spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_authentication.py

"""Test_authentication."""
import base64
import json

import requests
from flask.app import Flask
from tests.spiffworkflow_backend.integration.base_test import BaseTest


class TestAuthentication(BaseTest):
    """TestAuthentication."""

    # def test_get_basic_token(self, app: Flask) -> None:
    #     for user_id in ('user_1', 'user_2', 'admin_1', 'admin_2'):
    #         basic_token = self.get_public_access_token(user_id, user_id)
    #         assert isinstance(basic_token, dict)
    #         assert 'access_token' in basic_token
    #         assert isinstance(basic_token['access_token'], str)
    #         assert 'refresh_token' in basic_token
    #         assert isinstance(basic_token['refresh_token'], str)
    #         assert 'token_type' in basic_token
    #         assert basic_token['token_type'] == 'Bearer'
    #         assert 'scope' in basic_token
    #         assert isinstance(basic_token['scope'], str)

    def test_get_token_script(self, app: Flask) -> None:
        """Test_get_token_script."""
        print("Test Get Token Script")

        (
            keycloak_server_url,
            keycloak_client_id,
            keycloak_realm_name,
            keycloak_client_secret_key,
        ) = self.get_keycloak_constants(app)
        keycloak_user = "ciuser1"
        keycloak_pass = "ciuser1"  # noqa: S105

        print(f"Test Get Token Script: keycloak_server_url: {keycloak_server_url}")
        print(f"Test Get Token Script: keycloak_client_id: {keycloak_client_id}")
        print(f"Test Get Token Script: keycloak_realm_name: {keycloak_realm_name}")
        print(
            f"Test Get Token Script: keycloak_client_secret_key: {keycloak_client_secret_key}"
        )

        frontend_client_id = "spiffworkflow-frontend"

        print(f"Test Get Token Script: frontend_client_id: {frontend_client_id}")

        # Get frontend token
        request_url = f"{keycloak_server_url}/realms/{keycloak_realm_name}/protocol/openid-connect/token"
        headers = {"Content-Type": "application/x-www-form-urlencoded"}
        post_data = {
            "grant_type": "password",
            "username": keycloak_user,
            "password": keycloak_pass,
            "client_id": frontend_client_id,
        }
        print(f"Test Get Token Script: request_url: {request_url}")
        print(f"Test Get Token Script: headers: {headers}")
        print(f"Test Get Token Script: post_data: {post_data}")

        frontend_response = requests.post(
            request_url, headers=headers, json=post_data, data=post_data
        )
        frontend_token = json.loads(frontend_response.text)

        print(f"Test Get Token Script: frontend_response: {frontend_response}")
        print(f"Test Get Token Script: frontend_token: {frontend_token}")

        # assert isinstance(frontend_token, dict)
        # assert isinstance(frontend_token["access_token"], str)
        # assert isinstance(frontend_token["refresh_token"], str)
        # assert frontend_token["expires_in"] == 300
        # assert frontend_token["refresh_expires_in"] == 1800
        # assert frontend_token["token_type"] == "Bearer"

        # Get backend token
        backend_basic_auth_string = f"{keycloak_client_id}:{keycloak_client_secret_key}"
        backend_basic_auth_bytes = bytes(backend_basic_auth_string, encoding="ascii")
        backend_basic_auth = base64.b64encode(backend_basic_auth_bytes)

        request_url = f"{keycloak_server_url}/realms/{keycloak_realm_name}/protocol/openid-connect/token"
        headers = {
            "Content-Type": "application/x-www-form-urlencoded",
            "Authorization": f"Basic {backend_basic_auth.decode('utf-8')}",
        }
        data = {
            "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
            "client_id": keycloak_client_id,
            "subject_token": frontend_token["access_token"],
            "audience": keycloak_client_id,
        }
        print(f"Test Get Token Script: request_url: {request_url}")
        print(f"Test Get Token Script: headers: {headers}")
        print(f"Test Get Token Script: data: {data}")

        backend_response = requests.post(request_url, headers=headers, data=data)
        json_data = json.loads(backend_response.text)
        backend_token = json_data["access_token"]
        print(f"Test Get Token Script: backend_response: {backend_response}")
        print(f"Test Get Token Script: backend_token: {backend_token}")

        if backend_token:
            # Getting resource set
            auth_bearer_string = f"Bearer {backend_token}"
            headers = {
                "Content-Type": "application/json",
                "Authorization": auth_bearer_string,
            }

