YunxiaoXu/ea-chatbot-lg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
99ded4348348c81125f7954ebf30eec351edda55
ea-chatbot-lg/backend/tests/test_oidc_validation.py
Yunxiao Xu 68c0985482 feat(auth): Complete OIDC security refactor and modernize test suite 
- Refactored OIDC flow to implement PKCE, state/nonce validation, and BFF pattern.
- Centralized configuration in Settings class (DEV_MODE, FRONTEND_URL, OIDC_REDIRECT_URI).
- Updated auth routers to use conditional secure cookie flags based on DEV_MODE.
- Modernized and cleaned up test suite by removing legacy Streamlit tests.
- Fixed linting errors and unused imports across the backend.
2026-02-15 02:50:26 -08:00

68 lines
2.2 KiB
Python
Raw Blame History

import pytest
from unittest.mock import patch
from ea_chatbot.auth import OIDCClient
@pytest.fixture
def oidc_config():
return {
"client_id": "test_id",
"client_secret": "test_secret",
"server_metadata_url": "https://example.com/.well-known/openid-configuration",
"redirect_uri": "http://localhost:5173/auth/callback"
}
@pytest.fixture
def mock_metadata():
return {
"issuer": "https://example.com",
"jwks_uri": "https://example.com/jwks",
"id_token_signing_alg_values_supported": ["RS256"]
}
def test_oidc_validate_id_token_success(oidc_config, mock_metadata):
client = OIDCClient(**oidc_config)
id_token_payload = {
"iss": "https://example.com",
"sub": "user123",
"aud": "test_id",
"nonce": "test_nonce",
"exp": 9999999999,
"iat": 1000000000
}
# Mock JWT decoding, JWKS fetching, and metadata fetching
with patch("ea_chatbot.auth.jwt.decode") as mock_decode, \
patch.object(client, "fetch_jwks") as mock_fetch_jwks, \
patch.object(client, "fetch_metadata") as mock_fetch_metadata:
mock_decode.return_value = id_token_payload
mock_fetch_metadata.return_value = mock_metadata
mock_fetch_jwks.return_value = {"keys": []}
claims = client.validate_id_token("fake_token", nonce="test_nonce")
assert claims == id_token_payload
mock_decode.assert_called_once()
def test_oidc_validate_id_token_invalid_nonce(oidc_config, mock_metadata):
client = OIDCClient(**oidc_config)
id_token_payload = {
"iss": "https://example.com",
"aud": "test_id",
"nonce": "wrong_nonce",
"exp": 9999999999
}
with patch("ea_chatbot.auth.jwt.decode") as mock_decode, \
patch.object(client, "fetch_jwks") as mock_fetch_jwks, \
patch.object(client, "fetch_metadata") as mock_fetch_metadata:
mock_decode.return_value = id_token_payload
mock_fetch_metadata.return_value = mock_metadata
mock_fetch_jwks.return_value = {"keys": []}
with pytest.raises(ValueError, match="Invalid nonce"):
client.validate_id_token("fake_token", nonce="test_nonce")
Reference in New Issue View Git Blame Copy Permalink