auth: Check for authentication and fix errors

* gn3/auth/authorisation/groups.py: base `MembershipError` on new `AuthorisationError` base exception. Use new authentication checking decorator. * gn3/auth/authorisation/privileges.py: Change argument to User object rather than UUID object * gn3/auth/authorisation/roles.py: Use new authentication checking decorator. * tests/unit/auth/test_groups.py: use `conftest.TEST_USER` * tests/unit/auth/test_privileges.py: use `conftest.TEST_USER` * tests/unit/auth/test_roles.py: use `conftest.TEST_USER`
author: Frederick Muriuki Muriithi 2022-11-24 13:53:59 +0300
committer: Frederick Muriuki Muriithi 2022-11-24 13:53:59 +0300
commit: 9810731b8432624c3817633ea0877dd80d0eea39 (patch)
tree: e30a620e9d549c6df19c80e3e27f0ac59cd7cb6e /tests
parent: 021b8dfcb99928b363e4546f626e3deb5793e392 (diff)
download: genenetwork3-9810731b8432624c3817633ea0877dd80d0eea39.tar.gz
3 files changed, 39 insertions, 44 deletions
diff --git a/tests/unit/auth/test_groups.py b/tests/unit/auth/test_groups.py
index 225bb59..22d90f4 100644
--- a/tests/unit/auth/test_groups.py
+++ b/tests/unit/auth/test_groups.py
@@ -10,6 +10,8 @@ from gn3.auth.authorisation.privileges import Privilege
 from gn3.auth.authorisation.groups import (
     Group, GroupRole, create_group, MembershipError, create_group_role)
 
+from tests.unit.auth import conftest
+
 create_group_failure = {
     "status": "error",
     "message": "Unauthorised: Failed to create group."
@@ -26,15 +28,13 @@ PRIVILEGES = (
 
 @pytest.mark.unit_test
 @pytest.mark.parametrize(
-    "user_id,expected", (
-    ("ecb52977-3004-469e-9428-2a1856725c7f", Group(
-        UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group")),
-    ("21351b66-8aad-475b-84ac-53ce528451e3", create_group_failure),
-    ("ae9c6245-0966-41a5-9a5e-20885a96bea7", create_group_failure),
-    ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", create_group_failure),
-    ("e614247d-84d2-491d-a048-f80b578216cb", create_group_failure)))
+    "user,expected", tuple(zip(conftest.TEST_USERS, (
+        Group(
+            UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group"),
+        create_group_failure, create_group_failure, create_group_failure,
+        create_group_failure))))
 def test_create_group(# pylint: disable=[too-many-arguments]
-        test_app, auth_testdb_path, mocker, test_users, user_id, expected):# pylint: disable=[unused-argument]
+        test_app, auth_testdb_path, mocker, test_users, user, expected):# pylint: disable=[unused-argument]
     """
     GIVEN: an authenticated user
     WHEN: the user attempts to create a group
@@ -43,10 +43,9 @@ def test_create_group(# pylint: disable=[too-many-arguments]
     """
     mocker.patch("gn3.auth.authorisation.groups.uuid4", uuid_fn)
     with test_app.app_context() as flask_context:
-        flask_context.g.user_id = UUID(user_id)
+        flask_context.g.user = user
         with db.connection(auth_testdb_path) as conn:
-            assert create_group(conn, "a_test_group", User(
-                UUID(user_id), "some@email.address", "a_test_user")) == expected
+            assert create_group(conn, "a_test_group", user) == expected
 
 create_role_failure = {
     "status": "error",
@@ -55,16 +54,14 @@ create_role_failure = {
 
 @pytest.mark.unit_test
 @pytest.mark.parametrize(
-    "user_id,expected", (
-    ("ecb52977-3004-469e-9428-2a1856725c7f", GroupRole(
-        UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
-        Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
-             "ResourceEditor", PRIVILEGES))),
-    ("21351b66-8aad-475b-84ac-53ce528451e3", create_role_failure),
-    ("ae9c6245-0966-41a5-9a5e-20885a96bea7", create_role_failure),
-    ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", create_role_failure),
-    ("e614247d-84d2-491d-a048-f80b578216cb", create_role_failure)))
-def test_create_group_role(mocker, test_users_in_group, test_app, user_id, expected):
+    "user,expected", tuple(zip(conftest.TEST_USERS, (
+        GroupRole(
+            UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
+            Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
+                 "ResourceEditor", PRIVILEGES)),
+        create_role_failure, create_role_failure, create_role_failure,
+        create_role_failure))))
+def test_create_group_role(mocker, test_users_in_group, test_app, user, expected):
     """
     GIVEN: an authenticated user
     WHEN: the user attempts to create a role, attached to a group
@@ -75,7 +72,7 @@ def test_create_group_role(mocker, test_users_in_group, test_app, user_id, expec
     mocker.patch("gn3.auth.authorisation.roles.uuid4", uuid_fn)
     conn, _group, _users = test_users_in_group
     with test_app.app_context() as flask_context:
-        flask_context.g.user_id = UUID(user_id)
+        flask_context.g.user = user
         assert create_group_role(
             conn, GROUP, "ResourceEditor", PRIVILEGES) == expected
 
