refactor test method add_token_to_user -> add_security_key_to_user

src/eduid/webapp/bankid/tests/test_app.py

@@ -3,15 +3,12 @@
 import logging
 import os
 import unittest
-from typing import Any, Mapping, Optional, Union
+from typing import Any, Mapping, Optional
 from unittest.mock import MagicMock, patch
 
-from fido2.webauthn import AuthenticatorAttachment
-
 from eduid.common.config.base import EduidEnvironment, FrontendAction
 from eduid.common.misc.timeutil import utc_now
 from eduid.userdb import NinIdentity
-from eduid.userdb.credentials import U2F, Webauthn
 from eduid.userdb.credentials.external import BankIDCredential, SwedenConnectCredential
 from eduid.userdb.element import ElementKey
 from eduid.userdb.identity import IdentityProofingMethod
@@ -207,32 +204,6 @@ def update_config(self, config: dict[str, Any]) -> dict[str, Any]:
         )
         return config
 
-    def add_token_to_user(self, eppn: str, credential_id: str, token_type: str) -> Union[U2F, Webauthn]:
-        user = self.app.central_userdb.get_user_by_eppn(eppn)
-        mfa_token: Union[U2F, Webauthn]
-        if token_type == "u2f":
-            mfa_token = U2F(
-                version="test",
-                keyhandle=credential_id,
-                public_key="test",
-                app_id="test",
-                attest_cert="test",
-                description="test",
-                created_by="test",
-            )
-        else:
-            mfa_token = Webauthn(
-                keyhandle=credential_id,
-                credential_data="test",
-                app_id="test",
-                description="test",
-                created_by="test",
-                authenticator=AuthenticatorAttachment.CROSS_PLATFORM,
-            )
-        user.credentials.add(mfa_token)
-        self.request_user_sync(user)
-        return mfa_token
-
     def add_nin_to_user(self, eppn: str, nin: str, verified: bool) -> NinIdentity:
         user = self.app.central_userdb.get_user_by_eppn(eppn)
         nin_element = NinIdentity(number=nin, created_by="test", is_verified=verified)
@@ -506,7 +477,7 @@ def test_u2f_token_verify(self, mock_request_user_sync: MagicMock):
         mock_request_user_sync.side_effect = self.request_user_sync
 
         eppn = self.test_user.eppn
-        credential = self.add_token_to_user(eppn, "test", "u2f")
+        credential = self.add_security_key_to_user(eppn, "test", "u2f")
 
         self._verify_user_parameters(eppn)
 
@@ -527,7 +498,7 @@ def test_webauthn_token_verify(self, mock_request_user_sync: MagicMock):
 
         eppn = self.test_user.eppn
 
-        credential = self.add_token_to_user(eppn, "test", "webauthn")
+        credential = self.add_security_key_to_user(eppn, "test", "webauthn")
 
         self._verify_user_parameters(eppn)
 
@@ -545,7 +516,7 @@ def test_webauthn_token_verify(self, mock_request_user_sync: MagicMock):
     def test_mfa_token_verify_wrong_verified_nin(self):
         eppn = self.test_user.eppn
         nin = self.test_user_wrong_nin
-        credential = self.add_token_to_user(eppn, "test", "u2f")
+        credential = self.add_security_key_to_user(eppn, "test", "u2f")
 
         self._verify_user_parameters(eppn, identity=nin, identity_present=False)
 
@@ -568,7 +539,7 @@ def test_mfa_token_verify_no_verified_nin(self, mock_request_user_sync: MagicMoc
 
         eppn = self.test_unverified_user_eppn
         nin = self.test_user_nin
-        credential = self.add_token_to_user(eppn, "test", "webauthn")
+        credential = self.add_security_key_to_user(eppn, "test", "webauthn")
 
         self._verify_user_parameters(eppn, identity_verified=False)
 
@@ -589,7 +560,7 @@ def test_mfa_token_verify_no_verified_nin(self, mock_request_user_sync: MagicMoc
 
     def test_mfa_token_verify_no_mfa_login(self):
         eppn = self.test_user.eppn
-        credential = self.add_token_to_user(eppn, "test", "u2f")
+        credential = self.add_security_key_to_user(eppn, "test", "u2f")
 
         self._verify_user_parameters(eppn)
 
@@ -614,7 +585,7 @@ def test_mfa_token_verify_no_mfa_login(self):
 
     def test_mfa_token_verify_no_mfa_token_in_session(self):
         eppn = self.test_user.eppn
-        credential = self.add_token_to_user(eppn, "test", "webauthn")
+        credential = self.add_security_key_to_user(eppn, "test", "webauthn")
 
         self._verify_user_parameters(eppn)
 
@@ -633,7 +604,7 @@ def test_mfa_token_verify_no_mfa_token_in_session(self):
 
     def test_mfa_token_verify_aborted_auth(self):
         eppn = self.test_user.eppn
-        credential = self.add_token_to_user(eppn, "test", "u2f")
+        credential = self.add_security_key_to_user(eppn, "test", "u2f")
 
         self._verify_user_parameters(eppn)
 
@@ -653,7 +624,7 @@ def test_mfa_token_verify_aborted_auth(self):
     def test_mfa_token_verify_cancel_auth(self):
         eppn = self.test_user.eppn
 
-        credential = self.add_token_to_user(eppn, "test", "webauthn")
+        credential = self.add_security_key_to_user(eppn, "test", "webauthn")
 
         self._verify_user_parameters(eppn)
 
