瀏覽代碼
test(oauth): Send id_token of the authorized user instead of Guest
This only affects OAuth clients that use `id_token` obtained from `frappe.integrations.oauth2.get_token`. Doesn't affect OAuth clients that ignore id_token and explicitly use `frappe.integrations.oauth2.openid_profile` endpoint for getting user details. e.g. Frappe OAuth client. A simple way to replicate this is to setup Frappe-Frappe OAuth client-server pair and use `login_via_oauth2_id_token` instead of `login_via_oauth2` in `login_via_frappe`.version-14
Aditya Hase
3 年之前
沒有發現已知的金鑰在資料庫的簽署中
GPG 金鑰 ID: A55F0FCA0234972
共有 1 個檔案被更改,包括 18 行新增 和 7 行删除
統一視圖
Diff Options
-
+18 -7frappe/tests/test_oauth20.py
+ 18
- 7
frappe/tests/test_oauth20.py
查看文件
| @@ -16,7 +16,9 @@ class TestOAuth20(unittest.TestCase): | |||||
| def setUp(self): | def setUp(self): | ||||
| make_test_records("OAuth Client") | make_test_records("OAuth Client") | ||||
| make_test_records("User") | make_test_records("User") | ||||
| self.client_id = frappe.get_all("OAuth Client", fields=["*"])[0].get("client_id") | |||||
| client = frappe.get_all("OAuth Client", fields=["*"])[0] | |||||
| self.client_id = client.get("client_id") | |||||
| self.client_secret = client.get("client_secret") | |||||
| self.form_header = {"content-type": "application/x-www-form-urlencoded"} | self.form_header = {"content-type": "application/x-www-form-urlencoded"} | ||||
| self.scope = "all openid" | self.scope = "all openid" | ||||
| self.redirect_uri = "http://localhost" | self.redirect_uri = "http://localhost" | ||||
| @@ -90,6 +92,9 @@ class TestOAuth20(unittest.TestCase): | |||||
| self.assertTrue(bearer_token.get("token_type") == "Bearer") | self.assertTrue(bearer_token.get("token_type") == "Bearer") | ||||
| self.assertTrue(check_valid_openid_response(bearer_token.get("access_token"))) | self.assertTrue(check_valid_openid_response(bearer_token.get("access_token"))) | ||||
| decoded_token = self.decode_id_token(bearer_token.get("id_token")) | |||||
| self.assertEqual(decoded_token["email"], "test@example.com") | |||||
| def test_login_using_authorization_code_with_pkce(self): | def test_login_using_authorization_code_with_pkce(self): | ||||
| update_client_for_auth_code_grant(self.client_id) | update_client_for_auth_code_grant(self.client_id) | ||||
| @@ -142,6 +147,9 @@ class TestOAuth20(unittest.TestCase): | |||||
| self.assertTrue(bearer_token.get("access_token")) | self.assertTrue(bearer_token.get("access_token")) | ||||
| self.assertTrue(bearer_token.get("id_token")) | self.assertTrue(bearer_token.get("id_token")) | ||||
| decoded_token = self.decode_id_token(bearer_token.get("id_token")) | |||||
| self.assertEqual(decoded_token["email"], "test@example.com") | |||||
| def test_revoke_token(self): | def test_revoke_token(self): | ||||
| client = frappe.get_doc("OAuth Client", self.client_id) | client = frappe.get_doc("OAuth Client", self.client_id) | ||||
| client.grant_type = "Authorization Code" | client.grant_type = "Authorization Code" | ||||
| @@ -316,16 +324,19 @@ class TestOAuth20(unittest.TestCase): | |||||
| # Parse bearer token json | # Parse bearer token json | ||||
| bearer_token = token_response.json() | bearer_token = token_response.json() | ||||
| id_token = bearer_token.get("id_token") | |||||
| payload = jwt.decode( | |||||
| payload = self.decode_id_token(bearer_token.get("id_token")) | |||||
| self.assertEqual(payload["email"], "test@example.com") | |||||
| self.assertTrue(payload.get("nonce") == nonce) | |||||
| def decode_id_token(self, id_token): | |||||
| return jwt.decode( | |||||
| id_token, | id_token, | ||||
| audience=client.client_id, | |||||
| key=client.client_secret, | |||||
| audience=self.client_id, | |||||
| key=self.client_secret, | |||||
| algorithms=["HS256"], | algorithms=["HS256"], | ||||
| ) | ) | ||||
| self.assertTrue(payload.get("nonce") == nonce) | |||||
| def check_valid_openid_response(access_token=None): | def check_valid_openid_response(access_token=None): | ||||
| """Return True for valid response.""" | """Return True for valid response.""" | ||||