def test_auth(client):
"""
Test the Taskcluster authentication
"""
# Test non authenticated endpoint
resp = client.get('/')
assert resp.status_code in (200, 302)
# Test authenticated endpoint without header
resp = client.get('/test-login')
assert resp.status_code == 401
# Test authenticated endpoint with header
ext_data = {
'scopes': [
'project/test/*',
],
}
client_id = 'test/[email protected]'
header = build_header(client_id, ext_data)
resp = client.get('/test-login', headers=[('Authorization', header)])
assert resp.status_code == 200
data = json.loads(resp.data.decode('utf-8'))
assert data['auth']
assert data['user'] == client_id
assert data['scopes'] == ext_data['scopes']
def hawk_header(scopes):
""""
Helper to build an Hawk header
for a set of TC scopes
"""
client_id = 'test/[email protected]'
ext_data = {
'scopes': scopes,
}
return build_header(client_id, ext_data)
def test_scopes_admin(client):
"""
Test the Taskcluster required scopes
"""
client_id = 'test/[email protected]'
# Validate with admin scopes
ext_data = {'scopes': ['project/another/*', 'project/test-admin/*']}
header = build_header(client_id, ext_data)
resp = client.get('/test-scopes', headers=[('Authorization', header)])
assert resp.status_code == 200
assert resp.data == b'Your scopes are ok.'
def test_scopes_invalid(client):
"""
Test the Taskcluster required scopes
"""
client_id = 'test/[email protected]'
# Missing a scope to validate test
ext_data = {
'scopes': [
'project/test/A',
'project/test/C',
],
}
header = build_header(client_id, ext_data)
resp = client.get('/test-scopes', headers=[('Authorization', header)])
assert resp.status_code == 401