def test_returns_none_if_cookie_is_missing(self):
id_token = self.firebase_sdk_stub.create_user(self.AUTH_ID)
self.assertIsNone(firebase_auth_services.get_auth_claims_from_request(
self.create_request()))
self.assertIsNone(firebase_auth_services.get_auth_claims_from_request(
self.create_request(id_token=id_token)))
def test_returns_none_when_auth_header_uses_wrong_scheme_type(self):
request = self.make_request(auth_header='Basic password=123')
auth_claims = (
firebase_auth_services.get_auth_claims_from_request(request))
self.assertIsNone(auth_claims)
def test_returns_none_when_auth_header_is_missing(self):
request = self.make_request()
auth_claims = (
firebase_auth_services.get_auth_claims_from_request(request))
self.assertIsNone(auth_claims)
def test_returns_claims_if_cookie_is_present(self):
cookie = firebase_admin.auth.create_session_cookie(
self.firebase_sdk_stub.create_user(self.AUTH_ID, email=self.EMAIL),
datetime.timedelta(days=1))
self.assertEqual(
firebase_auth_services.get_auth_claims_from_request(
self.create_request(session_cookie=cookie)),
auth_domain.AuthClaims(self.AUTH_ID, self.EMAIL, False))
def test_returns_claims_as_none_when_missing_essential_claims(self):
verify_id_token_swap = self.swap_to_always_return(
firebase_admin.auth, 'verify_id_token', value={})
request = self.make_request(auth_header='Bearer DUMMY_JWT')
with verify_id_token_swap:
auth_claims = (
firebase_auth_services.get_auth_claims_from_request(request))
self.assertIsNone(auth_claims)
def test_logs_error_when_cookie_is_invalid(self):
cookie = firebase_admin.auth.create_session_cookie(
self.firebase_sdk_stub.create_user(self.AUTH_ID, email=self.EMAIL),
datetime.timedelta(days=0))
with self.capture_logging() as logs:
self.assertIsNone(
firebase_auth_services.get_auth_claims_from_request(
self.create_request(session_cookie=cookie)))
self.assertTrue(
logs[0].startswith('User session has ended and must be renewed'))
def test_returns_none_when_auth_token_is_invalid(self):
verify_id_token_swap = self.swap_to_always_raise(
firebase_admin.auth, 'verify_id_token',
error=firebase_exceptions.InvalidArgumentError('invalid token'))
request = self.make_request(auth_header='Bearer DUMMY_JWT')
with verify_id_token_swap, self.capture_logging() as errors:
auth_claims = (
firebase_auth_services.get_auth_claims_from_request(request))
self.assertIsNone(auth_claims)
self.assert_matches_regexps(errors, ['invalid token'])
def test_returns_none_when_firebase_init_fails(self):
initialize_app_swap = self.swap_to_always_raise(
firebase_admin, 'initialize_app',
error=firebase_exceptions.UnknownError('could not init'))
request = self.make_request(auth_header='Bearer DUMMY_JWT')
with initialize_app_swap, self.capture_logging() as errors:
auth_claims = (
firebase_auth_services.get_auth_claims_from_request(request))
self.assertIsNone(auth_claims)
self.assert_matches_regexps(errors, ['could not init'])
def test_returns_auth_claims_from_valid_auth_token(self):
verify_id_token_swap = self.swap_to_always_return(
firebase_admin.auth, 'verify_id_token',
value={'sub': 'auth_id', 'email': '*****@*****.**'})
request = self.make_request(auth_header='Bearer DUMMY_JWT')
with verify_id_token_swap:
auth_claims = (
firebase_auth_services.get_auth_claims_from_request(request))
self.assertEqual(
auth_claims,
auth_domain.AuthClaims('auth_id', '*****@*****.**', False))
def test_identifies_user_with_admin_privileges(self):
verify_id_token_swap = self.swap_to_always_return(
firebase_admin.auth, 'verify_id_token', value={
'sub': 'auth_id',
'email': '*****@*****.**',
'role': feconf.FIREBASE_ROLE_SUPER_ADMIN,
})
request = self.make_request(auth_header='Bearer DUMMY_JWT')
with verify_id_token_swap:
auth_claims = (
firebase_auth_services.get_auth_claims_from_request(request))
self.assertEqual(
auth_claims,
auth_domain.AuthClaims('auth_id', '*****@*****.**', True))
def test_cleans_up_firebase_app(self):
mock_app = python_utils.OBJECT()
initialize_app_swap = self.swap_to_always_return(
firebase_admin, 'initialize_app', value=mock_app)
verify_id_token_swap = self.swap_to_always_return(
firebase_admin.auth, 'verify_id_token', value={})
delete_app_swap = self.swap(
firebase_admin, 'delete_app',
lambda app: self.assertIs(app, mock_app))
request = self.make_request(auth_header='Bearer DUMMY_JWT')
with contextlib2.ExitStack() as stack:
stack.enter_context(initialize_app_swap)
stack.enter_context(verify_id_token_swap)
stack.enter_context(delete_app_swap)
errors = stack.enter_context(self.capture_logging())
auth_claims = (
firebase_auth_services.get_auth_claims_from_request(request))
self.assertIsNone(auth_claims)
self.assertEqual(errors, [])
