profile_views: provide a more general message in oidc-authz page (#45651)

src/authentic2/templates/authentic2/accounts_authorized_oauth_services.html

@@ -17,13 +17,9 @@
   {% block oidc-authorized-oauth-services-top %}
   <p class="authorized-oauth-services--top">
     {% if authorized_oauth_services|length_is:0 %}
-    {% trans "You have not granted service access to your account profile data." %}
+    {% trans "You have not given any authorization to access your account profile data." %}
     {% else %}
-    {% blocktrans count counter=authorized_oauth_services|length %}
-    You have granted one service access to your account profile data.
-    {% plural %}
-    You have granted {{ counter }} services access to your account profile data.
-    {% endblocktrans %}
+    {% trans "You have given authorizations to access your account profile data." %}
     {% endif %}
   </p>
   {% endblock %}

tests/test_idp_oidc.py

@@ -45,6 +45,7 @@ from authentic2_idp_oidc.utils import make_sub
 from authentic2.a2_rbac.utils import get_default_ou
 from authentic2.utils import make_url
 from authentic2_auth_oidc.utils import parse_timestamp
+from django_rbac.utils import get_ou_model
 from django_rbac.utils import get_role_model
 
 User = get_user_model()
@@ -1615,14 +1616,23 @@ def test_oidc_client_clean():
 
 
 def test_oidc_authorized_oauth_services_view(app, oidc_client, simple_user):
+    from django.contrib.contenttypes.models import ContentType
+
     url = make_url('authorized-oauth-services')
     response = app.get(url, status=302)
     assert '/login/' in response.location
 
     utils.login(app, simple_user)
     response = app.get(url, status=200)
-    assert "You have not granted service access to your account profile data." in response.text
+    assert "You have not given any authorization to access your account profile data." in response.text
 
+    # create an ou authz
+    OU = get_ou_model()
+    ou1 = OU.objects.create(name='Orgunit1', slug='orgunit1')
+    OIDCAuthorization.objects.create(
+        client=ou1, user=simple_user, scopes='openid profile email',
+        expired=now() + datetime.timedelta(days=2))
+    # create service authzs
     OIDCAuthorization.objects.create(
         client=oidc_client, user=simple_user, scopes='openid',
         expired=now() + datetime.timedelta(days=2))
@@ -1634,17 +1644,28 @@ def test_oidc_authorized_oauth_services_view(app, oidc_client, simple_user):
         expired=now() + datetime.timedelta(days=2))
 
     response = app.get(url, status=200)
-    assert "You have granted 3 services access to your account profile data."
+    assert "You have given authorizations to access your account profile data." in response.text
+    assert len(response.html.find_all(
+        'button', {'class': 'authorized-oauth-services--revoke-button'})) == 4
+
+    # revoke two service authz
+    response = response.forms[1].submit()
+    response = response.follow()
     assert len(response.html.find_all(
         'button', {'class': 'authorized-oauth-services--revoke-button'})) == 3
-
-    # revoke two
-    response = response.forms[0].submit()
+    assert OIDCAuthorization.objects.filter(
+        client_ct=ContentType.objects.get_for_model(OIDCClient)).count() == 2
+    response = response.forms[1].submit()
     response = response.follow()
     assert len(response.html.find_all(
         'button', {'class': 'authorized-oauth-services--revoke-button'})) == 2
+    assert OIDCAuthorization.objects.filter(
+        client_ct=ContentType.objects.get_for_model(OIDCClient)).count() == 1
+
+    # revoke the only OU authz
     response = response.forms[0].submit()
     response = response.follow()
     assert len(response.html.find_all(
         'button', {'class': 'authorized-oauth-services--revoke-button'})) == 1
-    assert "You have granted one service access to your account profile data." in response.text
+    assert OIDCAuthorization.objects.filter(
+        client_ct=ContentType.objects.get_for_model(OU)).count() == 0