spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_authentication.py

"""Test_authentication."""
import base64
import json

import requests
from flask.app import Flask
from tests.spiffworkflow_backend.integration.base_test import BaseTest


class TestAuthentication(BaseTest):
    """TestAuthentication."""

    # def test_get_basic_token(self, app: Flask) -> None:
    #     for user_id in ('user_1', 'user_2', 'admin_1', 'admin_2'):
    #         basic_token = self.get_public_access_token(user_id, user_id)
    #         assert isinstance(basic_token, dict)
    #         assert 'access_token' in basic_token
    #         assert isinstance(basic_token['access_token'], str)
    #         assert 'refresh_token' in basic_token
    #         assert isinstance(basic_token['refresh_token'], str)
    #         assert 'token_type' in basic_token
    #         assert basic_token['token_type'] == 'Bearer'
    #         assert 'scope' in basic_token
    #         assert isinstance(basic_token['scope'], str)

    def test_get_token_script(self, app: Flask) -> None:
        """Test_get_token_script."""
        print("Test Get Token Script")

        (
            keycloak_server_url,
            keycloak_client_id,
            keycloak_realm_name,
            keycloak_client_secret_key,
        ) = self.get_keycloak_constants(app)
        keycloak_user = "ciuser1"
        keycloak_pass = "ciuser1"  # noqa: S105

        print(f"Test Get Token Script: keycloak_server_url: {keycloak_server_url}")
        print(f"Test Get Token Script: keycloak_client_id: {keycloak_client_id}")
        print(f"Test Get Token Script: keycloak_realm_name: {keycloak_realm_name}")
        print(
            f"Test Get Token Script: keycloak_client_secret_key: {keycloak_client_secret_key}"
        )

        frontend_client_id = "spiffworkflow-frontend"

        print(f"Test Get Token Script: frontend_client_id: {frontend_client_id}")

        # Get frontend token
        request_url = f"{keycloak_server_url}/realms/{keycloak_realm_name}/protocol/openid-connect/token"
        headers = {"Content-Type": "application/x-www-form-urlencoded"}
        post_data = {
            "grant_type": "password",
            "username": keycloak_user,
            "password": keycloak_pass,
            "client_id": frontend_client_id,
        }
        print(f"Test Get Token Script: request_url: {request_url}")
        print(f"Test Get Token Script: headers: {headers}")
        print(f"Test Get Token Script: post_data: {post_data}")

        frontend_response = requests.post(
            request_url, headers=headers, json=post_data, data=post_data
        )
        frontend_token = json.loads(frontend_response.text)

        print(f"Test Get Token Script: frontend_response: {frontend_response}")
        print(f"Test Get Token Script: frontend_token: {frontend_token}")

        # assert isinstance(frontend_token, dict)
        # assert isinstance(frontend_token["access_token"], str)
        # assert isinstance(frontend_token["refresh_token"], str)
        # assert frontend_token["expires_in"] == 300
        # assert frontend_token["refresh_expires_in"] == 1800
        # assert frontend_token["token_type"] == "Bearer"

        # Get backend token
        backend_basic_auth_string = f"{keycloak_client_id}:{keycloak_client_secret_key}"
        backend_basic_auth_bytes = bytes(backend_basic_auth_string, encoding="ascii")
        backend_basic_auth = base64.b64encode(backend_basic_auth_bytes)

        request_url = f"{keycloak_server_url}/realms/{keycloak_realm_name}/protocol/openid-connect/token"
        headers = {
            "Content-Type": "application/x-www-form-urlencoded",
            "Authorization": f"Basic {backend_basic_auth.decode('utf-8')}",
        }
        data = {
            "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
            "client_id": keycloak_client_id,
            "subject_token": frontend_token["access_token"],
            "audience": keycloak_client_id,
        }
        print(f"Test Get Token Script: request_url: {request_url}")
        print(f"Test Get Token Script: headers: {headers}")
        print(f"Test Get Token Script: data: {data}")

        backend_response = requests.post(request_url, headers=headers, data=data)
        json_data = json.loads(backend_response.text)
        backend_token = json_data["access_token"]
        print(f"Test Get Token Script: backend_response: {backend_response}")
        print(f"Test Get Token Script: backend_token: {backend_token}")

        if backend_token:
            # Getting resource set
            auth_bearer_string = f"Bearer {backend_token}"
            headers = {
                "Content-Type": "application/json",
                "Authorization": auth_bearer_string,
            }

            # uri_to_test_against = "%2Fprocess-models"
            uri_to_test_against = "/status"
            request_url = (
                f"{keycloak_server_url}/realms/{keycloak_realm_name}/authz/protection/resource_set?"
                + f"matchingUri=true&deep=true&max=-1&exactName=false&uri={uri_to_test_against}"
            )
            # f"uri={uri_to_test_against}"
            print(f"Test Get Token Script: request_url: {request_url}")
            print(f"Test Get Token Script: headers: {headers}")

            resource_result = requests.get(request_url, headers=headers)
            print(f"Test Get Token Script: resource_result: {resource_result}")

            json_data = json.loads(resource_result.text)
            resource_id_name_pairs = []
            for result in json_data:
                if "_id" in result and result["_id"]:
                    pair_key = result["_id"]
                    if "name" in result and result["name"]:
                        pair_value = result["name"]
                        # pair = {{result['_id']}: {}}
                    else:
                        pair_value = "no_name"
                        # pair = {{result['_id']}: }
                    pair = [pair_key, pair_value]
                    resource_id_name_pairs.append(pair)
            print(
                f"Test Get Token Script: resource_id_name_pairs: {resource_id_name_pairs}"
            )

            # Getting Permissions
            for resource_id_name_pair in resource_id_name_pairs:
                resource_id = resource_id_name_pair[0]
                resource_id_name_pair[1]

                headers = {
                    "Content-Type": "application/x-www-form-urlencoded",
                    "Authorization": f"Basic {backend_basic_auth.decode('utf-8')}",
                }

                post_data = {
                    "audience": keycloak_client_id,
                    "permission": resource_id,
                    "subject_token": backend_token,
                    "grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
                }
                print(f"Test Get Token Script: headers: {headers}")
                print(f"Test Get Token Script: post_data: {post_data}")
                print(f"Test Get Token Script: request_url: {request_url}")

                permission_result = requests.post(
                    request_url, headers=headers, data=post_data
                )
                print(f"Test Get Token Script: permission_result: {permission_result}")

        print("test_get_token_script")