def test_identify(create_app_and_client):
@asyncio.coroutine
def create(request):
response = web.Response()
yield from remember(request, response, 'Andrew')
return response
@asyncio.coroutine
def check(request):
policy = request.app[IDENTITY_KEY]
user_id = yield from policy.identify(request)
assert 'Andrew' == user_id
return web.Response()
app, client = yield from create_app_and_client()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
app.router.add_route('POST', '/', create)
resp = yield from client.post('/')
assert 200 == resp.status
yield from resp.release()
resp = yield from client.get('/')
assert 200 == resp.status
yield from resp.release()
async def test_is_anonymous(loop, test_client):
async def index(request):
is_anon = await is_anonymous(request)
if is_anon:
return web.HTTPUnauthorized()
return web.HTTPOk()
async def login(request):
response = web.HTTPFound(location='/')
await remember(request, response, 'UserID')
return response
async def logout(request):
response = web.HTTPFound(location='/')
await forget(request, response)
return response
app = web.Application(loop=loop)
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', index)
app.router.add_route('POST', '/login', login)
app.router.add_route('POST', '/logout', logout)
client = await test_client(app)
resp = await client.get('/')
assert web.HTTPUnauthorized.status_code == resp.status
await client.post('/login')
resp = await client.get('/')
assert web.HTTPOk.status_code == resp.status
await client.post('/logout')
resp = await client.get('/')
assert web.HTTPUnauthorized.status_code == resp.status
def test_forget(create_app_and_client):
@asyncio.coroutine
def index(request):
return web.Response()
@asyncio.coroutine
def login(request):
response = web.HTTPFound(location='/')
yield from remember(request, response, 'Andrew')
return response
@asyncio.coroutine
def logout(request):
response = web.HTTPFound(location='/')
yield from forget(request, response)
return response
app, client = yield from create_app_and_client()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', index)
app.router.add_route('POST', '/login', login)
app.router.add_route('POST', '/logout', logout)
resp = yield from client.post('/login')
assert 200 == resp.status
assert resp.url.endswith('/')
assert 'Andrew' == client.cookies['AIOHTTP_SECURITY'].value
yield from resp.release()
resp = yield from client.post('/logout')
assert 200 == resp.status
assert resp.url.endswith('/')
assert '' == client.cookies['AIOHTTP_SECURITY'].value
yield from resp.release()
def test_authorized_userid(loop, test_client):
@asyncio.coroutine
def login(request):
response = web.HTTPFound(location='/')
yield from remember(request, response, 'UserID')
return response
@asyncio.coroutine
def check(request):
userid = yield from authorized_userid(request)
assert 'Andrew' == userid
return web.Response(text=userid)
app = web.Application(loop=loop)
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
app.router.add_route('POST', '/login', login)
client = yield from test_client(app)
resp = yield from client.post('/login')
assert 200 == resp.status
txt = yield from resp.text()
assert 'Andrew' == txt
yield from resp.release()
def test_identify(loop, test_client):
@asyncio.coroutine
def create(request):
response = web.Response()
yield from remember(request, response, 'Andrew')
return response
@asyncio.coroutine
def check(request):
policy = request.app[IDENTITY_KEY]
user_id = yield from policy.identify(request)
assert 'Andrew' == user_id
return web.Response()
app = web.Application(loop=loop)
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
app.router.add_route('POST', '/', create)
client = yield from test_client(app)
resp = yield from client.post('/')
assert 200 == resp.status
yield from resp.release()
resp = yield from client.get('/')
assert 200 == resp.status
yield from resp.release()
async def test_check_authorized(loop, aiohttp_client):
async def index(request):
await check_authorized(request)
return web.Response()
async def login(request):
response = web.HTTPFound(location='/')
await remember(request, response, 'UserID')
raise response
async def logout(request):
response = web.HTTPFound(location='/')
await forget(request, response)
raise response
app = web.Application()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', index)
app.router.add_route('POST', '/login', login)
app.router.add_route('POST', '/logout', logout)
client = await aiohttp_client(app)
resp = await client.get('/')
assert web.HTTPUnauthorized.status_code == resp.status
await client.post('/login')
resp = await client.get('/')
assert web.HTTPOk.status_code == resp.status
await client.post('/logout')
resp = await client.get('/')
assert web.HTTPUnauthorized.status_code == resp.status
async def test_forget(loop, aiohttp_client):
async def index(request):
return web.Response()
async def login(request):
response = web.HTTPFound(location='/')
await remember(request, response, 'Andrew')
raise response
async def logout(request):
response = web.HTTPFound(location='/')
await forget(request, response)
raise response