            # uri_to_test_against = "%2Fprocess-models"
            uri_to_test_against = "/status"
            request_url = (
                f"{keycloak_server_url}/realms/{keycloak_realm_name}/authz/protection/resource_set?"
                + f"matchingUri=true&deep=true&max=-1&exactName=false&uri={uri_to_test_against}"
            )
            # f"uri={uri_to_test_against}"
            print(f"Test Get Token Script: request_url: {request_url}")
            print(f"Test Get Token Script: headers: {headers}")

            resource_result = requests.get(request_url, headers=headers)
            print(f"Test Get Token Script: resource_result: {resource_result}")

            json_data = json.loads(resource_result.text)
            resource_id_name_pairs = []
            for result in json_data:
                if "_id" in result and result["_id"]:
                    pair_key = result["_id"]
                    if "name" in result and result["name"]:
                        pair_value = result["name"]
                        # pair = {{result['_id']}: {}}
                    else:
                        pair_value = "no_name"
                        # pair = {{result['_id']}: }
                    pair = [pair_key, pair_value]
                    resource_id_name_pairs.append(pair)
            print(
                f"Test Get Token Script: resource_id_name_pairs: {resource_id_name_pairs}"
            )

            # Getting Permissions
            for resource_id_name_pair in resource_id_name_pairs:
                resource_id = resource_id_name_pair[0]
                resource_id_name_pair[1]

                headers = {
                    "Content-Type": "application/x-www-form-urlencoded",
                    "Authorization": f"Basic {backend_basic_auth.decode('utf-8')}",
                }

                post_data = {
                    "audience": keycloak_client_id,
                    "permission": resource_id,
                    "subject_token": backend_token,
                    "grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
                }
                print(f"Test Get Token Script: headers: {headers}")
                print(f"Test Get Token Script: post_data: {post_data}")
                print(f"Test Get Token Script: request_url: {request_url}")

                permission_result = requests.post(
                    request_url, headers=headers, data=post_data
                )
                print(f"Test Get Token Script: permission_result: {permission_result}")

        print("test_get_token_script")
mypy 2022-07-10 01:38:35 -04:00			`"""Test_authentication."""`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00			`import base64`
ran precommit stuff 2022-07-29 13:39:57 -04:00			`import json`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00
ran precommit stuff 2022-07-29 13:39:57 -04:00			`import requests`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00			`from flask.app import Flask`
			`from tests.spiffworkflow_backend.integration.base_test import BaseTest`


			`class TestAuthentication(BaseTest):`
ran precommit stuff 2022-07-29 13:39:57 -04:00			`"""TestAuthentication."""`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00
			`# def test_get_basic_token(self, app: Flask) -> None:`
			`# for user_id in ('user_1', 'user_2', 'admin_1', 'admin_2'):`
			`# basic_token = self.get_public_access_token(user_id, user_id)`
			`# assert isinstance(basic_token, dict)`
			`# assert 'access_token' in basic_token`
			`# assert isinstance(basic_token['access_token'], str)`
			`# assert 'refresh_token' in basic_token`
			`# assert isinstance(basic_token['refresh_token'], str)`
			`# assert 'token_type' in basic_token`
			`# assert basic_token['token_type'] == 'Bearer'`
			`# assert 'scope' in basic_token`
			`# assert isinstance(basic_token['scope'], str)`

