entrouvert
/
hobo
16
0
Fork 0
Code Issues Pull Requests 15 Releases Activity
hobo/tests/test_rest_authentication.py

113 lines
3.7 KiB
Python
Raw Permalink Blame History

import pytest
import requests
import responses
@pytest.fixture
def settings_with_idp(settings):
settings.ROOT_URLCONF = 'hobo.test_urls'
settings.KNOWN_SERVICES = {
'authentic': {
'idp': {
'title': 'Foobar',
'url': 'https://idp.example.invalid/',
'orig': 'example.org',
'secret': 'xxx',
}
}
}
return settings
@pytest.fixture
def app_with_auth(app):
app.authorization = ('Basic', ('foo', 'bar'))
return app
def test_no_known_services(app_with_auth, db, settings):
settings.ROOT_URLCONF = 'hobo.test_urls'
app_with_auth.get('/authenticated-testview/', status=403)
def test_no_idp_in_known_services(app_with_auth, db, settings):
settings.ROOT_URLCONF = 'hobo.test_urls'
settings.KNOWN_SERVICES = {}
app_with_auth.get('/authenticated-testview/', status=403)
def test_idp_connection_error(app_with_auth, db, settings_with_idp):
with responses.RequestsMock() as rsps:
rsps.post('https://idp.example.invalid/api/check-api-client/', status=403)
app_with_auth.get('/authenticated-testview/', status=403)
def test_idp_timeout(app_with_auth, db, settings_with_idp):
with responses.RequestsMock() as rsps:
rsps.post('https://idp.example.invalid/api/check-api-client/', body=requests.Timeout('...'))
resp = app_with_auth.get('/authenticated-testview/', status=503)
assert resp.json == {'err': 1, 'err_desc': 'IDP temporarily unavailable, try again later.'}
def test_idp_unavailable_error(app_with_auth, db, settings_with_idp):
with responses.RequestsMock() as rsps:
rsps.post('https://idp.example.invalid/api/check-api-client/', body=requests.RequestException('...'))
resp = app_with_auth.get('/authenticated-testview/', status=503)
assert resp.json == {'err': 1, 'err_desc': 'IDP temporarily unavailable, try again later.'}
def test_idp_no_err_key(app_with_auth, db, settings_with_idp):
with responses.RequestsMock() as rsps:
rsps.post(
'https://idp.example.invalid/api/check-api-client/',
json={'foo': 'bar'},
status=200,
)
app_with_auth.get('/authenticated-testview/', status=403)
def test_idp_app_error(app_with_auth, db, settings_with_idp):
with responses.RequestsMock() as rsps:
rsps.post(
'https://idp.example.invalid/api/check-api-client/',
json={'err': 1},
status=200,
)
app_with_auth.get('/authenticated-testview/', status=403)
def test_idp_wrong_serialization(app_with_auth, db, settings_with_idp):
with responses.RequestsMock() as rsps:
rsps.post(
'https://idp.example.invalid/api/check-api-client/',
json={'err': 0, 'data': {'foo': 'bar'}},
status=200,
)
app_with_auth.get('/authenticated-testview/', status=403)
def test_no_credentials(app, db, settings_with_idp):
# test that the '/authenticated-testview/' really requires authentication,
# otherwise all the others tests are meaningless.
app.get('/authenticated-testview/', status=403)
def test_access_granted(app_with_auth, db, settings_with_idp):
with responses.RequestsMock() as rsps:
rsps.post(
'https://idp.example.invalid/api/check-api-client/',
json={
'err': 0,
'data': {
'is_active': True,
'is_anonymous': False,
'is_authenticated': True,
'is_superuser': False,
'restrict_to_anonymised_data': False,
'roles': [],
},
},
status=200,
)
app_with_auth.get('/authenticated-testview/')
View Git Blame Copy Permalink