authentik/tests/e2e/test_provider_oauth2_oidc.py

"""test OAuth2 OpenID Provider flow"""
from json import loads
from sys import platform
from time import sleep
from unittest.case import skipUnless

from docker import DockerClient, from_env
from docker.models.containers import Container
from docker.types import Healthcheck
from selenium.webdriver.common.by import By
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.support import expected_conditions as ec
from structlog import get_logger

from passbook.core.models import Application
from passbook.crypto.models import CertificateKeyPair
from passbook.flows.models import Flow
from passbook.policies.expression.models import ExpressionPolicy
from passbook.policies.models import PolicyBinding
from passbook.providers.oauth2.constants import (
    SCOPE_OPENID,
    SCOPE_OPENID_EMAIL,
    SCOPE_OPENID_PROFILE,
)
from passbook.providers.oauth2.generators import (
    generate_client_id,
    generate_client_secret,
)
from passbook.providers.oauth2.models import (
    ClientTypes,
    OAuth2Provider,
    ResponseTypes,
    ScopeMapping,
)
from tests.e2e.utils import USER, SeleniumTestCase, retry

LOGGER = get_logger()


@skipUnless(platform.startswith("linux"), "requires local docker")
class TestProviderOAuth2OIDC(SeleniumTestCase):
    """test OAuth with OpenID Provider flow"""

    def setUp(self):
        self.client_id = generate_client_id()
        self.client_secret = generate_client_secret()
        self.application_slug = "test"
        super().setUp()

    def setup_client(self) -> Container:
        """Setup client saml-sp container which we test SAML against"""
        sleep(1)
        client: DockerClient = from_env()
        client.images.pull("beryju/oidc-test-client")
        container = client.containers.run(
            image="docker.beryju.org/proxy/beryju/oidc-test-client",
            detach=True,
            network_mode="host",
            auto_remove=True,
            healthcheck=Healthcheck(
                test=["CMD", "wget", "--spider", "http://localhost:9009/health"],
                interval=5 * 100 * 1000000,
                start_period=1 * 100 * 1000000,
            ),
            environment={
                "OIDC_CLIENT_ID": self.client_id,
                "OIDC_CLIENT_SECRET": self.client_secret,
                "OIDC_PROVIDER": f"{self.live_server_url}/application/o/{self.application_slug}/",
            },
        )
        while True:
            container.reload()
            status = container.attrs.get("State", {}).get("Health", {}).get("Status")
            if status == "healthy":
                return container
            LOGGER.info("Container failed healthcheck")
            sleep(1)

    @retry()
    def test_redirect_uri_error(self):
        """test OpenID Provider flow (invalid redirect URI, check error message)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-implicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name=self.application_slug,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            rsa_key=CertificateKeyPair.objects.first(),
            redirect_uris="http://localhost:9009/",
            authorization_flow=authorization_flow,
            response_type=ResponseTypes.CODE,
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_EMAIL, SCOPE_OPENID_PROFILE]
            )
        )
        provider.save()
        Application.objects.create(
            name=self.application_slug,
            slug=self.application_slug,
            provider=provider,
        )
        self.container = self.setup_client()

        self.driver.get("http://localhost:9009")

        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
        sleep(2)
        self.assertEqual(
            self.driver.find_element(By.CLASS_NAME, "pf-c-title").text,
            "Redirect URI Error",
        )

    @retry()
    def test_authorization_consent_implied(self):
        """test OpenID Provider flow (default authorization flow with implied consent)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-implicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name=self.application_slug,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            rsa_key=CertificateKeyPair.objects.first(),
            redirect_uris="http://localhost:9009/auth/callback",
            authorization_flow=authorization_flow,
            response_type=ResponseTypes.CODE,
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_EMAIL, SCOPE_OPENID_PROFILE]
            )
        )
        provider.save()
        Application.objects.create(
            name=self.application_slug,
            slug=self.application_slug,
            provider=provider,
        )
        self.container = self.setup_client()

        self.driver.get("http://localhost:9009")