			`def test_get_token_script(self, app: Flask) -> None:`
ran precommit stuff 2022-07-29 13:39:57 -04:00			`"""Test_get_token_script."""`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00			`print("Test Get Token Script")`

ran precommit stuff 2022-07-29 13:39:57 -04:00			`(`
			`keycloak_server_url,`
			`keycloak_client_id,`
			`keycloak_realm_name,`
			`keycloak_client_secret_key,`
			`) = self.get_keycloak_constants(app)`
			`keycloak_user = "ciuser1"`
Pre-commit 2022-08-01 13:29:10 -04:00			`keycloak_pass = "ciuser1" # noqa: S105`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00
			`print(f"Test Get Token Script: keycloak_server_url: {keycloak_server_url}")`
			`print(f"Test Get Token Script: keycloak_client_id: {keycloak_client_id}")`
			`print(f"Test Get Token Script: keycloak_realm_name: {keycloak_realm_name}")`
ran precommit stuff 2022-07-29 13:39:57 -04:00			`print(`
			`f"Test Get Token Script: keycloak_client_secret_key: {keycloak_client_secret_key}"`
			`)`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00
ran precommit stuff 2022-07-29 13:39:57 -04:00			`frontend_client_id = "spiffworkflow-frontend"`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00
			`print(f"Test Get Token Script: frontend_client_id: {frontend_client_id}")`

			`# Get frontend token`
			`request_url = f"{keycloak_server_url}/realms/{keycloak_realm_name}/protocol/openid-connect/token"`
			`headers = {"Content-Type": "application/x-www-form-urlencoded"}`
ran precommit stuff 2022-07-29 13:39:57 -04:00			`post_data = {`
			`"grant_type": "password",`
			`"username": keycloak_user,`
			`"password": keycloak_pass,`
			`"client_id": frontend_client_id,`
			`}`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00			`print(f"Test Get Token Script: request_url: {request_url}")`
			`print(f"Test Get Token Script: headers: {headers}")`
			`print(f"Test Get Token Script: post_data: {post_data}")`

ran precommit stuff 2022-07-29 13:39:57 -04:00			`frontend_response = requests.post(`
			`request_url, headers=headers, json=post_data, data=post_data`
			`)`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00			`frontend_token = json.loads(frontend_response.text)`

			`print(f"Test Get Token Script: frontend_response: {frontend_response}")`
			`print(f"Test Get Token Script: frontend_token: {frontend_token}")`

			`# assert isinstance(frontend_token, dict)`
			`# assert isinstance(frontend_token["access_token"], str)`
			`# assert isinstance(frontend_token["refresh_token"], str)`
			`# assert frontend_token["expires_in"] == 300`
			`# assert frontend_token["refresh_expires_in"] == 1800`
			`# assert frontend_token["token_type"] == "Bearer"`

			`# Get backend token`
Pre-commit 2022-08-01 13:29:10 -04:00			`backend_basic_auth_string = f"{keycloak_client_id}:{keycloak_client_secret_key}"`
			`backend_basic_auth_bytes = bytes(backend_basic_auth_string, encoding="ascii")`
			`backend_basic_auth = base64.b64encode(backend_basic_auth_bytes)`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00
			`request_url = f"{keycloak_server_url}/realms/{keycloak_realm_name}/protocol/openid-connect/token"`
ran precommit stuff 2022-07-29 13:39:57 -04:00			`headers = {`
			`"Content-Type": "application/x-www-form-urlencoded",`
Pre-commit 2022-08-01 13:29:10 -04:00			`"Authorization": f"Basic {backend_basic_auth.decode('utf-8')}",`
ran precommit stuff 2022-07-29 13:39:57 -04:00			`}`
			`data = {`
			`"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",`
			`"client_id": keycloak_client_id,`
			`"subject_token": frontend_token["access_token"],`
			`"audience": keycloak_client_id,`
			`}`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00			`print(f"Test Get Token Script: request_url: {request_url}")`
			`print(f"Test Get Token Script: headers: {headers}")`
			`print(f"Test Get Token Script: data: {data}")`

