def test_lookup_request_user_session_oauth(dummy_user, mocker): assert _lookup_request_user() == (None, None) session.set_session_user(dummy_user) mocker.patch('indico.web.util.get_oauth_user').return_value = dummy_user with pytest.raises(BadRequest) as exc_info: _lookup_request_user() assert 'OAuth tokens and session cookies cannot be mixed' in str(exc_info.value)
def test_lookup_request_user_signed_url_oauth(dummy_user, mocker): assert _lookup_request_user() == (None, None) mocker.patch('indico.web.util.verify_signed_user_url').return_value = dummy_user mocker.patch('indico.web.util.get_oauth_user').return_value = dummy_user with pytest.raises(BadRequest) as exc_info: _lookup_request_user() assert 'OAuth tokens and signed URLs cannot be mixed' in str(exc_info.value)
def test_lookup_request_user_signed_url_not_allowed(create_user, dummy_user, mocker): assert _lookup_request_user(False) == (None, None) mocker.patch( 'indico.web.util.verify_signed_user_url').return_value = dummy_user with pytest.raises(BadRequest) as exc_info: _lookup_request_user(False) assert 'Signature auth is not allowed for this URL' in str(exc_info.value)
def test_lookup_request_user_oauth(dummy_user, mocker, method): request = mocker.patch('indico.web.util.request') request.method = method request.full_path = '/test' request.headers = {} assert _lookup_request_user() == (None, None) get_oauth_user = mocker.patch('indico.web.util.get_oauth_user') get_oauth_user.return_value = dummy_user assert _lookup_request_user() == (dummy_user, 'oauth') scopes = ['read:everything', 'full:everything'] if method == 'GET' else ['full:everything'] get_oauth_user.assert_called_with(scopes)
def test_lookup_request_user_signed_url(create_user, dummy_user, mocker): assert _lookup_request_user(True) == (None, None) mocker.patch('indico.web.util.verify_signed_user_url').return_value = dummy_user session.set_session_user(create_user(123)) # should be ignored assert _lookup_request_user(True) == (dummy_user, 'signed_url')
def test_lookup_request_user_session(dummy_user): assert _lookup_request_user() == (None, None) session.set_session_user(dummy_user) assert _lookup_request_user() == (dummy_user, 'session')