import pytest from auth.oauth import validate_bearer_auth, validate_oauth_token from auth.validateresult import AuthKind, ValidateResult from data import model from test.fixtures import * @pytest.mark.parametrize('header, expected_result', [ ('', ValidateResult(AuthKind.oauth, missing=True)), ('somerandomtoken', ValidateResult(AuthKind.oauth, missing=True)), ('bearer some random token', ValidateResult(AuthKind.oauth, missing=True)), ('bearer invalidtoken', ValidateResult(AuthKind.oauth, error_message='OAuth access token could not be validated')),]) def test_bearer(header, expected_result, app): assert validate_bearer_auth(header) == expected_result def test_valid_oauth(app): user = model.user.get_user('devtable') token = list(model.oauth.list_access_tokens_for_user(user))[0] result = validate_bearer_auth('bearer ' + token.access_token) assert result.oauthtoken == token assert result.authed_user == user assert result.auth_valid def test_disabled_user_oauth(app): user = model.user.get_user('disabled') token = model.oauth.create_access_token_for_testing(user, 'deadbeef', 'repo:admin', access_token='foo') result = validate_bearer_auth('bearer ' + token.access_token) assert result.oauthtoken is None assert result.authed_user is None assert not result.auth_valid assert result.error_message == 'Granter of the oauth access token is disabled' def test_expired_token(app): user = model.user.get_user('devtable') token = model.oauth.create_access_token_for_testing(user, 'deadbeef', 'repo:admin', access_token='bar', expires_in=-1000) result = validate_bearer_auth('bearer ' + token.access_token) assert result.oauthtoken is None assert result.authed_user is None assert not result.auth_valid assert result.error_message == 'OAuth access token has expired'