diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/unit/auth/conftest.py | 22 | ||||
| -rw-r--r-- | tests/unit/auth/fixtures/oauth2_client_fixtures.py | 5 | ||||
| -rw-r--r-- | tests/unit/auth/test_groups.py | 62 | ||||
| -rw-r--r-- | tests/unit/auth/test_resources.py | 23 | ||||
| -rw-r--r-- | tests/unit/auth/test_roles.py | 20 |
5 files changed, 79 insertions, 53 deletions
diff --git a/tests/unit/auth/conftest.py b/tests/unit/auth/conftest.py index 7082910..a7c64a8 100644 --- a/tests/unit/auth/conftest.py +++ b/tests/unit/auth/conftest.py @@ -1,2 +1,24 @@ """Module for fixtures and test utilities""" +import uuid +import datetime +from contextlib import contextmanager + +from gn3.auth.authentication.oauth2.models.oauth2token import OAuth2Token + from .fixtures import * # pylint: disable=[wildcard-import,unused-wildcard-import] + +def get_tokeniser(user): + """Get contextmanager for mocking token acquisition.""" + @contextmanager + def __token__(*args, **kwargs):# pylint: disable=[unused-argument] + yield { + usr.user_id: OAuth2Token( + token_id=uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), + client=None, token_type="Bearer", access_token="123456ABCDE", + refresh_token=None, revoked=False, expires_in=864000, + user=usr, issued_at=int(datetime.datetime.now().timestamp()), + scope="profile group role resource register-client") + for usr in TEST_USERS + }[user.user_id] + + return __token__ diff --git a/tests/unit/auth/fixtures/oauth2_client_fixtures.py b/tests/unit/auth/fixtures/oauth2_client_fixtures.py index 040da87..41d3ed4 100644 --- a/tests/unit/auth/fixtures/oauth2_client_fixtures.py +++ b/tests/unit/auth/fixtures/oauth2_client_fixtures.py @@ -24,11 +24,12 @@ def fxtr_oauth2_clients(fxtr_users_with_passwords): now + datetime.timedelta(hours = 2), { "client_name": f"test_client_{idx:03}", - "scope": ["user", "profile"], + "scope": ["profile", "group", "role", "resource", "register-client"], "redirect_uri": "/test_oauth2", "token_endpoint_auth_method": [ "client_secret_post", "client_secret_basic"], - "grant_types": ["password"] + "grant_types": ["password", "authorisation_code", "refresh_token"], + "response_type": "token" }, user) for idx, user in enumerate(users, start=1)) diff --git a/tests/unit/auth/test_groups.py b/tests/unit/auth/test_groups.py index 18f9b23..7f4f02b 100644 --- a/tests/unit/auth/test_groups.py +++ b/tests/unit/auth/test_groups.py @@ -10,8 +10,7 @@ from gn3.auth.authorisation.roles import Role from gn3.auth.authorisation.privileges import Privilege from gn3.auth.authorisation.errors import AuthorisationError from gn3.auth.authorisation.groups.models import ( - Group, GroupRole, user_group, create_group, MembershipError, - create_group_role) + Group, GroupRole, user_group, create_group, create_group_role) from tests.unit.auth import conftest @@ -47,11 +46,11 @@ def test_create_group(# pylint: disable=[too-many-arguments] appropriate privileges """ mocker.patch("gn3.auth.authorisation.groups.models.uuid4", uuid_fn) - with fxtr_app.app_context() as flask_context: - flask_context.g.user = user - with db.connection(auth_testdb_path) as conn: - assert create_group( - conn, "a_test_group", user, "A test group") == expected + mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire", + conftest.get_tokeniser(user)) + with db.connection(auth_testdb_path) as conn: + assert create_group( + conn, "a_test_group", user, "A test group") == expected @pytest.mark.unit_test @pytest.mark.parametrize("user", conftest.TEST_USERS[1:]) @@ -63,11 +62,11 @@ def test_create_group_raises_exception_with_non_privileged_user(# pylint: disabl THEN: verify the system raises an exception """ mocker.patch("gn3.auth.authorisation.groups.models.uuid4", uuid_fn) - with fxtr_app.app_context() as flask_context: - flask_context.g.user = user - with db.connection(auth_testdb_path) as conn: - with pytest.raises(AuthorisationError): - assert