From 64193559428235bebbc027aff24c5132db3179c0 Mon Sep 17 00:00:00 2001
From: Mark <mark@openappstack.net>
Date: Tue, 1 Oct 2019 11:46:16 +0200
Subject: [PATCH] Add OpenID Connect test

---
 .gitlab-ci.yml                                      |  3 ++-
 test/create-hydra-client.sh                         |  2 +-
 test/login_logout/app.py                            | 13 ++++++++++++-
 .../test/behave/features/environment.py             |  1 +
 .../login_logout/test/behave/features/login.feature |  5 +++++
 .../test/behave/features/steps/login.py             | 11 +++++++++++
 6 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6596cf3..77d8dd5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -142,6 +142,7 @@ behave-integration:
     BASE_URL: "http://172.17.0.5:4444"
     ACCESS_TOKEN_URL: "http://172.17.0.5:4444/oauth2/token"
     AUTHORIZE_URL: "http://172.17.0.5:4444/oauth2/auth"
+    USERINFO_URL: "http://172.17.0.5:4444/userinfo"
     GRAPHQL_URL: "http://172.17.0.6:5000/graphql" # 172.17.0.6 -> backend
     GIT_SUBMODULE_STRATEGY: "recursive"
     TESTUSER_USERNAME: "testuser"
@@ -173,7 +174,7 @@ behave-integration:
     - /bin/sh user-panel/utils/grant-access.sh ${TESTUSER_USERNAME} ${KEY} backend 5000
     - /bin/sh test/create-hydra-client.sh ${KEY} ${SECRET} hydra 4445 http://oauth:5000/callback
     - cd test/login_logout/test/behave/
-    - python3 -m behave -D headless=True -D url=http://oauth:5000 -D logout_url=http://oauth:5000/logout -D username=${TESTUSER_USERNAME} -D username2=${TESTUSER_USERNAME2} -D password=${TESTUSER_PASSWORD}
+    - python3 -m behave -D headless=True -D url=http://oauth:5000 -D logout_url=http://oauth:5000/logout -D userinfo_url=http://oauth:5000/userinfo -D username=${TESTUSER_USERNAME} -D username2=${TESTUSER_USERNAME2} -D password=${TESTUSER_PASSWORD}
   artifacts:
     paths:
       - test/login_logout/test/behave/screenshots/
diff --git a/test/create-hydra-client.sh b/test/create-hydra-client.sh
index 363aec8..569ebcf 100644
--- a/test/create-hydra-client.sh
+++ b/test/create-hydra-client.sh
@@ -8,5 +8,5 @@ REDIRECT_URI=$5
 
 curl --header "Content-Type: application/json" \
     --request POST \
-    --data "{\"client_id\": \"$KEY\", \"client_name\": \"$KEY\", \"client_secret\": \"$SECRET\", \"redirect_uris\": [\"$REDIRECT_URI\"], \"scope\": \"read\", \"grant-types\": \"authorization_code,refresh_token\", \"response_types\": [\"code\"], \"token_endpoint_auth_method\": \"client_secret_post\"}" \
+    --data "{\"client_id\": \"$KEY\", \"client_name\": \"$KEY\", \"client_secret\": \"$SECRET\", \"redirect_uris\": [\"$REDIRECT_URI\"], \"scope\": \"openid profile email\", \"grant-types\": \"authorization_code,refresh_token\", \"response_types\": [\"code\"], \"token_endpoint_auth_method\": \"client_secret_post\"}" \
     http://$HOST:$PORT/clients
diff --git a/test/login_logout/app.py b/test/login_logout/app.py
index 87420ec..929af86 100644
--- a/test/login_logout/app.py
+++ b/test/login_logout/app.py
@@ -10,6 +10,7 @@ BASE_URL=environ["BASE_URL"]
 ACCESS_TOKEN_URL=environ["ACCESS_TOKEN_URL"]
 LOGOUT_URL=environ["LOGOUT_URL"]
 AUTHORIZE_URL=environ["AUTHORIZE_URL"]
+USERINFO_URL=environ["USERINFO_URL"]
 KEY=environ["KEY"]
 SECRET=environ["SECRET"]
 
