mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-23 12:37:00 +01:00
269d57b63c
* Allow disabling networked tests in python client library Distros often build packages in sandboxes, which will make tests that access the network fail. Marking these tests with a network mark is a good way to allow downstreams to disable just this subset of tests. * adding some more flags Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
155 lines
5.4 KiB
Python
155 lines
5.4 KiB
Python
""" testing auth things """
|
|
|
|
import logging
|
|
import os
|
|
|
|
import aiohttp
|
|
import pytest
|
|
from pytest_mock import MockerFixture
|
|
|
|
# pylint: disable=unused-import
|
|
from testutils import client, client_configfile, MockResponse
|
|
|
|
from kanidm import KanidmClient
|
|
from kanidm.exceptions import AuthCredFailed, AuthInitFailed
|
|
from kanidm.types import AuthBeginResponse
|
|
|
|
|
|
logging.basicConfig(level=logging.DEBUG)
|
|
|
|
|
|
@pytest.mark.network
|
|
@pytest.mark.asyncio
|
|
async def test_auth_init(client_configfile: KanidmClient) -> None:
|
|
"""tests the auth init step"""
|
|
print("Starting client...")
|
|
print(f"Doing auth_init for {client_configfile.config.username}")
|
|
|
|
if client_configfile.config.username is None:
|
|
raise ValueError("This path shouldn't be possible in the test!")
|
|
async with aiohttp.ClientSession() as session:
|
|
client_configfile.session = session
|
|
result = await client_configfile.auth_init(client_configfile.config.username)
|
|
print(f"{result=}")
|
|
print(result.dict())
|
|
assert result.sessionid
|
|
|
|
|
|
@pytest.mark.network
|
|
@pytest.mark.asyncio
|
|
async def test_auth_begin(client_configfile: KanidmClient) -> None:
|
|
"""tests the auth begin step"""
|
|
print(f"Doing auth_init for {client_configfile.config.username}")
|
|
|
|
async with aiohttp.ClientSession() as session:
|
|
client_configfile.session = session
|
|
if client_configfile.config.username is None:
|
|
raise ValueError("This path shouldn't be possible in the test!")
|
|
result = await client_configfile.auth_init(client_configfile.config.username)
|
|
print(f"{result=}")
|
|
print("Result dict:")
|
|
print(result.dict())
|
|
assert result.sessionid
|
|
|
|
print(f"Doing auth_begin for {client_configfile.config.username}")
|
|
begin_result = await client_configfile.auth_begin(
|
|
# username=client.username,
|
|
method="password",
|
|
)
|
|
print(f"{begin_result=}")
|
|
print(begin_result.data)
|
|
retval = begin_result.data
|
|
|
|
if retval is None:
|
|
raise pytest.fail("Failed to do begin_result")
|
|
|
|
retval["response"] = begin_result
|
|
|
|
assert AuthBeginResponse.parse_obj(retval)
|
|
|
|
|
|
@pytest.mark.network
|
|
@pytest.mark.asyncio
|
|
async def test_authenticate_flow(client_configfile: KanidmClient) -> None:
|
|
"""tests the authenticate() flow"""
|
|
async with aiohttp.ClientSession() as session:
|
|
print(f"Doing client.authenticate for {client_configfile.config.username}")
|
|
client_configfile.session = session
|
|
result = await client_configfile.authenticate_password()
|
|
print(result)
|
|
|
|
|
|
@pytest.mark.network
|
|
@pytest.mark.asyncio
|
|
async def test_authenticate_flow_fail(client_configfile: KanidmClient) -> None:
|
|
"""tests the authenticate() flow with a valid (hopefully) usernamd and invalid password"""
|
|
if not bool(os.getenv("RUN_SCARY_TESTS", None)):
|
|
pytest.skip(reason="Skipping because env var RUN_SCARY_TESTS isn't set")
|
|
print("Starting client...")
|
|
if (
|
|
client_configfile.config.uri is None
|
|
or client_configfile.config.username is None
|
|
or client_configfile.config.password is None
|
|
):
|
|
pytest.skip("Please ensure you have a username, password and uri in the config")
|
|
print(f"Doing client.authenticate for {client_configfile.config.username}")
|
|
|
|
async with aiohttp.ClientSession() as session:
|
|
client_configfile.session = session
|
|
with pytest.raises((AuthCredFailed, AuthInitFailed)):
|
|
result = await client_configfile.authenticate_password(
|
|
username=client_configfile.config.username,
|
|
password="cheese",
|
|
)
|
|
print(result)
|
|
|
|
|
|
# TODO: mock a call to auth_init when a 200 response is not returned, raises AuthInitFailed
|
|
# TODO: mock a call to auth_init when "x-kanidm-auth-session-id" not in response.headers, raises ValueError
|
|
|
|
|
|
# TODO: mock a call to auth_begin when a 200 response is not returned, raises AuthBeginFailed
|
|
# TODO: mock a call to auth_step_password when a 200 response is not returned, raises AuthCredFailed
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_authenticate_inputs_validation(
|
|
client: KanidmClient, mocker: MockerFixture
|
|
) -> None:
|
|
"""tests if you pass username but not password and password but not username"""
|
|
|
|
resp = MockResponse("crabs are cool", 200)
|
|
|
|
mocker.patch("aiohttp.ClientSession.post", return_value=resp)
|
|
|
|
async with aiohttp.ClientSession() as session:
|
|
client.session = session
|
|
with pytest.raises(ValueError):
|
|
await client.authenticate_password(username="cheese")
|
|
with pytest.raises(ValueError):
|
|
await client.authenticate_password(password="cheese")
|
|
client.config.password = None
|
|
client.config.username = "crabby"
|
|
with pytest.raises(ValueError):
|
|
await client.authenticate_password()
|
|
client.config.password = "cR4bzR0ol"
|
|
client.config.username = None
|
|
with pytest.raises(ValueError):
|
|
await client.authenticate_password()
|
|
|
|
client.config.username = None
|
|
client.config.password = None
|
|
with pytest.raises(ValueError):
|
|
await client.authenticate_password()
|
|
|
|
|
|
@pytest.mark.network
|
|
@pytest.mark.asyncio
|
|
async def test_auth_step_password(client: KanidmClient) -> None:
|
|
"""tests things"""
|
|
|
|
with pytest.raises(ValueError):
|
|
async with aiohttp.ClientSession() as session:
|
|
client.session = session
|
|
await client.auth_step_password()
|