added test for generic3

AustralianBioCommons · Nov 7, 2024 · 55cfdc4 · 55cfdc4
1 parent d0074f5
commit 55cfdc4
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 6 deletions.
diff --git a/fence/blueprints/login/base.py b/fence/blueprints/login/base.py
@@ -288,8 +288,8 @@ def introspect_token(self, token):
             headers = {"Content-Type": "application/x-www-form-urlencoded"}
             data = {
                 "token": token,
-                "client_id": self.client.settings.get("client_id"),
-                "client_secret": self.client.settings.get("client_secret"),
+                "client_id": flask.session.get("client_id"),
+                "client_secret": flask.session.get("client_secret"),
             }
 
             response = requests.post(introspect_endpoint, headers=headers, data=data)

diff --git a/tests/conftest.py b/tests/conftest.py
@@ -76,6 +76,7 @@
     "cilogon",
     "generic1",
     "generic2",
+    "generic3",
 ]
 
 
@@ -396,7 +397,12 @@ def do_patch(urls_to_responses=None):
         defaults = {
             "arborist/health": {"GET": ("", 200)},
             "arborist/auth/mapping": {"POST": ({}, "200")},
-            "arborist/group": {"GET": ({"groups":[{"name": "data_uploaders", "users": ["test_user"]}]}, 200)}
+            "arborist/group": {
+                "GET": (
+                    {"groups": [{"name": "data_uploaders", "users": ["test_user"]}]},
+                    200,
+                )
+            },
         }
         defaults.update(urls_to_responses)
         urls_to_responses = defaults
@@ -479,20 +485,24 @@ def app(kid, rsa_private_key, rsa_public_key):
 
     mocker.unmock_functions()
 
+
 @pytest.fixture
 def mock_app():
     return MagicMock()
 
+
 @pytest.fixture
 def mock_user():
     return MagicMock()
 
+
 @pytest.fixture
 def mock_db_session():
     """Mock the database session."""
     db_session = MagicMock()
     return db_session
 
+
 @pytest.fixture
 def expired_mock_user():
     """Mock a user object with upstream refresh tokens."""
@@ -502,6 +512,7 @@ def expired_mock_user():
     ]
     return user
 
+
 @pytest.fixture(scope="function")
 def auth_client(request):
     """

diff --git a/tests/test-fence-config.yaml b/tests/test-fence-config.yaml
@@ -148,7 +148,7 @@ OPENID_CONNECT:
     redirect_url: '{{BASE_URL}}/login/generic3/login'  # replace IDP name
     # use `discovery` to configure IDPs that do not expose a discovery
     # endpoint. One of `discovery_url` or `discovery` should be configured
-    discovery_url: 'http://localhost/realms/generic3/.well-known/openid-configuration'
+    discovery_url: 'https://localhost/.well-known/openid-configuration'
     # When true, it allows refresh tokens to be stored even if is_authz_groups_sync_enabled is set false.
     # When false, the system will only store refresh tokens if is_authz_groups_sync_enabled is enabled
     persist_refresh_token: false
@@ -159,12 +159,12 @@ OPENID_CONNECT:
     # the groups defined in the local system. Based on the comparison, the user is added to
     # or removed from relevant groups in the local system to ensure their group memberships
     # remain up-to-date. If this flag is disabled, no group synchronization occurs
-    is_authz_groups_sync_enabled: true
+    is_authz_groups_sync_enabled: false
     authz_groups_sync:
       # This defines the prefix used to identify authorization groups.
       group_prefix: /covid
     # This flag indicates whether the audience (aud) claim in the JWT should be verified during token validation.
-    verify_aud: true
+    verify_aud: false
     # This specifies the expected audience (aud) value for the JWT, ensuring that the token is intended for use with the 'fence' service.
     audience: fence
 

diff --git a/tests/test_metrics.py b/tests/test_metrics.py
@@ -519,6 +519,18 @@ def test_login_log_login_endpoint(
         get_auth_info_value = {"generic1_username": username}
     elif idp == "generic2":
         get_auth_info_value = {"sub": username}
+    elif idp == "generic3":
+        # get_auth_info_value specific to generic3
+        # TODO: Need test when is_authz_groups_sync_enabled == true
+        get_auth_info_value = {
+            "username": username,
+            "sub": username,
+            "email_verified": True,
+            "iat": 1609459200,
+            "exp": 1609462800,
+            "refresh_token": "mock_refresh_token",
+            "groups": ["group1", "group2"],
+        }
 
     if idp in ["google", "microsoft", "okta", "synapse", "cognito"]:
         get_auth_info_value["email"] = username
@@ -538,6 +550,7 @@ def test_login_log_login_endpoint(
         )
         path = f"/login/{idp}/{callback_endpoint}"  # SEE fence/blueprints/login/fence_login.py L91
         response = client.get(path, headers=headers)
+        print(f"Response: {response.status_code}, Body: {response.data}")
         assert response.status_code == 200, response
         user_sub = db_session.query(User).filter(User.username == username).first().id
         audit_service_requests.post.assert_called_once_with(