quay/auth/test/test_signedgrant.py

import pytest

from auth.signedgrant import validate_signed_grant, generate_signed_token, SIGNATURE_PREFIX
from auth.validateresult import AuthKind, ValidateResult

@pytest.mark.parametrize('header, expected_result', [
  ('', ValidateResult(AuthKind.signed_grant, missing=True)),
  ('somerandomtoken', ValidateResult(AuthKind.signed_grant, missing=True)),
  ('token somerandomtoken', ValidateResult(AuthKind.signed_grant, missing=True)),

  ('token ' + SIGNATURE_PREFIX + 'foo',
   ValidateResult(AuthKind.signed_grant, error_message='Signed grant could not be validated')),

  ('token ' + generate_signed_token({'a': 'b'}, {'c': 'd'}),
   ValidateResult(AuthKind.signed_grant, signed_data={'grants': {'a': 'b'}, 'user_context': {'c': 'd'}})),
])
def test_token(header, expected_result):
  assert validate_signed_grant(header) == expected_result
Refactor our auth handling code to be cleaner Breaks out the validation code from the auth context modification calls, makes decorators easier to define and adds testing for each individual piece. Will be the basis of better error messaging in the following change. 2017-03-16 21:05:26 +00:00			`import pytest`

			`from auth.signedgrant import validate_signed_grant, generate_signed_token, SIGNATURE_PREFIX`
			`from auth.validateresult import AuthKind, ValidateResult`

			`@pytest.mark.parametrize('header, expected_result', [`
			`('', ValidateResult(AuthKind.signed_grant, missing=True)),`
			`('somerandomtoken', ValidateResult(AuthKind.signed_grant, missing=True)),`
			`('token somerandomtoken', ValidateResult(AuthKind.signed_grant, missing=True)),`

			`('token ' + SIGNATURE_PREFIX + 'foo',`
			`ValidateResult(AuthKind.signed_grant, error_message='Signed grant could not be validated')),`

			`('token ' + generate_signed_token({'a': 'b'}, {'c': 'd'}),`
			`ValidateResult(AuthKind.signed_grant, signed_data={'grants': {'a': 'b'}, 'user_context': {'c': 'd'}})),`
			`])`
			`def test_token(header, expected_result):`
			`assert validate_signed_grant(header) == expected_result`