aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-02-03 15:15:26 +0300
committerFrederick Muriuki Muriithi2023-02-03 15:15:26 +0300
commite6dd74a3fab65355c0aa187ee31d5ee74a888649 (patch)
tree615214631357f96874b59919da4409d1b28cfe2b
parentecce454ca9d0f374e22da8401206e3b1695dbded (diff)
downloadgenenetwork3-e6dd74a3fab65355c0aa187ee31d5ee74a888649.tar.gz
auth: tests: mock token acquisition. Fix minor bugs.
-rw-r--r--gn3/auth/authorisation/checks.py7
-rw-r--r--tests/unit/auth/conftest.py22
-rw-r--r--tests/unit/auth/fixtures/oauth2_client_fixtures.py5
-rw-r--r--tests/unit/auth/test_groups.py62
-rw-r--r--tests/unit/auth/test_resources.py23
-rw-r--r--tests/unit/auth/test_roles.py20
6 files changed, 82 insertions, 57 deletions
diff --git a/gn3/auth/authorisation/checks.py b/gn3/auth/authorisation/checks.py
index 6579afc..36ab5fa 100644
--- a/gn3/auth/authorisation/checks.py
+++ b/gn3/auth/authorisation/checks.py
@@ -1,15 +1,14 @@
"""Functions to check for authorisation."""
from functools import wraps
-from typing import Callable, Optional
+from typing import Callable
-from flask import g, current_app as app
+from flask import current_app as app
from gn3.auth import db
from . import privileges as auth_privs
from .errors import AuthorisationError
-from ..authentication.users import User
from ..authentication.oauth2.resource_server import require_oauth
def authorised_p(
@@ -36,6 +35,6 @@ def authorised_p(
if len(not_assigned) == 0:
return func(*args, **kwargs)
- raise AuthorisationError(error_message)
+ raise AuthorisationError(error_description)
return __authoriser__
return __build_authoriser__
diff --git a/tests/unit/auth/conftest.py b/tests/unit/auth/conftest.py
index 7082910..a7c64a8 100644
--- a/tests/unit/auth/conftest.py
+++ b/tests/unit/auth/conftest.py
@@ -1,2 +1,24 @@
"""Module for fixtures and test utilities"""
+import uuid
+import datetime
+from contextlib import contextmanager
+
+from gn3.auth.authentication.oauth2.models.oauth2token import OAuth2Token
+
from .fixtures import * # pylint: disable=[wildcard-import,unused-wildcard-import]
+
+def get_tokeniser(user):
+ """Get contextmanager for mocking token acquisition."""
+ @contextmanager
+ def __token__(*args, **kwargs):# pylint: disable=[unused-argument]
+ yield {
+ usr.user_id: OAuth2Token(
+ token_id=uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
+ client=None, token_type="Bearer", access_token="123456ABCDE",
+ refresh_token=None, revoked=False, expires_in=864000,
+ user=usr, issued_at=int(datetime.datetime.now().timestamp()),
+ scope="profile group role resource register-client")
+ for usr in TEST_USERS
+ }[user.user_id]
+
+ return __token__
diff --git a/tests/unit/auth/fixtures/oauth2_client_fixtures.py b/tests/unit/auth/fixtures/oauth2_client_fixtures.py
index 040da87..41d3ed4 100644
--- a/tests/unit/auth/fixtures/oauth2_client_fixtures.py
+++ b/tests/unit/auth/fixtures/oauth2_client_fixtures.py
@@ -24,11 +24,12 @@ def fxtr_oauth2_clients(fxtr_users_with_passwords):
now + datetime.timedelta(hours = 2),
{
"client_name": f"test_client_{idx:03}",
- "scope": ["user", "profile"],
+ "scope": ["profile", "group", "role", "resource", "register-client"],
"redirect_uri": "/test_oauth2",
"token_endpoint_auth_method": [
"client_secret_post", "client_secret_basic"],
- "grant_types": ["password"]
+ "grant_types": ["password", "authorisation_code", "refresh_token"],
+ "response_type": "token"
}, user)
for idx, user in enumerate(users, start=1))
diff --git a/tests/unit/auth/test_groups.py b/tests/unit/auth/test_groups.py
index 18f9b23..7f4f02b 100644
--- a/tests/unit/auth/test_groups.py
+++ b/tests/unit/auth/test_groups.py
@@ -10,8 +10,7 @@ from gn3.auth.authorisation.roles import Role
from gn3.auth.authorisation.privileges import Privilege
from gn3.auth.authorisation.errors import AuthorisationError
from gn3.auth.authorisation.groups.models import (
- Group, GroupRole, user_group, create_group, MembershipError,
- create_group_role)
+ Group, GroupRole, user_group, create_group, create_group_role)
from tests.unit.auth import conftest
@@ -47,11 +46,11 @@ def test_create_group(# pylint: disable=[too-many-arguments]
appropriate privileges
"""
mocker.patch("gn3.auth.authorisation.groups.models.uuid4", uuid_fn)
- with fxtr_app.app_context() as flask_context:
- flask_context.g.user = user
- with db.connection(auth_testdb_path) as conn:
