def authorizer(event: AuthorizerEvent, context: LambdaContext) \ -> AuthorizerResult: """Authorize API Gateway methods for the access token resource.""" session_id = get_session_id(event['headers']) if session_id: user_email = Session.fetch_user_email(session_id) else: user_email = None effect = 'Allow' if user_email else 'Deny' principal_id = user_email if user_email else '' statement = { 'Action': 'execute-api:Invoke', 'Effect': effect, 'Resource': event['methodArn'] } document = {'Version': '2012-10-17', 'Statement': [statement]} return { 'principalId': principal_id, 'policyDocument': cast(PolicyDocument, document) }
def test_verifies_session_id(self, get_session_from_token): sess_id = b'session-id' get_session_from_token.return_value = sess_id event = self._get_headers(cookie_val='foo') res = m.get_session_id(event) self.assertEqual(res, sess_id)
def test_correct_session_token(self, get_session_from_token): sess_token = 'my=session=token' sess_token_q = urllib.parse.quote(sess_token) event = self._get_headers(cookie_val=sess_token_q) m.get_session_id(event) self.assertEqual(get_session_from_token.call_args.args[0], sess_token)
def test_auth_error(self, get_session_from_token): get_session_from_token.side_effect = AuthenticationError() event = self._get_headers(cookie_val='foo') res = m.get_session_id(event) get_session_from_token.assert_called_once() self.assertEqual(res, None)
def test_invalid_cookie(self): headers = {'Cookie': 'invalid/cookie=value'} res = m.get_session_id(headers) self.assertEqual(res, None)
def test_missing_cookie(self): event = self._get_headers(cookie_val=None) res = m.get_session_id(event) self.assertEqual(res, None)
def test_no_cookie(self): res = m.get_session_id({}) self.assertEqual(res, None)