Compare revisions

Tore.Brede · Tore.Brede · Sivert Kronen Hatteberg · Sivert Kronen Hatteberg · Sivert Kronen Hatteberg · Sivert Kronen Hatteberg
--- a/frontend/src/themes/index.test.ts
+++ b/frontend/src/themes/index.test.ts
@@ -26,14 +26,14 @@ test('Get theme default when set', async () => {
  process.env.REACT_APP_THEME = 'default'
  // eslint-disable-next-line global-require
  const getTheme = require('./index').default
-  expect(getTheme().palette.primary.main).toEqual('#3293ED')
+  expect(getTheme().palette.primary.main).toEqual('#01579B')
 })

 test('Get theme default when unknown', async () => {
  process.env.REACT_APP_THEME = 'unknown'
  // eslint-disable-next-line global-require
  const getTheme = require('./index').default
-  expect(getTheme().palette.primary.main).toEqual('#3293ED')
+  expect(getTheme().palette.primary.main).toEqual('#01579B')
 })

 export {}
--- a/gregsite/settings/testing.py
+++ b/gregsite/settings/testing.py
+from .dev import *
+
+AUTHENTICATION_BACKENDS = [
+    "gregui.authentication.auth_backends.DevBackend",  # Fake dev backend
+    "django.contrib.auth.backends.ModelBackend",  # default
+    "gregui.authentication.auth_backends.GregOIDCBackend",
+    "sesame.backends.ModelBackend",  # link login
+]
+
+OIDC_RP_CLIENT_ID = "lalalalala"
+OIDC_RP_CLIENT_SECRET = "lalalalala"
--- a/gregui/authentication/auth_backends.py
+++ b/gregui/authentication/auth_backends.py
@@ -205,7 +205,6 @@ class GregOIDCBackend(ValidatingOIDCBackend):
        person, _ = Person.objects.update_or_create(
            first_name=userinfo["first_name"],
            last_name=userinfo["last_name"],
-            email=userinfo["email"],
        )
        person.save()
        return person
@@ -242,6 +241,17 @@ class GregOIDCBackend(ValidatingOIDCBackend):
                )
                identity.save()

+            try:
+                email_identity = Identity.objects.get(
+                    type="private_email", value=userinfo["email"]
+                )
+            except Identity.DoesNotExist:
+                # Add email if missing
+                email_identity = Identity(
+                    type="private_email", value=userinfo["email"], person=person
+                )
+                email_identity.save()
+
            user_profile = GregUserProfile(
                user=user,
                person=person,

--- a/gregui/tests/conftest.py
+++ b/gregui/tests/conftest.py
 import datetime
-import logging
+import time

+import logging
 import pytest

-
 from django.contrib.auth import get_user_model
 from django.utils.timezone import make_aware
 from rest_framework.authtoken.admin import User
@@ -19,12 +19,107 @@ from greg.models import (
    RoleType,
    Sponsor,
 )
+
 from gregui.models import GregUserProfile

 # faker spams the logs with localisation warnings
 # see https://github.com/joke2k/faker/issues/753
 logging.getLogger("faker").setLevel(logging.ERROR)

+# OIDC stuff
+@pytest.fixture
+def claims():
+    return {
+        "sub": "subsub",
+        "connect-userid_sec": ["feide:frank_foreleser@spusers.feide.no"],
+        "dataporten-userid_sec": [
+            # "feide:frank_foreleser@spusers.feide.no"
+        ],
+        "name": "Frank Foreleser Føllesen",
+        "email": "noreply@feide.no",
+        "email_verified": True,
+        "picture": "https://api.dataporten.no/userinfo/v1/user/media/p:2192dff7-6989-4244-83cc-ae5e78875bdd",
+    }
+
+
+@pytest.fixture
+def id_token_payload():
+    return {
+        "iss": "https://auth.dataporten.no",
+        "jti": "jtijti",
+        "aud": "lalalalala",
+        "sub": "subsub",
+        "iat": 1605174731,
+        "exp": 1605178331,
+        "auth_time": 1605174731,
+        "nonce": "noncenonce",
+    }
+
+
+@pytest.fixture
+def data():
+    return {
+        "User": {
+            "user1": {
+                "username": "user1",
+                "email": "user1@example.com",
+            },
+            "user2": {
+                "username": "user2",
+                "email": "user2@example.com",
+            },
+            "https://auth.dataporten.nosubsub": {
+                "username": "https://auth.dataporten.nosubsub",
+            },
+        },
+        "Identity": {
+            "person1": {
+                "type": "feide_id",
+                "value": "foo@example.com",
+                "person": {"last_name": "Baresen"},
+            },
+        },
+        "Person": {
+            "person1": {
+                "first_name": "Foo",
+                "last_name": "Baresen",
+            },
+        },
+        "Sponsor": {
+            "sponsor1": {
+                "first_name": "Bar",
+                "last_name": "Bazesen",
+                "feide_id": "bar@example.com",
+            },
+        },
+    }
+
+
+def save_object(model, **kwargs):
+    obj = model(**kwargs)
+    obj.save()
+    return obj
+
+
+# TODO add person and sponsor
+OBJECT_MAPPING = {
+    "greg" "person": Person,
+    "sponsor": Sponsor,
+    "user": get_user_model(),
+}
+
+
+def create_objects(cls, data):
+    objects = {}
+    for obj_name, kwargs in data.items():
+        create_kwargs = kwargs.copy()
+        for name, selector in kwargs.items():
+            if name in OBJECT_MAPPING:
+                create_kwargs[name] = OBJECT_MAPPING[name].objects.get(**selector)
+        obj = save_object(cls, **create_kwargs)
+        objects[obj_name] = obj
+    return objects
+