        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)

        self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "pre")))
        body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)

        self.assertEqual(body["IDTokenClaims"]["nickname"], USER().username)
        self.assertEqual(body["UserInfo"]["nickname"], USER().username)

        self.assertEqual(body["IDTokenClaims"]["name"], USER().name)
        self.assertEqual(body["UserInfo"]["name"], USER().name)

        self.assertEqual(body["IDTokenClaims"]["email"], USER().email)
        self.assertEqual(body["UserInfo"]["email"], USER().email)

    @retry()
    def test_authorization_consent_explicit(self):
        """test OpenID Provider flow (default authorization flow with explicit consent)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-explicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name=self.application_slug,
            authorization_flow=authorization_flow,
            response_type=ResponseTypes.CODE,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            rsa_key=CertificateKeyPair.objects.first(),
            redirect_uris="http://localhost:9009/auth/callback",
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_EMAIL, SCOPE_OPENID_PROFILE]
            )
        )
        provider.save()
        app = Application.objects.create(
            name=self.application_slug,
            slug=self.application_slug,
            provider=provider,
        )
        self.container = self.setup_client()

        self.driver.get("http://localhost:9009")

        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)

        self.assertEqual(
            app.name,
            self.driver.find_element(By.ID, "application-name").text,
        )
        self.wait.until(
            ec.presence_of_element_located((By.CSS_SELECTOR, "[type=submit]"))
        )
        sleep(1)
        self.driver.find_element(By.CSS_SELECTOR, "[type=submit]").click()

        self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "pre")))
        body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)

        self.assertEqual(body["IDTokenClaims"]["nickname"], USER().username)
        self.assertEqual(body["UserInfo"]["nickname"], USER().username)

        self.assertEqual(body["IDTokenClaims"]["name"], USER().name)
        self.assertEqual(body["UserInfo"]["name"], USER().name)

        self.assertEqual(body["IDTokenClaims"]["email"], USER().email)
        self.assertEqual(body["UserInfo"]["email"], USER().email)

    @retry()
    def test_authorization_denied(self):
        """test OpenID Provider flow (default authorization with access deny)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-explicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name=self.application_slug,
            authorization_flow=authorization_flow,
            response_type=ResponseTypes.CODE,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            rsa_key=CertificateKeyPair.objects.first(),
            redirect_uris="http://localhost:9009/auth/callback",
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_EMAIL, SCOPE_OPENID_PROFILE]
            )
        )
        provider.save()
        app = Application.objects.create(
            name=self.application_slug,
            slug=self.application_slug,
            provider=provider,
        )

        negative_policy = ExpressionPolicy.objects.create(
            name="negative-static", expression="return False"
        )
        PolicyBinding.objects.create(target=app, policy=negative_policy, order=0)

        self.container = self.setup_client()
        self.driver.get("http://localhost:9009")

        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)

