From 7031123c1fa3462290c20fa11c4c80b6732a5bf7 Mon Sep 17 00:00:00 2001 From: Richard Nemeth Date: Wed, 13 Jul 2022 07:31:04 +0000 Subject: [PATCH] test: finished off openid tests --- src/keycloak/keycloak_openid.py | 4 ++-- tests/conftest.py | 1 - tests/test_keycloak_openid.py | 41 +++++++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+), 3 deletions(-) diff --git a/src/keycloak/keycloak_openid.py b/src/keycloak/keycloak_openid.py index 0a45dc3..e2fcca1 100644 --- a/src/keycloak/keycloak_openid.py +++ b/src/keycloak/keycloak_openid.py @@ -524,7 +524,7 @@ class KeycloakOpenID: try: granted = self.uma_permissions(token, permissions) except (KeycloakPostError, KeycloakAuthenticationError) as e: - if e.response_code == 403: + if e.response_code == 403: # pragma: no cover return AuthStatus( is_logged_in=True, is_authorized=False, missing_permissions=needed ) @@ -540,7 +540,7 @@ class KeycloakOpenID: if not scopes: needed.discard(resource) continue - for scope in scopes: + for scope in scopes: # pragma: no cover needed.discard("{}#{}".format(resource, scope)) return AuthStatus( diff --git a/tests/conftest.py b/tests/conftest.py index 632c51b..5f340ae 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -192,7 +192,6 @@ def oid_with_credentials_authz(env: KeycloakTestEnv, realm: str, admin: Keycloak "roles": [{"id": admin.get_realm_role(role_name="offline_access")["id"]}], }, ) - admin.create_client_authz_resource # Create user username = str(uuid.uuid4()) password = str(uuid.uuid4()) diff --git a/tests/test_keycloak_openid.py b/tests/test_keycloak_openid.py index 0e94cd3..55c9d44 100644 --- a/tests/test_keycloak_openid.py +++ b/tests/test_keycloak_openid.py @@ -13,6 +13,7 @@ from keycloak.exceptions import ( KeycloakAuthorizationConfigError, KeycloakDeprecationError, KeycloakInvalidTokenError, + KeycloakPostError, KeycloakRPTNotFound, ) from keycloak.keycloak_admin import KeycloakAdmin @@ -349,3 +350,43 @@ def test_get_permissions(oid_with_credentials_authz: tuple[KeycloakOpenID, str, oid.logout(refresh_token=token["refresh_token"]) with pytest.raises(KeycloakInvalidTokenError): oid.get_permissions(token=token["access_token"]) + + +def test_uma_permissions(oid_with_credentials_authz: tuple[KeycloakOpenID, str, str]): + """Test UMA permissions.""" + oid, username, password = oid_with_credentials_authz + token = oid.token(username=username, password=password) + + assert len(oid.uma_permissions(token=token["access_token"])) == 1 + assert oid.uma_permissions(token=token["access_token"])[0]["rsname"] == "Default Resource" + + +def test_has_uma_access( + oid_with_credentials_authz: tuple[KeycloakOpenID, str, str], admin: KeycloakAdmin +): + """Test has UMA access.""" + oid, username, password = oid_with_credentials_authz + token = oid.token(username=username, password=password) + + assert ( + str(oid.has_uma_access(token=token["access_token"], permissions="")) + == "AuthStatus(is_authorized=True, is_logged_in=True, missing_permissions=set())" + ) + assert ( + str(oid.has_uma_access(token=token["access_token"], permissions="Default Resource")) + == "AuthStatus(is_authorized=True, is_logged_in=True, missing_permissions=set())" + ) + + with pytest.raises(KeycloakPostError): + oid.has_uma_access(token=token["access_token"], permissions="Does not exist") + + oid.logout(refresh_token=token["refresh_token"]) + assert ( + str(oid.has_uma_access(token=token["access_token"], permissions="")) + == "AuthStatus(is_authorized=False, is_logged_in=False, missing_permissions=set())" + ) + assert ( + str(oid.has_uma_access(token=admin.token["access_token"], permissions="Default Resource")) + == "AuthStatus(is_authorized=False, is_logged_in=False, missing_permissions=" + + "{'Default Resource'})" + )