610948cd16
When creating a document on behalf of a user via the server-to-server API, a special edge case was broken that should should never happen but happens in our OIDC federation because one of the provider modifies the users "sub" each time they login. We end-up with existing users for who the email matches but not the sub. They were not correctly handled. I made a few additional fixes and improvements to the endpoint.
31 lines
819 B
Python
31 lines
819 B
Python
"""
|
|
Unit tests for the User model
|
|
"""
|
|
|
|
import pytest
|
|
|
|
from impress.settings import Base
|
|
|
|
|
|
def test_invalid_settings_oidc_email_configuration():
|
|
"""
|
|
The OIDC_FALLBACK_TO_EMAIL_FOR_IDENTIFICATION and OIDC_ALLOW_DUPLICATE_EMAILS settings
|
|
should not be both set to True simultaneously.
|
|
"""
|
|
|
|
class TestSettings(Base):
|
|
"""Fake test settings."""
|
|
|
|
OIDC_FALLBACK_TO_EMAIL_FOR_IDENTIFICATION = True
|
|
OIDC_ALLOW_DUPLICATE_EMAILS = True
|
|
|
|
# The validation is performed during post_setup
|
|
with pytest.raises(ValueError) as excinfo:
|
|
TestSettings().post_setup()
|
|
|
|
# Check the exception message
|
|
assert str(excinfo.value) == (
|
|
"Both OIDC_FALLBACK_TO_EMAIL_FOR_IDENTIFICATION and "
|
|
"OIDC_ALLOW_DUPLICATE_EMAILS cannot be set to True simultaneously. "
|
|
)
|