def test_applicable_admin(self):
os.environ.update({
'USER_EMAIL': '*****@*****.**',
'USER_ID': '123',
'USER_IS_ADMIN': '1',
})
# Actual request is not used by CookieAuthentication.
self.assertEqual((
model.Identity(model.IDENTITY_USER, '*****@*****.**'),
api.new_auth_details(is_superuser=True),
), handler.gae_cookie_authentication(webapp2.Request({})))
def test_happy_path(self):
ident, details = self.call({
'aud': 'https://example.com',
'google': {
'compute_engine': {
'project_id': 'proj',
'instance_name': 'inst',
},
},
})
self.assertEqual(ident.to_bytes(), 'bot:[email protected]')
self.assertEqual(
details,
api.new_auth_details(gce_instance='inst', gce_project='proj'))
def test_custom_realm_and_app_version(self):
ident, details = self.call({
'aud': 'https://123-dot-example.com',
'google': {
'compute_engine': {
'project_id': 'domain.com:proj',
'instance_name': 'inst',
},
},
})
self.assertEqual(ident.to_bytes(), 'bot:[email protected]')
self.assertEqual(
details,
api.new_auth_details(gce_instance='inst',
gce_project='domain.com:proj'))
def test_auth_method_order(self):
"""Registered auth methods are tested in order."""
test = self
calls = []
ident = model.Identity(model.IDENTITY_USER, '*****@*****.**')
auth_details = api.new_auth_details()
def not_applicable(request):
self.assertEqual('/request', request.path)
calls.append('not_applicable')
return None, None
def applicable(request):
self.assertEqual('/request', request.path)
calls.append('applicable')
return ident, auth_details
class Handler(handler.AuthenticatingHandler):
@classmethod
def get_auth_methods(cls, conf):
return [not_applicable, applicable]
@api.public
def get(self):
test.assertEqual(ident, api.get_current_identity())
test.assertIs(auth_details, api.get_auth_details())
self.response.write('OK')
app = self.make_test_app('/request', Handler)
self.assertEqual('OK', app.get('/request').body)
# Both methods should be tried.
expected_calls = [
'not_applicable',
'applicable',
]
self.assertEqual(expected_calls, calls)
def test_is_allowed_oauth_client_id_ok(self):
self.mock_all('*****@*****.**', 'some-client-id', ['some-client-id'])
self.assertEqual(
(self.user('*****@*****.**'), api.new_auth_details()),
api.extract_oauth_caller_identity())