def test_returns_none_if_cookie_is_missing(self): id_token = self.firebase_sdk_stub.create_user(self.AUTH_ID) self.assertIsNone(firebase_auth_services.get_auth_claims_from_request( self.create_request())) self.assertIsNone(firebase_auth_services.get_auth_claims_from_request( self.create_request(id_token=id_token)))
def test_returns_none_when_auth_header_uses_wrong_scheme_type(self): request = self.make_request(auth_header='Basic password=123') auth_claims = ( firebase_auth_services.get_auth_claims_from_request(request)) self.assertIsNone(auth_claims)
def test_returns_none_when_auth_header_is_missing(self): request = self.make_request() auth_claims = ( firebase_auth_services.get_auth_claims_from_request(request)) self.assertIsNone(auth_claims)
def test_returns_claims_if_cookie_is_present(self): cookie = firebase_admin.auth.create_session_cookie( self.firebase_sdk_stub.create_user(self.AUTH_ID, email=self.EMAIL), datetime.timedelta(days=1)) self.assertEqual( firebase_auth_services.get_auth_claims_from_request( self.create_request(session_cookie=cookie)), auth_domain.AuthClaims(self.AUTH_ID, self.EMAIL, False))
def test_returns_claims_as_none_when_missing_essential_claims(self): verify_id_token_swap = self.swap_to_always_return( firebase_admin.auth, 'verify_id_token', value={}) request = self.make_request(auth_header='Bearer DUMMY_JWT') with verify_id_token_swap: auth_claims = ( firebase_auth_services.get_auth_claims_from_request(request)) self.assertIsNone(auth_claims)
def test_logs_error_when_cookie_is_invalid(self): cookie = firebase_admin.auth.create_session_cookie( self.firebase_sdk_stub.create_user(self.AUTH_ID, email=self.EMAIL), datetime.timedelta(days=0)) with self.capture_logging() as logs: self.assertIsNone( firebase_auth_services.get_auth_claims_from_request( self.create_request(session_cookie=cookie))) self.assertTrue( logs[0].startswith('User session has ended and must be renewed'))
def test_returns_none_when_auth_token_is_invalid(self): verify_id_token_swap = self.swap_to_always_raise( firebase_admin.auth, 'verify_id_token', error=firebase_exceptions.InvalidArgumentError('invalid token')) request = self.make_request(auth_header='Bearer DUMMY_JWT') with verify_id_token_swap, self.capture_logging() as errors: auth_claims = ( firebase_auth_services.get_auth_claims_from_request(request)) self.assertIsNone(auth_claims) self.assert_matches_regexps(errors, ['invalid token'])
def test_returns_none_when_firebase_init_fails(self): initialize_app_swap = self.swap_to_always_raise( firebase_admin, 'initialize_app', error=firebase_exceptions.UnknownError('could not init')) request = self.make_request(auth_header='Bearer DUMMY_JWT') with initialize_app_swap, self.capture_logging() as errors: auth_claims = ( firebase_auth_services.get_auth_claims_from_request(request)) self.assertIsNone(auth_claims) self.assert_matches_regexps(errors, ['could not init'])
def test_returns_auth_claims_from_valid_auth_token(self): verify_id_token_swap = self.swap_to_always_return( firebase_admin.auth, 'verify_id_token', value={'sub': 'auth_id', 'email': '*****@*****.**'}) request = self.make_request(auth_header='Bearer DUMMY_JWT') with verify_id_token_swap: auth_claims = ( firebase_auth_services.get_auth_claims_from_request(request)) self.assertEqual( auth_claims, auth_domain.AuthClaims('auth_id', '*****@*****.**', False))
def test_identifies_user_with_admin_privileges(self): verify_id_token_swap = self.swap_to_always_return( firebase_admin.auth, 'verify_id_token', value={ 'sub': 'auth_id', 'email': '*****@*****.**', 'role': feconf.FIREBASE_ROLE_SUPER_ADMIN, }) request = self.make_request(auth_header='Bearer DUMMY_JWT') with verify_id_token_swap: auth_claims = ( firebase_auth_services.get_auth_claims_from_request(request)) self.assertEqual( auth_claims, auth_domain.AuthClaims('auth_id', '*****@*****.**', True))
def test_cleans_up_firebase_app(self): mock_app = python_utils.OBJECT() initialize_app_swap = self.swap_to_always_return( firebase_admin, 'initialize_app', value=mock_app) verify_id_token_swap = self.swap_to_always_return( firebase_admin.auth, 'verify_id_token', value={}) delete_app_swap = self.swap( firebase_admin, 'delete_app', lambda app: self.assertIs(app, mock_app)) request = self.make_request(auth_header='Bearer DUMMY_JWT') with contextlib2.ExitStack() as stack: stack.enter_context(initialize_app_swap) stack.enter_context(verify_id_token_swap) stack.enter_context(delete_app_swap) errors = stack.enter_context(self.capture_logging()) auth_claims = ( firebase_auth_services.get_auth_claims_from_request(request)) self.assertIsNone(auth_claims) self.assertEqual(errors, [])