2017-03-16 21:05:26 +00:00
|
|
|
import pytest
|
|
|
|
|
|
|
|
from auth.oauth import validate_bearer_auth, validate_oauth_token
|
|
|
|
from auth.validateresult import AuthKind, ValidateResult
|
|
|
|
from data import model
|
2017-04-24 17:49:29 +00:00
|
|
|
from test.fixtures import *
|
2017-03-16 21:05:26 +00:00
|
|
|
|
|
|
|
@pytest.mark.parametrize('header, expected_result', [
|
|
|
|
('', ValidateResult(AuthKind.oauth, missing=True)),
|
|
|
|
('somerandomtoken', ValidateResult(AuthKind.oauth, missing=True)),
|
|
|
|
('bearer some random token', ValidateResult(AuthKind.oauth, missing=True)),
|
|
|
|
|
|
|
|
('bearer invalidtoken',
|
|
|
|
ValidateResult(AuthKind.oauth, error_message='OAuth access token could not be validated')),
|
|
|
|
])
|
|
|
|
def test_bearer(header, expected_result, app):
|
|
|
|
assert validate_bearer_auth(header) == expected_result
|
|
|
|
|
|
|
|
def test_valid_oauth(app):
|
|
|
|
user = model.user.get_user('devtable')
|
|
|
|
token = list(model.oauth.list_access_tokens_for_user(user))[0]
|
|
|
|
|
|
|
|
result = validate_bearer_auth('bearer ' + token.access_token)
|
|
|
|
assert result.oauthtoken == token
|
|
|
|
assert result.authed_user == user
|
|
|
|
assert result.auth_valid
|
|
|
|
|
|
|
|
def test_disabled_user_oauth(app):
|
|
|
|
user = model.user.get_user('disabled')
|
|
|
|
token = model.oauth.create_access_token_for_testing(user, 'deadbeef', 'repo:admin',
|
|
|
|
access_token='foo')
|
|
|
|
|
|
|
|
result = validate_bearer_auth('bearer ' + token.access_token)
|
|
|
|
assert result.oauthtoken is None
|
|
|
|
assert result.authed_user is None
|
|
|
|
assert not result.auth_valid
|
|
|
|
assert result.error_message == 'Granter of the oauth access token is disabled'
|
|
|
|
|
|
|
|
def test_expired_token(app):
|
|
|
|
user = model.user.get_user('devtable')
|
|
|
|
token = model.oauth.create_access_token_for_testing(user, 'deadbeef', 'repo:admin',
|
|
|
|
access_token='bar', expires_in=-1000)
|
|
|
|
|
|
|
|
result = validate_bearer_auth('bearer ' + token.access_token)
|
|
|
|
assert result.oauthtoken is None
|
|
|
|
assert result.authed_user is None
|
|
|
|
assert not result.auth_valid
|
|
|
|
assert result.error_message == 'OAuth access token has expired'
|