async def setUp(self): await super(DeploymentsTests, self).setUp() token = jwt_encode( User(**USER_WITH_MULTIPLE_ACCOUNTS_DICT), Account(**ACCOUNT_DEV_DICT), ) self.auth_header = {"Authorization": f"JWT {token.decode('utf-8')}"}
async def test_change_account_does_not_exist(self): jwt_token = jwt_encode(User(**USER_WITH_ONE_ACCOUNT_DICT), Account(**ACCOUNT_DEV_DICT)) resp = await self.client.get( f"/accounts/8000/auth", headers={"Authorization": f"JWT {jwt_token.decode('utf-8')}"}, ) self.assertEqual(403, resp.status)
async def test_encode_new_token(self): """ Dado um objeto User e um Account, retorna um novo token JWT contendo as informações necessárias """ user = User(**USER_WITH_ONE_ACCOUNT_DICT) account = Account(**ACCOUNT_DEV_DICT) token = jwt_encode(user, account) decoded_token = jwt.decode(token, key=SECRET_KEY) self.assertDictEqual(user.dict(), decoded_token["user"]) self.assertDictEqual(account.dict(), decoded_token["current_account"])
async def test_returns_user_info_no_permission_for_chosen_account(self): """ Se fazemos um request GET /users/me?account_id=3 mas o usuário não tem permissão para acessar a conta escolhida, devemos retornar HTTP 403 """ user = User(**USER_WITH_MULTIPLE_ACCOUNTS_DICT) account = Account(id=99, name="", namespace="", owner="") jwt_token = jwt_encode(user, account) resp = await self.client.get( "/users/me", headers={"Authorization": f"JWT {jwt_token.decode('utf-8')}"}, ) self.assertEqual(401, resp.status)
async def change_account(account_id: str, user: User): permission_ok = False new_token = b"" account = await AccountsService.get_account_by_id( int(account_id), AccountsBackend() ) if account: permission_ok = await account.user_has_permission(user) if permission_ok and account: new_token = jwt_encode(user, account) return web.json_response(data={"jwt": new_token.decode("utf-8")}) return web.json_response(status=HTTPStatus.FORBIDDEN)
async def change_account(request: web.Request): account_id: str = request.match_info["account_id"] user = await User.from_alchemy_obj(request["user"]) permission_ok = False new_token = b"" account = await AccountsService.get_account_by_id(int(account_id), AccountsBackend()) if account: permission_ok = await account.user_has_permission(user) if permission_ok and account: new_token = jwt_encode(user, account) return web.json_response(data={"jwt": new_token.decode("utf-8")}) return web.json_response(status=403)
async def test_jwt_me_returns_user_info_with_alternate_accounts(self): """ Conferir que a lista de contas alternativas, *não inclui* a conta atual, que está no token JWT """ user = User(**USER_WITH_MULTIPLE_ACCOUNTS_DICT) account = Account(**ACCOUNT_DEV_DICT) jwt_token = jwt_encode(user, account) resp = await self.client.get( "/users/me", headers={"Authorization": f"JWT {jwt_token.decode('utf-8')}"}, ) self.assertEqual(200, resp.status) data = await resp.json() self.assertDictEqual( { "user": { "name": USER_WITH_MULTIPLE_ACCOUNTS_NAME, "email": USER_WITH_MULTIPLE_ACCOUNTS_EMAIL, "id": USER_WITH_MULTIPLE_ACCOUNTS_ID, "errors": {}, "type": "ASGARD", }, "current_account": { "id": ACCOUNT_DEV_ID, "errors": {}, "type": "ASGARD", "name": ACCOUNT_DEV_NAME, "namespace": ACCOUNT_DEV_NAMESPACE, "owner": ACCOUNT_DEV_OWNER, }, "accounts": [{ "id": 11, "errors": {}, "type": "ASGARD", "name": ACCOUNT_INFRA_NAME, "namespace": ACCOUNT_INFRA_NAMESPACE, "owner": ACCOUNT_INFRA_OWNER, }], }, data, )
async def test_account_permission_ok(self): jwt_token = jwt_encode( User(**USER_WITH_MULTIPLE_ACCOUNTS_DICT), Account(**ACCOUNT_DEV_DICT), ) resp = await self.client.get( f"/accounts/{ACCOUNT_INFRA_ID}/auth", headers={"Authorization": f"JWT {jwt_token.decode('utf-8')}"}, ) self.assertEqual(200, resp.status) data = await resp.json() returned_token = jwt.decode(data["jwt"], key=SECRET_KEY) self.assertDictEqual( User(**USER_WITH_MULTIPLE_ACCOUNTS_DICT).dict(), returned_token["user"], ) self.assertDictEqual( Account(**ACCOUNT_INFRA_DICT).dict(), returned_token["current_account"], )
async def test_jwt_token_populate_request_user_if_key_is_valid(self): """ Populates request.user if authentication is successful """ user = User(**USER_WITH_MULTIPLE_ACCOUNTS_DICT) account = Account(**ACCOUNT_INFRA_DICT) jwt_token = jwt_encode(user, account) auth_header = { "Authorization": "JWT {}".format(jwt_token.decode("utf-8")) } resp = await self.client.get("/", headers=auth_header) data = await resp.json() self.assertEqual(200, resp.status) self.assertEqual( { "id": USER_WITH_MULTIPLE_ACCOUNTS_ID, "email": USER_WITH_MULTIPLE_ACCOUNTS_EMAIL, }, data["user"], )
def generate_jwt_token_for_user(self, user, account): return jwt_encode(user, account)