def test_denies_valid_macaroon_for_incorrect_permission(
self, monkeypatch, invalid_permission):
macaroon_service = pretend.stub(
verify=pretend.call_recorder(lambda *a: pretend.stub()))
request = pretend.stub(find_service=pretend.call_recorder(
lambda interface, **kw: macaroon_service))
get_current_request = pretend.call_recorder(lambda: request)
monkeypatch.setattr(auth_policy, "get_current_request",
get_current_request)
_extract_http_macaroon = pretend.call_recorder(
lambda r: b"not a real macaroon")
monkeypatch.setattr(auth_policy, "_extract_http_macaroon",
_extract_http_macaroon)
permits = pretend.stub()
backing_policy = pretend.stub(
permits=pretend.call_recorder(lambda *a, **kw: permits))
policy = auth_policy.MacaroonAuthorizationPolicy(policy=backing_policy)
result = policy.permits(pretend.stub(), pretend.stub(),
invalid_permission)
assert result == Denied("")
assert result.s == (
f"API tokens are not valid for permission: {invalid_permission}!")
def test_principals_allowed_by_permission(self):
principals = pretend.stub()
backing_policy = pretend.stub(principals_allowed_by_permission=pretend.
call_recorder(lambda *a: principals))
policy = auth_policy.MacaroonAuthorizationPolicy(policy=backing_policy)
assert (policy.principals_allowed_by_permission(
pretend.stub(), pretend.stub()) is principals)
def test_permits_no_active_request(self, monkeypatch):
get_current_request = pretend.call_recorder(lambda: None)
monkeypatch.setattr(auth_policy, "get_current_request", get_current_request)
backing_policy = pretend.stub(
permits=pretend.call_recorder(lambda *a, **kw: pretend.stub())
)
policy = auth_policy.MacaroonAuthorizationPolicy(policy=backing_policy)
result = policy.permits(pretend.stub(), pretend.stub(), pretend.stub())
assert result == Denied("There was no active request.")
def test_permits_no_macaroon(self, monkeypatch):
request = pretend.stub()
get_current_request = pretend.call_recorder(lambda: request)
monkeypatch.setattr(auth_policy, "get_current_request",
get_current_request)
_extract_http_macaroon = pretend.call_recorder(lambda r: None)
monkeypatch.setattr(auth_policy, "_extract_http_macaroon",
_extract_http_macaroon)
permits = pretend.stub()
backing_policy = pretend.stub(
permits=pretend.call_recorder(lambda *a, **kw: permits))
policy = auth_policy.MacaroonAuthorizationPolicy(policy=backing_policy)
result = policy.permits(pretend.stub(), pretend.stub(), pretend.stub())
assert result == permits
def test_permits_invalid_macaroon(self, monkeypatch):
macaroon_service = pretend.stub(verify=pretend.raiser(InvalidMacaroon("foo")))
request = pretend.stub(
find_service=pretend.call_recorder(lambda interface, **kw: macaroon_service)
)
get_current_request = pretend.call_recorder(lambda: request)
monkeypatch.setattr(auth_policy, "get_current_request", get_current_request)
_extract_http_macaroon = pretend.call_recorder(lambda r: b"not a real macaroon")
monkeypatch.setattr(
auth_policy, "_extract_http_macaroon", _extract_http_macaroon
)
permits = pretend.stub()
backing_policy = pretend.stub(
permits=pretend.call_recorder(lambda *a, **kw: permits)
)
policy = auth_policy.MacaroonAuthorizationPolicy(policy=backing_policy)
result = policy.permits(pretend.stub(), pretend.stub(), pretend.stub())
assert result == Denied("The supplied token was invalid: foo")
