From 9810731b8432624c3817633ea0877dd80d0eea39 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Thu, 24 Nov 2022 13:53:59 +0300 Subject: auth: Check for authentication and fix errors * gn3/auth/authorisation/groups.py: base `MembershipError` on new `AuthorisationError` base exception. Use new authentication checking decorator. * gn3/auth/authorisation/privileges.py: Change argument to User object rather than UUID object * gn3/auth/authorisation/roles.py: Use new authentication checking decorator. * tests/unit/auth/test_groups.py: use `conftest.TEST_USER` * tests/unit/auth/test_privileges.py: use `conftest.TEST_USER` * tests/unit/auth/test_roles.py: use `conftest.TEST_USER` --- tests/unit/auth/test_groups.py | 48 ++++++++++++++++++-------------------- tests/unit/auth/test_privileges.py | 16 ++++++------- tests/unit/auth/test_roles.py | 19 +++++++-------- 3 files changed, 39 insertions(+), 44 deletions(-) (limited to 'tests/unit') diff --git a/tests/unit/auth/test_groups.py b/tests/unit/auth/test_groups.py index 225bb59..22d90f4 100644 --- a/tests/unit/auth/test_groups.py +++ b/tests/unit/auth/test_groups.py @@ -10,6 +10,8 @@ from gn3.auth.authorisation.privileges import Privilege from gn3.auth.authorisation.groups import ( Group, GroupRole, create_group, MembershipError, create_group_role) +from tests.unit.auth import conftest + create_group_failure = { "status": "error", "message": "Unauthorised: Failed to create group." @@ -26,15 +28,13 @@ PRIVILEGES = ( @pytest.mark.unit_test @pytest.mark.parametrize( - "user_id,expected", ( - ("ecb52977-3004-469e-9428-2a1856725c7f", Group( - UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group")), - ("21351b66-8aad-475b-84ac-53ce528451e3", create_group_failure), - ("ae9c6245-0966-41a5-9a5e-20885a96bea7", create_group_failure), - ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", create_group_failure), - ("e614247d-84d2-491d-a048-f80b578216cb", create_group_failure))) + "user,expected", tuple(zip(conftest.TEST_USERS, ( + Group( + UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group"), + create_group_failure, create_group_failure, create_group_failure, + create_group_failure)))) def test_create_group(# pylint: disable=[too-many-arguments] - test_app, auth_testdb_path, mocker, test_users, user_id, expected):# pylint: disable=[unused-argument] + test_app, auth_testdb_path, mocker, test_users, user, expected):# pylint: disable=[unused-argument] """ GIVEN: an authenticated user WHEN: the user attempts to create a group @@ -43,10 +43,9 @@ def test_create_group(# pylint: disable=[too-many-arguments] """ mocker.patch("gn3.auth.authorisation.groups.uuid4", uuid_fn) with test_app.app_context() as flask_context: - flask_context.g.user_id = UUID(user_id) + flask_context.g.user = user with db.connection(auth_testdb_path) as conn: - assert create_group(conn, "a_test_group", User( - UUID(user_id), "some@email.address", "a_test_user")) == expected + assert create_group(conn, "a_test_group", user) == expected create_role_failure = { "status": "error", @@ -55,16 +54,14 @@ create_role_failure = { @pytest.mark.unit_test @pytest.mark.parametrize( - "user_id,expected", ( - ("ecb52977-3004-469e-9428-2a1856725c7f", GroupRole( - UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), - Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), - "ResourceEditor", PRIVILEGES))), - ("21351b66-8aad-475b-84ac-53ce528451e3", create_role_failure), - ("ae9c6245-0966-41a5-9a5e-20885a96bea7", create_role_failure), - ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", create_role_failure), - ("e614247d-84d2-491d-a048-f80b578216cb", create_role_failure))) -def test_create_group_role(mocker, test_users_in_group, test_app, user_id, expected): + "user,expected", tuple(zip(conftest.TEST_USERS, ( + GroupRole( + UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), + Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), + "ResourceEditor", PRIVILEGES)), + create_role_failure, create_role_failure, create_role_failure, + create_role_failure)))) +def test_create_group_role(mocker, test_users_in_group, test_app, user, expected): """ GIVEN: an authenticated user WHEN: the user attempts to create a role, attached to a group @@ -75,7 +72,7 @@ def test_create_group_role(mocker, test_users_in_group, test_app, user_id, expec