Skip to content
This repository was archived by the owner on Apr 26, 2024. It is now read-only.

Commit cfa177c

Browse files
sandhosesandhose
committed
OIDC login: add docstrings to tests
Signed-off-by: Quentin Gliech <[email protected]>
1 parent b3e7b6c commit cfa177c

File tree

1 file changed

+20
-0
lines changed

1 file changed

+20
-0
lines changed

tests/handlers/test_oidc.py

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -150,13 +150,15 @@ def assertRenderedError(self, error, error_description=None):
150150
self.handler._render_error.reset_mock()
151151

152152
def test_config(self):
153+
"""Basic config correctly sets up the callback URL and client auth correctly."""
153154
self.assertEqual(self.handler._callback_url, CALLBACK_URL)
154155
self.assertEqual(self.handler._client_auth.client_id, CLIENT_ID)
155156
self.assertEqual(self.handler._client_auth.client_secret, CLIENT_SECRET)
156157

157158
@override_config({"oidc_config": {"discover": True}})
158159
@defer.inlineCallbacks
159160
def test_discovery(self):
161+
"""The handler should discover the endpoints from OIDC discovery document."""
160162
# This would throw if some metadata were invalid
161163
metadata = yield defer.ensureDeferred(self.handler.load_metadata())
162164
self.http_client.get_json.assert_called_once_with(WELL_KNOWN)
@@ -176,12 +178,14 @@ def test_discovery(self):
176178
@override_config({"oidc_config": COMMON_CONFIG})
177179
@defer.inlineCallbacks
178180
def test_no_discovery(self):
181+
"""When discovery is disabled, it should not try to load from discovery document."""
179182
yield defer.ensureDeferred(self.handler.load_metadata())
180183
self.http_client.get_json.assert_not_called()
181184

182185
@override_config({"oidc_config": COMMON_CONFIG})
183186
@defer.inlineCallbacks
184187
def test_load_jwks(self):
188+
"""JWKS loading is done once (then cached) if used."""
185189
jwks = yield defer.ensureDeferred(self.handler.load_jwks())
186190
self.http_client.get_json.assert_called_once_with(JWKS_URI)
187191
self.assertEqual(jwks, {"keys": []})
@@ -210,6 +214,7 @@ def test_load_jwks(self):
210214

211215
@override_config({"oidc_config": COMMON_CONFIG})
212216
def test_validate_config(self):
217+
"""Provider metadatas are extensively validated."""
213218
h = self.handler
214219

215220
# Default test config does not throw
@@ -280,12 +285,14 @@ def test_validate_config(self):
280285

281286
@override_config({"oidc_config": {"skip_verification": True}})
282287
def test_skip_verification(self):
288+
"""Provider metadata validation can be disabled by config."""
283289
with self.metadata_edit({"issuer": "http://insecure"}):
284290
# This should not throw
285291
self.handler._validate_metadata()
286292

287293
@defer.inlineCallbacks
288294
def test_redirect_request(self):
295+
"""The redirect request has the right arguments & generates a valid session cookie."""
289296
req = Mock(spec=["addCookie", "redirect", "finish"])
290297
yield defer.ensureDeferred(
291298
self.handler.handle_redirect_request(req, b"http://client/redirect")
@@ -330,6 +337,7 @@ def test_redirect_request(self):
330337

331338
@defer.inlineCallbacks
332339
def test_callback_error(self):
340+
"""Errors from the provider returned in the callback are displayed."""
333341
self.handler._render_error = Mock()
334342
request = Mock(args={})
335343
request.args[b"error"] = [b"invalid_client"]
@@ -342,6 +350,16 @@ def test_callback_error(self):
342350

343351
@defer.inlineCallbacks
344352
def test_callback(self):
353+
"""Code callback works and display errors if something went wrong.
354+
355+
A lot of scenarios are tested here:
356+
- when the callback works, with userinfo from ID token
357+
- when the user mapping fails
358+
- when ID token verification fails
359+
- when the callback works, with userinfo fetched from the userinfo endpoint
360+
- when the userinfo fetching fails
361+
- when the code exchange fails
362+
"""
345363
token = {
346364
"type": "bearer",
347365
"id_token": "id_token",
@@ -430,6 +448,7 @@ def test_callback(self):
430448

431449
@defer.inlineCallbacks
432450
def test_callback_session(self):
451+
"""The callback verifies the session presence and validity"""
433452
self.handler._render_error = Mock(return_value=None)
434453
request = Mock(spec=["args", "getCookie", "addCookie"])
435454

@@ -472,6 +491,7 @@ def test_callback_session(self):
472491
@override_config({"oidc_config": {"client_auth_method": "client_secret_post"}})
473492
@defer.inlineCallbacks
474493
def test_exchange_code(self):
494+
"""Code exchange behaves correctly and handles various error scenarios."""
475495
token = {"type": "bearer"}
476496
token_json = json.dumps(token).encode("utf-8")
477497
self.http_client.request = simple_async_mock(

0 commit comments

Comments
 (0)