@@ -25,7 +26,7 @@ sso = oauth.remote_app(
     access_token_url=ACCESS_TOKEN_URL,
     authorize_url=AUTHORIZE_URL,
     consumer_key=KEY,
-    request_token_params={'state': lambda: security.gen_salt(10), "scope": "read"},
+    request_token_params={'state': lambda: security.gen_salt(10), "scope": "openid profile email"},
     consumer_secret=SECRET)
 
 @sso.tokengetter
@@ -36,6 +37,14 @@ def get_sso_token(token=None):
 def login():
     return sso.authorize(url_for('callback', _external=True))
 
+@app.route('/userinfo')
+def get_userinfo():
+    if "id_token" in session:
+        #return jsonify(sso.request(USERINFO_URL, token=session["id_token"]))
+        resp = sso.request(USERINFO_URL)
+        return jsonify(resp.data)
+    abort(403)
+
 @app.route('/logout')
 def logout():
     del session['sso_token']
@@ -49,6 +58,8 @@ def callback():
             return jsonify(request.args)
         abort(403)
     session['sso_token'] = (resp['access_token'],None)
+    if "id_token" in resp:
+        session['id_token'] = resp['id_token']
     return jsonify(resp)
 
 if __name__ == "__main__":
diff --git a/test/login_logout/test/behave/features/environment.py b/test/login_logout/test/behave/features/environment.py
index f60dbc8..ab1ab0d 100644
--- a/test/login_logout/test/behave/features/environment.py
+++ b/test/login_logout/test/behave/features/environment.py
@@ -39,6 +39,7 @@ def before_tag(context, tag):
     userdata = context.config.userdata
     values['url'] = userdata.get('url')
     values['logout_url'] = userdata.get('logout_url')
+    values['userinfo_url'] = userdata.get('userinfo_url')
     values['username'] = userdata.get('username')
     values['username2'] = userdata.get('username2')
     values['password'] = userdata.get('password')
diff --git a/test/login_logout/test/behave/features/login.feature b/test/login_logout/test/behave/features/login.feature
index f7a9cc0..ec31395 100644
--- a/test/login_logout/test/behave/features/login.feature
+++ b/test/login_logout/test/behave/features/login.feature
@@ -20,6 +20,11 @@ Scenario: Login with a valid user with access to application
     And I expect that the path is "/callback"
     And I expect that element "body" contains the text "access_token"
 
+Scenario: Get OpenID Connect userdata for testuser
+    Given I open the userinfo URL
+    Then I expect that element "body" contains the text "email"
+    And I expect that element "body" contains the value of var "username"
+
 Scenario: Logout
     Given I open the logout URL
     Then I wait on element "input#username" for 1000ms to be visible
diff --git a/test/login_logout/test/behave/features/steps/login.py b/test/login_logout/test/behave/features/steps/login.py
index ba1a9df..1374b67 100644
--- a/test/login_logout/test/behave/features/steps/login.py
+++ b/test/login_logout/test/behave/features/steps/login.py
@@ -22,6 +22,11 @@ def step_impl(context):
     """Logout by visitng the logout url"""
     context.behave_driver.get(context.oauth['logout_url'])
 
+@when(u'I open the userinfo URL')
+@given(u'I open the userinfo URL')
+def step_impl(context):
+    """Logout by visitng the logout url"""
+    context.behave_driver.get(context.oauth['userinfo_url'])
 
 @when(u'I enter the "{attribute}" in the inputfield "{element}"')
 def step_impl(context, attribute,  element):
@@ -31,4 +36,10 @@ def step_impl(context, attribute,  element):
     value = context.oauth[attribute]
     elem.send_keys(value)
 
+@then(u'I expect that element "{element}" contains the value of var "{variable}"')
+def step_impf(context, element, variable):
+    """Check if value is in field"""
+    elem = context.behave_driver.get_element(element)
+    value = context.oauth[variable]
+    assert value in elem.text
 
-- 
GitLab