More tests for improved test coverage

Author: lullis

oauth2_provider/utils.py

@@ -1,13 +1,11 @@
 import functools
-import random
 import hashlib
+import random
 
 from django.conf import settings
 from jwcrypto import jwk
 from oauthlib.common import Request
 
-from .settings import oauth2_settings
-
 
 @functools.lru_cache()
 def jwk_from_pem(pem_string):
@@ -109,5 +107,8 @@ def session_management_state_key(request):
     """
     Determine value to use as session state.
     """
+
+    from oauth2_provider.settings import oauth2_settings
+
     key = request.session.session_key or str(oauth2_settings.OIDC_SESSION_MANAGEMENT_DEFAULT_SESSION_KEY)
     return hashlib.sha256(key.encode("utf-8")).hexdigest()

tests/app/idp/idp/urls.py

@@ -21,7 +21,8 @@
 
 
 urlpatterns = [
-    path('', TemplateView.as_view(template_name='home/index.html'), name='home'), # Maps the root URL to your home_view
+    # Maps the root URL to your home_view
+    path("", TemplateView.as_view(template_name="home/index.html"), name="home"),
     path("admin/", admin.site.urls),
     path("o/", include("oauth2_provider.urls", namespace="oauth2_provider")),
     path("accounts/", include("django.contrib.auth.urls")),

tests/test_django_checks.py

@@ -1,8 +1,15 @@
+from copy import deepcopy
+
 from django.core.management import call_command
 from django.core.management.base import SystemCheckError
 from django.test import override_settings
 
 from .common_testing import OAuth2ProviderTestCase as TestCase
+from .presets import OIDC_SETTINGS_SESSION_MANAGEMENT
+
+
+MISSING_DEFAULT_SESSION_KEY = deepcopy(OIDC_SETTINGS_SESSION_MANAGEMENT)
+MISSING_DEFAULT_SESSION_KEY["OIDC_SESSION_MANAGEMENT_DEFAULT_SESSION_KEY"] = None
 
 
 class DjangoChecksTestCase(TestCase):
@@ -18,3 +25,11 @@ def test_checks_fail_when_router_crosses_databases(self):
         message = "The token models are expected to be stored in the same database."
         with self.assertRaisesMessage(SystemCheckError, message):
             call_command("check")
+
+    @override_settings(OAUTH2_PROVIDER=MISSING_DEFAULT_SESSION_KEY)
+    def test_checks_fail_when_default_session_key_is_missing(self):
+        message = (
+            "OIDC Session management is enabled, OIDC_SESSION_MANAGEMENT_DEFAULT_SESSION_KEY is required."
+        )
+        with self.assertRaisesMessage(SystemCheckError, message):
+            call_command("check")

tests/test_oauth2_validators.py

@@ -228,7 +228,7 @@ def test_load_application_uses_cached_when_request_has_valid_client_matching_cli
         self.assertIs(self.request.client, self.application)
 
     def test_load_application_succeeds_when_request_has_invalid_client_valid_client_id(self):
-        self.request.client = 'invalid_client'
+        self.request.client = "invalid_client"
         application = self.validator._load_application("client_id", self.request)
         self.assertEqual(application, self.application)
         self.assertEqual(self.request.client, self.application)

tests/test_oidc_views.py

@@ -20,7 +20,12 @@
 )
 from oauth2_provider.oauth2_validators import OAuth2Validator
 from oauth2_provider.settings import oauth2_settings
-from oauth2_provider.views.oidc import RPInitiatedLogoutView, _load_id_token, _validate_claims
+from oauth2_provider.views.oidc import (
+    RPInitiatedLogoutView,
+    SessionIFrameView,
+    _load_id_token,
+    _validate_claims,
+)
 
 from . import presets
 from .common_testing import OAuth2ProviderTestCase as TestCase
@@ -116,6 +121,13 @@ def test_get_connect_discovery_info_with_rp_logout(self):
         self.oauth2_settings.OIDC_RP_INITIATED_LOGOUT_ENABLED = True
         self.expect_json_response_with_rp_logout(self.oauth2_settings.OIDC_ISS_ENDPOINT)
 
+    def test_get_session_manangement_iframe_endpoint(self):
+        self.oauth2_settings.OIDC_SESSION_MANAGEMENT_ENABLED = True
+        response = self.client.get(reverse("oauth2_provider:oidc-connect-discovery-info"))
+        self.assertEqual(response.status_code, 200)
+        response_data = response.json()
+        self.assertIn("check_session_iframe", response_data.keys())
+
     def test_get_connect_discovery_info_without_issuer_url(self):
         self.oauth2_settings.OIDC_ISS_ENDPOINT = None
         self.oauth2_settings.OIDC_USERINFO_ENDPOINT = None
@@ -216,29 +228,31 @@ def test_get_jwks_info_multiple_rsa_keys(self):
 
 @pytest.mark.usefixtures("oauth2_settings")
 @pytest.mark.oauth2_settings(presets.OIDC_SETTINGS_SESSION_MANAGEMENT)
-class TestAuthorizationView(TestCase):
-    def test_session_state_is_present_in_url(self):
+class TestSessionManagement(TestCase):
+    def setUp(self):
         User = get_user_model()
         Application = get_application_model()
 
-        User.objects.create_user("test_user", "test@example.com", "123456")
-        dev_user = User.objects.create_user("dev_user", "dev@example.com", "123456")
+        self.user = User.objects.create_user("test_user", "test@example.com", "123456")
+        self.developer = User.objects.create_user("dev_user", "dev@example.com", "123456")
 
-        application = Application.objects.create(
+        self.application = Application.objects.create(
             name="Test Application",
             redirect_uris=(
                 "http://localhost http://example.com http://example.org custom-scheme://example.com"
             ),
-            user=dev_user,
+            user=self.developer,
             client_type=Application.CLIENT_CONFIDENTIAL,
             authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
             client_secret="1234567890qwertyuiop",
         )
+
+    def test_session_state_is_present_in_authorization(self):
         self.client.login(username="test_user", password="123456")
         response = self.client.post(
             reverse("oauth2_provider:authorize"),
             {
-                "client_id": application.client_id,
+                "client_id": self.application.client_id,
                 "response_type": "code",
                 "state": "random_state_string",
                 "scope": "read write",
@@ -247,7 +261,16 @@ def test_session_state_is_present_in_url(self):
             },
         )
         self.assertEqual(response.status_code, 302)
-        self.assertTrue("session_state" in response["Location"])
+        self.assertIn("session_state", response["Location"])
+
+    def test_cookie_name_is_included_in_iframe_endpoint(self):
+        request = RequestFactory().get(reverse("oauth2_provider:session-iframe"))
+        request.user = self.user
+        view = SessionIFrameView()
+        view.setup(request)
+        context = view.get_context_data()
+        self.assertIn("cookie_name", context)
+        self.assertEqual(context["cookie_name"], "oidc_ua_agent_state")
 
 
 def mock_request():

tests/test_session_management.py

@@ -22,6 +22,11 @@ class TestOIDCSessionManagementMiddleware(TestCase):
     def setUp(self):
         User.objects.create_user("test_user", "test@example.com", "123456")
 
+    def test_response_is_intact_if_session_management_is_disabled(self):
+        self.oauth2_settings.OIDC_SESSION_MANAGEMENT_ENABLED = False
+        response = self.client.get("/a-resource")
+        self.assertFalse("oidc-session-test" in response.cookies.keys())
+
     def test_session_cookie_is_set_for_logged_users(self):
         self.client.login(username="test_user", password="123456")
         response = self.client.get("/a-resource")