Misago/misago/conf/admin/tests/test_change_oauth2_settings.py

from django.urls import reverse
from ...models import Setting
from ....test import ERROR, assert_has_message, assert_contains


def test_oauth2_can_be_enabled(admin_client):
    response = admin_client.post(
        reverse("misago:admin:settings:oauth2:index"),
        {
            "enable_oauth2_client": "1",
            "oauth2_provider": "Lorem",
            "oauth2_client_id": "id",
            "oauth2_client_secret": "secret",
            "oauth2_scopes": "some scope",
            "oauth2_login_url": "https://example.com/login/",
            "oauth2_token_url": "https://example.com/token/",
            "oauth2_token_method": "POST",
            "oauth2_token_extra_headers": "",
            "oauth2_json_token_path": "access_token",
            "oauth2_user_url": "https://example.com/user/",
            "oauth2_user_method": "GET",
            "oauth2_user_token_location": "HEADER",
            "oauth2_user_token_name": "access_token",
            "oauth2_user_extra_headers": "",
            "oauth2_send_welcome_email": "",
            "oauth2_json_id_path": "id",
            "oauth2_json_name_path": "name",
            "oauth2_json_email_path": "email",
            "oauth2_json_avatar_path": "avatar",
        },
    )

    assert response.status_code == 302

    settings = {row.setting: row.value for row in Setting.objects.all()}

    assert settings["enable_oauth2_client"] is True
    assert settings["oauth2_provider"] == "Lorem"
    assert settings["oauth2_client_id"] == "id"
    assert settings["oauth2_client_secret"] == "secret"
    assert settings["oauth2_scopes"] == "some scope"
    assert settings["oauth2_login_url"] == "https://example.com/login/"
    assert settings["oauth2_token_url"] == "https://example.com/token/"
    assert settings["oauth2_token_method"] == "POST"
    assert settings["oauth2_token_extra_headers"] == ""
    assert settings["oauth2_json_token_path"] == "access_token"
    assert settings["oauth2_user_url"] == "https://example.com/user/"
    assert settings["oauth2_user_method"] == "GET"
    assert settings["oauth2_user_token_location"] == "HEADER"
    assert settings["oauth2_user_token_name"] == "access_token"
    assert settings["oauth2_user_extra_headers"] == ""
    assert settings["oauth2_send_welcome_email"] is False
    assert settings["oauth2_json_id_path"] == "id"
    assert settings["oauth2_json_name_path"] == "name"
    assert settings["oauth2_json_email_path"] == "email"
    assert settings["oauth2_json_avatar_path"] == "avatar"


def test_oauth2_can_be_enabled_without_avatar(admin_client):
    response = admin_client.post(
        reverse("misago:admin:settings:oauth2:index"),
        {
            "enable_oauth2_client": "1",
            "oauth2_provider": "Lorem",
            "oauth2_client_id": "id",
            "oauth2_client_secret": "secret",
            "oauth2_scopes": "some scope",
            "oauth2_login_url": "https://example.com/login/",
            "oauth2_token_url": "https://example.com/token/",
            "oauth2_token_method": "POST",
            "oauth2_token_extra_headers": "",
            "oauth2_json_token_path": "access_token",
            "oauth2_user_url": "https://example.com/user/",
            "oauth2_user_method": "GET",
            "oauth2_user_token_location": "HEADER",
            "oauth2_user_token_name": "access_token",
            "oauth2_user_extra_headers": "",
            "oauth2_send_welcome_email": "",
            "oauth2_json_id_path": "id",
            "oauth2_json_name_path": "name",
            "oauth2_json_email_path": "email",
            "oauth2_json_avatar_path": "",
        },
    )

    assert response.status_code == 302

    settings = {row.setting: row.value for row in Setting.objects.all()}

    assert settings["enable_oauth2_client"] is True
    assert settings["oauth2_provider"] == "Lorem"
    assert settings["oauth2_client_id"] == "id"
    assert settings["oauth2_client_secret"] == "secret"
    assert settings["oauth2_scopes"] == "some scope"
    assert settings["oauth2_login_url"] == "https://example.com/login/"
    assert settings["oauth2_token_url"] == "https://example.com/token/"
    assert settings["oauth2_token_method"] == "POST"
    assert settings["oauth2_token_extra_headers"] == ""
    assert settings["oauth2_json_token_path"] == "access_token"
    assert settings["oauth2_user_url"] == "https://example.com/user/"
    assert settings["oauth2_user_method"] == "GET"
    assert settings["oauth2_user_token_location"] == "HEADER"
    assert settings["oauth2_user_token_name"] == "access_token"
    assert settings["oauth2_user_extra_headers"] == ""
    assert settings["oauth2_send_welcome_email"] == False
    assert settings["oauth2_json_id_path"] == "id"
    assert settings["oauth2_json_name_path"] == "name"
    assert settings["oauth2_json_email_path"] == "email"
    assert settings["oauth2_json_avatar_path"] == ""


