From b8464284c268b764bc8977e18b632d80a6535f05 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Thu, 19 Feb 2026 11:13:11 +0100 Subject: [PATCH] test: update existing tests to handle consent step --- tests/test_oidc/test_e2e_flow.py | 15 ++++++++++++--- tests/test_oidc/test_token.py | 10 ++++++++-- tests/test_oidc/test_userinfo.py | 10 ++++++++-- 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/tests/test_oidc/test_e2e_flow.py b/tests/test_oidc/test_e2e_flow.py index 0761bc5..9626a94 100644 --- a/tests/test_oidc/test_e2e_flow.py +++ b/tests/test_oidc/test_e2e_flow.py @@ -87,13 +87,22 @@ async def test_full_authorization_code_flow(client: AsyncClient) -> None: f"Expected HX-Redirect to /authorization/complete, got '{hx_redirect}'" ) - # -- Step 3: Complete authorization → redirect to callback with code + state -- + # -- Step 3: Complete authorization → redirect to consent -- complete_res = await client.get("/authorization/complete", follow_redirects=False) assert complete_res.status_code in (302, 303), ( - f"Expected redirect to callback, got {complete_res.status_code}: {complete_res.text}" + f"Expected redirect to /consent, got {complete_res.status_code}: {complete_res.text}" ) + assert "/consent" in complete_res.headers["location"] - location = complete_res.headers["location"] + # -- Step 3b: Approve consent → redirect to callback with code + state -- + consent_res = await client.post( + "/consent", + data={"action": "allow", "scope": ["openid", "profile", "email"]}, + follow_redirects=False, + ) + assert consent_res.status_code in (302, 303) + + location = consent_res.headers["location"] parsed = urlparse(location) assert parsed.netloc == "localhost:9000" assert parsed.path == "/callback" diff --git a/tests/test_oidc/test_token.py b/tests/test_oidc/test_token.py index 3d5a38a..7d086ad 100644 --- a/tests/test_oidc/test_token.py +++ b/tests/test_oidc/test_token.py @@ -59,6 +59,8 @@ async def _get_authorization_code(client: AsyncClient) -> str: """Run full auth flow and extract the authorization code.""" _register_test_client(client) + app = client._transport.app # type: ignore[union-attr] + # Start authorization (unauthenticated — stores in session) await client.get( "/authorization", @@ -74,9 +76,13 @@ async def _get_authorization_code(client: AsyncClient) -> str: ) # Create user and log in - await _create_user_and_login(client) + userid = await _create_user_and_login(client) - # Complete authorization (now authenticated, session has oidc_auth_request) + # Pre-seed consent so the consent screen is skipped + consent_repo = app.state.consent_repo + await consent_repo.set_consent(userid, "test-rp", ["openid", "profile", "email"]) + + # Complete authorization (now authenticated, consent exists → redirects to callback) complete_res = await client.get("/authorization/complete", follow_redirects=False) assert complete_res.status_code in (302, 303), ( f"Expected redirect, got {complete_res.status_code}: {complete_res.text}" diff --git a/tests/test_oidc/test_userinfo.py b/tests/test_oidc/test_userinfo.py index 828f1c0..63f217b 100644 --- a/tests/test_oidc/test_userinfo.py +++ b/tests/test_oidc/test_userinfo.py @@ -61,6 +61,8 @@ async def _get_access_token(client: AsyncClient) -> str: """Run full auth + token flow and return the access_token.""" client_secret = _register_test_client(client) + app = client._transport.app # type: ignore[union-attr] + # Start authorization (unauthenticated — stores in session) await client.get( "/authorization", @@ -76,9 +78,13 @@ async def _get_access_token(client: AsyncClient) -> str: ) # Create user and log in - await _create_user_and_login(client) + userid = await _create_user_and_login(client) - # Complete authorization (now authenticated, session has oidc_auth_request) + # Pre-seed consent so the consent screen is skipped + consent_repo = app.state.consent_repo + await consent_repo.set_consent(userid, "test-rp", ["openid", "profile", "email"]) + + # Complete authorization (now authenticated, consent exists → redirects to callback) complete_res = await client.get("/authorization/complete", follow_redirects=False) assert complete_res.status_code in (302, 303), ( f"Expected redirect, got {complete_res.status_code}: {complete_res.text}"