app = web.Application()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', index)
app.router.add_route('POST', '/login', login)
app.router.add_route('POST', '/logout', logout)
client = await aiohttp_client(app)
resp = await client.post('/login')
assert 200 == resp.status
assert str(resp.url).endswith('/')
cookies = client.session.cookie_jar.filter_cookies(
client.make_url('/'))
assert 'Andrew' == cookies['AIOHTTP_SECURITY'].value
resp = await client.post('/logout')
assert 200 == resp.status
assert str(resp.url).endswith('/')
cookies = client.session.cookie_jar.filter_cookies(
client.make_url('/'))
assert 'AIOHTTP_SECURITY' not in cookies
def test_permits(loop, test_client):
@asyncio.coroutine
def login(request):
response = web.HTTPFound(location='/')
yield from remember(request, response, 'UserID')
return response
@asyncio.coroutine
def check(request):
ret = yield from permits(request, 'read')
assert ret
ret = yield from permits(request, 'write')
assert ret
ret = yield from permits(request, 'unknown')
assert not ret
return web.Response()
app = web.Application(loop=loop)
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
app.router.add_route('POST', '/login', login)
client = yield from test_client(app)
resp = yield from client.post('/login')
assert 200 == resp.status
yield from resp.release()
def test_forget(create_app_and_client):
@asyncio.coroutine
def index(request):
return web.Response()
@asyncio.coroutine
def login(request):
response = web.HTTPFound(location='/')
yield from remember(request, response, 'Andrew')
return response
@asyncio.coroutine
def logout(request):
response = web.HTTPFound(location='/')
yield from forget(request, response)
return response
app, client = yield from create_app_and_client()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', index)
app.router.add_route('POST', '/login', login)
app.router.add_route('POST', '/logout', logout)
resp = yield from client.post('/login')
assert 200 == resp.status
assert resp.url.endswith('/')
assert 'Andrew' == client.cookies['AIOHTTP_SECURITY'].value
yield from resp.release()
resp = yield from client.post('/logout')
assert 200 == resp.status
assert resp.url.endswith('/')
with pytest.raises(KeyError):
_ = client.cookies['AIOHTTP_SECURITY'] # noqa
yield from resp.release()
def test_permits(create_app_and_client):
@asyncio.coroutine
def login(request):
response = web.HTTPFound(location='/')
yield from remember(request, response, 'UserID')
return response
@asyncio.coroutine
def check(request):
ret = yield from permits(request, 'read')
assert ret
ret = yield from permits(request, 'write')
assert ret
ret = yield from permits(request, 'unknown')
assert not ret
return web.Response()
app, client = yield from create_app_and_client()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
app.router.add_route('POST', '/login', login)
resp = yield from client.post('/login')
assert 200 == resp.status
yield from resp.release()
def test_forget(loop, test_client):
@asyncio.coroutine
def index(request):
return web.Response()
@asyncio.coroutine
def login(request):
response = web.HTTPFound(location='/')
yield from remember(request, response, 'Andrew')
return response
@asyncio.coroutine
def logout(request):
response = web.HTTPFound(location='/')
yield from forget(request, response)
return response
app = web.Application(loop=loop)
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', index)
app.router.add_route('POST', '/login', login)
app.router.add_route('POST', '/logout', logout)
client = yield from test_client(app)
resp = yield from client.post('/login')
assert 200 == resp.status
assert resp.url.endswith('/')
cookies = client.session.cookie_jar.filter_cookies(client.make_url('/'))
assert 'Andrew' == cookies['AIOHTTP_SECURITY'].value
yield from resp.release()
resp = yield from client.post('/logout')
assert 200 == resp.status
assert resp.url.endswith('/')
cookies = client.session.cookie_jar.filter_cookies(client.make_url('/'))
assert 'AIOHTTP_SECURITY' not in cookies
yield from resp.release()
async def test_has_permission(loop, aiohttp_client):
with pytest.warns(DeprecationWarning):
@has_permission('read')
async def index_read(request):
return web.Response()
@has_permission('write')
async def index_write(request):
return web.Response()
@has_permission('forbid')
async def index_forbid(request):
return web.Response()
async def login(request):
response = web.HTTPFound(location='/')
await remember(request, response, 'UserID')
return response
async def logout(request):
response = web.HTTPFound(location='/')
await forget(request, response)
raise response
app = web.Application()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/permission/read', index_read)
app.router.add_route('GET', '/permission/write', index_write)
app.router.add_route('GET', '/permission/forbid', index_forbid)
app.router.add_route('POST', '/login', login)
app.router.add_route('POST', '/logout', logout)
client = await aiohttp_client(app)
resp = await client.get('/permission/read')
assert web.HTTPUnauthorized.status_code == resp.status
resp = await client.get('/permission/write')
assert web.HTTPUnauthorized.status_code == resp.status
