quay/auth/test/test_oauth.py

import pytest

from auth.oauth import validate_bearer_auth, validate_oauth_token
from auth.validateresult import AuthKind, ValidateResult
from data import model
from test.fixtures import *


@pytest.mark.parametrize('header, expected_result', [
  ('', ValidateResult(AuthKind.oauth, missing=True)),
  ('somerandomtoken', ValidateResult(AuthKind.oauth, missing=True)),
  ('bearer some random token', ValidateResult(AuthKind.oauth, missing=True)),
  ('bearer invalidtoken',
   ValidateResult(AuthKind.oauth, error_message='OAuth access token could not be validated')),])
def test_bearer(header, expected_result, app):
  assert validate_bearer_auth(header) == expected_result


def test_valid_oauth(app):
  user = model.user.get_user('devtable')
  token = list(model.oauth.list_access_tokens_for_user(user))[0]

  result = validate_bearer_auth('bearer ' + token.access_token)
  assert result.oauthtoken == token
  assert result.authed_user == user
  assert result.auth_valid


def test_disabled_user_oauth(app):
  user = model.user.get_user('disabled')
  token = model.oauth.create_access_token_for_testing(user, 'deadbeef', 'repo:admin',
                                                      access_token='foo')

  result = validate_bearer_auth('bearer ' + token.access_token)
  assert result.oauthtoken is None
  assert result.authed_user is None
  assert not result.auth_valid
  assert result.error_message == 'Granter of the oauth access token is disabled'


def test_expired_token(app):
  user = model.user.get_user('devtable')
  token = model.oauth.create_access_token_for_testing(user, 'deadbeef', 'repo:admin',
                                                      access_token='bar', expires_in=-1000)

  result = validate_bearer_auth('bearer ' + token.access_token)
  assert result.oauthtoken is None
  assert result.authed_user is None
  assert not result.auth_valid
  assert result.error_message == 'OAuth access token has expired'