def test_lookup_request_user_session_oauth(dummy_user, mocker):
assert _lookup_request_user() == (None, None)
session.set_session_user(dummy_user)
mocker.patch('indico.web.util.get_oauth_user').return_value = dummy_user
with pytest.raises(BadRequest) as exc_info:
_lookup_request_user()
assert 'OAuth tokens and session cookies cannot be mixed' in str(exc_info.value)
def test_lookup_request_user_signed_url_oauth(dummy_user, mocker):
assert _lookup_request_user() == (None, None)
mocker.patch('indico.web.util.verify_signed_user_url').return_value = dummy_user
mocker.patch('indico.web.util.get_oauth_user').return_value = dummy_user
with pytest.raises(BadRequest) as exc_info:
_lookup_request_user()
assert 'OAuth tokens and signed URLs cannot be mixed' in str(exc_info.value)
def test_lookup_request_user_signed_url_not_allowed(create_user, dummy_user,
mocker):
assert _lookup_request_user(False) == (None, None)
mocker.patch(
'indico.web.util.verify_signed_user_url').return_value = dummy_user
with pytest.raises(BadRequest) as exc_info:
_lookup_request_user(False)
assert 'Signature auth is not allowed for this URL' in str(exc_info.value)
def test_lookup_request_user_oauth(dummy_user, mocker, method):
request = mocker.patch('indico.web.util.request')
request.method = method
request.full_path = '/test'
request.headers = {}
assert _lookup_request_user() == (None, None)
get_oauth_user = mocker.patch('indico.web.util.get_oauth_user')
get_oauth_user.return_value = dummy_user
assert _lookup_request_user() == (dummy_user, 'oauth')
scopes = ['read:everything', 'full:everything'] if method == 'GET' else ['full:everything']
get_oauth_user.assert_called_with(scopes)
def test_lookup_request_user_signed_url(create_user, dummy_user, mocker):
assert _lookup_request_user(True) == (None, None)
mocker.patch('indico.web.util.verify_signed_user_url').return_value = dummy_user
session.set_session_user(create_user(123)) # should be ignored
assert _lookup_request_user(True) == (dummy_user, 'signed_url')
def test_lookup_request_user_session(dummy_user):
assert _lookup_request_user() == (None, None)
session.set_session_user(dummy_user)
assert _lookup_request_user() == (dummy_user, 'session')