resp = await client.get('/permission/forbid')
assert web.HTTPUnauthorized.status_code == resp.status
await client.post('/login')
resp = await client.get('/permission/read')
assert web.HTTPOk.status_code == resp.status
resp = await client.get('/permission/write')
assert web.HTTPOk.status_code == resp.status
resp = await client.get('/permission/forbid')
assert web.HTTPForbidden.status_code == resp.status
await client.post('/logout')
resp = await client.get('/permission/read')
assert web.HTTPUnauthorized.status_code == resp.status
resp = await client.get('/permission/write')
assert web.HTTPUnauthorized.status_code == resp.status
resp = await client.get('/permission/forbid')
assert web.HTTPUnauthorized.status_code == resp.status
def test_authorized_userid_not_authorized(create_app_and_client):
@asyncio.coroutine
def check(request):
userid = yield from authorized_userid(request)
assert userid is None
return web.Response()
app, client = yield from create_app_and_client()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
resp = yield from client.get('/')
assert 200 == resp.status
yield from resp.release()
async def test_authorized_userid_not_authorized(loop, aiohttp_client):
async def check(request):
userid = await authorized_userid(request)
assert userid is None
return web.Response()
app = web.Application()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
client = await aiohttp_client(app)
resp = await client.get('/')
assert 200 == resp.status
def test_remember(create_app_and_client):
@asyncio.coroutine
def handler(request):
response = web.Response()
yield from remember(request, response, 'Andrew')
return response
app, client = yield from create_app_and_client()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', handler)
resp = yield from client.get('/')
assert 200 == resp.status
assert 'Andrew' == resp.cookies['AIOHTTP_SECURITY'].value
yield from resp.release()
def test_authorized_userid_not_authorized(create_app_and_client):
@asyncio.coroutine
def check(request):
userid = yield from authorized_userid(request)
assert userid is None
return web.Response()
app, client = yield from create_app_and_client()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
resp = yield from client.get('/')
assert 200 == resp.status
yield from resp.release()
async def test_remember(loop, aiohttp_client):
async def handler(request):
response = web.Response()
await remember(request, response, 'Andrew')
return response
app = web.Application()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', handler)
client = await aiohttp_client(app)
resp = await client.get('/')
assert 200 == resp.status
assert 'Andrew' == resp.cookies['AIOHTTP_SECURITY'].value
def test_remember(create_app_and_client):
@asyncio.coroutine
def handler(request):
response = web.Response()
yield from remember(request, response, 'Andrew')
return response
app, client = yield from create_app_and_client()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', handler)
resp = yield from client.get('/')
assert 200 == resp.status
assert 'Andrew' == client.cookies['AIOHTTP_SECURITY'].value
yield from resp.release()
async def test_permits_unauthorized(loop, aiohttp_client):
async def check(request):
ret = await permits(request, 'read')
assert not ret
ret = await permits(request, 'write')
assert not ret
ret = await permits(request, 'unknown')
assert not ret
return web.Response()
app = web.Application()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
client = await aiohttp_client(app)
resp = await client.get('/')
assert 200 == resp.status
async def test_authenticate_user_by_request(loop, aiohttp_client):
async def login(request):
credentials = await request.json()
user = await authenticate_user(credentials, request)
return web.Response(text=user)
app = web.Application()
_setup(app, CookiesIdentityPolicy(), Autz(), Auth())
app.router.add_route('POST', '/login', login)
client = await aiohttp_client(app)
resp = await client.post('/login',
json={'username': '******', 'password': '******'})
assert 200 == resp.status
txt = await resp.text()
assert 'Andrew' == txt
def test_permits_unauthorized(create_app_and_client):
@asyncio.coroutine
def check(request):
ret = yield from permits(request, 'read')
assert not ret
ret = yield from permits(request, 'write')
assert not ret
ret = yield from permits(request, 'unknown')
assert not ret
return web.Response()
app, client = yield from create_app_and_client()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
resp = yield from client.get('/')
assert 200 == resp.status
yield from resp.release()
def test_permits_unauthorized(create_app_and_client):
@asyncio.coroutine
def check(request):
ret = yield from permits(request, 'read')
assert not ret
ret = yield from permits(request, 'write')
assert not ret
ret = yield from permits(request, 'unknown')
assert not ret
return web.Response()
app, client = yield from create_app_and_client()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
resp = yield from client.get('/')
assert 200 == resp.status
yield from resp.release()
async def test_identify(loop, make_token, aiohttp_client):