def test_oauth2_cant_be_enabled_with_some_value_missing(admin_client):
    data = {
        "enable_oauth2_client": "1",
        "oauth2_provider": "Lorem",
        "oauth2_client_id": "id",
        "oauth2_client_secret": "secret",
        "oauth2_scopes": "some scope",
        "oauth2_login_url": "https://example.com/login/",
        "oauth2_token_url": "https://example.com/token/",
        "oauth2_token_method": "POST",
        "oauth2_token_extra_headers": "",
        "oauth2_json_token_path": "access_token",
        "oauth2_user_url": "https://example.com/user/",
        "oauth2_user_method": "GET",
        "oauth2_user_token_location": "HEADER",
        "oauth2_user_token_name": "access_token",
        "oauth2_user_extra_headers": "",
        "oauth2_send_welcome_email": "",
        "oauth2_json_id_path": "id",
        "oauth2_json_name_path": "name",
        "oauth2_json_email_path": "email",
        "oauth2_json_avatar_path": "",
    }

    skip_settings = (
        "enable_oauth2_client",
        "oauth2_json_avatar_path",
        "oauth2_token_method",
        "oauth2_token_extra_headers",
        "oauth2_user_method",
        "oauth2_user_token_location",
        "oauth2_user_extra_headers",
        "oauth2_send_welcome_email",
    )

    for setting in data:
        if setting in skip_settings:
            continue

        new_data = data.copy()
        new_data[setting] = ""

        response = admin_client.post(
            reverse("misago:admin:settings:oauth2:index"),
            new_data,
        )

        assert response.status_code == 302
        assert_has_message(response, "You need to complete the configuration", ERROR)

        settings = {row.setting: row.value for row in Setting.objects.all()}

        assert settings["enable_oauth2_client"] is False

        if setting != "oauth2_client_id":
            assert settings["oauth2_client_id"] == "id"

        if setting != "oauth2_client_secret":
            assert settings["oauth2_client_secret"] == "secret"

        if setting != "oauth2_scopes":
            assert settings["oauth2_scopes"] == "some scope"

        if setting != "oauth2_login_url":
            assert settings["oauth2_login_url"] == "https://example.com/login/"

        if setting != "oauth2_token_url":
            assert settings["oauth2_token_url"] == "https://example.com/token/"

        if setting != "oauth2_json_token_path":
            assert settings["oauth2_json_token_path"] == "access_token"

        if setting != "oauth2_user_url":
            assert settings["oauth2_user_url"] == "https://example.com/user/"

        if setting != "oauth2_user_token_name":
            assert settings["oauth2_user_token_name"] == "access_token"

        if setting != "oauth2_json_id_path":
            assert settings["oauth2_json_id_path"] == "id"

        if setting != "oauth2_json_name_path":
            assert settings["oauth2_json_name_path"] == "name"

        if setting != "oauth2_json_email_path":
            assert settings["oauth2_json_email_path"] == "email"


def test_oauth2_scopes_are_normalized(admin_client):
    response = admin_client.post(
        reverse("misago:admin:settings:oauth2:index"),
        {
            "enable_oauth2_client": "0",
            "oauth2_client_id": "id",
            "oauth2_client_secret": "secret",
            "oauth2_scopes": "some some    scope",
            "oauth2_login_url": "https://example.com/login/",
            "oauth2_token_url": "https://example.com/token/",
            "oauth2_token_method": "POST",
            "oauth2_token_extra_headers": "",
            "oauth2_json_token_path": "access_token",
            "oauth2_user_url": "https://example.com/user/",
            "oauth2_user_method": "GET",
            "oauth2_user_token_location": "HEADER",
            "oauth2_user_token_name": "access_token",
            "oauth2_user_extra_headers": "",
            "oauth2_json_id_path": "id",
            "oauth2_json_name_path": "name",
            "oauth2_json_email_path": "email",
            "oauth2_json_avatar_path": "",
        },
    )

    assert response.status_code == 302

    setting = Setting.objects.get(setting="oauth2_scopes")
    assert setting.value == "some scope"


