def test_register_namespace_handlers_includes_server_security_validation():
channel_handlers = ChannelHandlers(
connect="tests.fixtures.handlers.connect")
spec = AsyncApiSpec(
asyncapi="2.3.0",
info=Info("test", "1.0.0"),
servers={
"test":
Server("https://localhost/", ServerProtocol.WSS, [{
"basic": []
}])
},
channels={GLOBAL_NAMESPACE: Channel(x_handlers=channel_handlers)},
components=Components(
security_schemes={
"basic":
SecurityScheme(
type=SecuritySchemesType.HTTP,
scheme=HTTPAuthenticationScheme.BASIC,
x_basic_info_func="tests.fixtures.handlers.basic_info",
)
}),
)
server = AsynctionSocketIO(spec, False, True,
spec.servers.get("test").security, None, None)
server._register_namespace_handlers(
GLOBAL_NAMESPACE,
channel_handlers,
None,
None, # No channel security requirements
)
event_name, registered_handler, _ = server.handlers[0]
assert event_name == "connect"
handler_with_security = deep_unwrap(registered_handler, depth=1)
actual_handler = deep_unwrap(handler_with_security)
with Flask(__name__).test_client() as c:
c.post() # Inject invalid POST request
actual_handler()
with pytest.raises(SecurityException):
handler_with_security() # handler raises security exception
assert True
def test_register_namespace_handlers_omits_bindings_validator_if_validation_disabled(
):
channel_handlers = ChannelHandlers(
connect="tests.fixtures.handlers.connect")
channel_bindings = ChannelBindings(
ws=WebSocketsChannelBindings(method="GET", ))
server = AsynctionSocketIO(mock.Mock(), False, True, [], None, None)
server._register_namespace_handlers(GLOBAL_NAMESPACE, channel_handlers,
channel_bindings, [])
event_name, registered_handler, _ = server.handlers[0]
assert event_name == "connect"
handler_with_validation = deep_unwrap(registered_handler, depth=1)
actual_handler = deep_unwrap(handler_with_validation)
with Flask(__name__).test_client() as c:
c.post() # Inject invalid POST request
assert handler_with_validation == actual_handler
handler_with_validation() # handler does not raise validation errors
assert True