        self.wait.until(
            ec.presence_of_element_located((By.CSS_SELECTOR, "header > h1"))
        )
        self.assertEqual(
            self.driver.find_element(By.CSS_SELECTOR, "header > h1").text,
            "Permission denied",
        )
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`"""test OAuth2 OpenID Provider flow"""`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`from json import loads`
pytest (#209) 2020-09-11 21:21:11 +00:00			`from sys import platform`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`from time import sleep`
pytest (#209) 2020-09-11 21:21:11 +00:00			`from unittest.case import skipUnless`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`from docker import DockerClient, from_env`
			`from docker.models.containers import Container`
root: automate system migrations, move docker to lifecycle folder 2020-09-09 22:14:59 +00:00			`from docker.types import Healthcheck`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`from selenium.webdriver.common.by import By`
			`from selenium.webdriver.common.keys import Keys`
e2e: add more failsafe 2020-06-21 16:36:43 +00:00			`from selenium.webdriver.support import expected_conditions as ec`
e2e: fix typo, log when docker healthcheck fails 2020-08-14 16:09:49 +00:00			`from structlog import get_logger`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00
			`from passbook.core.models import Application`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`from passbook.crypto.models import CertificateKeyPair`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`from passbook.flows.models import Flow`
e2e: Add denied tests for oauth and oidc provider 2020-07-02 19:55:02 +00:00			`from passbook.policies.expression.models import ExpressionPolicy`
			`from passbook.policies.models import PolicyBinding`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`from passbook.providers.oauth2.constants import (`
			`SCOPE_OPENID,`
			`SCOPE_OPENID_EMAIL,`
			`SCOPE_OPENID_PROFILE,`
			`)`
			`from passbook.providers.oauth2.generators import (`
			`generate_client_id,`
			`generate_client_secret,`
			`)`
			`from passbook.providers.oauth2.models import (`
			`ClientTypes,`
			`OAuth2Provider,`
			`ResponseTypes,`
			`ScopeMapping,`
			`)`
tests: move integration tests into separate folder, add separate pipeline task 2020-11-19 13:25:53 +00:00			`from tests.e2e.utils import USER, SeleniumTestCase, retry`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00
e2e: fix typo, log when docker healthcheck fails 2020-08-14 16:09:49 +00:00			`LOGGER = get_logger()`

e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00
pytest (#209) 2020-09-11 21:21:11 +00:00			`@skipUnless(platform.startswith("linux"), "requires local docker")`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`class TestProviderOAuth2OIDC(SeleniumTestCase):`
			`"""test OAuth with OpenID Provider flow"""`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00
			`def setUp(self):`
			`self.client_id = generate_client_id()`
			`self.client_secret = generate_client_secret()`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`self.application_slug = "test"`
e2e: only initialise selenium after setting up container 2020-07-10 14:49:25 +00:00			`super().setUp()`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`def setup_client(self) -> Container:`
			`"""Setup client saml-sp container which we test SAML against"""`
			`sleep(1)`
			`client: DockerClient = from_env()`
e2e: update for new saml-test-sp, pull image before run 2020-09-29 09:55:10 +00:00			`client.images.pull("beryju/oidc-test-client")`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`container = client.containers.run(`
e2e: use docker proxy for test images 2020-10-26 23:34:30 +00:00			`image="docker.beryju.org/proxy/beryju/oidc-test-client",`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`detach=True,`
			`network_mode="host",`
			`auto_remove=True,`
			`healthcheck=Healthcheck(`
			`test=["CMD", "wget", "--spider", "http://localhost:9009/health"],`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`interval=5 * 100 * 1000000,`
			`start_period=1 * 100 * 1000000,`
			`),`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`environment={`
			`"OIDC_CLIENT_ID": self.client_id,`
			`"OIDC_CLIENT_SECRET": self.client_secret,`
			`"OIDC_PROVIDER": f"{self.live_server_url}/application/o/{self.application_slug}/",`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`},`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`)`
			`while True:`
			`container.reload()`
			`status = container.attrs.get("State", {}).get("Health", {}).get("Status")`
			`if status == "healthy":`
			`return container`
			`LOGGER.info("Container failed healthcheck")`
			`sleep(1)`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00
e2e: add @retry decorator to make e2e tests more reliable 2020-10-20 16:42:26 +00:00			`@retry()`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`def test_redirect_uri_error(self):`
			`"""test OpenID Provider flow (invalid redirect URI, check error message)"""`
flows: change wording of consent on flows 2020-06-19 18:33:35 +00:00			`sleep(1)`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`# Bootstrap all needed objects`
*: fix not all migrations using db_alias 2020-06-19 18:35:38 +00:00			`authorization_flow = Flow.objects.get(`
			`slug="default-provider-authorization-implicit-consent"`
			`)`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`provider = OAuth2Provider.objects.create(`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`name=self.application_slug,`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`client_type=ClientTypes.CONFIDENTIAL,`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`client_id=self.client_id,`
			`client_secret=self.client_secret,`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`rsa_key=CertificateKeyPair.objects.first(),`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`redirect_uris="http://localhost:9009/",`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`authorization_flow=authorization_flow,`
			`response_type=ResponseTypes.CODE,`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`)`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`provider.property_mappings.set(`
			`ScopeMapping.objects.filter(`
			`scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_EMAIL, SCOPE_OPENID_PROFILE]`
			`)`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`)`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`provider.save()`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`Application.objects.create(`
*: apply new black styling 2020-09-30 17:34:22 +00:00			`name=self.application_slug,`
			`slug=self.application_slug,`
			`provider=provider,`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`)`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`self.container = self.setup_client()`

			`self.driver.get("http://localhost:9009")`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00
			`self.driver.find_element(By.ID, "id_uid_field").click()`
e2e: cleanup, use USER function instead of typing static strings 2020-06-20 21:52:06 +00:00			`self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)`
e2e: cleanup, use USER function instead of typing static strings 2020-06-20 21:52:06 +00:00			`self.driver.find_element(By.ID, "id_password").send_keys(USER().username)`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)`
			`sleep(2)`
			`self.assertEqual(`
			`self.driver.find_element(By.CLASS_NAME, "pf-c-title").text,`
			`"Redirect URI Error",`
			`)`

e2e: add @retry decorator to make e2e tests more reliable 2020-10-20 16:42:26 +00:00			`@retry()`
flows: change wording of consent on flows 2020-06-19 18:33:35 +00:00			`def test_authorization_consent_implied(self):`
			`"""test OpenID Provider flow (default authorization flow with implied consent)"""`
			`sleep(1)`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`# Bootstrap all needed objects`
flows: change wording of consent on flows 2020-06-19 18:33:35 +00:00			`authorization_flow = Flow.objects.get(`
			`slug="default-provider-authorization-implicit-consent"`
			`)`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`provider = OAuth2Provider.objects.create(`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`name=self.application_slug,`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`client_type=ClientTypes.CONFIDENTIAL,`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`client_id=self.client_id,`
			`client_secret=self.client_secret,`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`rsa_key=CertificateKeyPair.objects.first(),`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`redirect_uris="http://localhost:9009/auth/callback",`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`authorization_flow=authorization_flow,`
			`response_type=ResponseTypes.CODE,`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`)`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`provider.property_mappings.set(`
			`ScopeMapping.objects.filter(`
			`scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_EMAIL, SCOPE_OPENID_PROFILE]`
			`)`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`)`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`provider.save()`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00			`Application.objects.create(`
*: apply new black styling 2020-09-30 17:34:22 +00:00			`name=self.application_slug,`
			`slug=self.application_slug,`
			`provider=provider,`
providers/oauth2: fix end-session view not working, add tests 2020-09-17 19:55:01 +00:00			`)`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`self.container = self.setup_client()`

			`self.driver.get("http://localhost:9009")`
providers/oauth2: fix end-session view not working, add tests 2020-09-17 19:55:01 +00:00
			`self.driver.find_element(By.ID, "id_uid_field").click()`
			`self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)`
			`self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)`
			`self.driver.find_element(By.ID, "id_password").send_keys(USER().username)`
			`self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)`

e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "pre")))`
			`body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)`
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 17:34:27 +00:00
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`self.assertEqual(body["IDTokenClaims"]["nickname"], USER().username)`
			`self.assertEqual(body["UserInfo"]["nickname"], USER().username)`

			`self.assertEqual(body["IDTokenClaims"]["name"], USER().name)`
			`self.assertEqual(body["UserInfo"]["name"], USER().name)`

