providers/oauth2: start adding tests for OAuthAuthorizationParams

2020-12-13 23:14:35 +01:00 · 2020-12-13 23:14:35 +01:00 · ae1a8842db
parent a3b17d1ed4
commit ae1a8842db
3 changed files with 47 additions and 1 deletions
--- a/authentik/providers/oauth2/tests/init.py
+++ b/authentik/providers/oauth2/tests/init.py
--- a/authentik/providers/oauth2/tests/test_views_authorize.py
+++ b/authentik/providers/oauth2/tests/test_views_authorize.py
@ -0,0 +1,46 @@
+"""Test authorize view"""
+from django.test import RequestFactory, TestCase
+
+from authentik.flows.models import Flow
+from authentik.providers.oauth2.errors import (
+    AuthorizeError,
+    ClientIdError,
+    RedirectUriError,
+)
+from authentik.providers.oauth2.models import OAuth2Provider
+from authentik.providers.oauth2.views.authorize import OAuthAuthorizationParams
+
+
+class TestViewsAuthorize(TestCase):
+    """Test authorize view"""
+
+    def setUp(self) -> None:
+        super().setUp()
+        self.factory = RequestFactory()
+
+    def test_invalid_grant_type(self):
+        """Test with invalid grant type"""
+        with self.assertRaises(AuthorizeError):
+            request = self.factory.get("/", data={"response_type": "invalid"})
+            OAuthAuthorizationParams.from_request(request)
+
+    def test_invalid_client_id(self):
+        """Test invalid client ID"""
+        with self.assertRaises(ClientIdError):
+            request = self.factory.get(
+                "/", data={"response_type": "code", "client_id": "invalid"}
+            )
+            OAuthAuthorizationParams.from_request(request)
+
+    def test_missing_redirect_uri(self):
+        """test missing redirect URI"""
+        OAuth2Provider.objects.create(
+            name="test",
+            client_id="test",
+            authorization_flow=Flow.objects.first(),
+        )
+        with self.assertRaises(RedirectUriError):
+            request = self.factory.get(
+                "/", data={"response_type": "code", "client_id": "test"}
+            )
+            OAuthAuthorizationParams.from_request(request)
--- a/authentik/providers/oauth2/views/authorize.py
+++ b/authentik/providers/oauth2/views/authorize.py
@ -139,7 +139,7 @@ class OAuthAuthorizationParams:
        is_open_id = SCOPE_OPENID in self.scope

        # Redirect URI validation.
-        if is_open_id and not self.redirect_uri:
+        if not self.redirect_uri:
            LOGGER.warning("Missing redirect uri.")
            raise RedirectUriError()
        if self.redirect_uri.lower() not in [