def test_oauth2_extra_token_headers_are_normalized(admin_client):
    response = admin_client.post(
        reverse("misago:admin:settings:oauth2:index"),
        {
            "enable_oauth2_client": "0",
            "oauth2_client_id": "id",
            "oauth2_client_secret": "secret",
            "oauth2_scopes": "some some    scope",
            "oauth2_login_url": "https://example.com/login/",
            "oauth2_token_url": "https://example.com/token/",
            "oauth2_token_method": "POST",
            "oauth2_token_extra_headers": ("Lorem:   ipsum\n   Dolor: Met-elit"),
            "oauth2_json_token_path": "access_token",
            "oauth2_user_url": "https://example.com/user/",
            "oauth2_user_method": "GET",
            "oauth2_user_token_location": "HEADER",
            "oauth2_user_token_name": "access_token",
            "oauth2_user_extra_headers": "",
            "oauth2_send_welcome_email": "",
            "oauth2_json_id_path": "id",
            "oauth2_json_name_path": "name",
            "oauth2_json_email_path": "email",
            "oauth2_json_avatar_path": "",
        },
    )

    assert response.status_code == 302

    setting = Setting.objects.get(setting="oauth2_token_extra_headers")
    assert setting.value == "Lorem: ipsum\nDolor: Met-elit"


def test_oauth2_extra_token_headers_are_validated(admin_client):
    response = admin_client.post(
        reverse("misago:admin:settings:oauth2:index"),
        {
            "enable_oauth2_client": "0",
            "oauth2_client_id": "id",
            "oauth2_client_secret": "secret",
            "oauth2_scopes": "some some    scope",
            "oauth2_login_url": "https://example.com/login/",
            "oauth2_token_url": "https://example.com/token/",
            "oauth2_token_method": "POST",
            "oauth2_token_extra_headers": (
                "Lorem:   ipsum\n   Dolor-amet\n Dolor: Met-elit"
            ),
            "oauth2_json_token_path": "access_token",
            "oauth2_user_url": "https://example.com/user/",
            "oauth2_user_method": "GET",
            "oauth2_user_token_location": "HEADER",
            "oauth2_user_token_name": "access_token",
            "oauth2_user_extra_headers": "",
            "oauth2_send_welcome_email": "",
            "oauth2_json_id_path": "id",
            "oauth2_json_name_path": "name",
            "oauth2_json_email_path": "email",
            "oauth2_json_avatar_path": "",
        },
    )

    assert_contains(response, "is not a valid header")


def test_oauth2_extra_user_headers_are_normalized(admin_client):
    response = admin_client.post(
        reverse("misago:admin:settings:oauth2:index"),
        {
            "enable_oauth2_client": "0",
            "oauth2_client_id": "id",
            "oauth2_client_secret": "secret",
            "oauth2_scopes": "some some    scope",
            "oauth2_login_url": "https://example.com/login/",
            "oauth2_token_url": "https://example.com/token/",
            "oauth2_token_method": "POST",
            "oauth2_token_extra_headers": "",
            "oauth2_json_token_path": "access_token",
            "oauth2_user_url": "https://example.com/user/",
            "oauth2_user_method": "GET",
            "oauth2_user_token_location": "HEADER",
            "oauth2_user_token_name": "access_token",
            "oauth2_user_extra_headers": ("Lorem:   ipsum\n   Dolor: Met-amet"),
            "oauth2_send_welcome_email": "",
            "oauth2_json_id_path": "id",
            "oauth2_json_name_path": "name",
            "oauth2_json_email_path": "email",
            "oauth2_json_avatar_path": "",
        },
    )

    assert response.status_code == 302

    setting = Setting.objects.get(setting="oauth2_user_extra_headers")
    assert setting.value == "Lorem: ipsum\nDolor: Met-amet"


def test_oauth2_extra_user_headers_are_validated(admin_client):
    response = admin_client.post(
        reverse("misago:admin:settings:oauth2:index"),
        {
            "enable_oauth2_client": "0",
            "oauth2_client_id": "id",
            "oauth2_client_secret": "secret",
            "oauth2_scopes": "some some    scope",
            "oauth2_login_url": "https://example.com/login/",
            "oauth2_token_url": "https://example.com/token/",
            "oauth2_token_method": "POST",
            "oauth2_token_extra_headers": "",
            "oauth2_json_token_path": "access_token",
            "oauth2_user_url": "https://example.com/user/",
            "oauth2_user_method": "GET",
            "oauth2_user_token_location": "HEADER",
            "oauth2_user_token_name": "access_token",
            "oauth2_user_extra_headers": ("Lorem:   ipsum\n   Dolor-met"),
            "oauth2_send_welcome_email": "",
            "oauth2_json_id_path": "id",
            "oauth2_json_name_path": "name",
            "oauth2_json_email_path": "email",
            "oauth2_json_avatar_path": "",
        },
    )

    assert_contains(response, "is not a valid header")


