Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 Fix SessionRefresh flow for new architecture #112

Merged
merged 5 commits into from
Jul 2, 2024
Merged

🐛 Fix SessionRefresh flow for new architecture #112

merged 5 commits into from
Jul 2, 2024

Conversation

stevenbal
Copy link
Collaborator

@stevenbal stevenbal commented Jun 24, 2024
edited
Loading

@stevenbal stevenbal force-pushed the issue/fix-infinite-redirect-on-sessionrefresh branch from eaff13f to 4809d7c Compare June 24, 2024 15:29
@stevenbal stevenbal changed the title 🚧 fix infinite redirect due to sessionrefresh 🐛 Fix SessionRefresh flow for new architecture Jun 24, 2024
@stevenbal stevenbal marked this pull request as draft June 24, 2024 15:29
@stevenbal stevenbal mentioned this pull request Jun 25, 2024
Merged
9 tasks
@stevenbal stevenbal force-pushed the issue/fix-infinite-redirect-on-sessionrefresh branch 2 times, most recently from b7fbb42 to 515e6c7 Compare June 25, 2024 09:43
@stevenbal stevenbal marked this pull request as ready for review June 25, 2024 09:45
@stevenbal stevenbal force-pushed the issue/fix-infinite-redirect-on-sessionrefresh branch from 515e6c7 to d0561ae Compare June 25, 2024 10:05
sergei-maertens
sergei-maertens requested changes Jun 26, 2024
View reviewed changes
mozilla_django_oidc_db/signals.py Outdated Show resolved Hide resolved
mozilla_django_oidc_db/signals.py Outdated Show resolved Hide resolved
tests/test_callback_flow.py Outdated Show resolved Hide resolved
tests/test_callback_flow.py Outdated Show resolved Hide resolved
mozilla_django_oidc_db/config.py Outdated Show resolved Hide resolved
mozilla_django_oidc_db/config.py Outdated Show resolved Hide resolved
@stevenbal stevenbal force-pushed the issue/fix-infinite-redirect-on-sessionrefresh branch 5 times, most recently from 018fa6d to a4b45eb Compare July 1, 2024 12:50
sergei-maertens
sergei-maertens reviewed Jul 1, 2024
View reviewed changes
mozilla_django_oidc_db/config.py Outdated Show resolved Hide resolved
tests/test_integration_oidc_flow_variants.py Outdated
Comment on lines 138 to 148
django_login_response = client.get(login_url)
assert django_login_response.status_code == 302

# simulate login to Keycloak
redirect_uri = keycloak_login(django_login_response["Location"], session=session)

# complete the login flow on our end
callback_response = client.get(redirect_uri)

assert callback_response.status_code == 302
assert callback_response["Location"] == "/admin/"

# a user was created
assert django_user_model.objects.count() == 1

admin_response = client.get("/admin/")

# User was successfully logged in
assert admin_response.status_code == 200
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can clean up a bunch of assertions here that are not relevant for this test. The fact that a user is created after a valid login is already tested and asserted in another test, and removing the asserts makes it much more obvious what is actually being tested in this test.

You should always aim for a visual block structure in tests:

setup some thing
setup another thing

call the system under test

assert a thing
assert another thing

tests/test_integration_oidc_flow_variants.py Outdated Show resolved Hide resolved
@stevenbal stevenbal force-pushed the issue/fix-infinite-redirect-on-sessionrefresh branch from a4b45eb to e04febd Compare July 1, 2024 14:11
@sergei-maertens sergei-maertens force-pushed the issue/fix-infinite-redirect-on-sessionrefresh branch from e04febd to ebed28c Compare July 1, 2024 14:47
@stevenbal
🐛 Fix SessionRefresh flow for new architecture
f6f9e2c 
previously, the callback view never had access to the config class, because this is deleted after successful login by mozilla-django-oidc, causing the callbackview to crash
@stevenbal
✅ Add tests for sessionrefresh flow
bcd89a2
@stevenbal stevenbal force-pushed the issue/fix-infinite-redirect-on-sessionrefresh branch from ebed28c to bcd89a2 Compare July 1, 2024 15:13
@stevenbal stevenbal marked this pull request as draft July 1, 2024 15:18
@stevenbal
🔥 Remove oidc_exempt_urls from config model
7258a5e 
this field was never actually used, and it does not make sense to make settings that refer to Django stuff (URL patterns in this case) manually configurable instead of programmatically. It caused issues in Open Forms (#4435) where it required manual action from admins if it was kept as a model field.
@stevenbal
🐛 Allow falsy defaults for dynamic_settings
fb22256 
previously it was not possible to fall back on falsy defaults (empty lists, sets, strings, etc.), this made it required to specify settings such as OIDC_EXEMPT_URLS in order to not let the SessionRefresh middleware crash
@stevenbal stevenbal mentioned this pull request Jul 2, 2024
Merged
@stevenbal
✅ Add test for falsy dynamic setting default
9cdd3c6 
and add missing testapp migrations
@stevenbal stevenbal force-pushed the issue/fix-infinite-redirect-on-sessionrefresh branch from 71f86d4 to 9cdd3c6 Compare July 2, 2024 07:55
@stevenbal stevenbal marked this pull request as ready for review July 2, 2024 07:56
@sergei-maertens sergei-maertens merged commit 08552a5 into master Jul 2, 2024
8 checks passed
@sergei-maertens sergei-maertens deleted the issue/fix-infinite-redirect-on-sessionrefresh branch July 2, 2024 10:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sergei-maertens sergei-maertens sergei-maertens approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stevenbal @sergei-maertens