def _create_authorized_client(*, user: UserInDB) -> AsyncClient: access_token = auth_service.create_access_token_for_user( user=user, secret_key=str(SECRET_KEY)) client.headers = { **client.headers, "Authorization": f"{JWT_TOKEN_PREFIX} {access_token}", } return client
def authorized_client(client: AsyncClient, test_user: UserInDB) -> AsyncClient: access_token = auth_service.create_access_token_for_user( user=test_user, secret_key=str(SECRET_KEY)) client.headers = { **client.headers, 'Authorization': f'{JWT_TOKEN_PREFIX} {access_token}', } return client
async def test_user_cannot_access_own_data_with_incorrect_jwt_prefix( self, app: FastAPI, client: AsyncClient, test_user: UserInDB, jwt_prefix: str) -> None: token = auth_service.create_access_token_for_user( user=test_user, secret_key=str(SECRET_KEY)) res = await client.get( app.url_path_for("users:get-current-user"), headers={"Authorization": f"{jwt_prefix} {token}"}, ) assert res.status_code == HTTP_401_UNAUTHORIZED
async def register_new_user( new_user: UserCreate = Body(..., embed=True), user_repo: UsersRepository = Depends(get_repository(UsersRepository)), ) -> UserPublic: created_user = await user_repo.register_new_user(new_user=new_user) access_token = AccessToken( access_token=auth_service.create_access_token_for_user(user=created_user), token_type="bearer" ) # we can return the access_token because we added it as # an optional property in UserPublic return created_user.copy(update={"access_token": access_token})
async def register_new_user( new_user: UserCreate = Body(..., embed=True), user_repo: UsersRepository = Depends(get_repository(UsersRepository)), ) -> UserPublic: created_user = await user_repo.register_new_user(new_user=new_user) access_token = AccessToken( access_token=auth_service.create_access_token_for_user( user=created_user), token_type="bearer", ) return UserPublic(**created_user.dict(), access_token=access_token)
def authorized_client(client: AsyncClient, test_user: UserInDB) -> AsyncClient: """ Creates an authorized test_user to test authorized requests instead of the generic ``client`` fixture. """ access_token = auth_service.create_access_token_for_user( user=test_user, secret_key=str(SECRET_KEY)) client.headers = { **client.headers, "Authorization": f"{JWT_TOKEN_PREFIX} {access_token}", } return client
async def register_new_user( new_user: UserCreate = Body(..., embed=False), user_repo: UsersRepository = Depends(get_repository(UsersRepository)), ) -> UserPublic: created_user = await user_repo.register_new_user(new_user=new_user) access_token = AccessToken( access_token=auth_service.create_access_token_for_user( user=created_user), token_type="bearer") return created_user.copy(update={"access_token": access_token})
async def user_login_with_email_and_password( user_repo: UsersRepository = Depends(get_repository(UsersRepository)), form_data: OAuth2PasswordRequestForm = Depends(OAuth2PasswordRequestForm), ) -> AccessToken: user = await user_repo.authenticate_user(email=form_data.username, password=form_data.password) if not user: raise HTTPException( status_code=HTTP_401_UNAUTHORIZED, detail="Authentication was unsuccessful.", headers={"WWW-Authenticate": "Bearer"}, ) access_token = AccessToken(access_token=auth_service.create_access_token_for_user(user=user), token_type="bearer") return access_token
async def test_token_missing_user_is_invalid(self, app: FastAPI, client: AsyncClient) -> None: access_token = auth_service.create_access_token_for_user( user=None, secret_key=str(SECRET_KEY), audience=JWT_AUDIENCE, expires_in=ACCESS_TOKEN_EXPIRE_MINUTES, ) with pytest.raises(jwt.PyJWTError): jwt.decode(access_token, str(SECRET_KEY), audience=JWT_AUDIENCE, algorithms=[JWT_ALGORITHM])
async def test_error_when_token_or_secret_is_wrong( self, app: FastAPI, client: AsyncClient, test_user: UserInDB, secret: Union[Secret, str], wrong_token: Optional[str], ) -> None: token = auth_service.create_access_token_for_user( user=test_user, secret_key=str(SECRET_KEY)) if wrong_token == "use correct token": wrong_token = token with pytest.raises(HTTPException): username = auth_service.get_username_from_token( token=wrong_token, secret_key=str(secret))
async def test_can_create_access_token_successfully( self, app: FastAPI, client: AsyncClient, test_user: UserInDB) -> None: access_token = auth_service.create_access_token_for_user( user=test_user, secret_key=str(SECRET_KEY), audience=JWT_AUDIENCE, expires_in=ACCESS_TOKEN_EXPIRE_MINUTES, ) creds = jwt.decode(access_token, str(SECRET_KEY), audience=JWT_AUDIENCE, algorithms=[JWT_ALGORITHM]) assert creds.get("username") is not None assert creds["username"] == test_user.username assert creds["aud"] == JWT_AUDIENCE
async def register_new_user( new_user: UserCreate = Body(..., embed=True), user_repo: UsersRepository = Depends(get_repository(UsersRepository)), ) -> UserPublic: created_user = await user_repo.register_new_user(new_user=new_user) access_token = AccessToken( access_token=auth_service.create_access_token_for_user( user=created_user), token_type="bearer", ) # Since we're now returning a UserPublic model upon registration, # we can simply update the access_token attribute with our # new token and return that user. Simple enough. return created_user.copy(update={"access_token": access_token})
async def test_invalid_token_content_raises_error( self, app: FastAPI, client: AsyncClient, test_user: UserInDB, secret_key: Union[str, Secret], jwt_audience: str, exception: Type[BaseException], ) -> None: with pytest.raises(exception): access_token = auth_service.create_access_token_for_user( user=test_user, secret_key=str(secret_key), audience=jwt_audience, expires_in=ACCESS_TOKEN_EXPIRE_MINUTES, ) jwt.decode(access_token, str(SECRET_KEY), audience=JWT_AUDIENCE, algorithms=[JWT_ALGORITHM])