def test_oauth2_extra_headers_are_validated_to_have_colons(admin_client):
    response = admin_client.post(
        reverse("misago:admin:settings:oauth2:index"),
        {
            "enable_oauth2_client": "0",
            "oauth2_client_id": "id",
            "oauth2_client_secret": "secret",
            "oauth2_scopes": "some some    scope",
            "oauth2_login_url": "https://example.com/login/",
            "oauth2_token_url": "https://example.com/token/",
            "oauth2_token_method": "POST",
            "oauth2_token_extra_headers": "",
            "oauth2_json_token_path": "access_token",
            "oauth2_user_url": "https://example.com/user/",
            "oauth2_user_method": "GET",
            "oauth2_user_token_location": "HEADER",
            "oauth2_user_token_name": "access_token",
            "oauth2_user_extra_headers": ("Lorem:   ipsum\n   Dolor-met"),
            "oauth2_send_welcome_email": "",
            "oauth2_json_id_path": "id",
            "oauth2_json_name_path": "name",
            "oauth2_json_email_path": "email",
            "oauth2_json_avatar_path": "",
        },
    )

    assert_contains(response, "is not a valid header. It's missing a colon")


def test_oauth2_extra_headers_are_validated_to_have_names(admin_client):
    response = admin_client.post(
        reverse("misago:admin:settings:oauth2:index"),
        {
            "enable_oauth2_client": "0",
            "oauth2_client_id": "id",
            "oauth2_client_secret": "secret",
            "oauth2_scopes": "some some    scope",
            "oauth2_login_url": "https://example.com/login/",
            "oauth2_token_url": "https://example.com/token/",
            "oauth2_token_method": "POST",
            "oauth2_token_extra_headers": "",
            "oauth2_json_token_path": "access_token",
            "oauth2_user_url": "https://example.com/user/",
            "oauth2_user_method": "GET",
            "oauth2_user_token_location": "HEADER",
            "oauth2_user_token_name": "access_token",
            "oauth2_user_extra_headers": ("Lorem:   ipsum\n   :Dolor-met"),
            "oauth2_send_welcome_email": "",
            "oauth2_json_id_path": "id",
            "oauth2_json_name_path": "name",
            "oauth2_json_email_path": "email",
            "oauth2_json_avatar_path": "",
        },
    )

    assert_contains(
        response,
        "is not a valid header. It's missing a header name before the colon",
    )


def test_oauth2_extra_headers_are_validated_to_have_values(admin_client):
    response = admin_client.post(
        reverse("misago:admin:settings:oauth2:index"),
        {
            "enable_oauth2_client": "0",
            "oauth2_client_id": "id",
            "oauth2_client_secret": "secret",
            "oauth2_scopes": "some some    scope",
            "oauth2_login_url": "https://example.com/login/",
            "oauth2_token_url": "https://example.com/token/",
            "oauth2_token_method": "POST",
            "oauth2_token_extra_headers": "",
            "oauth2_json_token_path": "access_token",
            "oauth2_user_url": "https://example.com/user/",
            "oauth2_user_method": "GET",
            "oauth2_user_token_location": "HEADER",
            "oauth2_user_token_name": "access_token",
            "oauth2_user_extra_headers": ("Lorem:   ipsum\n   Dolor-met:"),
            "oauth2_send_welcome_email": "",
            "oauth2_json_id_path": "id",
            "oauth2_json_name_path": "name",
            "oauth2_json_email_path": "email",
            "oauth2_json_avatar_path": "",
        },
    )

    assert_contains(
        response,
        "is not a valid header. It's missing a header value after the colon",
    )


def test_oauth2_extra_headers_are_validated_to_be_unique(admin_client):
    response = admin_client.post(
        reverse("misago:admin:settings:oauth2:index"),
        {
            "enable_oauth2_client": "0",
            "oauth2_client_id": "id",
            "oauth2_client_secret": "secret",
            "oauth2_scopes": "some some    scope",
            "oauth2_login_url": "https://example.com/login/",
            "oauth2_token_url": "https://example.com/token/",
            "oauth2_token_method": "POST",
            "oauth2_token_extra_headers": "",
            "oauth2_json_token_path": "access_token",
            "oauth2_user_url": "https://example.com/user/",
            "oauth2_user_method": "GET",
            "oauth2_user_token_location": "HEADER",
            "oauth2_user_token_name": "access_token",
            "oauth2_user_extra_headers": ("Accept:b\nLorem:   ipsum\n   Accept: a"),
            "oauth2_send_welcome_email": "",
            "oauth2_json_id_path": "id",
            "oauth2_json_name_path": "name",
            "oauth2_json_email_path": "email",
            "oauth2_json_avatar_path": "",
        },
    )

    assert_contains(response, ""Accept" header is entered more than once.")