fix: unit tests

Author: peppelinux

spid_cie_oidc/authority/tests/settings.py

@@ -107,13 +107,6 @@
 
 TA_SUB = "http://testserver.it/"
 
-RESOLVE_REQUEST = {
-    "iss": rp_conf["sub"],
-    "sub": rp_conf["sub"],
-    "anchor" : TA_SUB,
-    "format" :"json",
-}
-
 FETCH_REQUEST = {
     "iss": rp_conf["sub"],
     "sub": rp_conf["sub"],
@@ -153,4 +146,4 @@
 
 ADVANCED_LIST_REQUEST = {
     "page": 1,
-}
+}

spid_cie_oidc/authority/tests/test_08_schemas.py

@@ -3,10 +3,8 @@
 from spid_cie_oidc.authority.schemas.advanced_entity_list_endpoint import AdvancedEntityListRequest
 from spid_cie_oidc.authority.schemas.fetch_endpoint_request import FetchRequest
 from spid_cie_oidc.authority.schemas.list_endpoint import ListRequest
-from spid_cie_oidc.authority.schemas.resolve_endpoint import ResolveRequest
 from spid_cie_oidc.authority.schemas.trust_mark_status_endpoint import TrustMarkRequest
 from spid_cie_oidc.authority.tests.settings import (
-    RESOLVE_REQUEST,
     FETCH_REQUEST,
     LIST_REQUEST,
     TRUST_MARK_REQUEST,
@@ -23,9 +21,6 @@ class SchemaTest(TestCase):
     def setUp(self) -> None:
         return super().setUp()
 
-    def test_resolve_request(self):
-        ResolveRequest(**RESOLVE_REQUEST)
-    
     def test_fetch_request(self):
         FetchRequest(**FETCH_REQUEST)
 

