Browse Source

test: added missing tests

pull/556/head
Richard Nemeth 8 months ago
parent
commit
9f57480dc0
No known key found for this signature in database GPG Key ID: 21C39470DF3DEC39
  1. 78
      tests/conftest.py
  2. 51
      tests/test_keycloak_admin.py
  3. 20
      tests/test_keycloak_openid.py

78
tests/conftest.py

@ -4,7 +4,7 @@ import ipaddress
import os
import uuid
from datetime import datetime, timedelta
from typing import Tuple
from typing import Generator, Tuple
import freezegun
import pytest
@ -337,7 +337,69 @@ def oid_with_credentials_authz(env: KeycloakTestEnv, realm: str, admin: Keycloak
@pytest.fixture
def realm(admin: KeycloakAdmin) -> str:
def oid_with_credentials_device(env: KeycloakTestEnv, realm: str, admin: KeycloakAdmin):
"""Fixture for an initialized KeycloakOpenID class and a random user credentials.
:param env: Keycloak test environment
:type env: KeycloakTestEnv
:param realm: Keycloak realm
:type realm: str
:param admin: Keycloak admin
:type admin: KeycloakAdmin
:yields: Keycloak OpenID client with user credentials
:rtype: Tuple[KeycloakOpenID, str, str]
"""
# Set the realm
admin.change_current_realm(realm)
# Create client
client = str(uuid.uuid4())
secret = str(uuid.uuid4())
client_id = admin.create_client(
payload={
"name": client,
"clientId": client,
"enabled": True,
"publicClient": False,
"protocol": "openid-connect",
"secret": secret,
"clientAuthenticatorType": "client-secret",
"attributes": {"oauth2.device.authorization.grant.enabled": True},
}
)
# Create user
username = str(uuid.uuid4())
password = str(uuid.uuid4())
user_id = admin.create_user(
payload={
"username": username,
"email": f"{username}@test.test",
"enabled": True,
"firstName": "first",
"lastName": "last",
"emailVerified": True,
"requiredActions": [],
"credentials": [{"type": "password", "value": password, "temporary": False}],
}
)
yield (
KeycloakOpenID(
server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
realm_name=realm,
client_id=client,
client_secret_key=secret,
),
username,
password,
)
# Cleanup
admin.delete_client(client_id=client_id)
admin.delete_user(user_id=user_id)
@pytest.fixture
def realm(admin: KeycloakAdmin) -> Generator[str, None, None]:
"""Fixture for a new random realm.
:param admin: Keycloak admin
@ -352,7 +414,7 @@ def realm(admin: KeycloakAdmin) -> str:
@pytest.fixture
def user(admin: KeycloakAdmin, realm: str) -> str:
def user(admin: KeycloakAdmin, realm: str) -> Generator[str, None, None]:
"""Fixture for a new random user.
:param admin: Keycloak admin
@ -370,7 +432,7 @@ def user(admin: KeycloakAdmin, realm: str) -> str:
@pytest.fixture
def group(admin: KeycloakAdmin, realm: str) -> str:
def group(admin: KeycloakAdmin, realm: str) -> Generator[str, None, None]:
"""Fixture for a new random group.
:param admin: Keycloak admin
@ -388,7 +450,7 @@ def group(admin: KeycloakAdmin, realm: str) -> str:
@pytest.fixture
def client(admin: KeycloakAdmin, realm: str) -> str:
def client(admin: KeycloakAdmin, realm: str) -> Generator[str, None, None]:
"""Fixture for a new random client.
:param admin: Keycloak admin
@ -406,7 +468,7 @@ def client(admin: KeycloakAdmin, realm: str) -> str:
@pytest.fixture
def client_role(admin: KeycloakAdmin, realm: str, client: str) -> str:
def client_role(admin: KeycloakAdmin, realm: str, client: str) -> Generator[str, None, None]:
"""Fixture for a new random client role.
:param admin: Keycloak admin
@ -426,7 +488,9 @@ def client_role(admin: KeycloakAdmin, realm: str, client: str) -> str:
@pytest.fixture
def composite_client_role(admin: KeycloakAdmin, realm: str, client: str, client_role: str) -> str:
def composite_client_role(
admin: KeycloakAdmin, realm: str, client: str, client_role: str
) -> Generator[str, None, None]:
"""Fixture for a new random composite client role.
:param admin: Keycloak admin