			`backend_response = requests.post(request_url, headers=headers, data=data)`
			`json_data = json.loads(backend_response.text)`
ran precommit stuff 2022-07-29 13:39:57 -04:00			`backend_token = json_data["access_token"]`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00			`print(f"Test Get Token Script: backend_response: {backend_response}")`
			`print(f"Test Get Token Script: backend_token: {backend_token}")`

			`if backend_token:`
			`# Getting resource set`
			`auth_bearer_string = f"Bearer {backend_token}"`
ran precommit stuff 2022-07-29 13:39:57 -04:00			`headers = {`
			`"Content-Type": "application/json",`
			`"Authorization": auth_bearer_string,`
			`}`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00
Pre-commit 2022-08-01 13:29:10 -04:00			`# uri_to_test_against = "%2Fprocess-models"`
			`uri_to_test_against = "/status"`
ran precommit stuff 2022-07-29 13:39:57 -04:00			`request_url = (`
			`f"{keycloak_server_url}/realms/{keycloak_realm_name}/authz/protection/resource_set?"`
Pre-commit 2022-08-01 13:29:10 -04:00			`+ f"matchingUri=true&deep=true&max=-1&exactName=false&uri={uri_to_test_against}"`
ran precommit stuff 2022-07-29 13:39:57 -04:00			`)`
Pre-commit 2022-08-01 13:29:10 -04:00			`# f"uri={uri_to_test_against}"`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00			`print(f"Test Get Token Script: request_url: {request_url}")`
			`print(f"Test Get Token Script: headers: {headers}")`

			`resource_result = requests.get(request_url, headers=headers)`
			`print(f"Test Get Token Script: resource_result: {resource_result}")`

			`json_data = json.loads(resource_result.text)`
			`resource_id_name_pairs = []`
			`for result in json_data:`
ran precommit stuff 2022-07-29 13:39:57 -04:00			`if "_id" in result and result["_id"]:`
			`pair_key = result["_id"]`
			`if "name" in result and result["name"]:`
			`pair_value = result["name"]`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00			`# pair = {{result['_id']}: {}}`
			`else:`
ran precommit stuff 2022-07-29 13:39:57 -04:00			`pair_value = "no_name"`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00			`# pair = {{result['_id']}: }`
			`pair = [pair_key, pair_value]`
			`resource_id_name_pairs.append(pair)`
ran precommit stuff 2022-07-29 13:39:57 -04:00			`print(`
			`f"Test Get Token Script: resource_id_name_pairs: {resource_id_name_pairs}"`
			`)`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00
			`# Getting Permissions`
			`for resource_id_name_pair in resource_id_name_pairs:`
			`resource_id = resource_id_name_pair[0]`
ran precommit stuff 2022-07-29 13:39:57 -04:00			`resource_id_name_pair[1]`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00
ran precommit stuff 2022-07-29 13:39:57 -04:00			`headers = {`
			`"Content-Type": "application/x-www-form-urlencoded",`
Pre-commit 2022-08-01 13:29:10 -04:00			`"Authorization": f"Basic {backend_basic_auth.decode('utf-8')}",`
ran precommit stuff 2022-07-29 13:39:57 -04:00			`}`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00
ran precommit stuff 2022-07-29 13:39:57 -04:00			`post_data = {`
			`"audience": keycloak_client_id,`
			`"permission": resource_id,`
			`"subject_token": backend_token,`
			`"grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",`
			`}`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00			`print(f"Test Get Token Script: headers: {headers}")`
			`print(f"Test Get Token Script: post_data: {post_data}")`
			`print(f"Test Get Token Script: request_url: {request_url}")`

ran precommit stuff 2022-07-29 13:39:57 -04:00			`permission_result = requests.post(`
			`request_url, headers=headers, data=post_data`
			`)`
Keycloak authz stuff 2022-07-25 13:35:10 -04:00			`print(f"Test Get Token Script: permission_result: {permission_result}")`

			`print("test_get_token_script")`