Skip to content

Commit

Permalink
[IMP] auth_oidc: test group assignment/removal
Browse files Browse the repository at this point in the history
  • Loading branch information
OdyX committed Nov 21, 2024
1 parent 0adf015 commit 8f270be
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 1 deletion.
13 changes: 12 additions & 1 deletion auth_oidc/demo/local_keycloak.xml
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,20 @@
name="jwks_uri"
>http://localhost:8080/auth/realms/master/protocol/openid-connect/certs</field>
</record>
<record id="local_keycloak_group_line" model="auth.oauth.provider.group_line">
<record
id="local_keycloak_group_line_name_is_test"
model="auth.oauth.provider.group_line"
>
<field name="provider_id" ref="local_keycloak" />
<field name="group_id" ref="base.group_no_one" />
<field name="expression">token['name'] == 'test'</field>
</record>
<record
id="local_keycloak_group_line_erp_manager_in_groups"
model="auth.oauth.provider.group_line"
>
<field name="provider_id" ref="local_keycloak" />
<field name="group_id" ref="base.group_erp_manager" />
<field name="expression">'erp_manager' in token['groups']</field>
</record>
</odoo>
39 changes: 39 additions & 0 deletions auth_oidc/tests/test_auth_oidc_auth_code.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@

import odoo
from odoo.exceptions import AccessDenied, ValidationError
from odoo.fields import Command
from odoo.tests import common

from odoo.addons.website.tools import MockRequest as _MockRequest
Expand Down Expand Up @@ -149,6 +150,44 @@ def test_login(self):
self.assertEqual(token, "42")
self.assertEqual(login, user.login)

@responses.activate
def test_manager_login(self):
"""Test that login works and assigns the user to a manager group"""
user = self._prepare_login_test_user()
self._prepare_login_test_responses(
id_token_body={"user_id": user.login, "groups": ["erp_manager"]}
)

params = {"state": json.dumps({})}
with MockRequest(self.env):
db, login, token = self.env["res.users"].auth_oauth(
self.provider_rec.id,
params,
)
self.assertTrue(user.has_group("base.group_erp_manager"))

@responses.activate
def test_ex_manager_login(self):
"""Test that login works and de-assigns the user from a manager group"""
user = self._prepare_login_test_user()
# Make them a manager
user.write(
{"groups_id": [Command.link(self.env.ref("base.group_erp_manager").id)]}
)
self.assertTrue(user.has_group("base.group_erp_manager"))

self._prepare_login_test_responses(
id_token_body={"user_id": user.login, "groups": ["not_erp_manager"]}
)

params = {"state": json.dumps({})}
with MockRequest(self.env):
db, login, token = self.env["res.users"].auth_oauth(
self.provider_rec.id,
params,
)
self.assertFalse(user.has_group("base.group_erp_manager"))

@responses.activate
def test_login_without_kid(self):
"""Test that login works when ID Token has no kid in header"""
Expand Down

0 comments on commit 8f270be

Please sign in to comment.