def test_returns_auth_id_from_valid_auth_token(self):
verify_id_token_swap = self.swap_to_always_return(
firebase_admin.auth, 'verify_id_token', value={'sub': 'auth_id'})
request = self.make_request(auth_header='Bearer DUMMY_JWT')
with verify_id_token_swap:
auth_id = auth_services.authenticate_request(request)
self.assertEqual(auth_id, 'auth_id')
def test_returns_claims_as_none_when_missing_essential_claims(self):
verify_id_token_swap = self.swap_to_always_return(
firebase_admin.auth, 'verify_id_token', value={})
request = self.make_request(auth_header='Bearer DUMMY_JWT')
with verify_id_token_swap:
auth_claims = firebase_auth_services.authenticate_request(request)
self.assertIsNone(auth_claims)
def test_returns_none_when_auth_token_is_missing_subject_identifier(self):
verify_id_token_swap = self.swap_to_always_return(firebase_admin.auth,
'verify_id_token',
value={})
request = self.make_request(auth_header='Bearer DUMMY_JWT')
with verify_id_token_swap:
auth_id = auth_services.authenticate_request(request)
self.assertIsNone(auth_id)
def test_returns_auth_claims_from_valid_auth_token(self):
verify_id_token_swap = self.swap_to_always_return(
firebase_admin.auth, 'verify_id_token',
value={'sub': 'auth_id', 'email': '*****@*****.**'})
request = self.make_request(auth_header='Bearer DUMMY_JWT')
with verify_id_token_swap:
auth_claims = firebase_auth_services.authenticate_request(request)
self.assertEqual(
auth_claims, auth_domain.AuthClaims('auth_id', '*****@*****.**'))
def test_returns_none_when_auth_token_is_invalid(self):
verify_id_token_swap = self.swap_to_always_raise(
firebase_admin.auth, 'verify_id_token',
error=firebase_exceptions.InvalidArgumentError('invalid token'))
request = self.make_request(auth_header='Bearer DUMMY_JWT')
with verify_id_token_swap, self.capture_logging() as errors:
auth_claims = firebase_auth_services.authenticate_request(request)
self.assertIsNone(auth_claims)
self.assertEqual(len(errors), 1)
self.assertIn('invalid token', errors[0])
def test_returns_none_when_firebase_init_fails(self):
initialize_app_swap = self.swap_to_always_raise(
firebase_admin, 'initialize_app',
error=firebase_exceptions.UnknownError('could not init'))
request = self.make_request(auth_header='Bearer DUMMY_JWT')
with initialize_app_swap, self.capture_logging() as errors:
auth_claims = firebase_auth_services.authenticate_request(request)
self.assertIsNone(auth_claims)
self.assertEqual(len(errors), 1)
self.assertIn('could not init', errors[0])
def test_cleans_up_firebase_app(self):
mock_app = python_utils.OBJECT()
initialize_app_swap = self.swap_to_always_return(
firebase_admin, 'initialize_app', value=mock_app)
verify_id_token_swap = self.swap_to_always_return(
firebase_admin.auth, 'verify_id_token', value={})
delete_app_swap = self.swap(
firebase_admin, 'delete_app',
lambda app: self.assertIs(app, mock_app))
request = self.make_request(auth_header='Bearer DUMMY_JWT')
with contextlib2.ExitStack() as stack:
stack.enter_context(initialize_app_swap)
stack.enter_context(verify_id_token_swap)
stack.enter_context(delete_app_swap)
errors = stack.enter_context(self.capture_logging())
auth_claims = firebase_auth_services.authenticate_request(request)
self.assertIsNone(auth_claims)
self.assertEqual(errors, [])
def test_returns_none_when_auth_header_uses_wrong_scheme_type(self):
request = self.make_request(auth_header='Basic password=123')
auth_claims = firebase_auth_services.authenticate_request(request)
self.assertIsNone(auth_claims)
def test_returns_none_when_auth_header_is_missing(self):
request = self.make_request()
auth_claims = firebase_auth_services.authenticate_request(request)
self.assertIsNone(auth_claims)
