async def setUp(self):
await super(DeploymentsTests, self).setUp()
token = jwt_encode(
User(**USER_WITH_MULTIPLE_ACCOUNTS_DICT),
Account(**ACCOUNT_DEV_DICT),
)
self.auth_header = {"Authorization": f"JWT {token.decode('utf-8')}"}
async def test_change_account_does_not_exist(self):
jwt_token = jwt_encode(User(**USER_WITH_ONE_ACCOUNT_DICT),
Account(**ACCOUNT_DEV_DICT))
resp = await self.client.get(
f"/accounts/8000/auth",
headers={"Authorization": f"JWT {jwt_token.decode('utf-8')}"},
)
self.assertEqual(403, resp.status)
async def test_encode_new_token(self):
"""
Dado um objeto User e um Account, retorna um novo
token JWT contendo as informações necessárias
"""
user = User(**USER_WITH_ONE_ACCOUNT_DICT)
account = Account(**ACCOUNT_DEV_DICT)
token = jwt_encode(user, account)
decoded_token = jwt.decode(token, key=SECRET_KEY)
self.assertDictEqual(user.dict(), decoded_token["user"])
self.assertDictEqual(account.dict(), decoded_token["current_account"])
async def test_returns_user_info_no_permission_for_chosen_account(self):
"""
Se fazemos um request GET /users/me?account_id=3
mas o usuário não tem permissão para acessar a conta escolhida,
devemos retornar HTTP 403
"""
user = User(**USER_WITH_MULTIPLE_ACCOUNTS_DICT)
account = Account(id=99, name="", namespace="", owner="")
jwt_token = jwt_encode(user, account)
resp = await self.client.get(
"/users/me",
headers={"Authorization": f"JWT {jwt_token.decode('utf-8')}"},
)
self.assertEqual(401, resp.status)
async def change_account(account_id: str, user: User):
permission_ok = False
new_token = b""
account = await AccountsService.get_account_by_id(
int(account_id), AccountsBackend()
)
if account:
permission_ok = await account.user_has_permission(user)
if permission_ok and account:
new_token = jwt_encode(user, account)
return web.json_response(data={"jwt": new_token.decode("utf-8")})
return web.json_response(status=HTTPStatus.FORBIDDEN)
async def change_account(request: web.Request):
account_id: str = request.match_info["account_id"]
user = await User.from_alchemy_obj(request["user"])
permission_ok = False
new_token = b""
account = await AccountsService.get_account_by_id(int(account_id),
AccountsBackend())
if account:
permission_ok = await account.user_has_permission(user)
if permission_ok and account:
new_token = jwt_encode(user, account)
return web.json_response(data={"jwt": new_token.decode("utf-8")})
return web.json_response(status=403)
async def test_jwt_me_returns_user_info_with_alternate_accounts(self):
"""
Conferir que a lista de contas alternativas, *não inclui* a conta atual,
que está no token JWT
"""
user = User(**USER_WITH_MULTIPLE_ACCOUNTS_DICT)
account = Account(**ACCOUNT_DEV_DICT)
jwt_token = jwt_encode(user, account)
resp = await self.client.get(
"/users/me",
headers={"Authorization": f"JWT {jwt_token.decode('utf-8')}"},
)
self.assertEqual(200, resp.status)
data = await resp.json()
self.assertDictEqual(
{
"user": {
"name": USER_WITH_MULTIPLE_ACCOUNTS_NAME,
"email": USER_WITH_MULTIPLE_ACCOUNTS_EMAIL,
"id": USER_WITH_MULTIPLE_ACCOUNTS_ID,
"errors": {},
"type": "ASGARD",
},
"current_account": {
"id": ACCOUNT_DEV_ID,
"errors": {},
"type": "ASGARD",
"name": ACCOUNT_DEV_NAME,
"namespace": ACCOUNT_DEV_NAMESPACE,
"owner": ACCOUNT_DEV_OWNER,
},
"accounts": [{
"id": 11,
"errors": {},
"type": "ASGARD",
"name": ACCOUNT_INFRA_NAME,
"namespace": ACCOUNT_INFRA_NAMESPACE,
"owner": ACCOUNT_INFRA_OWNER,
}],
},
data,
)
async def test_account_permission_ok(self):
jwt_token = jwt_encode(
User(**USER_WITH_MULTIPLE_ACCOUNTS_DICT),
Account(**ACCOUNT_DEV_DICT),
)
resp = await self.client.get(
f"/accounts/{ACCOUNT_INFRA_ID}/auth",
headers={"Authorization": f"JWT {jwt_token.decode('utf-8')}"},
)
self.assertEqual(200, resp.status)
data = await resp.json()
returned_token = jwt.decode(data["jwt"], key=SECRET_KEY)
self.assertDictEqual(
User(**USER_WITH_MULTIPLE_ACCOUNTS_DICT).dict(),
returned_token["user"],
)
self.assertDictEqual(
Account(**ACCOUNT_INFRA_DICT).dict(),
returned_token["current_account"],
)
async def test_jwt_token_populate_request_user_if_key_is_valid(self):
"""
Populates request.user if authentication is successful
"""
user = User(**USER_WITH_MULTIPLE_ACCOUNTS_DICT)
account = Account(**ACCOUNT_INFRA_DICT)
jwt_token = jwt_encode(user, account)
auth_header = {
"Authorization": "JWT {}".format(jwt_token.decode("utf-8"))
}
resp = await self.client.get("/", headers=auth_header)
data = await resp.json()
self.assertEqual(200, resp.status)
self.assertEqual(
{
"id": USER_WITH_MULTIPLE_ACCOUNTS_ID,
"email": USER_WITH_MULTIPLE_ACCOUNTS_EMAIL,
},
data["user"],
)
def generate_jwt_token_for_user(self, user, account):
return jwt_encode(user, account)