spid_cie_oidc/entity/tests/rp_metadata_settings.py

@@ -46,3 +46,48 @@
 
 RP_METADATA_CIE_NOJWKS_NOJWKS_URI = deepcopy(RP_METADATA_CIE)
 RP_METADATA_CIE_NOJWKS_NOJWKS_URI.pop("jwks_uri")
+
+
+RP_METADATA_JWK1 = {'kty': 'RSA', 'n': 'w8H80eT2zrs2XQ-SApZG9TkuXDuIxANfCVHt4fFqNnOEZaCNWqlTQIo0JiSBE-QmzZ09TYP1BJpESuQf_PUeLRVPfYHsBVk5OYvhT27_nYlV7_1LsFGLxxsIa-hswMMzvW-1_huKLy6Fp0WP0ouUJAHsF_eYVtO1ApRhvlIVd5azM4k7t8Lh8lkCSdF1SfGHfXnXJRb-XensZ0cFSfe2Koq9mD7jpGLXlPpXxj8Ow0g7KYT5kVtWE5ULmNmO7BIN1Hx4HpggbbEGgC9FyjKw4GfFb-csnB-icBPf_60HomjrkFFt6vTjrcqQaHOj-sEjP36N8rMSBiMmiMSPnsHhMQ', 'e': 'AQAB', 'd': 'jEDxjcTZXBbgBV8Bgt7-qfW1FJoHDEFKFxhfMpHQQoETa-jTPhCxOD2MzYM8A-9kKc8tu9r-crTAl1PI42kPnMd283phixd5G5Tv8gSaGdnq-45ka0iRuC7TItUdDiMNb_2YzB4ZLGLNmaIKQJSGqCHEcQuRVyxJtTZwrXaMMOhDqJaWUvUQWF5C7g5O5mOVTkNKw6ujzhqcWa4N3NE-HwcbVW_9st4s1c_ng-DlwLTptaeM5j-LOeZMX1zcVlwYMi5ZkYYY6FHHjYI4nBWDtqhvf-64QaTv8exIjk8PcxHOwhfLTWiHPLk14af7U_pCzkP87WQCBgNfvt3WILQ5DQ', 'p': '75eNHkWaYQMgzVfFwif5uftSxqOhFU6VkxNKdqoRuFxJuVTO-M-vbQc3BwPxms2xrpizU6zGcoPGPvccDi0G040wZh34pWDVABMgGMKXKmeTwj8FuM1DzOVq8DKHmdrhk1gaQbPAP8JVOVYK7uh_lG5wmz3X-En1McMk-E8g8Ic', 'q': '0Sny6DLNtDP1_B9qiyCaMtRqPSAUZ1ohCZRlBT6-IGRR31Kt5S2JcVNDnF5w4dunlDY4nhIBZ0v0VyzWKgDXj6qrFY1pm1iE29gW227YsVRWQU8xWGpBwEu8nxNMr0u0zfe0QEGWU4RvNAsZPRa31HU87Vm7I3NSZ34DZsCZJoc', 'kid': 'HIvo33-Km7n03ZqKDJfWVnlFudsW28YhQZx5eaXtAKA'}
+RP_METADATA_JWK1_pub = {'kty': 'RSA', 'n': 'w8H80eT2zrs2XQ-SApZG9TkuXDuIxANfCVHt4fFqNnOEZaCNWqlTQIo0JiSBE-QmzZ09TYP1BJpESuQf_PUeLRVPfYHsBVk5OYvhT27_nYlV7_1LsFGLxxsIa-hswMMzvW-1_huKLy6Fp0WP0ouUJAHsF_eYVtO1ApRhvlIVd5azM4k7t8Lh8lkCSdF1SfGHfXnXJRb-XensZ0cFSfe2Koq9mD7jpGLXlPpXxj8Ow0g7KYT5kVtWE5ULmNmO7BIN1Hx4HpggbbEGgC9FyjKw4GfFb-csnB-icBPf_60HomjrkFFt6vTjrcqQaHOj-sEjP36N8rMSBiMmiMSPnsHhMQ', 'e': 'AQAB', 'kid': 'HIvo33-Km7n03ZqKDJfWVnlFudsW28YhQZx5eaXtAKA'}
+
+rp_onboarding_data = dict(
+    name="RP Test",
+    sub="http://rp-test.it/oidc/rp/",
+    type="openid_relying_party",
+    metadata_policy={"openid_relying_party": {"scope": {"value": ["openid"]}}},
+    is_active=True,
+    jwks = [RP_METADATA_JWK1_pub]
+)
+
+rp_conf = {
+    "sub": rp_onboarding_data["sub"],
+    "jwks_fed" : [RP_METADATA_JWK1],
+    "jwks_core" : [RP_METADATA_JWK1],
+    "metadata": {
+        "openid_relying_party": {
+            "application_type": "web",
+            "client_registration_types": ["automatic"],
+            "client_name": "Name of this service called http://rp-test.it/oidc/rp/",
+            "contacts": ["[email protected]"],
+            "grant_types": ["refresh_token", "authorization_code"],
+            "redirect_uris": ["http://rp-test.it/oidc/rp/callback/"],
+            "response_types": ["code"],
+            "subject_type": "pairwise",
+            "client_id": "http://rp-test.it/oidc/rp/",
+            "jwks": {"keys": [RP_METADATA_JWK1_pub]},
+        }
+    },
+    "authority_hints": ["http://testserver/"],
+    "is_active": True,
+}
+
+RP_CONF_AS_JSON = {
+  "iss": rp_conf["sub"],
+  "sub": rp_conf["sub"],
+  "jwks": {
+    "keys": [RP_METADATA_JWK1_pub]
+  },
+  "metadata": rp_conf["metadata"],
+  "authority_hints":rp_conf["authority_hints"]
+}

spid_cie_oidc/authority/tests/test_07_resolve_entity_statement.py spid_cie_oidc/entity/tests/test_07_resolve_entity_statement.py