mocker.patch("gn3.auth.authorisation.roles.uuid4", uuid_fn) conn, _group, _users = test_users_in_group with test_app.app_context() as flask_context: - flask_context.g.user_id = UUID(user_id) + flask_context.g.user = user assert create_group_role( conn, GROUP, "ResourceEditor", PRIVILEGES) == expected @@ -89,11 +86,12 @@ def test_create_multiple_groups(mocker, test_app, test_users): message """ mocker.patch("gn3.auth.authorisation.groups.uuid4", uuid_fn) - user_id = UUID("ecb52977-3004-469e-9428-2a1856725c7f") + user = User( + UUID("ecb52977-3004-469e-9428-2a1856725c7f"), "group@lead.er", + "Group Leader") conn, _test_users = test_users with test_app.app_context() as flask_context: - flask_context.g.user_id = user_id - user = User(user_id, "some@email.address", "a_test_user") + flask_context.g.user = user # First time, successfully creates the group assert create_group(conn, "a_test_group", user) == Group( UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group") diff --git a/tests/unit/auth/test_privileges.py b/tests/unit/auth/test_privileges.py index 2514f9d..3586e90 100644 --- a/tests/unit/auth/test_privileges.py +++ b/tests/unit/auth/test_privileges.py @@ -6,6 +6,8 @@ import pytest from gn3.auth import db from gn3.auth.authorisation.privileges import Privilege, user_privileges +from tests.unit.auth import conftest + SORT_KEY = lambda x: x.privilege_name PRIVILEGES = sorted( @@ -33,18 +35,14 @@ PRIVILEGES = sorted( @pytest.mark.unit_test @pytest.mark.parametrize( - "user_id,expected", ( - ("ecb52977-3004-469e-9428-2a1856725c7f", PRIVILEGES), - ("21351b66-8aad-475b-84ac-53ce528451e3", []), - ("ae9c6245-0966-41a5-9a5e-20885a96bea7", []), - ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", []), - ("e614247d-84d2-491d-a048-f80b578216cb", []))) -def test_user_privileges(auth_testdb_path, test_users, user_id, expected):# pylint: disable=[unused-argument] + "user,expected", tuple(zip( + conftest.TEST_USERS, (PRIVILEGES, [], [], [], [])))) +def test_user_privileges(auth_testdb_path, test_users, user, expected):# pylint: disable=[unused-argument] """ - GIVEN: A user_id + GIVEN: A user WHEN: An attempt is made to fetch the user's privileges THEN: Ensure only """ with db.connection(auth_testdb_path) as conn: assert sorted( - user_privileges(conn, UUID(user_id)), key=SORT_KEY) == expected + user_privileges(conn, user), key=SORT_KEY) == expected diff --git a/tests/unit/auth/test_roles.py b/tests/unit/auth/test_roles.py index 70663b3..b6e681d 100644 --- a/tests/unit/auth/test_roles.py +++ b/tests/unit/auth/test_roles.py @@ -7,6 +7,8 @@ from gn3.auth import db from gn3.auth.authorisation.privileges import Privilege from gn3.auth.authorisation.roles import Role, create_role +from tests.unit.auth import conftest + create_role_failure = { "status": "error", "message": "Unauthorised: Could not create role" @@ -22,16 +24,13 @@ PRIVILEGES = ( @pytest.mark.unit_test @pytest.mark.parametrize( - "user_id,expected", ( - ("ecb52977-3004-469e-9428-2a1856725c7f", Role( - uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_role", - PRIVILEGES)), - ("21351b66-8aad-475b-84ac-53ce528451e3", create_role_failure), - ("ae9c6245-0966-41a5-9a5e-20885a96bea7", create_role_failure), - ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", create_role_failure), - ("e614247d-84d2-491d-a048-f80b578216cb", create_role_failure))) + "user,expected", tuple(zip(conftest.TEST_USERS, ( + Role( + uuid.UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_role", + PRIVILEGES), create_role_failure, create_role_failure, + create_role_failure, create_role_failure)))) def test_create_role(# pylint: disable=[too-many-arguments] - test_app, auth_testdb_path, mocker, test_users, user_id, expected):# pylint: disable=[unused-argument] + test_app, auth_testdb_path, mocker, test_users, user, expected):# pylint: disable=[unused-argument] """ GIVEN: an authenticated user WHEN: the user attempts to create a role @@ -40,7 +39,7 @@ def test_create_role(# pylint: disable=[too-many-arguments] """ mocker.patch("gn3.auth.authorisation.roles.uuid4", uuid_fn) with test_app.app_context() as flask_context: - flask_context.g.user_id = uuid.UUID(user_id) + flask_context.g.user = user with db.connection(auth_testdb_path) as conn, db.cursor(conn) as cursor: the_role = create_role(cursor, "a_test_role", PRIVILEGES) assert the_role == expected -- cgit v1.2.3