			`self.assertEqual(body["IDTokenClaims"]["email"], USER().email)`
			`self.assertEqual(body["UserInfo"]["email"], USER().email)`
e2e: add test for providers/oidc with consent 2020-06-19 18:26:04 +00:00
e2e: add @retry decorator to make e2e tests more reliable 2020-10-20 16:42:26 +00:00			`@retry()`
flows: change wording of consent on flows 2020-06-19 18:33:35 +00:00			`def test_authorization_consent_explicit(self):`
			`"""test OpenID Provider flow (default authorization flow with explicit consent)"""`
			`sleep(1)`
e2e: add test for providers/oidc with consent 2020-06-19 18:26:04 +00:00			`# Bootstrap all needed objects`
			`authorization_flow = Flow.objects.get(`
flows: change wording of consent on flows 2020-06-19 18:33:35 +00:00			`slug="default-provider-authorization-explicit-consent"`
e2e: add test for providers/oidc with consent 2020-06-19 18:26:04 +00:00			`)`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`provider = OAuth2Provider.objects.create(`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`name=self.application_slug,`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`authorization_flow=authorization_flow,`
			`response_type=ResponseTypes.CODE,`
			`client_type=ClientTypes.CONFIDENTIAL,`
e2e: add test for providers/oidc with consent 2020-06-19 18:26:04 +00:00			`client_id=self.client_id,`
			`client_secret=self.client_secret,`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`rsa_key=CertificateKeyPair.objects.first(),`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`redirect_uris="http://localhost:9009/auth/callback",`
e2e: add test for providers/oidc with consent 2020-06-19 18:26:04 +00:00			`)`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`provider.property_mappings.set(`
			`ScopeMapping.objects.filter(`
			`scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_EMAIL, SCOPE_OPENID_PROFILE]`
			`)`
e2e: add test for providers/oidc with consent 2020-06-19 18:26:04 +00:00			`)`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`provider.save()`
e2e: add test for providers/oidc with consent 2020-06-19 18:26:04 +00:00			`app = Application.objects.create(`
*: apply new black styling 2020-09-30 17:34:22 +00:00			`name=self.application_slug,`
			`slug=self.application_slug,`
			`provider=provider,`
e2e: add test for providers/oidc with consent 2020-06-19 18:26:04 +00:00			`)`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`self.container = self.setup_client()`

			`self.driver.get("http://localhost:9009")`
e2e: add test for providers/oidc with consent 2020-06-19 18:26:04 +00:00
			`self.driver.find_element(By.ID, "id_uid_field").click()`
e2e: cleanup, use USER function instead of typing static strings 2020-06-20 21:52:06 +00:00			`self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)`
e2e: add test for providers/oidc with consent 2020-06-19 18:26:04 +00:00			`self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)`
e2e: cleanup, use USER function instead of typing static strings 2020-06-20 21:52:06 +00:00			`self.driver.find_element(By.ID, "id_password").send_keys(USER().username)`
e2e: add test for providers/oidc with consent 2020-06-19 18:26:04 +00:00			`self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)`

e2e: cleanup tests, remove XPATH selectors 2020-09-28 16:17:07 +00:00			`self.assertEqual(`
*: apply new black styling 2020-09-30 17:34:22 +00:00			`app.name,`
			`self.driver.find_element(By.ID, "application-name").text,`
e2e: add test for providers/oidc with consent 2020-06-19 18:26:04 +00:00			`)`
e2e: add more failsafe 2020-06-21 17:03:13 +00:00			`self.wait.until(`
			`ec.presence_of_element_located((By.CSS_SELECTOR, "[type=submit]"))`
			`)`
core: fix autosubmit_form loading full template 2020-07-12 15:22:26 +00:00			`sleep(1)`
e2e: add test for providers/oidc with consent 2020-06-19 18:26:04 +00:00			`self.driver.find_element(By.CSS_SELECTOR, "[type=submit]").click()`

e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "pre")))`
			`body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)`

