Remove django-oidc-provider

All tests using OIDCTestCase now no longer run auth checks. That generally speaking simplifies most tests. The general pattern is: 1. Create user + set user to the created one in setup 2. Remove **self.headers 3. logout/set auth to None where there was a **self.bare_headers 4. If the test uses self.get_list_url and friends also add the mixin Some tests are still not passing locally, I find the error in photoalbum very strange.
dotkom · Jan 25, 2024 · ad9937c · ad9937c
1 parent cf6ac7e
commit ad9937c
Show file tree

Hide file tree

Showing 41 changed files with 532 additions and 1,429 deletions.
diff --git a/apps/api/tests.py b/apps/api/tests.py
@@ -1,10 +1,10 @@
 from django.urls import reverse
+from django_dynamic_fixture import G
 from rest_framework import status
+from rest_framework.test import APITestCase
 
-from apps.online_oidc_provider.test import OIDCTestCase
 
-
-class OpenAPISchemaTestCase(OIDCTestCase):
+class OpenAPISchemaTestCase(APITestCase):
     """
     Test schema generation for different permissions on user.
     Different permissions will generate different schemas, since you can only see
@@ -14,31 +14,36 @@ class OpenAPISchemaTestCase(OIDCTestCase):
     def setUp(self):
         super().setUp()
         self.url = reverse("openapi-schema")
+        self.user = G("authentication.OnlineUser")
+        self.client.force_authenticate(user=self.user)
 
     def test_can_generate_schema_as_anonymous(self):
-        response = self.client.get(self.url, **self.bare_headers)
+        self.client.force_authenticate(user=None)
+        response = self.client.get(self.url)
         self.assertEqual(response.status_code, status.HTTP_200_OK)
 
     def test_can_generate_schema_as_regular_user(self):
-        response = self.client.get(self.url, **self.headers)
+        response = self.client.get(self.url)
         self.assertEqual(response.status_code, status.HTTP_200_OK)
 
     def test_can_generate_schema_as_super_user(self):
         self.user.is_superuser = True
         self.user.save()
-        response = self.client.get(self.url, **self.headers)
+        response = self.client.get(self.url)
         self.assertEqual(response.status_code, status.HTTP_200_OK)
 
 
-class SwaggerUITestCase(OIDCTestCase):
+class SwaggerUITestCase(APITestCase):
     def setUp(self):
         super().setUp()
         self.url = reverse("swagger-ui")
+        self.user = G("authentication.OnlineUser")
 
     def test_can_generate_schema_as_anonymous(self):
-        response = self.client.get(self.url, **self.bare_headers)
+        response = self.client.get(self.url)
         self.assertEqual(response.status_code, status.HTTP_200_OK)
 
     def test_can_generate_schema_as_regular_user(self):
-        response = self.client.get(self.url, **self.headers)
+        response = self.client.get(self.url)
+        self.client.force_authenticate(user=self.user)
         self.assertEqual(response.status_code, status.HTTP_200_OK)
diff --git a/apps/approval/tests.py b/apps/approval/tests.py
@@ -7,12 +7,12 @@
 from django_dynamic_fixture import G
 from guardian.shortcuts import assign_perm
 from rest_framework import status
+from rest_framework.test import APITestCase
 
 from apps.authentication.models import Email, OnlineGroup
 from apps.authentication.models import OnlineUser as User
 from apps.notifications.constants import PermissionType
 from apps.notifications.models import Permission
-from apps.online_oidc_provider.test import OIDCTestCase
 
 from .api.serializers import MembershipApprovalSerializer
 from .models import CommitteeApplication, CommitteeApplicationPeriod, MembershipApproval
@@ -140,8 +140,11 @@ def testEmailWhenMembershipAccepted(self):
         )
 
 
-class CommitteeApplicationPeriodTestCase(OIDCTestCase):
+class CommitteeApplicationPeriodTestCase(APITestCase):
     def setUp(self):
+        self.user = G(User)
+        self.client.force_authenticate(user=self.user)
+
         self.now = timezone.now()
         self.one_week_ago = self.now - timezone.timedelta(days=7)
         self.two_days_ago = self.now - timezone.timedelta(days=2)
@@ -176,7 +179,6 @@ def test_create_application_period(self):
                 "deadline": self.one_week_from_now,
                 "committees": self.committees,
             },
-            **self.headers,
         )
 
         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
@@ -190,7 +192,6 @@ def test_application_period_with_deadline_before_start(self):
                 "deadline": self.two_days_ago,
                 "committees": self.committees,
             },
-            **self.headers,
         )
 
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@@ -204,7 +205,6 @@ def test_application_period_with_deadline_too_close_to_start(self):
                 "deadline": timezone.now() + timezone.timedelta(hours=23),
                 "committees": self.committees,
             },
-            **self.headers,
         )
 
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@@ -224,7 +224,6 @@ def test_overlapping_application_periods(self):
                 "deadline": self.one_week_from_now,
                 "committees": self.committees,
             },
-            **self.headers,
         )
 
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@@ -244,7 +243,6 @@ def test_overlapping_application_periods_inside_another_period(self):
                 "deadline": self.two_days_from_now,
                 "committees": self.committees,
             },
-            **self.headers,
         )
 
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@@ -262,14 +260,16 @@ def test_non_overlapping_application_periods(self):
                 "deadline": self.one_week_from_now,
                 "committees": self.committees,
             },
-            **self.headers,
         )
 
