| |
@@ -11,6 +11,8 @@
|
| |
from string import Template
|
| |
import time
|
| |
|
| |
+ from ipsilon.providers.openidc.store import OpenIDCStore, OpenIDCStaticStore
|
| |
+
|
| |
idp_g = {'TEMPLATES': '${TESTDIR}/templates/install',
|
| |
'CONFDIR': '${TESTDIR}/etc',
|
| |
'DATADIR': '${TESTDIR}/lib',
|
| |
@@ -156,3 +158,53 @@
|
| |
cur.execute('SELECT * FROM saml2_sessions;')
|
| |
if len(cur.fetchall()) != 0:
|
| |
raise ValueError('SAML2 sessions left behind: %s' % cur.fetchall())
|
| |
+
|
| |
+
|
| |
+ with TC.case('Checking that refreshable OpenIDC tokens are not expired'):
|
| |
+ static_db_path = os.path.join(os.environ['TESTDIR'], 'lib/idp1/openidc.static.sqlite')
|
| |
+ db_path = os.path.join(os.environ['TESTDIR'], 'lib/idp1/openidc.sqlite')
|
| |
+ static_store = OpenIDCStaticStore(database_url=f"sqlite:///{static_db_path}")
|
| |
+ store = OpenIDCStore(
|
| |
+ database_url=f"sqlite:///{db_path}", static_store=static_store
|
| |
+ )
|
| |
+
|
| |
+ token_refreshable = store.issueToken(
|
| |
+ client_id="client-id", username="username", scope=["openid"],
|
| |
+ issue_refresh=True, userinfocode="userinfocode"
|
| |
+ )
|
| |
+
|
| |
+ token_non_refreshable = store.issueToken(
|
| |
+ client_id="client-id", username="username", scope=["openid"],
|
| |
+ issue_refresh=False, userinfocode="userinfocode"
|
| |
+ )
|
| |
+
|
| |
+ assert len(store.get_unique_data("token")) == 2
|
| |
+
|
| |
+ conn = sqlite3.connect(db_path)
|
| |
+ cur = conn.cursor()
|
| |
+
|
| |
+ expired_ts = int(time.time()) - 1
|
| |
+
|
| |
+ # Setting tokens to expire
|
| |
+ cur.execute(
|
| |
+ "UPDATE token SET value = ? WHERE name = 'expires_at'",
|
| |
+ (expired_ts,)
|
| |
+ )
|
| |
+ conn.commit()
|
| |
+ conn.close()
|
| |
+
|
| |
+ try:
|
| |
+ cleanup_count = store._cleanupExpiredTokens()
|
| |
+ except Exception as e:
|
| |
+ print(e)
|
| |
+ raise
|
| |
+
|
| |
+ if cleanup_count != 1:
|
| |
+ raise Exception(
|
| |
+ f"Should only have cleaned up 1 token, cleaned {cleanup_count}"
|
| |
+ )
|
| |
+
|
| |
+ tokens = store.get_unique_data("token")
|
| |
+ assert len(tokens) == 1
|
| |
+ if list(tokens.keys())[0] != token_refreshable["token_id"]:
|
| |
+ raise Exception("The refreshable token has been cleaned up")
|
| |
Fixes: #372