From 0dde28f2cc97c097bda877031668f28d79f98d25 Mon Sep 17 00:00:00 2001 From: Setu Shah Date: Thu, 23 Apr 2020 19:25:20 -0700 Subject: [PATCH] Add tests --- ...lAuth.test_fetch_permissions_is_admin.yaml | 38 ++++++++++ ...Auth.test_fetch_permissions_not_admin.yaml | 38 ++++++++++ ...lAuth.test_fetch_permissions_is_admin.yaml | 38 ++++++++++ ...Auth.test_fetch_permissions_not_admin.yaml | 38 ++++++++++ app/server/tests/test_social_auth.py | 74 +++++++++++++++++++ 5 files changed, 226 insertions(+) create mode 100644 app/server/tests/cassettes/TestOktaOAuth2SocialAuth.test_fetch_permissions_is_admin.yaml create mode 100644 app/server/tests/cassettes/TestOktaOAuth2SocialAuth.test_fetch_permissions_not_admin.yaml create mode 100644 app/server/tests/cassettes/TestOktaOpenIdConnectSocialAuth.test_fetch_permissions_is_admin.yaml create mode 100644 app/server/tests/cassettes/TestOktaOpenIdConnectSocialAuth.test_fetch_permissions_not_admin.yaml diff --git a/app/server/tests/cassettes/TestOktaOAuth2SocialAuth.test_fetch_permissions_is_admin.yaml b/app/server/tests/cassettes/TestOktaOAuth2SocialAuth.test_fetch_permissions_is_admin.yaml new file mode 100644 index 00000000..d28ea49d --- /dev/null +++ b/app/server/tests/cassettes/TestOktaOAuth2SocialAuth.test_fetch_permissions_is_admin.yaml @@ -0,0 +1,38 @@ +interactions: +- request: + body: "" + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '54' + Content-Type: + - application/json + User-Agent: + - python-requests/2.21.0 + method: POST + uri: https://dev-000000.okta.com/oauth2/v1/userinfo + response: + body: + string: '{"sub":"agaga42hrey546","groups":["admin-group"]}' + headers: + Cache-Control: + - no-cache, no-store + Content-Type: + - application/json;charset=UTF-8 + Date: + - Fri, 24 Apr 2020 02:54:39 GMT + Strict-Transport-Security: + - max-age=315360000 + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + status: + code: 200 + message: OK +version: 1 diff --git a/app/server/tests/cassettes/TestOktaOAuth2SocialAuth.test_fetch_permissions_not_admin.yaml b/app/server/tests/cassettes/TestOktaOAuth2SocialAuth.test_fetch_permissions_not_admin.yaml new file mode 100644 index 00000000..7339e4ff --- /dev/null +++ b/app/server/tests/cassettes/TestOktaOAuth2SocialAuth.test_fetch_permissions_not_admin.yaml @@ -0,0 +1,38 @@ +interactions: +- request: + body: "" + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '54' + Content-Type: + - application/json + User-Agent: + - python-requests/2.21.0 + method: POST + uri: https://dev-000000.okta.com/oauth2/v1/userinfo + response: + body: + string: '{"sub":"agaga42hrey546","groups":["user-group"]}' + headers: + Cache-Control: + - no-cache, no-store + Content-Type: + - application/json;charset=UTF-8 + Date: + - Fri, 24 Apr 2020 02:54:39 GMT + Strict-Transport-Security: + - max-age=315360000 + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + status: + code: 200 + message: OK +version: 1 diff --git a/app/server/tests/cassettes/TestOktaOpenIdConnectSocialAuth.test_fetch_permissions_is_admin.yaml b/app/server/tests/cassettes/TestOktaOpenIdConnectSocialAuth.test_fetch_permissions_is_admin.yaml new file mode 100644 index 00000000..d28ea49d --- /dev/null +++ b/app/server/tests/cassettes/TestOktaOpenIdConnectSocialAuth.test_fetch_permissions_is_admin.yaml @@ -0,0 +1,38 @@ +interactions: +- request: + body: "" + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '54' + Content-Type: + - application/json + User-Agent: + - python-requests/2.21.0 + method: POST + uri: https://dev-000000.okta.com/oauth2/v1/userinfo + response: + body: + string: '{"sub":"agaga42hrey546","groups":["admin-group"]}' + headers: + Cache-Control: + - no-cache, no-store + Content-Type: + - application/json;charset=UTF-8 + Date: + - Fri, 24 Apr 2020 02:54:39 GMT + Strict-Transport-Security: + - max-age=315360000 + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + status: + code: 200 + message: OK +version: 1 diff --git