         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
 
 
-class CommitteeApplicationTestCase(OIDCTestCase):
+class CommitteeApplicationTestCase(APITestCase):
     def setUp(self):
+        self.user = G(User)
+        self.client.force_authenticate(user=self.user)
+
         self.now = timezone.now()
         self.one_week_ago = self.now - timezone.timedelta(days=7)
         self.two_days_ago = self.now - timezone.timedelta(days=2)
@@ -300,25 +300,27 @@ def get_detail_url(self, _id: int):
         return reverse("committeeapplications-detail", args=[_id])
 
     def test_non_authenticated_user_cannot_get_applications(self):
+        self.client.force_authenticate(user=None)
         response = self.client.get(self.get_list_url())
         self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
 
     def test_authenticated_without_perms_cannot_get_applications(self):
-        response = self.client.get(self.get_list_url(), **self.headers)
+        response = self.client.get(self.get_list_url())
         self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
 
     def test_permitted_user_can_get_applications_list(self):
         assign_perm("approval.view_committeeapplication", self.user)
-        response = self.client.get(self.get_list_url(), **self.headers)
+        response = self.client.get(self.get_list_url())
         self.assertEqual(response.status_code, status.HTTP_200_OK)
 
     def test_permitted_user_can_get_applications_detail(self):
         assign_perm("approval.view_committeeapplication", self.user)
         application = G(CommitteeApplication)
-        response = self.client.get(self.get_detail_url(application.id), **self.headers)
+        response = self.client.get(self.get_detail_url(application.id))
         self.assertEqual(response.status_code, status.HTTP_200_OK)
 
     def test_anyone_can_create_an_application(self):
+        self.client.force_authenticate(user=None)
         response = self.client.post(
             self.get_list_url(),
             {
@@ -328,23 +330,24 @@ def test_anyone_can_create_an_application(self):
                 "name": "Test Testesen",
                 "email": "test@example.com",
             },
-            **self.bare_headers,
+            format="json",
         )
         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
 
     def test_non_login_application_fails_without_name_and_email(self):
+        self.client.force_authenticate(user=None)
         response = self.client.post(
             self.get_list_url(),
             {
                 "application_text": "--text--",
                 "application_period": self.application_period.id,
                 "committees": self.committees_data,
             },
-            **self.bare_headers,
         )
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
 
     def test_non_login_application_fails_without_name(self):
+        self.client.force_authenticate(user=None)
         response = self.client.post(
             self.get_list_url(),
             {
@@ -353,12 +356,12 @@ def test_non_login_application_fails_without_name(self):
                 "application_period": self.application_period.id,
                 "email": "test@example.com",
             },
-            **self.bare_headers,
         )
 
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
 
     def test_non_login_application_fails_without_email(self):
+        self.client.force_authenticate(user=None)
         response = self.client.post(
             self.get_list_url(),
             {
@@ -367,7 +370,6 @@ def test_non_login_application_fails_without_email(self):
                 "application_period": self.application_period.id,
                 "name": "Test Testesen",
             },
-            **self.bare_headers,
         )
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
 
@@ -379,7 +381,6 @@ def test_users_are_assigned_when_creating_an_application(self):
                 "committees": self.committees_data,
                 "application_period": self.application_period.id,
             },
-            **self.headers,
         )
 
         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
@@ -396,7 +397,6 @@ def test_cannot_apply_when_application_period_has_expired(self):
                 "committees": self.committees_data,
                 "application_period": self.application_period.id,
             },
-            **self.headers,
         )
 
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@@ -409,27 +409,31 @@ def test_cannot_apply_with_committee_not_allowed_in_period(self):
                 "committees": [{"group": self.committee3.id, "priority": 1}],
                 "application_period": self.application_period.id,
             },
-            **self.headers,
         )
 
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
 
 
-class MembershipApprovalTestCase(OIDCTestCase):
+class MembershipApprovalTestCase(APITestCase):
+    def setUp(self):
+        self.user = G(User)
+        self.client.force_authenticate(user=self.user)
+
     def get_list_url(self):
         return reverse("membership-application-list")
 
     def get_detail_url(self, _id: int):
         return reverse("membership-application-detail", args=[_id])
 
     def test_non_authenticated_user_cannot_get_applications(self):
+        self.client.force_authenticate(user=None)
         response = self.client.get(self.get_list_url())
         self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
 
     def test_user_can_only_get_own_application(self):
         application = G(MembershipApproval, applicant=self.user)
         not_our_application = G(MembershipApproval)
-        response = self.client.get(self.get_list_url(), **self.headers)
+        response = self.client.get(self.get_list_url())
 
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         results = response.json().get("results")

diff --git a/apps/authentication/api/serializers/user_data.py b/apps/authentication/api/serializers/user_data.py
@@ -29,7 +29,6 @@
     RuleAcceptanceSerializer,
     SuspensionSerializer,
 )
-from apps.online_oidc_provider.serializers import UserConsentReadOnlySerializer
 from apps.payment.models import (
     Payment,
     PaymentDelay,
@@ -399,8 +398,6 @@ class UserDataSerializer(serializers.ModelSerializer):
     # Other
     object_revisions = RevisionSerializer(many=True, source="revision_set")
 
-    # OpenID / Oauth
-    user_consents = UserConsentReadOnlySerializer(many=True, source="userconsent_set")
     application_consents = SSOApplicationConsentSerializer(
         many=True, source="applicationconsent_set"
     )
@@ -472,9 +469,7 @@ class Meta:
             "suspensions",
             # OpenID / Oauth
             "oauth2_provider_grant",  # Oauth2_provider_grant is oauth login attempts
-            "oidc_clients_set",
             "sso_client",
-            "user_consents",
             "application_consents",
             # Wiki
             "wiki_attachment_revisions",