From 0d04d371c14c9368b50467d108c7fb9cbb83d450 Mon Sep 17 00:00:00 2001 From: George Thomas Date: Tue, 24 Sep 2024 09:19:04 -0700 Subject: [PATCH] (HP-1699): add unit test for revoke_token --- tests/app_test.py | 24 +++++++++++++++++++++--- tests/conftest.py | 5 ----- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/tests/app_test.py b/tests/app_test.py index 0944ab5..548bdb1 100644 --- a/tests/app_test.py +++ b/tests/app_test.py @@ -1,3 +1,4 @@ +from urllib.parse import urljoin import flask import json import mock @@ -7,6 +8,7 @@ import urllib from authlib.oauth2.client import OAuth2Client +from authlib.integrations.requests_client import OAuth2Session from wts.models import RefreshToken from wts.resources.oauth2 import find_valid_refresh_token @@ -158,8 +160,9 @@ def test_authorize_endpoint(client, test_user, db_session, auth_header): assert original_refresh_token == fake_tokens["idp_a"] -def test_fetch_token_header(client, test_user, db_session, auth_header, app_version): +def test_fetch_token_header(client, test_user, db_session, auth_header, app): fake_tokens = {"default": "eyJhbGciOiJvvvv", "idp_a": "eyJhbGciOiJwwww"} + app_version = app.config.get("APP_VERSION") # mock `fetch_access_token` to avoid external calls mocked_response = mock.MagicMock() @@ -206,7 +209,6 @@ def test_fetch_token_header(client, test_user, db_session, auth_header, app_vers res = client.get( "/oauth2/authorize?state={}".format(fake_state), headers=auth_header ) - OAuth2Client.fetch_token.assert_called OAuth2Client.fetch_token.assert_called_with( "https://localhost/user/oauth2/token", headers={"User-Agent": f"Gen3WTS / {app_version}"}, @@ -225,7 +227,6 @@ def test_fetch_token_header(client, test_user, db_session, auth_header, app_vers res = client.get( "/oauth2/authorize?state={}".format(fake_state), headers=auth_header ) - OAuth2Client.fetch_token.assert_called OAuth2Client.fetch_token.assert_called_with( "https://some.data.commons/user/oauth2/token", headers={"User-Agent": f"Gen3WTS / {app_version}"}, @@ -285,6 +286,23 @@ def test_external_oidc_endpoint_with_persisted_refresh_tokens( assert provider["refresh_token_expiration"] == None +def test_revoke_token_header(client, auth_header, app): + + url = urljoin(app.config.get("USER_API"), "/oauth2/revoke") + app_version = app.config.get("APP_VERSION") + + with mock.patch.object( + OAuth2Session, + "revoke_token", + ): + res = client.get("/oauth2/logout", headers=auth_header) + assert res.status_code == 204 + assert res.text == "" + OAuth2Session.revoke_token.assert_called_with( + url, None, headers={"User-Agent": f"Gen3WTS / {app_version}"} + ) + + def test_app_config(app): assert ( app.config["OIDC"]["idp_a"]["redirect_uri"] diff --git a/tests/conftest.py b/tests/conftest.py index 2b22cb9..f3b10d5 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -61,11 +61,6 @@ def other_user(): return User(userid="123456", username="someone_else") -@pytest.fixture(scope="function") -def app_version(): - return service_app.config.get("APP_VERSION") - - @pytest.fixture(scope="session") def db(app, request): """Session-wide test database."""