phil/Gondulf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(phase-4a): complete Phase 3 implementation and gap analysis

Browse Source 
Merges Phase 4a work including:

Implementation:
- Metadata discovery endpoint (/api/.well-known/oauth-authorization-server)
- h-app microformat parser service
- Enhanced authorization endpoint with client info display
- Configuration management system
- Dependency injection framework

Documentation:
- Comprehensive gap analysis for v1.0.0 compliance
- Phase 4a clarifications on development approach
- Phase 4-5 critical components breakdown

Testing:
- Unit tests for h-app parser (308 lines, comprehensive coverage)
- Unit tests for metadata endpoint (134 lines)
- Unit tests for configuration system (18 lines)
- Integration test updates

All tests passing with high coverage. Ready for Phase 4b security hardening.
This commit is contained in:
Phil Skentelbery
2025-11-20 17:16:11 -07:00
parent 5888e45b8c
commit 115e733604
18 changed files with 5815 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
tests/unit/test_metadata.py Normal file
View File

@@ -0,0 +1,134 @@
"""Tests for metadata endpoint."""
import json
import pytest
from fastapi.testclient import TestClient
class TestMetadataEndpoint:
"""Tests for OAuth 2.0 Authorization Server Metadata endpoint."""
@pytest.fixture
def client(self, monkeypatch):
"""Create test client with valid configuration."""
monkeypatch.setenv("GONDULF_SECRET_KEY", "test-secret-key-must-be-at-least-32-chars-long")
monkeypatch.setenv("GONDULF_BASE_URL", "https://auth.example.com")
# Import app AFTER setting env vars
from gondulf.main import app
return TestClient(app)
def test_metadata_endpoint_returns_200(self, client):
"""Test metadata endpoint returns 200 OK."""
response = client.get("/.well-known/oauth-authorization-server")
assert response.status_code == 200
def test_metadata_content_type_json(self, client):
"""Test metadata endpoint returns JSON content type."""
response = client.get("/.well-known/oauth-authorization-server")
assert response.headers["content-type"] == "application/json"
def test_metadata_cache_control_header(self, client):
"""Test metadata endpoint sets Cache-Control header."""
response = client.get("/.well-known/oauth-authorization-server")
assert "cache-control" in response.headers
assert "public" in response.headers["cache-control"]
assert "max-age=86400" in response.headers["cache-control"]
def test_metadata_all_required_fields_present(self, client):
"""Test metadata response contains all required fields."""
response = client.get("/.well-known/oauth-authorization-server")
data = response.json()
required_fields = [
"issuer",
"authorization_endpoint",
"token_endpoint",
"response_types_supported",
"grant_types_supported",
"code_challenge_methods_supported",
"token_endpoint_auth_methods_supported",
"revocation_endpoint_auth_methods_supported",
"scopes_supported"
]
for field in required_fields:
assert field in data, f"Missing required field: {field}"
def test_metadata_issuer_matches_base_url(self, client):
"""Test issuer field matches BASE_URL configuration."""
response = client.get("/.well-known/oauth-authorization-server")
data = response.json()
assert data["issuer"] == "https://auth.example.com"
def test_metadata_authorization_endpoint_correct(self, client):
"""Test authorization_endpoint field is correct."""
response = client.get("/.well-known/oauth-authorization-server")
data = response.json()
assert data["authorization_endpoint"] == "https://auth.example.com/authorize"
def test_metadata_token_endpoint_correct(self, client):
"""Test token_endpoint field is correct."""
response = client.get("/.well-known/oauth-authorization-server")
data = response.json()
assert data["token_endpoint"] == "https://auth.example.com/token"
def test_metadata_response_types_supported(self, client):
"""Test response_types_supported contains only 'code'."""
response = client.get("/.well-known/oauth-authorization-server")
data = response.json()
assert data["response_types_supported"] == ["code"]
def test_metadata_grant_types_supported(self, client):
"""Test grant_types_supported contains only 'authorization_code'."""
response = client.get("/.well-known/oauth-authorization-server")
data = response.json()
assert data["grant_types_supported"] == ["authorization_code"]
def test_metadata_code_challenge_methods_empty(self, client):
"""Test code_challenge_methods_supported is empty array."""
response = client.get("/.well-known/oauth-authorization-server")
data = response.json()
assert data["code_challenge_methods_supported"] == []
def test_metadata_token_endpoint_auth_methods(self, client):
"""Test token_endpoint_auth_methods_supported contains 'none'."""
response = client.get("/.well-known/oauth-authorization-server")
data = response.json()
assert data["token_endpoint_auth_methods_supported"] == ["none"]
def test_metadata_revocation_endpoint_auth_methods(self, client):
"""Test revocation_endpoint_auth_methods_supported contains 'none'."""
response = client.get("/.well-known/oauth-authorization-server")
data = response.json()
assert data["revocation_endpoint_auth_methods_supported"] == ["none"]
def test_metadata_scopes_supported_empty(self, client):
"""Test scopes_supported is empty array."""
response = client.get("/.well-known/oauth-authorization-server")
data = response.json()
assert data["scopes_supported"] == []
def test_metadata_response_valid_json(self, client):
"""Test metadata response can be parsed as valid JSON."""
response = client.get("/.well-known/oauth-authorization-server")
# Should not raise exception
data = json.loads(response.content)
assert isinstance(data, dict)
def test_metadata_endpoint_no_authentication_required(self, client):
"""Test metadata endpoint is accessible without authentication."""
# No authentication headers
response = client.get("/.well-known/oauth-authorization-server")
assert response.status_code == 200