diff options
author | Frederick Muriuki Muriithi | 2022-12-19 16:02:19 +0300 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2022-12-22 09:05:53 +0300 |
commit | b0641272491eb51d321b1b8a7d062e395e70800f (patch) | |
tree | c9b2065ea60399579c4c4d84c648b61ed67402ba /tests/unit/auth/test_token.py | |
parent | e9031e28594fcd21371adb2b9b26e17a1df95599 (diff) | |
download | genenetwork3-b0641272491eb51d321b1b8a7d062e395e70800f.tar.gz |
auth: implement OAuth2 flow.oauth2_auth_flow
Add code to implement the OAuth2 flow.
* Add test fixtures for setting up users and OAuth2 clients
* Add tests for token generation with the "Password Grant" flow
* Fix some issues with test due to changes in the database connection's
row_factory
Diffstat (limited to 'tests/unit/auth/test_token.py')
-rw-r--r-- | tests/unit/auth/test_token.py | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/tests/unit/auth/test_token.py b/tests/unit/auth/test_token.py new file mode 100644 index 0000000..edf4b19 --- /dev/null +++ b/tests/unit/auth/test_token.py @@ -0,0 +1,57 @@ +"""Test the OAuth2 authorisation""" + +import pytest + +SUCCESS_RESULT = { + "status_code": 200, + "result": { + "access_token": "123456ABCDE", + "expires_in": 864000, + "scope": "profile", + "token_type": "Bearer"}} + +USERNAME_PASSWORD_FAIL_RESULT = { + "status_code": 400, + "result": { + 'error': 'invalid_request', + 'error_description': 'Invalid "username" or "password" in request.'}} + +def gen_token(client, grant_type, user, scope): # pylint: disable=[unused-argument] + """Generate tokens for tests""" + return "123456ABCDE" + +@pytest.mark.unit_test +@pytest.mark.parametrize( + "test_data,expected", + ((("group@lead.er", "password_for_user_001", 0), SUCCESS_RESULT), + (("group@mem.ber01", "password_for_user_002", 1), SUCCESS_RESULT), + (("group@mem.ber02", "password_for_user_003", 2), SUCCESS_RESULT), + (("unaff@iliated.user", "password_for_user_004", 3), SUCCESS_RESULT), + (("group@lead.er", "brrr", 0), USERNAME_PASSWORD_FAIL_RESULT), + (("group@mem.ber010", "password_for_user_002", 1), USERNAME_PASSWORD_FAIL_RESULT), + (("papa", "yada", 2), USERNAME_PASSWORD_FAIL_RESULT), + # (("unaff@iliated.user", "password_for_user_004", 1), USERNAME_PASSWORD_FAIL_RESULT) + )) +def test_token(test_app, fixture_oauth2_clients, test_data, expected): + """ + GIVEN: a registered oauth2 client, a user + WHEN: a token is requested via the 'password' grant + THEN: check that: + a) when email and password are valid, we get a token back + b) when either email or password or both are invalid, we get error message + back + c) TODO: when user tries to use wrong client, we get error message back + """ + _conn, oa2clients = fixture_oauth2_clients + email, password, client_idx = test_data + data = { + "grant_type": "password", "scope": "profile nonexistent-scope", + "client_id": oa2clients[client_idx].client_id, + "client_secret": oa2clients[client_idx].client_secret, + "username": email, "password": password} + + with test_app.test_client() as client: + res = client.post("/api/oauth2/token", data=data) + assert res.status_code == expected["status_code"] + for key in expected["result"]: + assert res.json[key] == expected["result"][key] |