 @pytest.fixture
 def client() -> APIClient:
@@ -133,3 +228,32 @@ def invitation_link_expired(invitation, invitation_expired_date) -> InvitationLi
        invitation=invitation, expire=invitation_expired_date
    )
    return InvitationLink.objects.get(id=il.id)
+
+
+@pytest.fixture
+def greg_users(data):
+    return create_objects(get_user_model(), data["User"])
+
+
+@pytest.fixture
+def greg_persons(data):
+    return create_objects(get_user_model(), data["Person"])
+
+
+@pytest.fixture
+def greg_sponsors(data):
+    return create_objects(get_user_model(), data["Sponsor"])
+
+
+@pytest.fixture
+def log_in(client, greg_users):
+    def _log_in(username):
+        user = greg_users[username]
+        client.force_login(user=user)
+        # It seems like the session was not updated automatically this way
+        session = client.session
+        session["oidc_id_token_payload"] = {"iat": time.time()}
+        session.save()
+        return client
+
+    return _log_in
--- a/gregui/tests/test_oidc.py
+++ b/gregui/tests/test_oidc.py
+import time
+import pytest
+
+from django.core.exceptions import SuspiciousOperation
+
+from greg.models import Identity
+from gregui.authentication.auth_backends import GregOIDCBackend
+from gregui.models import GregUserProfile
+
+
+pytestmark = pytest.mark.django_db
+
+
+def test_validate_issuer(id_token_payload):
+    backend = GregOIDCBackend()
+    backend.validate_issuer(id_token_payload)
+    id_token_payload["iss"] = "http://suspicious.no"
+    with pytest.raises(SuspiciousOperation):
+        backend.validate_issuer(id_token_payload)
+
+
+def test_validate_audiences(id_token_payload):
+    backend = GregOIDCBackend()
+    backend.validate_audience(id_token_payload)
+
+    id_token_payload["aud"] = [id_token_payload["aud"], "other_aud"]
+    with pytest.raises(SuspiciousOperation):
+        backend.validate_audience(id_token_payload)
+
+
+def test_validate_expiry(id_token_payload):
+    backend = GregOIDCBackend()
+    with pytest.raises(SuspiciousOperation):
+        backend.validate_expiry(id_token_payload)
+
+    id_token_payload["exp"] = int(time.time()) + 3600
+    backend.validate_expiry(id_token_payload)
+
+
+def test_filter_users(greg_users, claims):
+    backend = GregOIDCBackend()
+    user = backend.filter_users_by_claims(claims).get()
+    assert user.username == greg_users["https://auth.dataporten.nosubsub"].username
+
+    claims["sub"] = "non-existant-sub"
+    users = backend.filter_users_by_claims(claims)
+    assert len(users) == 0
+
+
+def test_create_user(claims):
+    backend = GregOIDCBackend()
+    user = backend.create_user(claims)
+    assert user.first_name == "Frank Foreleser"
+    assert user.last_name == "Føllesen"
+    assert user.email == "noreply@feide.no"
+
+    userProfile = GregUserProfile.objects.get(user=user)
+    assert userProfile
+
+    person = userProfile.person
+    assert person.first_name == user.first_name
+    assert person.last_name == user.last_name
+    assert person.identities.filter(type="private_email").first().value == user.email
+
+    ids = Identity.objects.get(person=person, type="feide_id")
+    assert ids.value == "frank_foreleser@spusers.feide.no"
+
+
+def test_update_user(greg_users, claims):
+    backend = GregOIDCBackend()
+    user = backend.update_user(None, claims)
+
+    assert user.first_name == "Frank Foreleser"
+    assert user.last_name == "Føllesen"
+    assert user.email == "noreply@feide.no"
--- a/pytest.ini
+++ b/pytest.ini
 [pytest]
-DJANGO_SETTINGS_MODULE = gregsite.settings.dev
+DJANGO_SETTINGS_MODULE = gregsite.settings.testing
No results found