create_group(conn, "a_test_group", user, "A test group") + mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire", + conftest.get_tokeniser(user)) + with db.connection(auth_testdb_path) as conn: + with pytest.raises(AuthorisationError): + assert create_group(conn, "a_test_group", user, "A test group") create_role_failure = { "status": "error", @@ -82,7 +81,7 @@ create_role_failure = { GROUP, Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "ResourceEditor", PRIVILEGES)),)))) -def test_create_group_role(mocker, fxtr_users_in_group, fxtr_app, user, expected): +def test_create_group_role(mocker, fxtr_users_in_group, user, expected): """ GIVEN: an authenticated user WHEN: the user attempts to create a role, attached to a group @@ -91,9 +90,10 @@ def test_create_group_role(mocker, fxtr_users_in_group, fxtr_app, user, expected """ mocker.patch("gn3.auth.authorisation.groups.models.uuid4", uuid_fn) mocker.patch("gn3.auth.authorisation.roles.models.uuid4", uuid_fn) + mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire", + conftest.get_tokeniser(user)) conn, _group, _users = fxtr_users_in_group - with fxtr_app.app_context() as flask_context, db.cursor(conn) as cursor: - flask_context.g.user = user + with db.cursor(conn) as cursor: assert create_group_role( conn, GROUP, "ResourceEditor", PRIVILEGES) == expected # cleanup @@ -107,7 +107,7 @@ def test_create_group_role(mocker, fxtr_users_in_group, fxtr_app, user, expected "user,expected", tuple(zip(conftest.TEST_USERS[1:], ( create_role_failure, create_role_failure, create_role_failure)))) def test_create_group_role_raises_exception_with_unauthorised_users( - mocker, fxtr_users_in_group, fxtr_app, user, expected): + mocker, fxtr_users_in_group, user, expected): """ GIVEN: an authenticated user WHEN: the user attempts to create a role, attached to a group @@ -116,15 +116,15 @@ def test_create_group_role_raises_exception_with_unauthorised_users( """ mocker.patch("gn3.auth.authorisation.groups.models.uuid4", uuid_fn) mocker.patch("gn3.auth.authorisation.roles.models.uuid4", uuid_fn) + mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire", + conftest.get_tokeniser(user)) conn, _group, _users = fxtr_users_in_group - with fxtr_app.app_context() as flask_context: - flask_context.g.user = user - with pytest.raises(AuthorisationError): - assert create_group_role( - conn, GROUP, "ResourceEditor", PRIVILEGES) == expected + with pytest.raises(AuthorisationError): + assert create_group_role( + conn, GROUP, "ResourceEditor", PRIVILEGES) == expected @pytest.mark.unit_test -def test_create_multiple_groups(mocker, fxtr_app, fxtr_users): +def test_create_multiple_groups(mocker, fxtr_users): """ GIVEN: An authenticated user with appropriate authorisation WHEN: The user attempts to create a new group, while being a member of an @@ -136,16 +136,16 @@ def test_create_multiple_groups(mocker, fxtr_app, fxtr_users): user = User( UUID("ecb52977-3004-469e-9428-2a1856725c7f"), "group@lead.er", "Group Leader") + mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire", + conftest.get_tokeniser(user)) conn, _test_users = fxtr_users - with fxtr_app.app_context() as flask_context: - flask_context.g.user = user - # First time, successfully creates the group - assert create_group(conn, "a_test_group", user) == Group( - UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group", - {}) - # subsequent attempts should fail - with pytest.raises(MembershipError): - create_group(conn, "another_test_group", user) + # First time, successfully creates the group + assert create_group(conn, "a_test_group", user) == Group( + UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group", + {}) + # subsequent attempts should fail + with pytest.raises(AuthorisationError): + create_group(conn, "another_test_group", user) @pytest.mark.unit_test @pytest.mark.parametrize( diff --git a/tests/unit/auth/test_resources.py b/tests/unit/auth/test_resources.py index a360442..7e3d9ad 100644 --- a/tests/unit/auth/test_resources.py +++ b/tests/unit/auth/test_resources.py @@ -4,6 +4,7 @@ import uuid import pytest from gn3.auth import db + from gn3.auth.authorisation.groups import Group from gn3.auth.authorisation.errors import AuthorisationError from gn3.auth.authorisation.resources.models import ( @@ -30,14 +31,16 @@ uuid_fn = lambda : uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b") (Resource( group, uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "test_resource", resource_category, False),)))) -def test_create_resource(mocker, fxtr_app, fxtr_users_in_group, user, expected): +def test_create_resource(mocker, fxtr_users_in_group, user, expected): """Test that resource creation works as expected.""" mocker.patch("gn3.auth.authorisation.resources.models.uuid4", uuid_fn) + mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire", + conftest.get_tokeniser(user)) conn, _group, _users = fxtr_users_in_group - with fxtr_app.app_context() as flask_context, db.cursor(conn) as cursor: - flask_context.g.user = user - assert create_resource(conn, "test_resource", resource_category) == expected + assert create_resource( + conn, "test_resource", resource_category, user) == expected + with db.cursor(conn) as cursor: # Cleanup cursor.execute( "DELETE FROM resources WHERE resource_id=?", (str(uuid_fn()),)) @@ -50,15 +53,15 @@ def test_create_resource(mocker, fxtr_app, fxtr_users_in_group, user, expected): (create_resource_failure, create_resource_failure, create_resource_failure)))) def test_create_resource_raises_for_unauthorised_users( - mocker, fxtr_app, fxtr_users_in_group, user, expected): + mocker, fxtr_users_in_group, user, expected): """Test that resource creation works as expected.""" mocker.patch("gn3.auth.authorisation.resources.models.uuid4", uuid_fn) + mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire", + conftest.get_tokeniser(user)) conn, _group, _users = fxtr_users_in_group - with fxtr_app.app_context() as flask_context: - flask_context.g.user = user - with pytest.raises(AuthorisationError): - assert create_resource( - conn, "test_resource", resource_category) == expected + with pytest.raises(AuthorisationError): + assert create_resource( + conn, "test_resource", resource_category, user) == expected SORTKEY = lambda resource: resource.resource_id diff --git a/tests/unit/auth/test_roles.py b/tests/unit/auth/test_roles.py index 9152042..30b7f43 100644 --- a/tests/unit/auth/test_roles.py +++ b/tests/unit/auth/test_roles.py @@ -37,11 +37,11 @@ def test_create_role(# pylint: disable=[too-many-arguments] appropriate privileges """ mocker.patch("gn3.auth.authorisation.roles.models.uuid4", uuid_fn) - with fxtr_app.app_context() as flask_context: - flask_context.g.user = user - with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor: - the_role = create_role(cursor, "a_test_role", PRIVILEGES) - assert the_role == expected + mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire", + conftest.get_tokeniser(user)) + with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor: + the_role = create_role(cursor, "a_test_role", PRIVILEGES) + assert the_role == expected @pytest.mark.unit_test @pytest.mark.parametrize( @@ -56,11 +56,11 @@ def test_create_role_raises_exception_for_unauthorised_users(# pylint: disable=[ appropriate privileges """ mocker.patch("gn3.auth.authorisation.roles.models.uuid4", uuid_fn) - with fxtr_app.app_context() as flask_context: - flask_context.g.user = user - with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor: - with pytest.raises(AuthorisationError): - create_role(cursor, "a_test_role", PRIVILEGES) + mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire", + conftest.get_tokeniser(user)) + with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor: + with pytest.raises(AuthorisationError): + create_role(cursor, "a_test_role", PRIVILEGES) @pytest.mark.unit_test @pytest.mark.parametrize( |