a/app/server/tests/cassettes/TestOktaOpenIdConnectSocialAuth.test_fetch_permissions_not_admin.yaml b/app/server/tests/cassettes/TestOktaOpenIdConnectSocialAuth.test_fetch_permissions_not_admin.yaml new file mode 100644 index 00000000..7339e4ff --- /dev/null +++ b/app/server/tests/cassettes/TestOktaOpenIdConnectSocialAuth.test_fetch_permissions_not_admin.yaml @@ -0,0 +1,38 @@ +interactions: +- request: + body: "" + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '54' + Content-Type: + - application/json + User-Agent: + - python-requests/2.21.0 + method: POST + uri: https://dev-000000.okta.com/oauth2/v1/userinfo + response: + body: + string: '{"sub":"agaga42hrey546","groups":["user-group"]}' + headers: + Cache-Control: + - no-cache, no-store + Content-Type: + - application/json;charset=UTF-8 + Date: + - Fri, 24 Apr 2020 02:54:39 GMT + Strict-Transport-Security: + - max-age=315360000 + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + status: + code: 200 + message: OK +version: 1 diff --git a/app/server/tests/test_social_auth.py b/app/server/tests/test_social_auth.py index e8eca0cd..386216d6 100644 --- a/app/server/tests/test_social_auth.py +++ b/app/server/tests/test_social_auth.py @@ -2,6 +2,8 @@ from django.contrib.auth import get_user_model from django.test import TestCase, override_settings from social_core.backends.azuread_tenant import AzureADTenantOAuth2 from social_core.backends.github import GithubOAuth2 +from social_core.backends.okta import OktaOAuth2 +from social_core.backends.okta_openidconnect import OktaOpenIdConnect from vcr_unittest import VCRMixin from .. import social_auth @@ -93,3 +95,75 @@ class TestAzureADTenantSocialAuth(VCRTestCase): ) self.assertFalse(user.is_superuser) + + +@override_settings(SOCIAL_AUTH_OKTA_OAUTH2_KEY='0000000000aaaaaaaaaa') # nosec +@override_settings(SOCIAL_AUTH_OKTA_OAUTH2_SECRET='bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb=') # nosec +@override_settings(SOCIAL_AUTH_OKTA_OAUTH2_API_URL='https://dev-000000.okta.com/oauth2') # nosec +@override_settings(OKTA_OAUTH2_ADMIN_GROUP_NAME='admin-group') +class TestOktaOAuth2SocialAuth(VCRTestCase): + strategy = None + backend = OktaOAuth2(strategy=strategy) + access_token = 'censored' + + def test_fetch_permissions_is_admin(self): + user = User() + + social_auth.fetch_okta_oauth2_permissions( + strategy=self.strategy, + details={}, + user=user, + backend=self.backend, + response={'access_token': self.access_token}, + ) + + self.assertTrue(user.is_superuser) + + def test_fetch_permissions_not_admin(self): + user = User() + + social_auth.fetch_okta_oauth2_permissions( + strategy=self.strategy, + details={}, + user=user, + backend=self.backend, + response={'access_token': self.access_token}, + ) + + self.assertFalse(user.is_superuser) + + +@override_settings(SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY='0000000000aaaaaaaaaa') # nosec +@override_settings(SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET='bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb=') # nosec +@override_settings(SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL='https://dev-000000.okta.com/oauth2') # nosec +@override_settings(OKTA_OPENIDCONNECT_ADMIN_GROUP_NAME='admin-group') +class TestOktaOpenIdConnectSocialAuth(VCRTestCase): + strategy = None + backend = OktaOpenIdConnect(strategy=strategy) + access_token = 'censored' + + def test_fetch_permissions_is_admin(self): + user = User() + + social_auth.fetch_okta_openidconnect_permissions( + strategy=self.strategy, + details={}, + user=user, + backend=self.backend, + response={'access_token': self.access_token}, + ) + + self.assertTrue(user.is_superuser) + + def test_fetch_permissions_not_admin(self): + user = User() + + social_auth.fetch_okta_openidconnect_permissions( + strategy=self.strategy, + details={}, + user=user, + backend=self.backend, + response={'access_token': self.access_token}, + ) + + self.assertFalse(user.is_superuser)