More tests for improved test coverage

tests/test_django_checks.py

@@ -1,8 +1,14 @@
+from copy import deepcopy
+
 from django.core.management import call_command
 from django.core.management.base import SystemCheckError
 from django.test import override_settings
 
 from .common_testing import OAuth2ProviderTestCase as TestCase
+from .presets import OIDC_SETTINGS_SESSION_MANAGEMENT
+
+MISSING_DEFAULT_SESSION_KEY = deepcopy(OIDC_SETTINGS_SESSION_MANAGEMENT)
+MISSING_DEFAULT_SESSION_KEY["OIDC_SESSION_MANAGEMENT_DEFAULT_SESSION_KEY"] = None
 
 
 class DjangoChecksTestCase(TestCase):
@@ -18,3 +24,11 @@ def test_checks_fail_when_router_crosses_databases(self):
         message = "The token models are expected to be stored in the same database."
         with self.assertRaisesMessage(SystemCheckError, message):
             call_command("check")
+
+    @override_settings(OAUTH2_PROVIDER=MISSING_DEFAULT_SESSION_KEY)
+    def test_checks_fail_when_default_session_key_is_missing(self):
+        message = (
+            "OIDC Session management is enabled, OIDC_SESSION_MANAGEMENT_DEFAULT_SESSION_KEY is required."
+        )
+        with self.assertRaisesMessage(SystemCheckError, message):
+            call_command("check")

tests/test_oidc_views.py

@@ -20,7 +20,12 @@
 )
 from oauth2_provider.oauth2_validators import OAuth2Validator
 from oauth2_provider.settings import oauth2_settings
-from oauth2_provider.views.oidc import RPInitiatedLogoutView, _load_id_token, _validate_claims
+from oauth2_provider.views.oidc import (
+    RPInitiatedLogoutView,
+    SessionIFrameView,
+    _load_id_token,
+    _validate_claims,
+)
 
 from . import presets
 from .common_testing import OAuth2ProviderTestCase as TestCase
@@ -116,6 +121,13 @@ def test_get_connect_discovery_info_with_rp_logout(self):
         self.oauth2_settings.OIDC_RP_INITIATED_LOGOUT_ENABLED = True
         self.expect_json_response_with_rp_logout(self.oauth2_settings.OIDC_ISS_ENDPOINT)
 
+    def test_get_session_manangement_iframe_endpoint(self):
+        self.oauth2_settings.OIDC_SESSION_MANAGEMENT_ENABLED = True
+        response = self.client.get(reverse("oauth2_provider:oidc-connect-discovery-info"))
+        self.assertEqual(response.status_code, 200)
+        response_data = response.json()
+        self.assertIn("check_session_iframe", response_data.keys())
+
     def test_get_connect_discovery_info_without_issuer_url(self):
         self.oauth2_settings.OIDC_ISS_ENDPOINT = None
         self.oauth2_settings.OIDC_USERINFO_ENDPOINT = None
@@ -216,29 +228,31 @@ def test_get_jwks_info_multiple_rsa_keys(self):
 
 @pytest.mark.usefixtures("oauth2_settings")
 @pytest.mark.oauth2_settings(presets.OIDC_SETTINGS_SESSION_MANAGEMENT)
-class TestAuthorizationView(TestCase):
-    def test_session_state_is_present_in_url(self):
+class TestSessionManagement(TestCase):
+    def setUp(self):
         User = get_user_model()
         Application = get_application_model()
 
-        User.objects.create_user("test_user", "test@example.com", "123456")
-        dev_user = User.objects.create_user("dev_user", "dev@example.com", "123456")
+        self.user = User.objects.create_user("test_user", "test@example.com", "123456")
+        self.developer = User.objects.create_user("dev_user", "dev@example.com", "123456")
 
-        application = Application.objects.create(
+        self.application = Application.objects.create(
             name="Test Application",
             redirect_uris=(
                 "http://localhost http://example.com http://example.org custom-scheme://example.com"
             ),
-            user=dev_user,
+            user=self.developer,
             client_type=Application.CLIENT_CONFIDENTIAL,
             authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
             client_secret="1234567890qwertyuiop",
         )
+
+    def test_session_state_is_present_in_authorization(self):
         self.client.login(username="test_user", password="123456")
         response = self.client.post(
             reverse("oauth2_provider:authorize"),
             {
-                "client_id": application.client_id,
+                "client_id": self.application.client_id,
                 "response_type": "code",
                 "state": "random_state_string",
                 "scope": "read write",
@@ -247,7 +261,16 @@ def test_session_state_is_present_in_url(self):
             },
         )
         self.assertEqual(response.status_code, 302)
-        self.assertTrue("session_state" in response["Location"])
+        self.assertIn("session_state", response["Location"])
+
+    def test_cookie_name_is_included_in_iframe_endpoint(self):
+        request = RequestFactory().get(reverse("oauth2_provider:session-iframe"))
+        request.user = self.user
+        view = SessionIFrameView()
+        view.setup(request)
+        context = view.get_context_data()
+        self.assertIn("cookie_name", context)
+        self.assertEqual(context["cookie_name"], "oidc_ua_agent_state")
 
 
 def mock_request():

tests/test_session_management.py

@@ -22,6 +22,11 @@ class TestOIDCSessionManagementMiddleware(TestCase):
     def setUp(self):
         User.objects.create_user("test_user", "test@example.com", "123456")
 
+    def test_response_is_intact_if_session_management_is_disabled(self):
+        self.oauth2_settings.OIDC_SESSION_MANAGEMENT_ENABLED = False
+        response = self.client.get("/a-resource")
+        self.assertFalse("oidc-session-test" in response.cookies.keys())
+
     def test_session_cookie_is_set_for_logged_users(self):
         self.client.login(username="test_user", password="123456")
         response = self.client.get("/a-resource")