async def test_add(factory: ComponentFactory) -> None: admin_service = factory.create_admin_service() async with factory.session.begin(): assert await admin_service.get_admins() == [Admin(username="******")] await admin_service.add_admin( "example", actor="admin", ip_address="192.168.0.1" ) async with factory.session.begin(): assert await admin_service.get_admins() == [ Admin(username="******"), Admin(username="******"), ] assert await admin_service.is_admin("example") assert not await admin_service.is_admin("foo") async with factory.session.begin(): with pytest.raises(PermissionDeniedError): await admin_service.add_admin( "foo", actor="bar", ip_address="127.0.0.1" ) async with factory.session.begin(): await admin_service.add_admin( "foo", actor="<bootstrap>", ip_address="127.0.0.1" ) async with factory.session.begin(): assert await admin_service.is_admin("foo") assert not await admin_service.is_admin("<bootstrap>")
async def test_admins(client: AsyncClient, factory: ComponentFactory) -> None: r = await client.get("/auth/api/v1/admins") assert r.status_code == 401 token_data = await create_session_token(factory) r = await client.get( "/auth/api/v1/admins", headers={"Authorization": f"bearer {token_data.token}"}, ) assert r.status_code == 403 assert r.json()["detail"][0] == { "msg": "Token does not have required scope admin:token", "type": "permission_denied", } token_data = await create_session_token(factory, scopes=["admin:token"]) r = await client.get( "/auth/api/v1/admins", headers={"Authorization": f"bearer {token_data.token}"}, ) assert r.status_code == 200 assert r.json() == [{"username": "******"}] admin_service = factory.create_admin_service() async with factory.session.begin(): await admin_service.add_admin( "example", actor="admin", ip_address="127.0.0.1" ) r = await client.get( "/auth/api/v1/admins", headers={"Authorization": f"bearer {token_data.token}"}, ) assert r.status_code == 200 assert r.json() == [{"username": "******"}, {"username": "******"}]
async def test_github_admin(client: AsyncClient, respx_mock: respx.Router, factory: ComponentFactory) -> None: """Test that a token administrator gets the admin:token scope.""" admin_service = factory.create_admin_service() async with factory.session.begin(): await admin_service.add_admin("someuser", actor="admin", ip_address="127.0.0.1") user_info = GitHubUserInfo( name="A User", username="******", uid=1000, email="*****@*****.**", teams=[GitHubTeam(slug="a-team", gid=1000, organization="ORG")], ) r = await simulate_github_login(client, respx_mock, user_info) assert r.status_code == 307 # The user should have admin:token scope. r = await client.get("/auth", params={"scope": "admin:token"}) assert r.status_code == 200