51
tests/test_keycloak_admin.py

@ -335,6 +335,16 @@ def test_users(admin: KeycloakAdmin, realm: str):
admin.update_user(user_id=user_id, payload={"wrong": "payload"})
assert err.match('400: b\'{"error":"Unrecognized field')
# Test disable user
res = admin.disable_user(user_id=user_id)
assert res == {}, res
assert not admin.get_user(user_id=user_id)["enabled"]
# Test enable user
res = admin.enable_user(user_id=user_id)
assert res == {}, res
assert admin.get_user(user_id=user_id)["enabled"]
# Test get users again
users = admin.get_users()
usernames = [x["username"] for x in users]
@ -388,6 +398,43 @@ def test_users(admin: KeycloakAdmin, realm: str):
assert err.match(USER_NOT_FOUND_REGEX)
def test_enable_disable_all_users(admin: KeycloakAdmin, realm: str):
"""Test enable and disable all users.
:param admin: Keycloak Admin client
:type admin: KeycloakAdmin
:param realm: Keycloak realm
:type realm: str
"""
admin.change_current_realm(realm)
user_id_1 = admin.create_user(
payload={"username": "test", "email": "test@test.test", "enabled": True}
)
user_id_2 = admin.create_user(
payload={"username": "test2", "email": "test2@test.test", "enabled": True}
)
user_id_3 = admin.create_user(
payload={"username": "test3", "email": "test3@test.test", "enabled": True}
)
assert admin.get_user(user_id_1)["enabled"]
assert admin.get_user(user_id_2)["enabled"]
assert admin.get_user(user_id_3)["enabled"]
admin.disable_all_users()
assert not admin.get_user(user_id_1)["enabled"]
assert not admin.get_user(user_id_2)["enabled"]
assert not admin.get_user(user_id_3)["enabled"]
admin.enable_all_users()
assert admin.get_user(user_id_1)["enabled"]
assert admin.get_user(user_id_2)["enabled"]
assert admin.get_user(user_id_3)["enabled"]
def test_users_roles(admin: KeycloakAdmin, realm: str):
"""Test users roles.
@ -1354,6 +1401,10 @@ def test_realm_roles(admin: KeycloakAdmin, realm: str):
admin.get_realm_role_groups(role_name="non-existent-role")
assert err.match(COULD_NOT_FIND_ROLE_REGEX)
# Test with query params
res = admin.get_realm_role_groups(role_name="test-realm-role-update", query={"max": 1})
assert len(res) == 1
# Test delete realm role
res = admin.delete_realm_role(role_name=composite_role)
assert res == dict(), res

20
tests/test_keycloak_openid.py

@ -479,3 +479,23 @@ def test_has_uma_access(
== "AuthStatus(is_authorized=False, is_logged_in=False, missing_permissions="
+ "{'Default Resource'})"
)
def test_device(oid_with_credentials_device: Tuple[KeycloakOpenID, str, str]):
"""Test device authorization flow.
:param oid_with_credentials_device: Keycloak OpenID client with pre-configured user
credentials and device authorization flow enabled
:type oid_with_credentials_device: Tuple[KeycloakOpenID, str, str]
"""
oid, _, _ = oid_with_credentials_device
res = oid.device()
assert res == {
"device_code": mock.ANY,
"user_code": mock.ANY,
"verification_uri": f"http://localhost:8081/realms/{oid.realm_name}/device",
"verification_uri_complete": f"http://localhost:8081/realms/{oid.realm_name}/"
+ f"device?user_code={res['user_code']}",
"expires_in": 600,
"interval": 5,
}
Loading…
Cancel
Save