-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
✨ [#42] Implement logout utility function
This definitely works with keycloak, it should probably work with other OpenID providers but those are yet untested.
- Loading branch information
1 parent
967d9ad
commit 1fa968e
Showing
7 changed files
with
1,181 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
593 changes: 593 additions & 0 deletions
593
tests/cassettes/test_logout/test_logout_with_logout_endpoint_configured.yaml
Large diffs are not rendered by default.
Oops, something went wrong.
466 changes: 466 additions & 0 deletions
466
tests/cassettes/test_logout/test_logout_without_endpoint_configured.yaml
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
from django.test import Client | ||
from django.urls import reverse | ||
|
||
import pytest | ||
from requests import Session | ||
|
||
from mozilla_django_oidc_db.models import OpenIDConnectConfig | ||
from mozilla_django_oidc_db.utils import do_op_logout | ||
|
||
from .utils import keycloak_login | ||
|
||
|
||
@pytest.fixture | ||
def kc_session( | ||
settings, | ||
keycloak_config, | ||
mock_state_and_nonce, | ||
client, | ||
django_user_model, | ||
vcr, | ||
): | ||
settings.OIDC_STORE_ID_TOKEN = True | ||
session = Session() | ||
|
||
login_url = reverse("login") | ||
django_login_response = client.get(login_url) | ||
assert django_login_response.status_code == 302 | ||
|
||
# simulate login to Keycloak | ||
redirect_uri = keycloak_login(django_login_response["Location"], session=session) | ||
|
||
# complete the login flow on our end | ||
callback_response = client.get(redirect_uri) | ||
|
||
assert callback_response.status_code == 302 | ||
assert callback_response["Location"] == "/admin/" | ||
|
||
# a user was created | ||
assert django_user_model.objects.count() == 1 | ||
|
||
# assert that we are logged in to keycloak | ||
django_login_response2 = client.get(login_url) | ||
|
||
kc_response = session.get(django_login_response2["Location"], allow_redirects=False) | ||
assert kc_response.status_code == 302 | ||
assert kc_response.headers["Location"].startswith("http://testserver") | ||
|
||
yield (client, session) | ||
|
||
session.close() | ||
|
||
|
||
@pytest.mark.vcr | ||
@pytest.mark.oidcconfig(oidc_op_logout_endpoint="") | ||
def test_logout_without_endpoint_configured( | ||
keycloak_config: OpenIDConnectConfig, | ||
kc_session: tuple[Client, Session], | ||
): | ||
client, session = kc_session | ||
|
||
do_op_logout(keycloak_config, id_token=client.session["oidc_id_token"]) | ||
|
||
# check that we are still authenticated in keycloak | ||
login_url = reverse("login") | ||
django_login_response = client.get(login_url) | ||
kc_response = session.get(django_login_response["Location"], allow_redirects=False) | ||
|
||
assert kc_response.status_code == 302 | ||
assert kc_response.headers["Location"].startswith("http://testserver") | ||
|
||
|
||
@pytest.mark.vcr | ||
def test_logout_with_logout_endpoint_configured( | ||
keycloak_config: OpenIDConnectConfig, | ||
kc_session: tuple[Client, Session], | ||
): | ||
assert keycloak_config.oidc_op_logout_endpoint | ||
client, session = kc_session | ||
|
||
do_op_logout(keycloak_config, id_token=client.session["oidc_id_token"]) | ||
|
||
# check that we are still authenticated in keycloak | ||
login_url = reverse("login") | ||
django_login_response = client.get(login_url) | ||
kc_response = session.get(django_login_response["Location"], allow_redirects=False) | ||
|
||
assert kc_response.status_code == 200, "Did not end up on Keycloak's login page" | ||
assert kc_response.headers["Content-Type"].startswith("text/html") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters