From 8480ecb8fb1c6272b535869d2ee416d30fd1f905 Mon Sep 17 00:00:00 2001 From: mike cullerton Date: Tue, 5 Jul 2022 14:07:23 -0400 Subject: [PATCH] pre-commit with poetry --- .../services/authentication_service.py | 69 +++++++++++-------- .../integration/bank-api-authz-config.json | 10 +-- .../integration/test_authentication.py | 58 +++++++++------- 3 files changed, 79 insertions(+), 58 deletions(-) diff --git a/src/spiffworkflow_backend/services/authentication_service.py b/src/spiffworkflow_backend/services/authentication_service.py index 8be40c89..e25b78ec 100644 --- a/src/spiffworkflow_backend/services/authentication_service.py +++ b/src/spiffworkflow_backend/services/authentication_service.py @@ -1,6 +1,5 @@ """Authentication_service.""" from keycloak import KeycloakOpenID -from keycloak import KeycloakAdmin class AuthenticationService: @@ -8,56 +7,72 @@ class AuthenticationService: @staticmethod def get_keycloak_openid(server_url, client_id, realm_name, client_secret_key): - keycloak_openid = KeycloakOpenID(server_url=server_url, - client_id=client_id, - realm_name=realm_name, - client_secret_key=client_secret_key) + """Get_keycloak_openid.""" + keycloak_openid = KeycloakOpenID( + server_url=server_url, + client_id=client_id, + realm_name=realm_name, + client_secret_key=client_secret_key, + ) return keycloak_openid - @staticmethod def get_keycloak_token(keycloak_openid, user, password): + """Get_keycloak_token.""" token = keycloak_openid.token(user, password) return token - @staticmethod def get_permission_by_token(keycloak_openid, token): + """Get_permission_by_token.""" # Get permissions by token # KEYCLOAK_PUBLIC_KEY = keycloak_openid.public_key() # KEYCLOAK_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n" + keycloak_openid.public_key() + "\n-----END PUBLIC KEY-----" # policies = keycloak_openid.get_policies(token['access_token'], method_token_info='decode', # key=KEYCLOAK_PUBLIC_KEY) - permissions = keycloak_openid.get_permissions(token['access_token'], method_token_info='introspect') + permissions = keycloak_openid.get_permissions( + token["access_token"], method_token_info="introspect" + ) # TODO: Not sure if this is good. Permissions comes back as None return permissions @staticmethod def get_uma_permissions_by_token(keycloak_openid, token): - permissions = keycloak_openid.uma_permissions(token['access_token']) + """Get_uma_permissions_by_token.""" + permissions = keycloak_openid.uma_permissions(token["access_token"]) return permissions - @staticmethod - def get_uma_permissions_by_token_for_resource_and_scope(keycloak_openid, token, resource, scope): - permissions = keycloak_openid.uma_permissions(token['access_token'], permissions=f"{resource}#{scope}") + def get_uma_permissions_by_token_for_resource_and_scope( + keycloak_openid, token, resource, scope + ): + """Get_uma_permissions_by_token_for_resource_and_scope.""" + permissions = keycloak_openid.uma_permissions( + token["access_token"], permissions=f"{resource}#{scope}" + ) return permissions - @staticmethod - def get_auth_status_for_resource_and_scope_by_token(keycloak_openid, token, resource, scope): - auth_status = keycloak_openid.has_uma_access(token['access_token'], f"{resource}#{scope}") + def get_auth_status_for_resource_and_scope_by_token( + keycloak_openid, token, resource, scope + ): + """Get_auth_status_for_resource_and_scope_by_token.""" + auth_status = keycloak_openid.has_uma_access( + token["access_token"], f"{resource}#{scope}" + ) return auth_status - - # TODO: Get this to work - @staticmethod - def get_keycloak_admin(): - keycloak_admin = KeycloakAdmin(server_url="http://localhost:8080/auth/", - username='admin', - password='admin', - realm_name="stackoverflow-demo", - # user_realm_name="", - # client_secret_key="seciKpRanUReL0ksZaFm5nfjhMUKHVAO", - verify=True) - return keycloak_admin + # @staticmethod + # def get_keycloak_admin(): + # """Get_keycloak_admin.""" + # # TODO: Get this to work + # keycloak_admin = KeycloakAdmin( + # server_url="http://localhost:8080/auth/", + # username="admin", + # password="admin", + # realm_name="stackoverflow-demo", + # # user_realm_name="", + # # client_secret_key="seciKpRanUReL0ksZaFm5nfjhMUKHVAO", + # verify=True, + # ) + # return keycloak_admin diff --git a/tests/spiffworkflow_backend/integration/bank-api-authz-config.json b/tests/spiffworkflow_backend/integration/bank-api-authz-config.json index bd3900b9..5cce87c2 100644 --- a/tests/spiffworkflow_backend/integration/bank-api-authz-config.json +++ b/tests/spiffworkflow_backend/integration/bank-api-authz-config.json @@ -8,9 +8,7 @@ "ownerManagedAccess": false, "attributes": {}, "_id": "0f0c6dcf-9b86-419d-8331-ce6dd1f779a1", - "uris": [ - "/*" - ] + "uris": ["/*"] }, { "name": "View Account Resource", @@ -18,9 +16,7 @@ "displayName": "View Account Resource", "attributes": {}, "_id": "6934ad55-cd6a-46d9-8653-7b1966973917", - "uris": [ - "account/{id}" - ], + "uris": ["account/{id}"], "scopes": [ { "name": "account:view" @@ -103,4 +99,4 @@ } ], "decisionStrategy": "UNANIMOUS" -} \ No newline at end of file +} diff --git a/tests/spiffworkflow_backend/integration/test_authentication.py b/tests/spiffworkflow_backend/integration/test_authentication.py index 62460f92..ff471e20 100644 --- a/tests/spiffworkflow_backend/integration/test_authentication.py +++ b/tests/spiffworkflow_backend/integration/test_authentication.py @@ -1,6 +1,4 @@ """Test_authentication.""" -from flask.testing import FlaskClient - from keycloak.authorization import Authorization from keycloak.keycloak_openid import KeycloakOpenID from keycloak.uma_permissions import AuthStatus @@ -20,6 +18,7 @@ scope = "account:view" def test_get_keycloak_openid_client(): + """Test_get_keycloak_openid_client.""" keycloak_openid_client = AuthenticationService.get_keycloak_openid( server_url, client_id, realm_name, client_secret_key ) @@ -28,68 +27,79 @@ def test_get_keycloak_openid_client(): def test_get_keycloak_token(): + """Test_get_keycloak_token.""" keycloak_openid = AuthenticationService.get_keycloak_openid( server_url, client_id, realm_name, client_secret_key ) token = keycloak_openid.token(user, password) assert isinstance(token, dict) - assert isinstance(token['access_token'], str) - assert isinstance(token['refresh_token'], str) - assert token['expires_in'] == 300 - assert token['refresh_expires_in'] == 1800 - assert token['token_type'] == 'Bearer' + assert isinstance(token["access_token"], str) + assert isinstance(token["refresh_token"], str) + assert token["expires_in"] == 300 + assert token["refresh_expires_in"] == 1800 + assert token["token_type"] == "Bearer" def test_get_permission_by_token(): + """Test_get_permission_by_token.""" keycloak_openid = AuthenticationService.get_keycloak_openid( server_url, client_id, realm_name, client_secret_key ) - keycloak_openid.load_authorization_config("tests/spiffworkflow_backend/integration/bank-api-authz-config.json") + keycloak_openid.load_authorization_config( + "tests/spiffworkflow_backend/integration/bank-api-authz-config.json" + ) token = keycloak_openid.token(user, password) - permissions = AuthenticationService.get_permission_by_token(keycloak_openid, token) + AuthenticationService.get_permission_by_token(keycloak_openid, token) # TODO: permissions comes back as None. Is this right? print("test_get_permission_by_token") def test_get_uma_permissions_by_token(): + """Test_get_uma_permissions_by_token.""" keycloak_openid = AuthenticationService.get_keycloak_openid( server_url, client_id, realm_name, client_secret_key ) token = keycloak_openid.token(user, password) - uma_permissions = AuthenticationService.get_uma_permissions_by_token(keycloak_openid, token) + uma_permissions = AuthenticationService.get_uma_permissions_by_token( + keycloak_openid, token + ) assert isinstance(uma_permissions, list) assert len(uma_permissions) == 2 for permission in uma_permissions: - assert 'rsname' in permission - if permission['rsname'] == "View Account Resource": - assert 'scopes' in permission - assert isinstance(permission['scopes'], list) - assert len(permission['scopes']) == 1 - assert permission['scopes'][0] == "account:view" + assert "rsname" in permission + if permission["rsname"] == "View Account Resource": + assert "scopes" in permission + assert isinstance(permission["scopes"], list) + assert len(permission["scopes"]) == 1 + assert permission["scopes"][0] == "account:view" def test_get_uma_permissions_by_token_for_resource_and_scope(): + """Test_get_uma_permissions_by_token_for_resource_and_scope.""" keycloak_openid = AuthenticationService.get_keycloak_openid( server_url, client_id, realm_name, client_secret_key ) token = keycloak_openid.token(user, password) - permissions = AuthenticationService.get_uma_permissions_by_token_for_resource_and_scope( - keycloak_openid, token, resource, scope + permissions = ( + AuthenticationService.get_uma_permissions_by_token_for_resource_and_scope( + keycloak_openid, token, resource, scope + ) ) assert isinstance(permissions, list) assert len(permissions) == 1 assert isinstance(permissions[0], dict) permission = permissions[0] - assert 'rsname' in permission - assert permission['rsname'] == resource - assert 'scopes' in permission - assert isinstance(permission['scopes'], list) - assert len(permission['scopes']) == 1 - assert permission['scopes'][0] == scope + assert "rsname" in permission + assert permission["rsname"] == resource + assert "scopes" in permission + assert isinstance(permission["scopes"], list) + assert len(permission["scopes"]) == 1 + assert permission["scopes"][0] == scope def test_get_auth_status_for_resource_and_scope_by_token(): + """Test_get_auth_status_for_resource_and_scope_by_token.""" keycloak_openid = AuthenticationService.get_keycloak_openid( server_url, client_id, realm_name, client_secret_key )