def _create_authorized_client(*, user: UserInDB) -> AsyncClient:
access_token = auth_service.create_access_token_for_user(
user=user, secret_key=str(SECRET_KEY))
client.headers = {
**client.headers,
"Authorization":
f"{JWT_TOKEN_PREFIX} {access_token}",
}
return client
def authorized_client(client: AsyncClient, test_user: UserInDB) -> AsyncClient:
access_token = auth_service.create_access_token_for_user(
user=test_user, secret_key=str(SECRET_KEY))
client.headers = {
**client.headers,
'Authorization': f'{JWT_TOKEN_PREFIX} {access_token}',
}
return client
async def test_user_cannot_access_own_data_with_incorrect_jwt_prefix(
self, app: FastAPI, client: AsyncClient, test_user: UserInDB,
jwt_prefix: str) -> None:
token = auth_service.create_access_token_for_user(
user=test_user, secret_key=str(SECRET_KEY))
res = await client.get(
app.url_path_for("users:get-current-user"),
headers={"Authorization": f"{jwt_prefix} {token}"},
)
assert res.status_code == HTTP_401_UNAUTHORIZED
async def register_new_user(
new_user: UserCreate = Body(..., embed=True),
user_repo: UsersRepository = Depends(get_repository(UsersRepository)),
) -> UserPublic:
created_user = await user_repo.register_new_user(new_user=new_user)
access_token = AccessToken(
access_token=auth_service.create_access_token_for_user(user=created_user), token_type="bearer"
)
# we can return the access_token because we added it as
# an optional property in UserPublic
return created_user.copy(update={"access_token": access_token})
async def register_new_user(
new_user: UserCreate = Body(..., embed=True),
user_repo: UsersRepository = Depends(get_repository(UsersRepository)),
) -> UserPublic:
created_user = await user_repo.register_new_user(new_user=new_user)
access_token = AccessToken(
access_token=auth_service.create_access_token_for_user(
user=created_user),
token_type="bearer",
)
return UserPublic(**created_user.dict(), access_token=access_token)
def authorized_client(client: AsyncClient, test_user: UserInDB) -> AsyncClient:
"""
Creates an authorized test_user to test authorized requests instead
of the generic ``client`` fixture.
"""
access_token = auth_service.create_access_token_for_user(
user=test_user, secret_key=str(SECRET_KEY))
client.headers = {
**client.headers,
"Authorization": f"{JWT_TOKEN_PREFIX} {access_token}",
}
return client
async def register_new_user(
new_user: UserCreate = Body(..., embed=False),
user_repo: UsersRepository = Depends(get_repository(UsersRepository)),
) -> UserPublic:
created_user = await user_repo.register_new_user(new_user=new_user)
access_token = AccessToken(
access_token=auth_service.create_access_token_for_user(
user=created_user),
token_type="bearer")
return created_user.copy(update={"access_token": access_token})
async def user_login_with_email_and_password(
user_repo: UsersRepository = Depends(get_repository(UsersRepository)),
form_data: OAuth2PasswordRequestForm = Depends(OAuth2PasswordRequestForm),
) -> AccessToken:
user = await user_repo.authenticate_user(email=form_data.username, password=form_data.password)
if not user:
raise HTTPException(
status_code=HTTP_401_UNAUTHORIZED,
detail="Authentication was unsuccessful.",
headers={"WWW-Authenticate": "Bearer"},
)
access_token = AccessToken(access_token=auth_service.create_access_token_for_user(user=user), token_type="bearer")
return access_token
async def test_token_missing_user_is_invalid(self, app: FastAPI,
client: AsyncClient) -> None:
access_token = auth_service.create_access_token_for_user(
user=None,
secret_key=str(SECRET_KEY),
audience=JWT_AUDIENCE,
expires_in=ACCESS_TOKEN_EXPIRE_MINUTES,
)
with pytest.raises(jwt.PyJWTError):
jwt.decode(access_token,
str(SECRET_KEY),
audience=JWT_AUDIENCE,
algorithms=[JWT_ALGORITHM])
async def test_error_when_token_or_secret_is_wrong(
self,
app: FastAPI,
client: AsyncClient,
test_user: UserInDB,
secret: Union[Secret, str],
wrong_token: Optional[str],
) -> None:
token = auth_service.create_access_token_for_user(
user=test_user, secret_key=str(SECRET_KEY))
if wrong_token == "use correct token":
wrong_token = token
with pytest.raises(HTTPException):
username = auth_service.get_username_from_token(
token=wrong_token, secret_key=str(secret))
async def test_can_create_access_token_successfully(
self, app: FastAPI, client: AsyncClient,
test_user: UserInDB) -> None:
access_token = auth_service.create_access_token_for_user(
user=test_user,
secret_key=str(SECRET_KEY),
audience=JWT_AUDIENCE,
expires_in=ACCESS_TOKEN_EXPIRE_MINUTES,
)
creds = jwt.decode(access_token,
str(SECRET_KEY),
audience=JWT_AUDIENCE,
algorithms=[JWT_ALGORITHM])
assert creds.get("username") is not None
assert creds["username"] == test_user.username
assert creds["aud"] == JWT_AUDIENCE
async def register_new_user(
new_user: UserCreate = Body(..., embed=True),
user_repo: UsersRepository = Depends(get_repository(UsersRepository)),
) -> UserPublic:
created_user = await user_repo.register_new_user(new_user=new_user)
access_token = AccessToken(
access_token=auth_service.create_access_token_for_user(
user=created_user),
token_type="bearer",
)
# Since we're now returning a UserPublic model upon registration,
# we can simply update the access_token attribute with our
# new token and return that user. Simple enough.
return created_user.copy(update={"access_token": access_token})
async def test_invalid_token_content_raises_error(
self,
app: FastAPI,
client: AsyncClient,
test_user: UserInDB,
secret_key: Union[str, Secret],
jwt_audience: str,
exception: Type[BaseException],
) -> None:
with pytest.raises(exception):
access_token = auth_service.create_access_token_for_user(
user=test_user,
secret_key=str(secret_key),
audience=jwt_audience,
expires_in=ACCESS_TOKEN_EXPIRE_MINUTES,
)
jwt.decode(access_token,
str(SECRET_KEY),
audience=JWT_AUDIENCE,
algorithms=[JWT_ALGORITHM])