kwt_secret_key = 'Key'
token = make_token({'login': '******'}, kwt_secret_key)
async def check(request):
policy = request.app[IDENTITY_KEY]
identity = await policy.identify(request)
assert 'Andrew' == identity['login']
return web.Response()
app = web.Application()
_setup(app, JWTIdentityPolicy(kwt_secret_key), Autz())
app.router.add_route('GET', '/', check)
client = await aiohttp_client(app)
headers = {'Authorization': 'Bearer {}'.format(token.decode('utf-8'))}
resp = await client.get('/', headers=headers)
assert 200 == resp.status
async def test_permits_enum_permission(loop, aiohttp_client):
class Permission(enum.Enum):
READ = '101'
WRITE = '102'
UNKNOWN = '103'
class Autz(AbstractAuthorizationPolicy):
async def permits(self, identity, permission, context=None):
if identity == 'UserID':
return permission in {Permission.READ, Permission.WRITE}
else:
return False
async def authorized_userid(self, identity):
if identity == 'UserID':
return 'Andrew'
else:
return None
async def login(request):
response = web.HTTPFound(location='/')
await remember(request, response, 'UserID')
raise response
async def check(request):
ret = await permits(request, Permission.READ)
assert ret
ret = await permits(request, Permission.WRITE)
assert ret
ret = await permits(request, Permission.UNKNOWN)
assert not ret
return web.Response()
app = web.Application()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
app.router.add_route('POST', '/login', login)
client = await aiohttp_client(app)
resp = await client.post('/login')
assert 200 == resp.status
async def test_provide_user(loop, aiohttp_client):
async def login(request):
response = web.HTTPFound(location='/')
await remember(request, response, 'UserID')
raise response
async def check(request):
user = await authorized_userid(request)
assert 'Andrew' == user
return web.Response(text=user)
app = web.Application()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
app.router.add_route('POST', '/login', login)
client = await aiohttp_client(app)
resp = await client.post('/login')
assert 200 == resp.status
txt = await resp.text()
assert 'Andrew' == txt
def test_forget(loop, test_client):
@asyncio.coroutine
def index(request):
return web.Response()
@asyncio.coroutine
def login(request):
response = web.HTTPFound(location='/')
yield from remember(request, response, 'Andrew')
return response
@asyncio.coroutine
def logout(request):
response = web.HTTPFound(location='/')
yield from forget(request, response)
return response
app = web.Application(loop=loop)
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', index)
app.router.add_route('POST', '/login', login)
app.router.add_route('POST', '/logout', logout)
client = yield from test_client(app)
resp = yield from client.post('/login')
assert 200 == resp.status
assert resp.url.endswith('/')
cookies = client.session.cookie_jar.filter_cookies(
client.make_url('/'))
assert 'Andrew' == cookies['AIOHTTP_SECURITY'].value
yield from resp.release()
resp = yield from client.post('/logout')
assert 200 == resp.status
assert resp.url.endswith('/')
cookies = client.session.cookie_jar.filter_cookies(
client.make_url('/'))
assert 'AIOHTTP_SECURITY' not in cookies
yield from resp.release()
async def test_identify(loop, aiohttp_client):
async def create(request):
response = web.Response()
await remember(request, response, 'Andrew')
return response
async def check(request):
policy = request.app[IDENTITY_KEY]
user_id = await policy.identify(request)
assert 'Andrew' == user_id
return web.Response()
app = web.Application()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
app.router.add_route('POST', '/', create)
client = await aiohttp_client(app)
resp = await client.post('/')
assert 200 == resp.status
await resp.release()
resp = await client.get('/')
assert 200 == resp.status
def test_authorized_userid(create_app_and_client):
@asyncio.coroutine
def login(request):
response = web.HTTPFound(location='/')
yield from remember(request, response, 'UserID')
return response
@asyncio.coroutine
def check(request):
userid = yield from authorized_userid(request)
assert 'Andrew' == userid
return web.Response(text=userid)
app, client = yield from create_app_and_client()
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
app.router.add_route('POST', '/login', login)
resp = yield from client.post('/login')
assert 200 == resp.status
txt = yield from resp.text()
assert 'Andrew' == txt
yield from resp.release()
async def test_identify_broken_scheme(loop, make_token, aiohttp_client):
kwt_secret_key = 'Key'
token = make_token({'login': '******'}, kwt_secret_key)
async def check(request):
policy = request.app[IDENTITY_KEY]
try:
await policy.identify(request)
except ValueError as exc:
raise web.HTTPBadRequest(reason=exc)
return web.Response()
app = web.Application()
_setup(app, JWTIdentityPolicy(kwt_secret_key), Autz())
app.router.add_route('GET', '/', check)
client = await aiohttp_client(app)
headers = {'Authorization': 'Token {}'.format(token.decode('utf-8'))}
resp = await client.get('/', headers=headers)
assert 400 == resp.status
assert 'Invalid authorization scheme' in resp.reason