diff --git a/.env.test b/.env.test index 3ae5d5e8c..b67d2b663 100644 --- a/.env.test +++ b/.env.test @@ -88,7 +88,6 @@ OAUTH2_CLIENT_ID=VECGuQb00tWt8HZNkA4cxu6dnoQD5pF6Up3daAoK OAUTH2_CLIENT_SECRET=aY14rwkEKasNqBEZX8OnhpRk8lpHAfT7oKTlf4LriEK8oMZxhnGKcnt4bZ72pceNEl83B6LtBvhKr3BqBLFA80Pd6Ugav2rkc8bk7TE4LkaoB2qcBQmjiOiEpizsgZGx OAUTH2_CLIENT1_ID=test-id-for-client-with-pkce-flow OAUTH2_AUTH_URL=http://localhost:8083/o/authorize -OAUTH2_USER_PROFILE_URL=http://layman_test_run_1:8030/rest/test-oauth2/user-profile ############################################################################## diff --git a/src/layman/authn/oauth2/__init__.py b/src/layman/authn/oauth2/__init__.py index 99909833a..e95976da6 100644 --- a/src/layman/authn/oauth2/__init__.py +++ b/src/layman/authn/oauth2/__init__.py @@ -73,6 +73,7 @@ def authenticate(): if r_json['active'] is True and r_json.get('token_type', 'Bearer') == 'Bearer': valid_resp = r_json if settings.OAUTH2_INTROSPECTION_USE_SUB_KEY_FROM_USER_PROFILE: + assert USER_PROFILE_URL is not None, f"USER_PROFILE_URL is None" response = requests.get(USER_PROFILE_URL, headers={ 'Authorization': f'Bearer {access_token}', }, timeout=settings.DEFAULT_CONNECTION_TIMEOUT) diff --git a/src/layman/authn/oauth2_test.py b/src/layman/authn/oauth2_test.py index 7233a6784..3e2eae77a 100644 --- a/src/layman/authn/oauth2_test.py +++ b/src/layman/authn/oauth2_test.py @@ -150,7 +150,7 @@ def test_unexisting_introspection_url(client, headers): f'{TOKEN_HEADER}': 'Bearer abc', } ]) -@pytest.mark.usefixtures('app_context', 'inactive_token_introspection_url', 'ensure_layman') +@pytest.mark.usefixtures('app_context', 'inactive_token_introspection_url', 'user_profile_url', 'ensure_layman') def test_token_inactive(client, headers): username = 'testuser1' url = url_for('rest_workspace_layers.get', workspace=username) @@ -166,7 +166,7 @@ def test_token_inactive(client, headers): f'{TOKEN_HEADER}': 'Bearer abc', } ]) -@pytest.mark.usefixtures('app_context', 'active_token_introspection_url', 'ensure_layman') +@pytest.mark.usefixtures('app_context', 'active_token_introspection_url', 'user_profile_url', 'ensure_layman') def test_token_active(client, headers): username = 'testuser1' url = url_for('rest_workspace_layers.get', workspace=username) diff --git a/test_tools/mock/oauth2_provider/app.py b/test_tools/mock/oauth2_provider/app.py index 250738caf..59d7d3b69 100644 --- a/test_tools/mock/oauth2_provider/app.py +++ b/test_tools/mock/oauth2_provider/app.py @@ -14,7 +14,7 @@ def create_app(app_config): tok2prof = {} tok2prof.update(token_2_profile) u_idx = 30000 - for user_id, (username, userdef) in enumerate(value.items()): + for username, userdef in value.items(): sub = userdef.get('sub') if userdef and userdef.get('sub') else f'{u_idx}' assert sub not in [ introsp['sub'] for introsp in tok2is.values() @@ -28,7 +28,7 @@ def create_app(app_config): "lastName": f"{username}", "middleName": "", "screenName": f"{username}", - "userId": user_id, + "userId": sub, } if userdef: tok2prof[username].update(userdef) diff --git a/test_tools/process.py b/test_tools/process.py index b8a3611b5..a52e95075 100644 --- a/test_tools/process.py +++ b/test_tools/process.py @@ -22,7 +22,7 @@ AUTHN_SETTINGS = { 'LAYMAN_AUTHN_MODULES': 'layman.authn.oauth2', 'OAUTH2_INTROSPECTION_URL': AUTHN_INTROSPECTION_URL, - 'OAUTH2_USER_PROFILE_URL': settings.OAUTH2_USER_PROFILE_URL, + 'OAUTH2_USER_PROFILE_URL': f"http://{settings.LAYMAN_SERVER_NAME.split(':')[0]}:{OAUTH2_PROVIDER_MOCK_PORT}/rest/test-oauth2/user-profile", } LAYMAN_SETTING = layman_util.SimpleStorage()