Esempio n. 1
0
 def resource_auth(auth_request):
     token = auth_request.token
     if token == 'allow':
         return app.AuthResponse(routes=['/resource/foobar'],
                                 principal_id='user')
     else:
         return app.AuthResponse(routes=[], principal_id='user')
Esempio n. 2
0
def test_auth_response_wildcard_string(auth_request):
    response = app.AuthResponse(
        routes=['*'], principal_id='user')
    serialized = response.to_dict(auth_request)
    assert serialized['policyDocument'] == {
        'Statement': [
            {'Action': 'execute-api:Invoke',
             'Effect': 'Allow',
             'Resource': [
                 'arn:aws:execute-api:us-west-2:123:rest-api-id/dev/*/*']}],
        'Version': '2012-10-17'
    }
Esempio n. 3
0
def test_can_mix_auth_routes_and_strings(auth_request):
    expected = [
        'arn:aws:execute-api:us-west-2:123:rest-api-id/dev/*/a',
        'arn:aws:execute-api:us-west-2:123:rest-api-id/dev/GET/a/b',
    ]
    response = app.AuthResponse(
        ['/a', app.AuthRoute('/a/b', ['GET'])],
        'principal')
    serialized = response.to_dict(auth_request)
    assert serialized['policyDocument'] == {
        'Version': '2012-10-17',
        'Statement': [{
            'Action': 'execute-api:Invoke',
            'Effect': 'Allow',
            'Resource': expected,
        }]
    }
Esempio n. 4
0
def test_special_cased_root_resource(auth_request):
    # Not sure why, but API gateway uses `//` for the root
    # resource.  I've confirmed it doesn't do this for non-root
    # URLs.  We don't to let that leak out to the APIs we expose.
    auth_request.method_arn = (
        "arn:aws:execute-api:us-west-2:123:rest-api-id/dev/GET//")
    expected = ["arn:aws:execute-api:us-west-2:123:rest-api-id/dev/GET//"]
    response = app.AuthResponse([app.AuthRoute('/', ['GET'])], 'principal')
    serialized = response.to_dict(auth_request)
    assert serialized['policyDocument'] == {
        'Version':
        '2012-10-17',
        'Statement': [{
            'Action': 'execute-api:Invoke',
            'Effect': 'Allow',
            'Resource': expected,
        }]
    }
Esempio n. 5
0
def test_auth_response_serialization():
    method_arn = (
        "arn:aws:execute-api:us-west-2:123:rest-api-id/dev/GET/needs/auth")
    request = app.AuthRequest('TOKEN', 'authtoken', method_arn)
    response = app.AuthResponse(routes=['/needs/auth'], principal_id='foo')
    response_dict = response.to_dict(request)
    expected = [method_arn.replace('GET', '*')]
    assert response_dict == {
        'policyDocument': {
            'Version':
            '2012-10-17',
            'Statement': [{
                'Action': 'execute-api:Invoke',
                'Resource': expected,
                'Effect': 'Allow'
            }]
        },
        'context': {},
        'principalId': 'foo',
    }
Esempio n. 6
0
 def landing_page_auth(auth_request):
     token = auth_request.token
     if token == 'allow':
         return app.AuthResponse(routes=['/'], principal_id='user')
     else:
         return app.AuthResponse(routes=[], principal_id='user')
Esempio n. 7
0
 def demo_auth(auth_request):
     token = auth_request.token
     if token == 'allow':
         return app.AuthResponse(routes=['/index'], principal_id='user')
     else:
         return app.AuthResponse(routes=[], principal_id='user')
Esempio n. 8
0
def test_auth_response_can_include_context(auth_request):
    response = app.AuthResponse(['/foo'], 'principal', {'foo': 'bar'})
    serialized = response.to_dict(auth_request)
    assert serialized['context'] == {'foo': 'bar'}
Esempio n. 9
0
 def builtin_auth(auth_request):
     return app.AuthResponse(['/a'], 'principal')