Simplified testcase for outh pkce

Author: dkrupp

web/tests/functional/authentication/test_authentication.py

@@ -234,11 +234,8 @@ def try_login(self, provider, username, password):
 
         # PKCE attack case
         if username == "user_pkce":
-            env.change_oauth_session_data(
-                session_alchemy=session_factory,
-                code_verifier="dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
-                state=state
-                )
+            code="wrong_code"
+            auth_string = f"{link}?code={code}&state={state}"
 
         self.session_token = auth_client.performLogin(
             "oauth", provider + "@" + auth_string)
@@ -272,11 +269,15 @@ def test_oauth_token_session(self):
         """
         session_factory = env.create_sqlalchemy_session(self._test_workspace)
 
-        self.try_login("github", "admin_github", "admin")
+        session = self.try_login("github", "admin_github", "admin")
+        self.assertTrue(session, "Authentication failed")
+
         result = env.validate_oauth_token_session(session_factory, "github1",)
         self.assertTrue(result, "Access_token wasn't inserted in Database")
 
-        self.try_login("google", "user_google", "user")
+        session = self.try_login("google", "user_google", "user")
+        self.assertTrue(session, "Authentication failed")
+
         result = env.validate_oauth_token_session(session_factory, "google3",)
         self.assertTrue(result, "Access_token wasn't inserted in Database")
 

web/tests/libtest/env.py

@@ -584,48 +584,4 @@ def insert_oauth_session(session_alchemy,
             print(f"State {state} inserted successfully.")
     except Exception as exc:
         print(f"Failed to insert state {state}: {exc}")
-        raise exc
-
-
-def change_oauth_session_data(session_alchemy,
-                              provider: str = None,
-                              code_verifier: str = None,
-                              state: str = None,
-                              expires_at: datetime = None):
-    """
-    Change the session data of an existing OAuth session in the database
-    for session integrity tests.
-    """
-    try:
-        with DBSession(session_alchemy) as session:
-
-            oauth_session = session.query(OAuthSession).filter(
-                OAuthSession.state == state).first()
-
-            if oauth_session:
-                if provider is not None:
-                    if not isinstance(provider, str):
-                        raise TypeError(
-                            "The OAuth provider field must be string")
-                    oauth_session.provider = provider
-                if code_verifier is not None:
-                    if not isinstance(code_verifier, str):
-                        raise TypeError(
-                            "The OAuth code_verifier field must be string")
-                    oauth_session.code_verifier = code_verifier
-                if state is not None:
-                    if not isinstance(state, str):
-                        raise TypeError(
-                            "The OAuth state field must be string")
-                    oauth_session.state = state
-                if expires_at is not None:
-                    print(f"TYPE OF DATE: {type(expires_at)}")
-                    if not isinstance(expires_at, datetime.datetime):
-                        raise TypeError(
-                            "The OAuth expires_at field must be datetime")
-                    oauth_session.expires_at = expires_at
-
-            session.commit()
-    except Exception as exc:
-        print(f"Failed to update state {state}: {exc}")
-        raise exc
+        raise exc