- assert create_group(
- conn, "a_test_group", user, "A test group") == expected
+ mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire",
+ conftest.get_tokeniser(user))
+ with db.connection(auth_testdb_path) as conn:
+ assert create_group(
+ conn, "a_test_group", user, "A test group") == expected
@pytest.mark.unit_test
@pytest.mark.parametrize("user", conftest.TEST_USERS[1:])
@@ -63,11 +62,11 @@ def test_create_group_raises_exception_with_non_privileged_user(# pylint: disabl
THEN: verify the system raises an exception
"""
mocker.patch("gn3.auth.authorisation.groups.models.uuid4", uuid_fn)
- with fxtr_app.app_context() as flask_context:
- flask_context.g.user = user
- with db.connection(auth_testdb_path) as conn:
- with pytest.raises(AuthorisationError):
- assert create_group(conn, "a_test_group", user, "A test group")
+ mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire",
+ conftest.get_tokeniser(user))
+ with db.connection(auth_testdb_path) as conn:
+ with pytest.raises(AuthorisationError):
+ assert create_group(conn, "a_test_group", user, "A test group")
create_role_failure = {
"status": "error",
@@ -82,7 +81,7 @@ create_role_failure = {
GROUP,
Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
"ResourceEditor", PRIVILEGES)),))))
-def test_create_group_role(mocker, fxtr_users_in_group, fxtr_app, user, expected):
+def test_create_group_role(mocker, fxtr_users_in_group, user, expected):
"""
GIVEN: an authenticated user
WHEN: the user attempts to create a role, attached to a group
@@ -91,9 +90,10 @@ def test_create_group_role(mocker, fxtr_users_in_group, fxtr_app, user, expected
"""
mocker.patch("gn3.auth.authorisation.groups.models.uuid4", uuid_fn)
mocker.patch("gn3.auth.authorisation.roles.models.uuid4", uuid_fn)
+ mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire",
+ conftest.get_tokeniser(user))
conn, _group, _users = fxtr_users_in_group
- with fxtr_app.app_context() as flask_context, db.cursor(conn) as cursor:
- flask_context.g.user = user
+ with db.cursor(conn) as cursor:
assert create_group_role(
conn, GROUP, "ResourceEditor", PRIVILEGES) == expected
# cleanup
@@ -107,7 +107,7 @@ def test_create_group_role(mocker, fxtr_users_in_group, fxtr_app, user, expected
"user,expected", tuple(zip(conftest.TEST_USERS[1:], (
create_role_failure, create_role_failure, create_role_failure))))
def test_create_group_role_raises_exception_with_unauthorised_users(
- mocker, fxtr_users_in_group, fxtr_app, user, expected):
+ mocker, fxtr_users_in_group, user, expected):
"""
GIVEN: an authenticated user
WHEN: the user attempts to create a role, attached to a group
@@ -116,15 +116,15 @@ def test_create_group_role_raises_exception_with_unauthorised_users(
"""
mocker.patch("gn3.auth.authorisation.groups.models.uuid4", uuid_fn)
mocker.patch("gn3.auth.authorisation.roles.models.uuid4", uuid_fn)
+ mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire",
+ conftest.get_tokeniser(user))
conn, _group, _users = fxtr_users_in_group
- with fxtr_app.app_context() as flask_context:
- flask_context.g.user = user
- with pytest.raises(AuthorisationError):
- assert create_group_role(
- conn, GROUP, "ResourceEditor", PRIVILEGES) == expected
+ with pytest.raises(AuthorisationError):
+ assert create_group_role(
+ conn, GROUP, "ResourceEditor", PRIVILEGES) == expected
@pytest.mark.unit_test
-def test_create_multiple_groups(mocker, fxtr_app, fxtr_users):
+def test_create_multiple_groups(mocker, fxtr_users):
"""
GIVEN: An authenticated user with appropriate authorisation
WHEN: The user attempts to create a new group, while being a member of an
@@ -136,16 +136,16 @@ def test_create_multiple_groups(mocker, fxtr_app, fxtr_users):
user = User(
UUID("ecb52977-3004-469e-9428-2a1856725c7f"), "group@lead.er",
"Group Leader")
+ mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire",
+ conftest.get_tokeniser(user))
conn, _test_users = fxtr_users
- with fxtr_app.app_context() as flask_context:
- flask_context.g.user = user
- # First time, successfully creates the group
- assert create_group(conn, "a_test_group", user) == Group(
- UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group",
- {})
- # subsequent attempts should fail
- with pytest.raises(MembershipError):
- create_group(conn, "another_test_group", user)
+ # First time, successfully creates the group
