def test_authorization_identity_getter():
class UserNameRequirement(Requirement):
def __init__(self, expected_name: str):
self.expected_name = expected_name
def handle(self, context: AuthorizationContext):
assert context.identity is not None
if context.identity.has_claim_value('name', self.expected_name):
context.succeed(self)
auth = get_strategy([Policy('user', UserNameRequirement('Tybek'))],
request_identity_getter)
@auth(policy='user')
def some_method(request: Request):
assert request is not None
return True
value = some_method(Request(None, User({'name': 'Tybek'})))
assert value is True
def use_authorization(
self,
strategy: Optional[AuthorizationStrategy] = None
) -> AuthorizationStrategy:
if self.running:
raise RuntimeError(
'The application is already running, configure authorization '
'before starting the application')
if not strategy:
strategy = AuthorizationStrategy()
if strategy.default_policy is None:
# by default, a default policy is configured with no requirements,
# meaning that request handlers allow anonymous users, unless specified otherwise
# this can be modified, by adding a requirement to the default policy
strategy.default_policy = Policy('default')
self._authorization_strategy = strategy
self.exceptions_handlers[
AuthenticateChallenge] = handle_authentication_challenge
self.exceptions_handlers[UnauthorizedError] = handle_unauthorized
return strategy
def test_policy_repr():
policy = Policy('Cats lover')
assert repr(policy).startswith('<Policy "Cats lover"')
def test_policy_iadd_syntax_raises_for_non_requirements():
strategy = AuthorizationStrategy(default_policy=Policy('default'))
with raises(ValueError,
match='Only requirements can be added using __iadd__ syntax'):
strategy.default_policy += object()
