From 3a697caaef50254725d51fb052e999c1e9690a4b Mon Sep 17 00:00:00 2001
From: Richard Nemeth <ryshoooo@gmail.com>
Date: Tue, 12 Jul 2022 15:28:12 +0000
Subject: [PATCH] test: added load authorization config test

---
 src/keycloak/authorization/permission.py | 12 +++----
 src/keycloak/authorization/policy.py     | 20 +++++++----
 tests/conftest.py                        |  8 +++++
 tests/data/authz_settings.json           | 45 ++++++++++++++++++++++++
 tests/test_keycloak_openid.py            | 38 +++++++++++++++++++-
 5 files changed, 110 insertions(+), 13 deletions(-)
 create mode 100644 tests/data/authz_settings.json

diff --git a/src/keycloak/authorization/permission.py b/src/keycloak/authorization/permission.py
index a444f83..667f8c3 100644
--- a/src/keycloak/authorization/permission.py
+++ b/src/keycloak/authorization/permission.py
@@ -49,12 +49,12 @@ class Permission:
 
     def __init__(self, name, type, logic, decision_strategy):
         """Init method."""
-        self._name = name
-        self._type = type
-        self._logic = logic
-        self._decision_strategy = decision_strategy
-        self._resources = []
-        self._scopes = []
+        self.name = name
+        self.type = type
+        self.logic = logic
+        self.decision_strategy = decision_strategy
+        self.resources = []
+        self.scopes = []
 
     def __repr__(self):
         """Repr method."""
diff --git a/src/keycloak/authorization/policy.py b/src/keycloak/authorization/policy.py
index 6b558d8..7e03db0 100644
--- a/src/keycloak/authorization/policy.py
+++ b/src/keycloak/authorization/policy.py
@@ -43,12 +43,12 @@ class Policy:
 
     def __init__(self, name, type, logic, decision_strategy):
         """Init method."""
-        self._name = name
-        self._type = type
-        self._logic = logic
-        self._decision_strategy = decision_strategy
-        self._roles = []
-        self._permissions = []
+        self.name = name
+        self.type = type
+        self.logic = logic
+        self.decision_strategy = decision_strategy
+        self.roles = []
+        self.permissions = []
 
     def __repr__(self):
         """Repr method."""
@@ -99,11 +99,19 @@ class Policy:
         """Get roles."""
         return self._roles
 
+    @roles.setter
+    def roles(self, value):
+        self._roles = value
+
     @property
     def permissions(self):
         """Get permissions."""
         return self._permissions
 
+    @permissions.setter
+    def permissions(self, value):
+        self._permissions = value
+
     def add_role(self, role):
         """Add keycloak role in policy.
 
diff --git a/tests/conftest.py b/tests/conftest.py
index 47c9854..632c51b 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -185,6 +185,14 @@ def oid_with_credentials_authz(env: KeycloakTestEnv, realm: str, admin: Keycloak
             "serviceAccountsEnabled": True,
         }
     )
+    admin.create_client_authz_role_based_policy(
+        client_id=client_id,
+        payload={
+            "name": "test-authz-rb-policy",
+            "roles": [{"id": admin.get_realm_role(role_name="offline_access")["id"]}],
+        },
+    )
+    admin.create_client_authz_resource
     # Create user
     username = str(uuid.uuid4())
     password = str(uuid.uuid4())
diff --git a/tests/data/authz_settings.json b/tests/data/authz_settings.json
new file mode 100644
index 0000000..e051085
--- /dev/null
+++ b/tests/data/authz_settings.json
@@ -0,0 +1,45 @@
+{
+    "allowRemoteResourceManagement": true,
+    "policyEnforcementMode": "ENFORCING",
+    "policies": [
+        {
+            "name": "Default Policy",
+            "type": "js",
+            "logic": "POSITIVE",
+            "decisionStrategy": "AFFIRMATIVE",
+            "config": {
+                "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n"
+            }
+        },
+        {
+            "name": "test-authz-rb-policy",
+            "type": "role",
+            "logic": "POSITIVE",
+            "decisionStrategy": "UNANIMOUS",
+            "config": {
+                "roles": "[{\"id\":\"offline_access\",\"required\":false}]"
+            }
+        },
+        {
+            "name": "Default Permission",
+            "type": "resource",
+            "logic": "POSITIVE",
+            "decisionStrategy": "UNANIMOUS",
+            "config": {
+                "applyPolicies": "[\"test-authz-rb-policy\"]"
+            }
+        },
+        {
+            "name": "Test scope",
+            "type": "scope",
+            "logic": "POSITIVE",
+            "decisionStrategy": "UNANIMOUS",
+            "config": {
+                "scopes": "[]",
+                "applyPolicies": "[\"test-authz-rb-policy\"]"
+            }
+        }
+    ],
+    "scopes": [],
+    "decisionStrategy": "UNANIMOUS"
+}
\ No newline at end of file
diff --git a/tests/test_keycloak_openid.py b/tests/test_keycloak_openid.py
index 9ed2b88..f2c0f7e 100644
--- a/tests/test_keycloak_openid.py
+++ b/tests/test_keycloak_openid.py
@@ -4,8 +4,15 @@ from unittest import mock
 import pytest
 
 from keycloak.authorization import Authorization
+from keycloak.authorization.permission import Permission
+from keycloak.authorization.policy import Policy
+from keycloak.authorization.role import Role
 from keycloak.connection import ConnectionManager
-from keycloak.exceptions import KeycloakDeprecationError, KeycloakRPTNotFound
+from keycloak.exceptions import (
+    KeycloakAuthenticationError,
+    KeycloakDeprecationError,
+    KeycloakRPTNotFound,
+)
 from keycloak.keycloak_admin import KeycloakAdmin
 from keycloak.keycloak_openid import KeycloakOpenID
 
@@ -185,6 +192,18 @@ def test_exchange_token(
     assert token != new_token
 
 
+def test_logout(oid_with_credentials):
+    """Test logout."""
+    oid, username, password = oid_with_credentials
+
+    token = oid.token(username=username, password=password)
+    assert oid.userinfo(token=token["access_token"]) != dict()
+    assert oid.logout(refresh_token=token["refresh_token"]) == dict()
+
+    with pytest.raises(KeycloakAuthenticationError):
+        oid.userinfo(token=token["access_token"])
+
+
 def test_certs(oid: KeycloakOpenID):
     """Test certificates."""
     assert len(oid.certs()["keys"]) == 2
@@ -236,3 +255,20 @@ def test_decode_token(oid_with_credentials: tuple[KeycloakOpenID, str, str]):
         )["preferred_username"]
         == username
     )
+
+
+def test_load_authorization_config(
+    oid_with_credentials_authz: tuple[KeycloakOpenID, str, str], admin: KeycloakAdmin
+):
+    """Test load authorization config."""
+    oid, username, password = oid_with_credentials_authz
+
+    oid.load_authorization_config(path="tests/data/authz_settings.json")
+    assert "test-authz-rb-policy" in oid.authorization.policies
+    assert isinstance(oid.authorization.policies["test-authz-rb-policy"], Policy)
+    assert len(oid.authorization.policies["test-authz-rb-policy"].roles) == 1
+    assert isinstance(oid.authorization.policies["test-authz-rb-policy"].roles[0], Role)
+    assert len(oid.authorization.policies["test-authz-rb-policy"].permissions) == 2
+    assert isinstance(
+        oid.authorization.policies["test-authz-rb-policy"].permissions[0], Permission
+    )