@@ -89,11 +86,12 @@ def test_create_multiple_groups(mocker, test_app, test_users):
       message
     """
     mocker.patch("gn3.auth.authorisation.groups.uuid4", uuid_fn)
-    user_id = UUID("ecb52977-3004-469e-9428-2a1856725c7f")
+    user = User(
+        UUID("ecb52977-3004-469e-9428-2a1856725c7f"), "group@lead.er",
+        "Group Leader")
     conn, _test_users = test_users
     with test_app.app_context() as flask_context:
-        flask_context.g.user_id = user_id
-        user = User(user_id, "some@email.address", "a_test_user")
+        flask_context.g.user = user
         # First time, successfully creates the group
         assert create_group(conn, "a_test_group", user) == Group(
             UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group")
diff --git a/tests/unit/auth/test_privileges.py b/tests/unit/auth/test_privileges.py
index 2514f9d..3586e90 100644
--- a/tests/unit/auth/test_privileges.py
+++ b/tests/unit/auth/test_privileges.py
@@ -6,6 +6,8 @@ import pytest
 from gn3.auth import db
 from gn3.auth.authorisation.privileges import Privilege, user_privileges
 
+from tests.unit.auth import conftest
+
 SORT_KEY = lambda x: x.privilege_name
 
 PRIVILEGES = sorted(
@@ -33,18 +35,14 @@ PRIVILEGES = sorted(
 
 @pytest.mark.unit_test
 @pytest.mark.parametrize(
-    "user_id,expected", (
-        ("ecb52977-3004-469e-9428-2a1856725c7f", PRIVILEGES),
-        ("21351b66-8aad-475b-84ac-53ce528451e3", []),
-        ("ae9c6245-0966-41a5-9a5e-20885a96bea7", []),
-        ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", []),
-        ("e614247d-84d2-491d-a048-f80b578216cb", [])))
-def test_user_privileges(auth_testdb_path, test_users, user_id, expected):# pylint: disable=[unused-argument]
+    "user,expected", tuple(zip(
+        conftest.TEST_USERS, (PRIVILEGES, [], [], [], []))))
+def test_user_privileges(auth_testdb_path, test_users, user, expected):# pylint: disable=[unused-argument]
     """
-    GIVEN: A user_id
+    GIVEN: A user
     WHEN: An attempt is made to fetch the user's privileges
     THEN: Ensure only
     """
     with db.connection(auth_testdb_path) as conn:
         assert sorted(
-            user_privileges(conn, UUID(user_id)), key=SORT_KEY) == expected
+            user_privileges(conn, user), key=SORT_KEY) == expected
diff --git a/tests/unit/auth/test_roles.py b/tests/unit/auth/test_roles.py
index 70663b3..b6e681d 100644
--- a/tests/unit/auth/test_roles.py
+++ b/tests/unit/auth/test_roles.py
@@ -7,6 +7,8 @@ from gn3.auth import db
 from gn3.auth.authorisation.privileges import Privilege
 from gn3.auth.authorisation.roles import Role, create_role
 
+from tests.unit.auth import conftest
+
 create_role_failure = {
     "status": "error",
     "message": "Unauthorised: Could not create role"
@@ -22,16 +24,13 @@ PRIVILEGES = (
 
 @pytest.mark.unit_test
 @pytest.mark.parametrize(
-    "user_id,expected", (
-    ("ecb52977-3004-469e-9428-2a1856725c7f", Role(
-        uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_role",
-        PRIVILEGES)),
-    ("21351b66-8aad-475b-84ac-53ce528451e3", create_role_failure),
-    ("ae9c6245-0966-41a5-9a5e-20885a96bea7", create_role_failure),
-    ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", create_role_failure),
-    ("e614247d-84d2-491d-a048-f80b578216cb", create_role_failure)))
+    "user,expected", tuple(zip(conftest.TEST_USERS, (
+        Role(
+            uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_role",
+            PRIVILEGES), create_role_failure, create_role_failure,
+        create_role_failure, create_role_failure))))
 def test_create_role(# pylint: disable=[too-many-arguments]
-        test_app, auth_testdb_path, mocker, test_users, user_id, expected):# pylint: disable=[unused-argument]
+        test_app, auth_testdb_path, mocker, test_users, user, expected):# pylint: disable=[unused-argument]
     """
     GIVEN: an authenticated user
     WHEN: the user attempts to create a role
@@ -40,7 +39,7 @@ def test_create_role(# pylint: disable=[too-many-arguments]
     """
     mocker.patch("gn3.auth.authorisation.roles.uuid4", uuid_fn)
     with test_app.app_context() as flask_context:
-        flask_context.g.user_id = uuid.UUID(user_id)
+        flask_context.g.user = user
         with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor:
             the_role = create_role(cursor, "a_test_role", PRIVILEGES)
             assert the_role == expected
author	Frederick Muriuki Muriithi	2022-11-24 13:53:59 +0300
committer	Frederick Muriuki Muriithi	2022-11-24 13:53:59 +0300
commit	9810731b8432624c3817633ea0877dd80d0eea39 (patch)
tree	e30a620e9d549c6df19c80e3e27f0ac59cd7cb6e /tests
parent	021b8dfcb99928b363e4546f626e3deb5793e392 (diff)
download	genenetwork3-9810731b8432624c3817633ea0877dd80d0eea39.tar.gz