Add Test OpenIDConnect Public Session Endpoint

Failing as documented here: couchbase/sync_gateway#1774 (comment)
couchbaselabs · Jun 17, 2016 · 24f78c5 · 24f78c5
1 parent 72f1b3b
commit 24f78c5
Show file tree

Hide file tree

Showing 2 changed files with 74 additions and 1 deletion.
diff --git a/testsuites/syncgateway/functional/1sg_1cbs/1sg_1cbs-openid-connect.robot b/testsuites/syncgateway/functional/1sg_1cbs/1sg_1cbs-openid-connect.robot
@@ -59,6 +59,10 @@ Test OpenIDConnect Large Scope
     [Tags]   sanity
     Test OpenIDConnect Large Scope  sg_url=${sg_url}  sg_db=${sg_db}
 
+Test OpenIDConnect Public Session Endpoint
+    [Tags]   sanity
+    Test OpenIDConnect Public Session Endpoint  sg_url=${sg_url}  sg_db=${sg_db}
+
 *** Keywords ***
 Setup Test
     Log  Using cluster %{CLUSTER_CONFIG}  console=True

diff --git a/testsuites/syncgateway/functional/test_openid_connect.py b/testsuites/syncgateway/functional/test_openid_connect.py
@@ -7,6 +7,7 @@
 from HTMLParser import HTMLParser
 from requests import HTTPError
 import jwt
+import json
 
 DEFAULT_PROVIDER = "test"
 
@@ -391,6 +392,11 @@ def test_openidconnect_invalid_scope(sg_url, sg_db):
 
 def test_openidconnect_small_scope(sg_url, sg_db):
 
+    """
+    Use the smallest OpenIDConnect scope possible, and make sure
+    certain claims like "email" are not present in the JWT returned
+    """
+
     # multipart/form data content
     formdata = {
         'username': ('', 'testuser'),
@@ -425,6 +431,11 @@ def test_openidconnect_small_scope(sg_url, sg_db):
 
 def test_openidconnect_large_scope(sg_url, sg_db):
 
+    """
+    Use a larger scope .. this is still in flux
+    https://github.com/couchbase/sync_gateway/issues/1856
+    """
+
     # multipart/form data content
     formdata = {
         'username': ('', 'testuser'),
@@ -456,4 +467,62 @@ def test_openidconnect_large_scope(sg_url, sg_db):
 
     logging.info("decoded_id_token: {}".format(decoded_id_token))
 
-    assert "phone"  in decoded_id_token.keys()
+    assert "phone"  in decoded_id_token.keys()
+
+
+def test_openidconnect_public_session_endpoint(sg_url, sg_db):
+
+    """
+    Create a new session from the OpenID Connect token returned by hitting
+    the public _session endpoint and make sure the response contains the Set-Cookie
+    header.
+    """
+
+    # multipart/form data content
+    formdata = {
+        'username': ('', 'testuser'),
+        'authenticated': ('', 'Return a valid authorization code for this user')
+    }
+
+    # get the authenticate endpoint and query params, should look something like:
+    #     authenticate?client_id=sync_gateway&redirect_uri= ...
+    authenticate_endpoint = discover_authenticate_endpoint(sg_url, sg_db, DEFAULT_PROVIDER)
+
+    # build the full url
+    url = "{}/{}/_oidc_testing/{}".format(
+        sg_url,
+        sg_db,
+        authenticate_endpoint
+    )
+    logging.info("Sending request to authenticate_endpoint: {}".format(url))
+
+    # Make the request to _oidc_testing
+    response = requests.post(url, files=formdata)
+    log_r(response)
+
+    # extract the token from the response
+    response_json = response.json()
+    id_token = response_json["id_token"]
+    name = response_json["name"]
+
+    data = {
+        "name": name
+    }
+    headers = {
+        "Authorization": "Bearer {}".format(id_token),
+        "Content-Type": "application/json"
+    }
+    url = "{}/{}/_session".format(
+        sg_url,
+        sg_db
+    )
+
+    response = requests.post(url, headers=headers, data=json.dumps(data))
+    logging.info("response headers: {}".format(response.headers))
+    assert "Set-Cookie" in response.headers.keys()
+    set_cookie_response = response.headers['Set-Cookie']
+    assert "SyncGatewaySession" in set_cookie_response
+
+
+
+