@@ -1,3 +1,4 @@
+from copy import deepcopy
 import json
 
 from unittest.mock import patch
@@ -10,13 +11,13 @@
     override_settings
 )
 from django.urls import reverse
-from spid_cie_oidc.authority.models import StaffToken
-from spid_cie_oidc.authority.tests.settings import rp_conf
-from spid_cie_oidc.authority.views import resolve_entity_statement
+from spid_cie_oidc.entity.tests.rp_metadata_settings import rp_conf, rp_onboarding_data
+from spid_cie_oidc.entity.views import resolve_entity_statement
 from spid_cie_oidc.entity.models import (
     FederationEntityConfiguration,
     FetchedEntityStatement, 
-    TrustChain
+    TrustChain,
+    StaffToken
 )
 from spid_cie_oidc.entity.tests.settings import ta_conf_data
 from spid_cie_oidc.entity.utils import (
@@ -27,14 +28,16 @@
 
 
 def create_tc():
+    
+
     TA_FES = FetchedEntityStatement.objects.create(
-        sub="sub",
-        iss="sub",
+        sub="http://testserver/",
+        iss="http://testserver/",
         exp=datetime_from_timestamp(exp_from_now(33)),
         iat=datetime_from_timestamp(iat_now()),
     )
     return TrustChain.objects.create(
-        sub="sub",
+        sub="http://rp-test.it/oidc/rp/",
         exp=datetime_from_timestamp(exp_from_now(33)),
         jwks = [],
         metadata=[],
@@ -70,6 +73,8 @@ def setUp(self):
             iat=datetime_from_timestamp(iat_now()),
         )
 
+
+
     @override_settings(HTTP_CLIENT_SYNC=True)
     def test_resolve_entity_statement(self):
         client = Client()
@@ -78,7 +83,7 @@ def test_resolve_entity_statement(self):
         data = {"sub" : rp_conf["sub"], "anchor" : ta_conf_data["sub"]}
         request = self.factory.get(url, data, **{'HTTP_AUTHORIZATION': "secret-token"})
         self.patcher = patch(
-            "spid_cie_oidc.authority.views.get_or_create_trust_chain", 
+            "spid_cie_oidc.entity.trust_chain_operations.get_or_create_trust_chain", 
             return_value = create_tc()
         )
         self.patcher.start()

spid_cie_oidc/entity/tests/test_10_schemas.py

@@ -0,0 +1,22 @@
+
+from django.test import TestCase
+from spid_cie_oidc.entity.schemas.resolve_endpoint import ResolveRequest
+from .rp_metadata_settings import rp_conf
+
+TA_SUB = "http://testserver.it/"
+
+RESOLVE_REQUEST = {
+    "iss": rp_conf["sub"],
+    "sub": rp_conf["sub"],
+    "anchor" : TA_SUB,
+    "format" :"json",
+}
+
+
+class SchemaTest(TestCase):
+
+    def setUp(self) -> None:
+        return super().setUp()
+    
+    def test_resolve_request(self):
+        ResolveRequest(**RESOLVE_REQUEST)

spid_cie_oidc/provider/tests/test_03_refresh_token.py

@@ -48,10 +48,11 @@ def setUp(self):
             trust_anchor=self.ta_fes,
             is_active=True,
         )
+        self.jwt_auds = [op_conf["sub"], "http://testserver/oidc/op/", "http://testserver/oidc/op/token/"]
         CLIENT_ASSERTION = {
             "iss": RP_SUB,
             "sub": RP_SUB,
-            "aud": [op_conf["sub"]],
+            "aud": self.jwt_auds,
             "exp": exp_from_now(),
             "iat": iat_now(),
             "jti": "jti",
@@ -60,7 +61,7 @@ def setUp(self):
         refresh_token = {
             "iss": self.op_local_conf["sub"],
             "sub": RP_SUB,
-            "aud": [op_conf["sub"]],
+            "aud": self.jwt_auds,
             "client_id": RP_CLIENT_ID,
             "scope": "openid",
         }

