https://dev-000000.okta.com/oauth2')  # nosec
+@override_settings(OKTA_OAUTH2_ADMIN_GROUP_NAME='admin-group')
+class TestOktaOAuth2SocialAuth(VCRTestCase):
+    strategy = None
+    backend = OktaOAuth2(strategy=strategy)
+    access_token = 'censored'
+
+    def test_fetch_permissions_is_admin(self):
+        user = User()
+
+        social_auth.fetch_okta_oauth2_permissions(
+            strategy=self.strategy,
+            details={},
+            user=user,
+            backend=self.backend,
+            response={'access_token': self.access_token},
+        )
+
+        self.assertTrue(user.is_superuser)
+
+    def test_fetch_permissions_not_admin(self):
+        user = User()
+
+        social_auth.fetch_okta_oauth2_permissions(
+            strategy=self.strategy,
+            details={},
+            user=user,
+            backend=self.backend,
+            response={'access_token': self.access_token},
+        )
+
+        self.assertFalse(user.is_superuser)
+
+
+@override_settings(SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY='0000000000aaaaaaaaaa')  # nosec
+@override_settings(SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET='bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb=')  # nosec
+@override_settings(SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL='https://dev-000000.okta.com/oauth2')  # nosec
+@override_settings(OKTA_OPENIDCONNECT_ADMIN_GROUP_NAME='admin-group')
+class TestOktaOpenIdConnectSocialAuth(VCRTestCase):
+    strategy = None
+    backend = OktaOpenIdConnect(strategy=strategy)
+    access_token = 'censored'
+
+    def test_fetch_permissions_is_admin(self):
+        user = User()
+
+        social_auth.fetch_okta_openidconnect_permissions(
+            strategy=self.strategy,
+            details={},
+            user=user,
+            backend=self.backend,
+            response={'access_token': self.access_token},
+        )
+
+        self.assertTrue(user.is_superuser)
+
+    def test_fetch_permissions_not_admin(self):
+        user = User()
+
+        social_auth.fetch_okta_openidconnect_permissions(
+            strategy=self.strategy,
+            details={},
+            user=user,
+            backend=self.backend,
+            response={'access_token': self.access_token},
+        )
+
+        self.assertFalse(user.is_superuser)