mirror of
https://github.com/mealie-recipes/mealie.git
synced 2025-08-06 05:55:23 +02:00
feat: Add OIDC_CLIENT_SECRET and other changes for v2 (#4254)
Co-authored-by: boc-the-git <3479092+boc-the-git@users.noreply.github.com>
This commit is contained in:
Carter
GitHub
parent
4f1abcf4a3
commit
5ed0ec029b
31 changed files with 530 additions and 349 deletions
127
tests/unit_tests/core/security/providers/test_openid_provider.py
Normal file
127
tests/unit_tests/core/security/providers/test_openid_provider.py
Normal file
|
|
@ -0,0 +1,127 @@
|
|||
from pytest import MonkeyPatch, Session
|
||||
|
||||
from mealie.core.config import get_app_settings
|
||||
from mealie.core.security.providers.openid_provider import OpenIDProvider
|
||||
from mealie.repos.all_repositories import get_repositories
|
||||
from tests.utils.fixture_schemas import TestUser
|
||||
|
||||
|
||||
def test_no_claims():
|
||||
auth_provider = OpenIDProvider(None, None)
|
||||
|
||||
assert auth_provider.authenticate() is None
|
||||
|
||||
|
||||
def test_empty_claims():
|
||||
auth_provider = OpenIDProvider(None, {})
|
||||
|
||||
assert auth_provider.authenticate() is None
|
||||
|
||||
|
||||
def test_missing_claims():
|
||||
data = {"preferred_username": "dude1"}
|
||||
auth_provider = OpenIDProvider(None, data)
|
||||
|
||||
assert auth_provider.authenticate() is None
|
||||
|
||||
|
||||
def test_missing_groups_claim(monkeypatch: MonkeyPatch):
|
||||
monkeypatch.setenv("OIDC_USER_GROUP", "mealie_user")
|
||||
get_app_settings.cache_clear()
|
||||
|
||||
data = {
|
||||
"preferred_username": "dude1",
|
||||
"email": "email@email.com",
|
||||
"name": "Firstname Lastname",
|
||||
}
|
||||
auth_provider = OpenIDProvider(None, data)
|
||||
|
||||
assert auth_provider.authenticate() is None
|
||||
|
||||
|
||||
def test_missing_user_group(monkeypatch: MonkeyPatch):
|
||||
monkeypatch.setenv("OIDC_USER_GROUP", "mealie_user")
|
||||
get_app_settings.cache_clear()
|
||||
|
||||
data = {
|
||||
"preferred_username": "dude1",
|
||||
"email": "email@email.com",
|
||||
"name": "Firstname Lastname",
|
||||
"groups": ["not_mealie_user"],
|
||||
}
|
||||
auth_provider = OpenIDProvider(None, data)
|
||||
|
||||
assert auth_provider.authenticate() is None
|
||||
|
||||
|
||||
def test_has_user_group_existing_user(monkeypatch: MonkeyPatch, unique_user: TestUser):
|
||||
monkeypatch.setenv("OIDC_USER_GROUP", "mealie_user")
|
||||
get_app_settings.cache_clear()
|
||||
|
||||
data = {
|
||||
"preferred_username": "dude1",
|
||||
"email": unique_user.email,
|
||||
"name": "Firstname Lastname",
|
||||
"groups": ["mealie_user"],
|
||||
}
|
||||
auth_provider = OpenIDProvider(unique_user.repos.session, data)
|
||||
|
||||
assert auth_provider.authenticate() is not None
|
||||
|
||||
|
||||
def test_has_admin_group_existing_user(monkeypatch: MonkeyPatch, unique_user: TestUser):
|
||||
monkeypatch.setenv("OIDC_USER_GROUP", "mealie_user")
|
||||
monkeypatch.setenv("OIDC_ADMIN_GROUP", "mealie_admin")
|
||||
get_app_settings.cache_clear()
|
||||
|
||||
data = {
|
||||
"preferred_username": "dude1",
|
||||
"email": unique_user.email,
|
||||
"name": "Firstname Lastname",
|
||||
"groups": ["mealie_admin"],
|
||||
}
|
||||
auth_provider = OpenIDProvider(unique_user.repos.session, data)
|
||||
|
||||
assert auth_provider.authenticate() is not None
|
||||
|
||||
|
||||
def test_has_user_group_new_user(monkeypatch: MonkeyPatch, session: Session):
|
||||
monkeypatch.setenv("OIDC_USER_GROUP", "mealie_user")
|
||||
monkeypatch.setenv("OIDC_ADMIN_GROUP", "mealie_admin")
|
||||
get_app_settings.cache_clear()
|
||||
|
||||
data = {
|
||||
"preferred_username": "dude1",
|
||||
"email": "dude1@email.com",
|
