From ccbeeba68f123224beb165104daf1709fd75ab78 Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Mon, 4 Nov 2024 09:30:02 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=A7=AA(backend)=20add=20test=20for=20empt?= =?UTF-8?q?y=20sub=20string?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add failing test for corner case when sub value is an empty string. This edge case was discovered by @sampaccoud and was previously untested. Fix will follow in subsequent commit. --- .../tests/authentication/test_backends.py | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/backend/core/tests/authentication/test_backends.py b/src/backend/core/tests/authentication/test_backends.py index 654401ba..07e4bb02 100644 --- a/src/backend/core/tests/authentication/test_backends.py +++ b/src/backend/core/tests/authentication/test_backends.py @@ -102,3 +102,24 @@ def test_models_oidc_user_getter_invalid_token(django_assert_num_queries, monkey klass.get_or_create_user(access_token="test-token", id_token=None, payload=None) assert models.User.objects.exists() is False + + +def test_models_oidc_user_getter_empty_sub(django_assert_num_queries, monkeypatch): + """The user's info contains a sub, but it's an empty string.""" + klass = OIDCAuthenticationBackend() + + def get_userinfo_mocked(*args): + return {"test": "123", "sub": ""} + + monkeypatch.setattr(OIDCAuthenticationBackend, "get_userinfo", get_userinfo_mocked) + + with ( + django_assert_num_queries(0), + pytest.raises( + SuspiciousOperation, + match="User info contained no recognizable user identification", + ), + ): + klass.get_or_create_user(access_token="test-token", id_token=None, payload=None) + + assert models.User.objects.exists() is False