From be8568bfcedb3e8c2932a1a6639f2fb243a06e28 Mon Sep 17 00:00:00 2001 From: phala Date: Wed, 26 Oct 2022 14:15:15 +0200 Subject: [PATCH 1/2] Fix user_info test --- .../tests/kuadrant/authorino/metadata/test_user_info.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/testsuite/tests/kuadrant/authorino/metadata/test_user_info.py b/testsuite/tests/kuadrant/authorino/metadata/test_user_info.py index 9cfdab4f..aaa2e285 100644 --- a/testsuite/tests/kuadrant/authorino/metadata/test_user_info.py +++ b/testsuite/tests/kuadrant/authorino/metadata/test_user_info.py @@ -13,9 +13,9 @@ def authorization(authorization, rhsso): Adds auth metadata OIDC UserInfo which fetches OIDC UserInfo in request-time. Adds a simple rule that accepts only when fetched UserInfo contains the email address of the default RHSSO user. """ - user = rhsso.client.admin.get_user(rhsso.user) authorization.add_user_info_metadata("user-info", "rhsso") - authorization.add_auth_rule("rule", Rule("auth.metadata.user-info.email", "eq", user["email"])) + authorization.add_auth_rule("rule", + Rule("auth.metadata.user-info.email", "eq", rhsso.user.properties["email"])) return authorization @@ -27,6 +27,6 @@ def test_correct_auth(client, auth): def test_incorrect_auth(client, auth, rhsso): """Updates RHSSO user email address and tests incorrect auth""" - rhsso.client.admin.update_user(rhsso.user, {"email": "updatedMail@anything.invalid"}) + rhsso.user.update_user(email="updatedMail@anything.invalid") response = client.get("get", auth=auth) assert response.status_code == 403 From 275fd4f34251e35be5d4a99c5cdea167b73a9ad5 Mon Sep 17 00:00:00 2001 From: phala Date: Wed, 26 Oct 2022 14:25:01 +0200 Subject: [PATCH 2/2] Make user_info test use two users --- testsuite/oidc/rhsso/objects.py | 2 +- .../kuadrant/authorino/metadata/test_user_info.py | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/testsuite/oidc/rhsso/objects.py b/testsuite/oidc/rhsso/objects.py index 33a66b80..13a5ae40 100644 --- a/testsuite/oidc/rhsso/objects.py +++ b/testsuite/oidc/rhsso/objects.py @@ -33,7 +33,7 @@ def create_user(self, username, password, **kwargs): """Creates new user""" kwargs["username"] = username kwargs["enabled"] = True - kwargs["email"] = f"{username}@anything.invalid" + kwargs.setdefault("email", f"{username}@anything.invalid") self.admin.create_user(kwargs) user_id = self.admin.get_user_id(username) self.admin.set_user_password(user_id, password, temporary=False) diff --git a/testsuite/tests/kuadrant/authorino/metadata/test_user_info.py b/testsuite/tests/kuadrant/authorino/metadata/test_user_info.py index aaa2e285..25494b6a 100644 --- a/testsuite/tests/kuadrant/authorino/metadata/test_user_info.py +++ b/testsuite/tests/kuadrant/authorino/metadata/test_user_info.py @@ -4,9 +4,16 @@ """ import pytest +from testsuite.httpx.auth import HttpxOidcClientAuth from testsuite.openshift.objects.auth_config import Rule +@pytest.fixture(scope="module") +def user2(rhsso): + """Second User which has incorrect email""" + return rhsso.realm.create_user("user2", "password", email="test@test.com") + + @pytest.fixture(scope="module") def authorization(authorization, rhsso): """ @@ -25,8 +32,8 @@ def test_correct_auth(client, auth): assert response.status_code == 200 -def test_incorrect_auth(client, auth, rhsso): +def test_incorrect_auth(client, rhsso, user2): """Updates RHSSO user email address and tests incorrect auth""" - rhsso.user.update_user(email="updatedMail@anything.invalid") + auth = HttpxOidcClientAuth(rhsso.get_token(user2.username, user2.password), "authorization") response = client.get("get", auth=auth) assert response.status_code == 403