@@ -674,7 +645,7 @@ def test_mfa_token_verify_cancel_auth(self):
     def test_mfa_token_verify_auth_fail(self):
         eppn = self.test_user.eppn
 
-        credential = self.add_token_to_user(eppn, "test", "u2f")
+        credential = self.add_security_key_to_user(eppn, "test", "u2f")
 
         self._verify_user_parameters(eppn)
 
@@ -699,7 +670,7 @@ def test_webauthn_token_verify_backdoor(self, mock_request_user_sync: MagicMock)
 
         eppn = self.test_unverified_user_eppn
         nin = self.test_backdoor_nin
-        credential = self.add_token_to_user(eppn, "test", "webauthn")
+        credential = self.add_security_key_to_user(eppn, "test", "webauthn")
 
         self._verify_user_parameters(eppn)
 

src/eduid/webapp/common/api/testing.py

@@ -8,8 +8,9 @@
 from contextlib import contextmanager
 from copy import deepcopy
 from datetime import timedelta
-from typing import Any, Generator, Generic, Iterable, Mapping, Optional, TypeVar, cast
+from typing import Any, Generator, Generic, Iterable, Mapping, Optional, TypeVar, Union, cast
 
+from fido2.webauthn import AuthenticatorAttachment
 from flask.testing import FlaskClient
 from werkzeug.test import TestResponse
 
@@ -18,6 +19,7 @@
 from eduid.common.rpc.msg_relay import FullPostalAddress, NavetData
 from eduid.common.testing_base import CommonTestCase
 from eduid.userdb import User
+from eduid.userdb.credentials import U2F, Webauthn
 from eduid.userdb.db import BaseDB
 from eduid.userdb.element import ElementKey
 from eduid.userdb.fixtures.users import UserFixtures
@@ -347,6 +349,32 @@ def set_authn_action(
                 )
                 sess.authn.sp.authns[sp_authn_req.authn_id] = sp_authn_req
 
+    def add_security_key_to_user(self, eppn: str, keyhandle: str, token_type: str = "webauthn") -> Union[U2F, Webauthn]:
+        user = self.app.central_userdb.get_user_by_eppn(eppn)
+        mfa_token: Union[U2F, Webauthn]
+        if token_type == "u2f":
+            mfa_token = U2F(
+                version="test",
+                keyhandle=keyhandle,
+                public_key="test",
+                app_id="test",
+                attest_cert="test",
+                description="test",
+                created_by="test",
+            )
+        else:
+            mfa_token = Webauthn(
+                keyhandle=keyhandle,
+                credential_data="test",
+                app_id="test",
+                description="test",
+                created_by="test",
+                authenticator=AuthenticatorAttachment.CROSS_PLATFORM,
+            )
+        user.credentials.add(mfa_token)
+        self.request_user_sync(user)
+        return mfa_token
+
     @staticmethod
     def _get_all_navet_data():
         return NavetData.model_validate(MessageSender.get_devel_all_navet_data())

src/eduid/webapp/eidas/tests/test_app.py

@@ -6,12 +6,9 @@
 from unittest import TestCase
 from unittest.mock import MagicMock, patch
 
-from fido2.webauthn import AuthenticatorAttachment
-
 from eduid.common.config.base import EduidEnvironment, FrontendAction
 from eduid.common.misc.timeutil import utc_now
 from eduid.userdb import NinIdentity
-from eduid.userdb.credentials import U2F, Webauthn
 from eduid.userdb.credentials.external import EidasCredential, ExternalCredential, SwedenConnectCredential
 from eduid.userdb.element import ElementKey
 from eduid.userdb.identity import EIDASIdentity, EIDASLoa, IdentityProofingMethod, PridPersistence
@@ -228,32 +225,6 @@ def update_config(self, config: dict[str, Any]) -> dict[str, Any]:
         )
         return config
 
-    def add_security_key_to_user(self, eppn: str, credential_id: str, token_type: str) -> Union[U2F, Webauthn]:
-        user = self.app.central_userdb.get_user_by_eppn(eppn)
-        mfa_token: Union[U2F, Webauthn]
-        if token_type == "u2f":
-            mfa_token = U2F(
-                version="test",
-                keyhandle=credential_id,
-                public_key="test",
-                app_id="test",
-                attest_cert="test",
-                description="test",
-                created_by="test",
-            )
-        else:
-            mfa_token = Webauthn(
-                keyhandle=credential_id,
-                credential_data="test",
-                app_id="test",
-                description="test",
-                created_by="test",
-                authenticator=AuthenticatorAttachment.CROSS_PLATFORM,
-            )
-        user.credentials.add(mfa_token)
-        self.request_user_sync(user)
-        return mfa_token
-
     def add_nin_to_user(self, eppn: str, nin: str, verified: bool) -> NinIdentity:
         user = self.app.central_userdb.get_user_by_eppn(eppn)
         nin_element = NinIdentity(number=nin, created_by="test", is_verified=verified)
@@ -570,7 +541,7 @@ def test_verify_credential(self, mock_request_user_sync: MagicMock):
 
         for security_key_type in ["u2f", "webauthn"]:
             credential = self.add_security_key_to_user(
-                eppn, credential_id=f"test_{security_key_type}", token_type=security_key_type
+                eppn, keyhandle=f"test_{security_key_type}", token_type=security_key_type
             )
             self.verify_token(
                 endpoint="/verify-credential",