zentralopensource · np5 · Oct 31, 2024 · Oct 31, 2024 · Oct 31, 2024
diff --git a/server/realms/templates/realms/ras_finalization_error.html b/server/realms/templates/realms/ras_finalization_error.html
@@ -6,7 +6,7 @@ <h2>Realm <i>{{ realm }}</i></h2>
 
 <p class="text-danger">{{ message }}</p>
 
-<h3>Orginal claims</h3>
+<h3>IdP claims</h3>
 
 {{ original_claims|pythonprettyprint }}
 

diff --git a/server/realms/templates/realms/realmauthenticationsession_detail.html b/server/realms/templates/realms/realmauthenticationsession_detail.html
@@ -33,7 +33,7 @@ <h4 class="mt-4 mb-2">Login session expiry</h3>
 </dl>
 {% endif %}
 
-<h4 class="mt-4 mb-2">Orginal claims</h3>
+<h4 class="mt-4 mb-2">IdP claims</h3>
 
 {{ realm_user.claims|pythonprettyprint }}
 

diff --git a/server/realms/urls.py b/server/realms/urls.py
@@ -53,7 +53,7 @@
     path('realms/<uuid:pk>/update/', views.UpdateRealmView.as_view(), name='update'),
 
     # SSO test views
-    path('<uuid:pk>/test/', views.TestRealmView.as_view(), name='test'),
-    path('<uuid:pk>/sessions/<uuid:ras_pk>/', views.RealmAuthenticationSessionView.as_view(),
+    path('realms/<uuid:pk>/test/', views.TestRealmView.as_view(), name='test'),
+    path('realms/<uuid:pk>/sessions/<uuid:ras_pk>/', views.RealmAuthenticationSessionView.as_view(),
          name='authentication_session'),
 ]
diff --git a/server/realms/views.py b/server/realms/views.py
@@ -381,7 +381,7 @@ def get_context_data(self, **kwargs):
 
         # realm groups
         ctx["mapped_realm_groups"] = sorted(
-            get_realm_user_mapped_realm_groups(realm_user),
+            get_realm_user_mapped_realm_groups(realm_user) or [],
             key=lambda g: g.display_name
         )
         ctx["mapped_realm_group_count"] = len(ctx["mapped_realm_groups"])

diff --git a/tests/server_realms/test_realm_views.py b/tests/server_realms/test_realm_views.py
@@ -11,8 +11,8 @@
 from accounts.models import User
 from realms.backends.registry import backend_classes
 from realms.models import Realm, RealmAuthenticationSession, RealmGroupMapping, RoleMapping
-from .utils import (force_group, force_realm, force_realm_group,
-                    force_realm_group_mapping, force_role_mapping,
+from .utils import (force_group, force_realm, force_realm_authentication_session,
+                    force_realm_group, force_realm_group_mapping, force_role_mapping,
                     force_realm_user, force_user)
 
 
@@ -1138,3 +1138,38 @@ def test_realm_user_one_zentral_no_user_link(self):
         self.assertTemplateUsed(response, "realms/realmuser_detail.html")
         self.assertNotContains(response, user.get_absolute_url())
         self.assertContains(response, "Zentral user (1)")
+
+    # test realm
+
+    def test_realm_permission_denied(self):
+        realm = force_realm(enabled_for_login=True)
+        self.login()
+        response = self.client.post(reverse("realms:test", args=(realm.pk,)))
+        self.assertEqual(response.status_code, 403)
+
+    def test_realm(self):
+        realm = force_realm(enabled_for_login=True)
+        self.login("realms.view_realm")
+        response = self.client.post(reverse("realms:test", args=(realm.pk,)))
+        ras = realm.realmauthenticationsession_set.first()
+        self.assertRedirects(response, reverse("realms_public:ldap_login", args=(realm.pk, ras.pk)))
+
+    # authentication session
+
+    def test_authentication_session_login_redirect(self):
+        ras = force_realm_authentication_session()
+        self.login_redirect("test", ras.realm.pk)
+
+    def test_authentication_session_permission_denied(self):
+        ras = force_realm_authentication_session()
+        self.login()
+        response = self.client.get(reverse("realms:authentication_session", args=(ras.realm.pk, ras.pk)))
+        self.assertEqual(response.status_code, 403)
+
+    def test_authentication_session(self):
+        ras = force_realm_authentication_session()
+        self.login("realms.view_realm")
+        response = self.client.get(reverse("realms:authentication_session", args=(ras.realm.pk, ras.pk)))
+        self.assertEqual(response.status_code, 200)
+        self.assertTemplateUsed(response, "realms/realmauthenticationsession_detail.html")
+        self.assertContains(response, "IdP claims")
diff --git a/tests/server_realms/utils.py b/tests/server_realms/utils.py
@@ -2,7 +2,8 @@
 from django.contrib.auth.models import Group
 from django.utils.crypto import get_random_string
 from accounts.models import User
-from realms.models import (Realm, RealmEmail, RealmGroup, RealmGroupMapping,
+from realms.models import (Realm, RealmAuthenticationSession,
+                           RealmEmail, RealmGroup, RealmGroupMapping,
                            RealmUser, RealmUserGroupMembership, RoleMapping)
 
 
@@ -123,3 +124,13 @@ def force_user(username=None, email=None, active=True, remote=False, service_acc
     user.set_password(get_random_string(12))
     user.save()
     return user
+
+
+def force_realm_authentication_session(callback="realms.utils.test_callback"):
+    realm = force_realm(enabled_for_login=True)
+    _, realm_user = force_realm_user(realm=realm)
+    return RealmAuthenticationSession.objects.create(
+        realm=realm,
+        user=realm_user,
+        callback=callback,
+    )