async def test_add(factory: ComponentFactory) -> None:
admin_service = factory.create_admin_service()
async with factory.session.begin():
assert await admin_service.get_admins() == [Admin(username="******")]
await admin_service.add_admin(
"example", actor="admin", ip_address="192.168.0.1"
)
async with factory.session.begin():
assert await admin_service.get_admins() == [
Admin(username="******"),
Admin(username="******"),
]
assert await admin_service.is_admin("example")
assert not await admin_service.is_admin("foo")
async with factory.session.begin():
with pytest.raises(PermissionDeniedError):
await admin_service.add_admin(
"foo", actor="bar", ip_address="127.0.0.1"
)
async with factory.session.begin():
await admin_service.add_admin(
"foo", actor="<bootstrap>", ip_address="127.0.0.1"
)
async with factory.session.begin():
assert await admin_service.is_admin("foo")
assert not await admin_service.is_admin("<bootstrap>")
async def test_admins(client: AsyncClient, factory: ComponentFactory) -> None:
r = await client.get("/auth/api/v1/admins")
assert r.status_code == 401
token_data = await create_session_token(factory)
r = await client.get(
"/auth/api/v1/admins",
headers={"Authorization": f"bearer {token_data.token}"},
)
assert r.status_code == 403
assert r.json()["detail"][0] == {
"msg": "Token does not have required scope admin:token",
"type": "permission_denied",
}
token_data = await create_session_token(factory, scopes=["admin:token"])
r = await client.get(
"/auth/api/v1/admins",
headers={"Authorization": f"bearer {token_data.token}"},
)
assert r.status_code == 200
assert r.json() == [{"username": "******"}]
admin_service = factory.create_admin_service()
async with factory.session.begin():
await admin_service.add_admin(
"example", actor="admin", ip_address="127.0.0.1"
)
r = await client.get(
"/auth/api/v1/admins",
headers={"Authorization": f"bearer {token_data.token}"},
)
assert r.status_code == 200
assert r.json() == [{"username": "******"}, {"username": "******"}]
async def test_github_admin(client: AsyncClient, respx_mock: respx.Router,
factory: ComponentFactory) -> None:
"""Test that a token administrator gets the admin:token scope."""
admin_service = factory.create_admin_service()
async with factory.session.begin():
await admin_service.add_admin("someuser",
actor="admin",
ip_address="127.0.0.1")
user_info = GitHubUserInfo(
name="A User",
username="******",
uid=1000,
email="*****@*****.**",
teams=[GitHubTeam(slug="a-team", gid=1000, organization="ORG")],
)
r = await simulate_github_login(client, respx_mock, user_info)
assert r.status_code == 307
# The user should have admin:token scope.
r = await client.get("/auth", params={"scope": "admin:token"})
assert r.status_code == 200