||||
"name": "Firstname Lastname",
|
||||
"groups": ["mealie_user"],
|
||||
}
|
||||
auth_provider = OpenIDProvider(session, data)
|
||||
|
||||
assert auth_provider.authenticate() is not None
|
||||
|
||||
db = get_repositories(session, group_id=None, household_id=None)
|
||||
user = db.users.get_one("dude1", "username")
|
||||
assert user is not None
|
||||
assert not user.admin
|
||||
|
||||
|
||||
def test_has_admin_group_new_user(monkeypatch: MonkeyPatch, session: Session):
|
||||
monkeypatch.setenv("OIDC_USER_GROUP", "mealie_user")
|
||||
monkeypatch.setenv("OIDC_ADMIN_GROUP", "mealie_admin")
|
||||
get_app_settings.cache_clear()
|
||||
|
||||
data = {
|
||||
"preferred_username": "dude2",
|
||||
"email": "dude2@email.com",
|
||||
"name": "Firstname Lastname",
|
||||
"groups": ["mealie_admin"],
|
||||
}
|
||||
auth_provider = OpenIDProvider(session, data)
|
||||
|
||||
assert auth_provider.authenticate() is not None
|
||||
|
||||
db = get_repositories(session, group_id=None, household_id=None)
|
||||
user = db.users.get_one("dude2", "username")
|
||||
assert user is not None
|
||||
assert user.admin
|
||||
|
|
@ -6,7 +6,10 @@ from pytest import MonkeyPatch
|
|||
from mealie.core import security
|
||||
from mealie.core.config import get_app_settings
|
||||
from mealie.core.dependencies import validate_file_token
|
||||
from mealie.core.security.providers.credentials_provider import CredentialsProvider, CredentialsRequest
|
||||
from mealie.core.security.providers.credentials_provider import (
|
||||
CredentialsProvider,
|
||||
CredentialsRequest,
|
||||
)
|
||||
from mealie.core.security.providers.ldap_provider import LDAPProvider
|
||||
from mealie.db.db_setup import session_context
|
||||
from mealie.db.models.users.users import AuthMethod
|
||||
|
|
@ -102,7 +105,10 @@ def setup_env(monkeypatch: MonkeyPatch):
|
|||
monkeypatch.setenv("LDAP_BASE_DN", base_dn)
|
||||
monkeypatch.setenv("LDAP_QUERY_BIND", query_bind)
|
||||
monkeypatch.setenv("LDAP_QUERY_PASSWORD", query_password)
|
||||
monkeypatch.setenv("LDAP_USER_FILTER", "(&(objectClass=user)(|({id_attribute}={input})({mail_attribute}={input})))")
|
||||
monkeypatch.setenv(
|
||||
"LDAP_USER_FILTER",
|
||||
"(&(objectClass=user)(|({id_attribute}={input})({mail_attribute}={input})))",
|
||||
)
|
||||
|
||||
return user, mail, name, password, query_bind, query_password
|
||||
|
||||
|
|
@ -208,15 +214,11 @@ def test_ldap_user_creation_admin(monkeypatch: MonkeyPatch):
|
|||
def test_ldap_disabled(monkeypatch: MonkeyPatch):
|
||||
monkeypatch.setenv("LDAP_AUTH_ENABLED", "False")
|
||||
|
||||
class Request:
|
||||
def __init__(self, auth_strategy: str):
|
||||
self.cookies = {"mealie.auth.strategy": auth_strategy}
|
||||
|
||||
get_app_settings.cache_clear()
|
||||
|
||||
with session_context() as session:
|
||||
form = CredentialsRequestForm("username", "password", False)
|
||||
provider = security.get_auth_provider(session, Request("local"), form)
|
||||
provider = security.get_auth_provider(session, form)
|
||||
|
||||
assert isinstance(provider, CredentialsProvider)
|
||||
|
||||
|
|
@ -230,7 +232,15 @@ def test_user_login_ldap_auth_method(monkeypatch: MonkeyPatch, ldap_user: Privat
|
|||
|
||||
def ldap_initialize_mock(url):
|
||||
assert url == ""
|
||||
return LdapConnMock(ldap_user.username, ldap_password, False, query_bind, query_password, ldap_user.email, name)
|
||||
return LdapConnMock(
|
||||
ldap_user.username,
|
||||
ldap_password,
|
||||
False,
|
||||
query_bind,
|
||||
query_password,
|
||||
ldap_user.email,
|
||||
name,
|
||||
)
|
||||
|
||||
monkeypatch.setattr(ldap, "initialize", ldap_initialize_mock)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue