"""Test_authentication.""" import base64 import json import requests from flask.app import Flask from tests.spiffworkflow_backend.integration.base_test import BaseTest class TestAuthentication(BaseTest): """TestAuthentication.""" # def test_get_basic_token(self, app: Flask) -> None: # for user_id in ('user_1', 'user_2', 'admin_1', 'admin_2'): # basic_token = self.get_public_access_token(user_id, user_id) # assert isinstance(basic_token, dict) # assert 'access_token' in basic_token # assert isinstance(basic_token['access_token'], str) # assert 'refresh_token' in basic_token # assert isinstance(basic_token['refresh_token'], str) # assert 'token_type' in basic_token # assert basic_token['token_type'] == 'Bearer' # assert 'scope' in basic_token # assert isinstance(basic_token['scope'], str) def test_get_token_script(self, app: Flask) -> None: """Test_get_token_script.""" print("Test Get Token Script") ( keycloak_server_url, keycloak_client_id, keycloak_realm_name, keycloak_client_secret_key, ) = self.get_keycloak_constants(app) keycloak_user = "ciuser1" keycloak_pass = "ciuser1" # noqa: S105 print(f"Test Get Token Script: keycloak_server_url: {keycloak_server_url}") print(f"Test Get Token Script: keycloak_client_id: {keycloak_client_id}") print(f"Test Get Token Script: keycloak_realm_name: {keycloak_realm_name}") print( f"Test Get Token Script: keycloak_client_secret_key: {keycloak_client_secret_key}" ) frontend_client_id = "spiffworkflow-frontend" print(f"Test Get Token Script: frontend_client_id: {frontend_client_id}") # Get frontend token request_url = f"{keycloak_server_url}/realms/{keycloak_realm_name}/protocol/openid-connect/token" headers = {"Content-Type": "application/x-www-form-urlencoded"} post_data = { "grant_type": "password", "username": keycloak_user, "password": keycloak_pass, "client_id": frontend_client_id, } print(f"Test Get Token Script: request_url: {request_url}") print(f"Test Get Token Script: headers: {headers}") print(f"Test Get Token Script: post_data: {post_data}") frontend_response = requests.post( request_url, headers=headers, json=post_data, data=post_data ) frontend_token = json.loads(frontend_response.text) print(f"Test Get Token Script: frontend_response: {frontend_response}") print(f"Test Get Token Script: frontend_token: {frontend_token}") # assert isinstance(frontend_token, dict) # assert isinstance(frontend_token["access_token"], str) # assert isinstance(frontend_token["refresh_token"], str) # assert frontend_token["expires_in"] == 300 # assert frontend_token["refresh_expires_in"] == 1800 # assert frontend_token["token_type"] == "Bearer" # Get backend token backend_basic_auth_string = f"{keycloak_client_id}:{keycloak_client_secret_key}" backend_basic_auth_bytes = bytes(backend_basic_auth_string, encoding="ascii") backend_basic_auth = base64.b64encode(backend_basic_auth_bytes) request_url = f"{keycloak_server_url}/realms/{keycloak_realm_name}/protocol/openid-connect/token" headers = { "Content-Type": "application/x-www-form-urlencoded", "Authorization": f"Basic {backend_basic_auth.decode('utf-8')}", } data = { "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange", "client_id": keycloak_client_id, "subject_token": frontend_token["access_token"], "audience": keycloak_client_id, } print(f"Test Get Token Script: request_url: {request_url}") print(f"Test Get Token Script: headers: {headers}") print(f"Test Get Token Script: data: {data}") backend_response = requests.post(request_url, headers=headers, data=data) json_data = json.loads(backend_response.text) backend_token = json_data["access_token"] print(f"Test Get Token Script: backend_response: {backend_response}") print(f"Test Get Token Script: backend_token: {backend_token}") if backend_token: # Getting resource set auth_bearer_string = f"Bearer {backend_token}" headers = { "Content-Type": "application/json", "Authorization": auth_bearer_string, } # uri_to_test_against = "%2Fprocess-models" uri_to_test_against = "/status" request_url = ( f"{keycloak_server_url}/realms/{keycloak_realm_name}/authz/protection/resource_set?" + f"matchingUri=true&deep=true&max=-1&exactName=false&uri={uri_to_test_against}" ) # f"uri={uri_to_test_against}" print(f"Test Get Token Script: request_url: {request_url}") print(f"Test Get Token Script: headers: {headers}") resource_result = requests.get(request_url, headers=headers) print(f"Test Get Token Script: resource_result: {resource_result}") json_data = json.loads(resource_result.text) resource_id_name_pairs = [] for result in json_data: if "_id" in result and result["_id"]: pair_key = result["_id"] if "name" in result and result["name"]: pair_value = result["name"] # pair = {{result['_id']}: {}} else: pair_value = "no_name" # pair = {{result['_id']}: } pair = [pair_key, pair_value] resource_id_name_pairs.append(pair) print( f"Test Get Token Script: resource_id_name_pairs: {resource_id_name_pairs}" ) # Getting Permissions for resource_id_name_pair in resource_id_name_pairs: resource_id = resource_id_name_pair[0] resource_id_name_pair[1] headers = { "Content-Type": "application/x-www-form-urlencoded", "Authorization": f"Basic {backend_basic_auth.decode('utf-8')}", } post_data = { "audience": keycloak_client_id, "permission": resource_id, "subject_token": backend_token, "grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket", } print(f"Test Get Token Script: headers: {headers}") print(f"Test Get Token Script: post_data: {post_data}") print(f"Test Get Token Script: request_url: {request_url}") permission_result = requests.post( request_url, headers=headers, data=post_data ) print(f"Test Get Token Script: permission_result: {permission_result}") print("test_get_token_script")