def test_verify_oauth_scopes_remote(monkeypatch):
tokeninfo = dict(uid="foo", scope="scope1 scope2")
def get_tokeninfo_response(*args, **kwargs):
tokeninfo_response = requests.Response()
tokeninfo_response.status_code = requests.codes.ok
tokeninfo_response._content = json.dumps(tokeninfo).encode()
return tokeninfo_response
token_info_func = get_tokeninfo_func({'x-tokenInfoUrl': 'https://example.org/tokeninfo'})
wrapped_func = verify_oauth(token_info_func, validate_scope)
request = MagicMock()
request.headers = {"Authorization": "Bearer 123"}
session = MagicMock()
session.get = get_tokeninfo_response
monkeypatch.setattr('connexion.decorators.security.session', session)
with pytest.raises(OAuthScopeProblem, message="Provided token doesn't have the required scope"):
wrapped_func(request, ['admin'])
tokeninfo["scope"] += " admin"
assert wrapped_func(request, ['admin']) is not None
tokeninfo["scope"] = ["foo", "bar"]
with pytest.raises(OAuthScopeProblem, message="Provided token doesn't have the required scope"):
wrapped_func(request, ['admin'])
tokeninfo["scope"].append("admin")
assert wrapped_func(request, ['admin']) is not None
def test_verify_oauth_scopes_local():
tokeninfo = dict(uid="foo", scope="scope1 scope2")
def token_info(token):
return tokeninfo
wrapped_func = verify_oauth(token_info, validate_scope)
request = MagicMock()
request.headers = {"Authorization": "Bearer 123"}
with pytest.raises(
OAuthScopeProblem,
message="Provided token doesn't have the required scope"):
wrapped_func(request, ['admin'])
tokeninfo["scope"] += " admin"
assert wrapped_func(request, ['admin']) is not None
tokeninfo["scope"] = ["foo", "bar"]
with pytest.raises(
OAuthScopeProblem,
message="Provided token doesn't have the required scope"):
wrapped_func(request, ['admin'])
tokeninfo["scope"].append("admin")
assert wrapped_func(request, ['admin']) is not None
def test_verify_oauth_missing_auth_header():
def somefunc(token):
return None
wrapped_func = verify_oauth(somefunc, validate_scope)
request = MagicMock()
request.headers = {}
assert wrapped_func(request, ['admin']) is None
def test_verify_oauth_invalid_local_token_response_none():
def somefunc(token):
return None
wrapped_func = verify_oauth(somefunc, validate_scope)
request = MagicMock()
request.headers = {"Authorization": "Bearer 123"}
with pytest.raises(OAuthResponseProblem):
wrapped_func(request, ['admin'])
def test_verify_oauth_invalid_auth_header(monkeypatch):
def func():
pass
wrapped_func = verify_oauth('https://example.org/tokeninfo', set(['admin']), func)
request = MagicMock()
app = MagicMock()
monkeypatch.setattr('flask.current_app', app)
with pytest.raises(OAuthProblem):
wrapped_func(request)
def test_verify_oauth_invalid_auth_header(monkeypatch):
def func():
pass
wrapped_func = verify_oauth('https://example.org/tokeninfo', set(['admin']), func)
request = MagicMock()
app = MagicMock()
monkeypatch.setattr('connexion.decorators.security.request', request)
monkeypatch.setattr('flask.current_app', app)
resp = wrapped_func()
assert resp == problem(401, 'Unauthorized', 'Invalid authorization header')
def test_verify_oauth_invalid_auth_header(monkeypatch):
def func():
pass
wrapped_func = verify_oauth('https://example.org/tokeninfo',
set(['admin']), func)
request = MagicMock()
app = MagicMock()
monkeypatch.setattr('connexion.decorators.security.request', request)
monkeypatch.setattr('flask.current_app', app)
resp = wrapped_func()
assert resp == problem(401, 'Unauthorized', 'Invalid authorization header')
def test_verify_oauth_invalid_auth_header(monkeypatch):
def func():
pass
wrapped_func = verify_oauth('https://example.org/tokeninfo',
set(['admin']), func)
request = MagicMock()
app = MagicMock()
monkeypatch.setattr('flask.current_app', app)
with pytest.raises(OAuthProblem) as exc_info:
wrapped_func(MagicMock())
def test_verify_oauth_scopes_local():
tokeninfo = dict(uid="foo", scope="scope1 scope2")
def token_info(token):
return tokeninfo
wrapped_func = verify_oauth(token_info, validate_scope)
request = MagicMock()
request.headers = {"Authorization": "Bearer 123"}
with pytest.raises(OAuthScopeProblem, message="Provided token doesn't have the required scope"):
wrapped_func(request, ['admin'])
tokeninfo["scope"] += " admin"
assert wrapped_func(request, ['admin']) is not None
tokeninfo["scope"] = ["foo", "bar"]
with pytest.raises(OAuthScopeProblem, message="Provided token doesn't have the required scope"):
wrapped_func(request, ['admin'])
tokeninfo["scope"].append("admin")
assert wrapped_func(request, ['admin']) is not None
def test_verify_oauth_scopes(monkeypatch):
tokeninfo = dict(uid="foo", scope="scope1 scope2")
def get_tokeninfo_response(*args, **kwargs):
tokeninfo_response = requests.Response()
tokeninfo_response.status_code = requests.codes.ok
tokeninfo_response._content = json.dumps(tokeninfo).encode()
return tokeninfo_response
def func(request):
pass
wrapped_func = verify_oauth('https://example.org/tokeninfo', set(['admin']), func)
request = MagicMock()
request.headers = {}
request.headers["Authorization"] = "Bearer 123"
app = MagicMock()
monkeypatch.setattr('flask.current_app', app)
session = MagicMock()
session.get = get_tokeninfo_response
monkeypatch.setattr('connexion.decorators.security.session', session)
with pytest.raises(OAuthScopeProblem, message="Provided token doesn't have the required scope"):
wrapped_func(request)
tokeninfo["scope"] += " admin"
wrapped_func(request)
tokeninfo["scope"] = ["foo", "bar"]
with pytest.raises(OAuthScopeProblem, message="Provided token doesn't have the required scope"):
wrapped_func(request)
tokeninfo["scope"].append("admin")
wrapped_func(request)