def authorizer(event: AuthorizerEvent, context: LambdaContext) \
-> AuthorizerResult:
"""Authorize API Gateway methods for the access token resource."""
session_id = get_session_id(event['headers'])
if session_id:
user_email = Session.fetch_user_email(session_id)
else:
user_email = None
effect = 'Allow' if user_email else 'Deny'
principal_id = user_email if user_email else ''
statement = {
'Action': 'execute-api:Invoke',
'Effect': effect,
'Resource': event['methodArn']
}
document = {'Version': '2012-10-17', 'Statement': [statement]}
return {
'principalId': principal_id,
'policyDocument': cast(PolicyDocument, document)
}
def test_verifies_session_id(self, get_session_from_token):
sess_id = b'session-id'
get_session_from_token.return_value = sess_id
event = self._get_headers(cookie_val='foo')
res = m.get_session_id(event)
self.assertEqual(res, sess_id)
def test_correct_session_token(self, get_session_from_token):
sess_token = 'my=session=token'
sess_token_q = urllib.parse.quote(sess_token)
event = self._get_headers(cookie_val=sess_token_q)
m.get_session_id(event)
self.assertEqual(get_session_from_token.call_args.args[0], sess_token)
def test_auth_error(self, get_session_from_token):
get_session_from_token.side_effect = AuthenticationError()
event = self._get_headers(cookie_val='foo')
res = m.get_session_id(event)
get_session_from_token.assert_called_once()
self.assertEqual(res, None)
def test_invalid_cookie(self):
headers = {'Cookie': 'invalid/cookie=value'}
res = m.get_session_id(headers)
self.assertEqual(res, None)
def test_missing_cookie(self):
event = self._get_headers(cookie_val=None)
res = m.get_session_id(event)
self.assertEqual(res, None)
def test_no_cookie(self):
res = m.get_session_id({})
self.assertEqual(res, None)