async def test_secret_key(app):
auth = NativeAuthenticator(db=app.db)
auth.ask_email_on_signup = False
auth.allow_self_approval_for = ".*@example.com$"
auth.secret_key = "short"
with pytest.raises(ValueError):
auth.setup_self_approval()
auth.secret_key = "very long and kind-of random asdgaisgfjbafksdgasg"
auth.setup_self_approval()
assert auth.ask_email_on_signup is True
async def test_approval_url(app):
auth = NativeAuthenticator(db=app.db)
auth.allow_self_approval_for = ".*@example.com$"
auth.secret_key = "very long and kind-of random asdgaisgfjbafksdgasg"
auth.setup_self_approval()
# confirm that a forged slug cannot be used
with pytest.raises(ValueError):
EmailAuthorizationHandler.validate_slug("foo", auth.secret_key)
# confirm that an expired URL cannot be used
expiration = datetime.datetime.now(tz.utc) - datetime.timedelta(days=2)
url = auth.generate_approval_url("somebody", when=expiration)
slug = url.split("/")[-1]
with pytest.raises(ValueError):
EmailAuthorizationHandler.validate_slug(slug, auth.secret_key)
# confirm that a non-expired, correctly signed URL can be used
expiration = datetime.datetime.now(tz.utc) + datetime.timedelta(days=2)
url = auth.generate_approval_url("somebody", when=expiration)
slug = url.split("/")[-1]
out = EmailAuthorizationHandler.validate_slug(slug, auth.secret_key)
assert out["username"] == "somebody"
assert out["expire"] == expiration