spid_cie_oidc/provider/tests/test_05_introspection_endpoint.py

@@ -31,10 +31,11 @@ class IntrospectionEndpointTest(TestCase):
     def setUp(self):
         self.RP_SUB = rp_conf["sub"]
         self.RP_CLIENT_ID = rp_conf["metadata"]["openid_relying_party"]["client_id"]
+        self.jwt_auds = [op_conf["sub"], "http://testserver/oidc/op/", "http://testserver/oidc/op/introspection/"]
         CLIENT_ASSERTION = {
             "iss": self.RP_SUB,
             "sub": self.RP_SUB,
-            "aud": [op_conf["sub"]],
+            "aud": self.jwt_auds,
             "exp": exp_from_now(),
             "iat": iat_now(),
             "jti": "jti",
@@ -43,7 +44,7 @@ def setUp(self):
         token = {
             "iss": self.RP_SUB,
             "sub": op_conf["sub"],
-            "aud": [op_conf["sub"]],
+            "aud": self.jwt_auds,
             "client_id": self.RP_SUB,
             "scope": "openid",
         }
@@ -91,6 +92,7 @@ def test_introspection_endpoint(self):
             "token" : self.jwt_token
 
         }
+        
         res = client.post(url, request)
         self.assertTrue(res.status_code == 200)
         self.assertTrue("openid" in res.content.decode())

spid_cie_oidc/provider/tests/test_08_token_endpoint.py

@@ -50,21 +50,23 @@ def setUp(self):
             trust_anchor=self.ta_fes,
             is_active=True,
         )
+        self.jwt_auds = [op_conf["sub"], "http://testserver/oidc/op/", "http://testserver/oidc/op/token/"]
         CLIENT_ASSERTION = {
             "iss": RP_SUB,
             "sub": RP_SUB,
-            "aud": [op_conf["sub"]],
+            "aud": self.jwt_auds,
             "exp": exp_from_now(),
             "iat": iat_now(),
             "jti": "jti",
         }
         self.ca_jws = create_jws(CLIENT_ASSERTION, RP_METADATA_JWK1)
+        
         self.refresh_token = {
             "iss": self.op_local_conf["sub"],
             "sub": RP_SUB,
             "exp": exp_from_now(),
             "iat": iat_now(),
-            "aud": [op_conf["sub"]],
+            "aud": self.jwt_auds,
             "client_id": RP_CLIENT_ID,
             "scope": "openid",
         }

spid_cie_oidc/provider/tests/test_09_revocation_endpoint.py

@@ -38,11 +38,11 @@ def setUp(self):
         )
         self.op_local_conf = deepcopy(op_conf)
         FederationEntityConfiguration.objects.create(**self.op_local_conf)
-
+        self.jwt_auds = [op_conf["sub"], "http://testserver/oidc/op/", "http://testserver/oidc/op/revocation/"]
         CLIENT_ASSERTION = {
             "iss": RP_SUB,
             "sub": RP_SUB,
-            "aud": [op_conf["sub"]],
+            "aud": self.jwt_auds,
             "exp": exp_from_now(),
             "iat": iat_now(),
             "jti": "jti",
@@ -51,7 +51,7 @@ def setUp(self):
         access_token = {
             "iss": self.op_local_conf["sub"],
             "sub": RP_SUB,
-            "aud": [op_conf["sub"]],
+            "aud": self.jwt_auds,
             "client_id": RP_CLIENT_ID,
             "scope": "openid",
         }

spid_cie_oidc/provider/views/__init__.py

@@ -188,10 +188,11 @@ def check_client_assertion(self, client_id: str, client_assertion: str) -> bool:
 
         if _op_eid:
             _allowed_auds.append(_op_eid)
-
+        
         if not _op_eid or self.request.build_absolute_uri() not in _allowed_auds:
             logger.warning(
-                f"Client assertion failed, fake audience: {_op.sub} != {_op_eid}"
+                "Client assertion failed, fake audience: "
+                f"{self.request.build_absolute_uri()} not in {_allowed_auds}"
             )
             # TODO Specialize exceptions
             raise Exception()

spid_cie_oidc/provider/views/introspection_endpoint.py

@@ -63,8 +63,11 @@ def post(self, request, *args, **kwargs):
                 },
                 status = 400
             )
-        except Exception: # pragma: no cover
+        except Exception as e: # pragma: no cover
+            logger.error(e)
             return HttpResponseForbidden()
+        
+        
         required_token = request.POST['token']
         # query con client_id, access token
         token = IssuedToken.objects.filter(