def test_public_route(self, mock_authority_class):
mock_request = MagicMock()
with patch("gobapi.auth.routes.request", mock_request):
func = lambda *args, **kwargs: "Any result"
mock_authority = mock.MagicMock()
mock_authority.allows_access.return_value = True
mock_authority_class.return_value = mock_authority
wrapped_func = public_route("any rule", func)
mock_request.headers = {}
mock_request.args = {}
result = wrapped_func()
self.assertEqual(result, "Any result")
mock_request.headers = {}
mock_request.args = {'secure_arg': "any secure_arg"}
result = wrapped_func()
self.assertEqual(result, (mock.ANY, 403))
mock_request.headers = {}
mock_request.args = {}
mock_authority.allows_access.return_value = False
result = wrapped_func()
self.assertEqual(result, (mock.ANY, 403))
mock_authority.allows_access.return_value = True
mock_request.headers = {
ACCESS_TOKEN_HEADER: "any token",
}
result = wrapped_func()
self.assertEqual(result, (mock.ANY, 400))
def test_fraud_warning_issued(self, mock_fraud_warning, mock_request):
# Assure that compromised public requests are signalled
func = lambda *args, **kwargs: "Any result"
mock_request.headers = {REQUEST_USER: "******"}
wrapped_func = public_route("any rule", func)
wrapped_func()
mock_fraud_warning.assert_called()
def test_secure_headers_detected(self, mock_secure_headers):
mock_request = MagicMock()
with patch("gobapi.auth.routes.request", mock_request):
# Assure that public requests test for secure headers
func = lambda *args, **kwargs: "Any result"
wrapped_func = public_route("any rule", func)
wrapped_func()
mock_secure_headers.assert_called()
def test_fraud_warning_issued(self, mock_fraud_warning):
mock_request = MagicMock()
with patch("gobapi.auth.routes.request", mock_request):
# Assure that compromised public requests are signalled
func = lambda *args, **kwargs: "Any result"
mock_request.headers = {ACCESS_TOKEN_HEADER: "any token"}
wrapped_func = public_route("any rule", func)
wrapped_func()
mock_fraud_warning.assert_called()
def test_public_route(self, mock_request, mock_authority_class):
func = lambda *args, **kwargs: "Any result"
mock_authority = mock.MagicMock()
mock_authority.allows_access.return_value = True
mock_authority_class.return_value = mock_authority
wrapped_func = public_route("any rule", func)
mock_request.headers = {}
mock_request.args = {}
result = wrapped_func()
self.assertEqual(result, "Any result")
mock_request.headers = {}
mock_request.args = {'secure_arg': "any secure_arg"}
result = wrapped_func()
self.assertEqual(result, (mock.ANY, 403))
mock_request.headers = {}
mock_request.args = {}
mock_authority.allows_access.return_value = False
result = wrapped_func()
self.assertEqual(result, (mock.ANY, 403))
mock_authority.allows_access.return_value = True
mock_request.headers = {REQUEST_USER: "******"}
result = wrapped_func()
self.assertEqual(result, (mock.ANY, 400))
mock_request.headers = {REQUEST_ROLES: "any role"}
result = wrapped_func()
self.assertEqual(result, (mock.ANY, 400))
mock_request.headers = {
REQUEST_USER: "******",
REQUEST_ROLES: "any role"
}
result = wrapped_func()
self.assertEqual(result, (mock.ANY, 400))
def test_secure_headers_detected(self, mock_secure_headers, mock_request):
# Assure that public requests test for secure headers
func = lambda *args, **kwargs: "Any result"
wrapped_func = public_route("any rule", func)
wrapped_func()
mock_secure_headers.assert_called()