Fix python-keycloak==7.1 tests compatibility

Author: dolfinus

tests/test_unit/test_auth/auth_fixtures/__init__.py

@@ -1,6 +1,7 @@
 from tests.test_unit.test_auth.auth_fixtures.keycloak_fixture import (
     create_session_cookie,
     mock_keycloak_api,
+    mock_keycloak_certs,
     mock_keycloak_introspect_token,
     mock_keycloak_logout,
     mock_keycloak_realm,
@@ -12,6 +13,7 @@
 __all__ = [
     "create_session_cookie",
     "mock_keycloak_api",
+    "mock_keycloak_certs",
     "mock_keycloak_introspect_token",
     "mock_keycloak_logout",
     "mock_keycloak_realm",

tests/test_unit/test_auth/auth_fixtures/keycloak_fixture.py

@@ -1,4 +1,6 @@
+import base64
 import json
+import secrets
 import time
 from base64 import b64encode
 
@@ -29,7 +31,6 @@ def rsa_keys():
         encryption_algorithm=NoEncryption(),
     )
     public_key = private_key.public_key()
-
     return {
         "private_key": private_key,
         "private_pem": private_pem,
@@ -209,3 +210,37 @@ def _mock_keycloak_introspect_token(user):
         )
 
     return _mock_keycloak_introspect_token
+
+
+@pytest.fixture
+def mock_keycloak_certs(settings, rsa_keys, mock_keycloak_api):
+    keycloak_settings = settings.auth.model_dump()["keycloak"]
+    api_url = keycloak_settings["api_url"]
+    realm_name = keycloak_settings["client_id"]
+    realm_url = f"{api_url}/realms/{realm_name}"
+    certs_url = f"{realm_url}/protocol/openid-connect/certs"
+
+    def encode_number_base64(n: int):
+        return base64.b64encode(n.to_bytes((n.bit_length() + 7) // 8, byteorder="big")).decode("utf-8")
+
+    # return public key in Keycloak JWK format
+    # https://github.com/marcospereirampj/python-keycloak/pull/704/changes
+    public_key = rsa_keys["public_key"]
+    payload = {
+        "keys": [
+            {
+                "kid": secrets.token_hex(16),
+                "kty": "RSA",
+                "alg": "RS256",
+                "use": "sig",
+                "n": encode_number_base64(public_key.public_numbers().n),
+                "e": encode_number_base64(public_key.public_numbers().e),
+            },
+        ]
+    }
+
+    mock_keycloak_api.get(certs_url).respond(
+        json=payload,
+        status_code=200,
+        content_type="application/json",
+    )

tests/test_unit/test_auth/test_keycloak.py

@@ -59,6 +59,7 @@ async def test_keycloak_get_user_authorized(
     create_session_cookie,
     mock_keycloak_well_known,
     mock_keycloak_realm,
+    mock_keycloak_certs,
 ):
     client.cookies.clear()
     session_cookie = create_session_cookie(simple_user)
@@ -86,6 +87,7 @@ async def test_keycloak_get_user_expired_access_token(
     mock_keycloak_well_known,
     mock_keycloak_realm,
     mock_keycloak_token_refresh,
+    mock_keycloak_certs,
 ):
     session_cookie = create_session_cookie(simple_user, expire_in_msec=-100000000)  # expired access token
     client.cookies = {"session": session_cookie}
@@ -113,6 +115,7 @@ async def test_keycloak_get_user_inactive(
     create_session_cookie,
     mock_keycloak_well_known,
     mock_keycloak_realm,
+    mock_keycloak_certs,
 ):
     client.cookies = {"session": create_session_cookie(inactive_user)}
     response = await client.get(f"/v1/users/{simple_user.id}")
@@ -156,6 +159,7 @@ async def test_keycloak_auth_logout(
     mock_keycloak_realm,
     mock_keycloak_token_refresh,
     mock_keycloak_logout,
+    mock_keycloak_certs,
 ):
     client.cookies = {"session": create_session_cookie(simple_user)}
     response = await client.get("/v1/auth/logout")