mirror of
https://github.com/sartography/spiffworkflow-backend.git
synced 2025-02-24 21:38:22 +00:00
114 lines
4.5 KiB
Python
114 lines
4.5 KiB
Python
"""Test_authentication."""
|
|
# """Test_authentication."""
|
|
# from keycloak.authorization import Authorization # type: ignore
|
|
# from keycloak.keycloak_openid import KeycloakOpenID # type: ignore
|
|
# from keycloak.uma_permissions import AuthStatus # type: ignore
|
|
#
|
|
# from spiffworkflow_backend.services.authentication_service import AuthenticationService
|
|
#
|
|
# server_url = "http://localhost:8080/"
|
|
# client_id = "bank-api"
|
|
# realm_name = "stackoverflow-demo"
|
|
# client_secret_key = "seciKpRanUReL0ksZaFm5nfjhMUKHVAO" # noqa: S105
|
|
#
|
|
# user = "bob"
|
|
# password = "LetMeIn" # noqa: S105
|
|
#
|
|
# resource = "View Account Resource"
|
|
# scope = "account:view"
|
|
#
|
|
#
|
|
# def test_get_keycloak_openid_client() -> None:
|
|
# """Test_get_keycloak_openid_client."""
|
|
# keycloak_openid_client = AuthenticationService.get_keycloak_openid(
|
|
# server_url, client_id, realm_name, client_secret_key
|
|
# )
|
|
# assert isinstance(keycloak_openid_client, KeycloakOpenID)
|
|
# assert isinstance(keycloak_openid_client.authorization, Authorization)
|
|
#
|
|
#
|
|
# def test_get_keycloak_token() -> None:
|
|
# """Test_get_keycloak_token."""
|
|
# keycloak_openid = AuthenticationService.get_keycloak_openid(
|
|
# server_url, client_id, realm_name, client_secret_key
|
|
# )
|
|
# token = keycloak_openid.token(user, password)
|
|
# assert isinstance(token, dict)
|
|
# assert isinstance(token["access_token"], str)
|
|
# assert isinstance(token["refresh_token"], str)
|
|
# assert token["expires_in"] == 300
|
|
# assert token["refresh_expires_in"] == 1800
|
|
# assert token["token_type"] == "Bearer"
|
|
#
|
|
#
|
|
# def test_get_permission_by_token() -> None:
|
|
# """Test_get_permission_by_token."""
|
|
# keycloak_openid = AuthenticationService.get_keycloak_openid(
|
|
# server_url, client_id, realm_name, client_secret_key
|
|
# )
|
|
# keycloak_openid.load_authorization_config(
|
|
# "tests/spiffworkflow_backend/integration/bank-api-authz-config.json"
|
|
# )
|
|
# token = keycloak_openid.token(user, password)
|
|
#
|
|
# permissions = AuthenticationService.get_permission_by_token(keycloak_openid, token)
|
|
# # TODO: permissions comes back as None. Is this right?
|
|
# print(f"test_get_permission_by_token: {permissions}")
|
|
#
|
|
#
|
|
# def test_get_uma_permissions_by_token() -> None:
|
|
# """Test_get_uma_permissions_by_token."""
|
|
# keycloak_openid = AuthenticationService.get_keycloak_openid(
|
|
# server_url, client_id, realm_name, client_secret_key
|
|
# )
|
|
# token = keycloak_openid.token(user, password)
|
|
# uma_permissions = AuthenticationService.get_uma_permissions_by_token(
|
|
# keycloak_openid, token
|
|
# )
|
|
# assert isinstance(uma_permissions, list)
|
|
# assert len(uma_permissions) == 2
|
|
# for permission in uma_permissions:
|
|
# assert "rsname" in permission
|
|
# if permission["rsname"] == "View Account Resource":
|
|
# assert "scopes" in permission
|
|
# assert isinstance(permission["scopes"], list)
|
|
# assert len(permission["scopes"]) == 1
|
|
# assert permission["scopes"][0] == "account:view"
|
|
#
|
|
#
|
|
# def test_get_uma_permissions_by_token_for_resource_and_scope() -> None:
|
|
# """Test_get_uma_permissions_by_token_for_resource_and_scope."""
|
|
# keycloak_openid = AuthenticationService.get_keycloak_openid(
|
|
# server_url, client_id, realm_name, client_secret_key
|
|
# )
|
|
# token = keycloak_openid.token(user, password)
|
|
# permissions = (
|
|
# AuthenticationService.get_uma_permissions_by_token_for_resource_and_scope(
|
|
# keycloak_openid, token, resource, scope
|
|
# )
|
|
# )
|
|
# assert isinstance(permissions, list)
|
|
# assert len(permissions) == 1
|
|
# assert isinstance(permissions[0], dict)
|
|
# permission = permissions[0]
|
|
# assert "rsname" in permission
|
|
# assert permission["rsname"] == resource
|
|
# assert "scopes" in permission
|
|
# assert isinstance(permission["scopes"], list)
|
|
# assert len(permission["scopes"]) == 1
|
|
# assert permission["scopes"][0] == scope
|
|
#
|
|
#
|
|
# def test_get_auth_status_for_resource_and_scope_by_token() -> None:
|
|
# """Test_get_auth_status_for_resource_and_scope_by_token."""
|
|
# keycloak_openid = AuthenticationService.get_keycloak_openid(
|
|
# server_url, client_id, realm_name, client_secret_key
|
|
# )
|
|
# token = keycloak_openid.token(user, password)
|
|
# auth_status = AuthenticationService.get_auth_status_for_resource_and_scope_by_token(
|
|
# keycloak_openid, token, resource, scope
|
|
# )
|
|
# assert isinstance(auth_status, AuthStatus)
|
|
# assert auth_status.is_logged_in is True
|
|
# assert auth_status.is_authorized is True
|