			`self.assertEqual(body["IDTokenClaims"]["nickname"], USER().username)`
			`self.assertEqual(body["UserInfo"]["nickname"], USER().username)`

			`self.assertEqual(body["IDTokenClaims"]["name"], USER().name)`
			`self.assertEqual(body["UserInfo"]["name"], USER().name)`

			`self.assertEqual(body["IDTokenClaims"]["email"], USER().email)`
			`self.assertEqual(body["UserInfo"]["email"], USER().email)`
e2e: Add denied tests for oauth and oidc provider 2020-07-02 19:55:02 +00:00
e2e: add @retry decorator to make e2e tests more reliable 2020-10-20 16:42:26 +00:00			`@retry()`
e2e: Add denied tests for oauth and oidc provider 2020-07-02 19:55:02 +00:00			`def test_authorization_denied(self):`
			`"""test OpenID Provider flow (default authorization with access deny)"""`
			`sleep(1)`
			`# Bootstrap all needed objects`
			`authorization_flow = Flow.objects.get(`
			`slug="default-provider-authorization-explicit-consent"`
			`)`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`provider = OAuth2Provider.objects.create(`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`name=self.application_slug,`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`authorization_flow=authorization_flow,`
			`response_type=ResponseTypes.CODE,`
			`client_type=ClientTypes.CONFIDENTIAL,`
e2e: Add denied tests for oauth and oidc provider 2020-07-02 19:55:02 +00:00			`client_id=self.client_id,`
			`client_secret=self.client_secret,`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`rsa_key=CertificateKeyPair.objects.first(),`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00			`redirect_uris="http://localhost:9009/auth/callback",`
e2e: Add denied tests for oauth and oidc provider 2020-07-02 19:55:02 +00:00			`)`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`provider.property_mappings.set(`
			`ScopeMapping.objects.filter(`
			`scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_EMAIL, SCOPE_OPENID_PROFILE]`
			`)`
e2e: Add denied tests for oauth and oidc provider 2020-07-02 19:55:02 +00:00			`)`
OAuth Provider Rewrite (#182) 2020-08-19 08:32:44 +00:00			`provider.save()`
e2e: Add denied tests for oauth and oidc provider 2020-07-02 19:55:02 +00:00			`app = Application.objects.create(`
*: apply new black styling 2020-09-30 17:34:22 +00:00			`name=self.application_slug,`
			`slug=self.application_slug,`
			`provider=provider,`
e2e: Add denied tests for oauth and oidc provider 2020-07-02 19:55:02 +00:00			`)`

			`negative_policy = ExpressionPolicy.objects.create(`
			`name="negative-static", expression="return False"`
			`)`
			`PolicyBinding.objects.create(target=app, policy=negative_policy, order=0)`
e2e: add oidc tests using oidc-test-client 2020-09-28 15:22:35 +00:00
			`self.container = self.setup_client()`
			`self.driver.get("http://localhost:9009")`

e2e: Add denied tests for oauth and oidc provider 2020-07-02 19:55:02 +00:00			`self.driver.find_element(By.ID, "id_uid_field").click()`
			`self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)`
			`self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)`
			`self.driver.find_element(By.ID, "id_password").send_keys(USER().username)`
			`self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)`
e2e: update e2e tests for new AccessDenied response 2020-09-15 08:29:59 +00:00
			`self.wait.until(`
			`ec.presence_of_element_located((By.CSS_SELECTOR, "header > h1"))`
			`)`
e2e: Add denied tests for oauth and oidc provider 2020-07-02 19:55:02 +00:00			`self.assertEqual(`
e2e: add tests for OAuth Source, update tests for new base templates 2020-07-08 22:41:14 +00:00			`self.driver.find_element(By.CSS_SELECTOR, "header > h1").text,`
e2e: Add denied tests for oauth and oidc provider 2020-07-02 19:55:02 +00:00			`"Permission denied",`
			`)`