def test_raises_when_malformed_client_id(self,
basic_auth_creds,
pyramid_request):
basic_auth_creds.return_value = ('foobar', 'somerandomsecret')
with pytest.raises(ClientUnauthorized):
util.request_auth_client(pyramid_request)
def test_raises_when_malformed_client_id(self,
basic_auth_creds,
pyramid_request):
basic_auth_creds.return_value = ('foobar', 'somerandomsecret')
with pytest.raises(ClientUnauthorized):
util.request_auth_client(pyramid_request)
def test_raises_for_public_client(self, factories, basic_auth_creds,
pyramid_request):
auth_client = factories.AuthClient(authority='weylandindustries.com')
basic_auth_creds.return_value = (auth_client.id, '')
with pytest.raises(ClientUnauthorized):
util.request_auth_client(pyramid_request)
def test_raises_when_client_secret_invalid(self, auth_client,
basic_auth_creds,
pyramid_request):
basic_auth_creds.return_value = (auth_client.id, 'incorrectsecret')
with pytest.raises(ClientUnauthorized):
util.request_auth_client(pyramid_request)
def test_raises_when_no_client(self,
basic_auth_creds,
pyramid_request):
basic_auth_creds.return_value = ('C69BA868-5089-4EE4-ABB6-63A1C38C395B',
'somerandomsecret')
with pytest.raises(ClientUnauthorized):
util.request_auth_client(pyramid_request)
def test_raises_when_client_secret_invalid(self,
auth_client,
basic_auth_creds,
pyramid_request):
basic_auth_creds.return_value = (auth_client.id, 'incorrectsecret')
with pytest.raises(ClientUnauthorized):
util.request_auth_client(pyramid_request)
def test_raises_when_no_client(self,
basic_auth_creds,
pyramid_request):
basic_auth_creds.return_value = ('C69BA868-5089-4EE4-ABB6-63A1C38C395B',
'somerandomsecret')
with pytest.raises(ClientUnauthorized):
util.request_auth_client(pyramid_request)
def test_raises_for_public_client(self,
factories,
basic_auth_creds,
pyramid_request):
auth_client = factories.AuthClient(authority='weylandindustries.com')
basic_auth_creds.return_value = (auth_client.id, '')
with pytest.raises(ClientUnauthorized):
util.request_auth_client(pyramid_request)
def test_raises_for_invalid_client_grant_type(self,
factories,
basic_auth_creds,
pyramid_request):
auth_client = factories.ConfidentialAuthClient(authority='weylandindustries.com',
grant_type=GrantType.authorization_code)
basic_auth_creds.return_value = (auth_client.id, auth_client.secret)
with pytest.raises(ClientUnauthorized):
util.request_auth_client(pyramid_request)
def test_raises_for_invalid_client_grant_type(self, factories,
basic_auth_creds,
pyramid_request):
auth_client = factories.ConfidentialAuthClient(
authority='weylandindustries.com',
grant_type=GrantType.authorization_code)
basic_auth_creds.return_value = (auth_client.id, auth_client.secret)
with pytest.raises(ClientUnauthorized):
util.request_auth_client(pyramid_request)
def create(request):
"""
Create a user.
This API endpoint allows authorised clients (those able to provide a valid
Client ID and Client Secret) to create users in their authority. These
users are created pre-activated, and are unable to log in to the web
service directly.
"""
client = request_auth_client(request)
schema = CreateUserAPISchema()
appstruct = schema.validate(_json_payload(request))
validate_auth_client_authority(client, appstruct)
appstruct['authority'] = client.authority
user_unique_service = request.find_service(name='user_unique')
try:
user_unique_service.ensure_unique(appstruct,
authority=client.authority)
except DuplicateUserError as err:
raise ConflictError(err)
user_signup_service = request.find_service(name='user_signup')
user = user_signup_service.signup(require_activation=False, **appstruct)
presenter = UserJSONPresenter(user)
return presenter.asdict()
def create(request):
"""
Create a user.
This API endpoint allows authorised clients (those able to provide a valid
Client ID and Client Secret) to create users in their authority. These
users are created pre-activated, and are unable to log in to the web
service directly.
"""
client = request_auth_client(request)
schema = CreateUserAPISchema()
appstruct = schema.validate(_json_payload(request))
validate_auth_client_authority(client, appstruct['authority'])
appstruct['authority'] = client.authority
user_unique_service = request.find_service(name='user_unique')
try:
user_unique_service.ensure_unique(appstruct, authority=client.authority)
except DuplicateUserError as err:
raise ConflictError(err)
user_signup_service = request.find_service(name='user_signup')
user = user_signup_service.signup(require_activation=False, **appstruct)
presenter = UserJSONPresenter(user)
return presenter.asdict()
def update(request):
"""
Update a user.
This API endpoint allows authorised clients (those able to provide a valid
Client ID and Client Secret) to update users in their authority.
"""
client = request_auth_client(request)
user_svc = request.find_service(name='user')
user = user_svc.fetch(request.matchdict['username'], client.authority)
if user is None:
raise HTTPNotFound()
schema = UpdateUserAPISchema()
appstruct = schema.validate(_json_payload(request))
_update_user(user, appstruct)
presenter = UserJSONPresenter(user)
return presenter.asdict()
def update(request):
"""
Update a user.
This API endpoint allows authorised clients (those able to provide a valid
Client ID and Client Secret) to update users in their authority.
"""
client = request_auth_client(request)
user_svc = request.find_service(name='user')
user = user_svc.fetch(request.matchdict['username'],
client.authority)
if user is None:
raise HTTPNotFound()
schema = UpdateUserAPISchema()
appstruct = schema.validate(_json_payload(request))
_update_user(user, appstruct)
presenter = UserJSONPresenter(user)
return presenter.asdict()
def add_member(group, request):
"""Add a member to a given group.
:raises HTTPNotFound: if the user is not found or if the use and group
authorities don't match.
"""
client = request_auth_client(request)
user_svc = request.find_service(name='user')
group_svc = request.find_service(name='group')
user = user_svc.fetch(request.matchdict['userid'])
if user is None:
raise HTTPNotFound()
validate_auth_client_authority(client, user.authority)
if user.authority != group.authority:
raise HTTPNotFound()
group_svc.member_join(group, user.userid)
return HTTPNoContent()
def test_returns_client_when_valid_creds(self, pyramid_request,
auth_client, valid_auth):
client = util.request_auth_client(pyramid_request)
assert client == auth_client
def test_returns_client_when_valid_creds(self, pyramid_request, auth_client, valid_auth):
client = util.request_auth_client(pyramid_request)
assert client == auth_client
def test_raises_when_no_creds(self, pyramid_request, basic_auth_creds):
with pytest.raises(ClientUnauthorized):
util.request_auth_client(pyramid_request)
def test_raises_when_no_creds(self, pyramid_request, basic_auth_creds):
with pytest.raises(ClientUnauthorized):
util.request_auth_client(pyramid_request)