+ assert create_group(conn, "a_test_group", user) == Group(
+ UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group",
+ {})
+ # subsequent attempts should fail
+ with pytest.raises(AuthorisationError):
+ create_group(conn, "another_test_group", user)
@pytest.mark.unit_test
@pytest.mark.parametrize(
diff --git a/tests/unit/auth/test_resources.py b/tests/unit/auth/test_resources.py
index a360442..7e3d9ad 100644
--- a/tests/unit/auth/test_resources.py
+++ b/tests/unit/auth/test_resources.py
@@ -4,6 +4,7 @@ import uuid
import pytest
from gn3.auth import db
+
from gn3.auth.authorisation.groups import Group
from gn3.auth.authorisation.errors import AuthorisationError
from gn3.auth.authorisation.resources.models import (
@@ -30,14 +31,16 @@ uuid_fn = lambda : uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b")
(Resource(
group, uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
"test_resource", resource_category, False),))))
-def test_create_resource(mocker, fxtr_app, fxtr_users_in_group, user, expected):
+def test_create_resource(mocker, fxtr_users_in_group, user, expected):
"""Test that resource creation works as expected."""
mocker.patch("gn3.auth.authorisation.resources.models.uuid4", uuid_fn)
+ mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire",
+ conftest.get_tokeniser(user))
conn, _group, _users = fxtr_users_in_group
- with fxtr_app.app_context() as flask_context, db.cursor(conn) as cursor:
- flask_context.g.user = user
- assert create_resource(conn, "test_resource", resource_category) == expected
+ assert create_resource(
+ conn, "test_resource", resource_category, user) == expected
+ with db.cursor(conn) as cursor:
# Cleanup
cursor.execute(
"DELETE FROM resources WHERE resource_id=?", (str(uuid_fn()),))
@@ -50,15 +53,15 @@ def test_create_resource(mocker, fxtr_app, fxtr_users_in_group, user, expected):
(create_resource_failure, create_resource_failure,
create_resource_failure))))
def test_create_resource_raises_for_unauthorised_users(
- mocker, fxtr_app, fxtr_users_in_group, user, expected):
+ mocker, fxtr_users_in_group, user, expected):
"""Test that resource creation works as expected."""
mocker.patch("gn3.auth.authorisation.resources.models.uuid4", uuid_fn)
+ mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire",
+ conftest.get_tokeniser(user))
conn, _group, _users = fxtr_users_in_group
- with fxtr_app.app_context() as flask_context:
- flask_context.g.user = user
- with pytest.raises(AuthorisationError):
- assert create_resource(
- conn, "test_resource", resource_category) == expected
+ with pytest.raises(AuthorisationError):
+ assert create_resource(
+ conn, "test_resource", resource_category, user) == expected
SORTKEY = lambda resource: resource.resource_id
diff --git a/tests/unit/auth/test_roles.py b/tests/unit/auth/test_roles.py
index 9152042..30b7f43 100644
--- a/tests/unit/auth/test_roles.py
+++ b/tests/unit/auth/test_roles.py
@@ -37,11 +37,11 @@ def test_create_role(# pylint: disable=[too-many-arguments]
appropriate privileges
"""
mocker.patch("gn3.auth.authorisation.roles.models.uuid4", uuid_fn)
- with fxtr_app.app_context() as flask_context:
- flask_context.g.user = user
- with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor:
- the_role = create_role(cursor, "a_test_role", PRIVILEGES)
- assert the_role == expected
+ mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire",
+ conftest.get_tokeniser(user))
+ with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor:
+ the_role = create_role(cursor, "a_test_role", PRIVILEGES)
+ assert the_role == expected
@pytest.mark.unit_test
@pytest.mark.parametrize(
@@ -56,11 +56,11 @@ def test_create_role_raises_exception_for_unauthorised_users(# pylint: disable=[
appropriate privileges
"""
mocker.patch("gn3.auth.authorisation.roles.models.uuid4", uuid_fn)
- with fxtr_app.app_context() as flask_context:
- flask_context.g.user = user
- with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor:
- with pytest.raises(AuthorisationError):
- create_role(cursor, "a_test_role", PRIVILEGES)
+ mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire",
+ conftest.get_tokeniser(user))
+ with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor:
+ with pytest.raises(AuthorisationError):
+ create_role(cursor, "a_test_role", PRIVILEGES)
@pytest.mark.unit_test
@pytest.mark.parametrize(