async def test_claims_requirement_mapping(): requirement = ClaimsRequirement({'name': 'Charlie'}) context = AuthorizationContext(User({'name': 'Charlie'}), [requirement]) requirement.handle(context) assert context.has_succeeded context = AuthorizationContext(User({'name': 'Sally'}), [requirement]) await requirement.handle(context) assert context.has_succeeded is False
async def test_claims_requirement_sequence(): requirement = ClaimsRequirement(['name', 'foo']) context = AuthorizationContext(User({'name': 'Charlie', 'foo': 'foo'}), [requirement]) requirement.handle(context) assert context.has_succeeded context = AuthorizationContext(User({'name': 'Charlie', 'ufo': 'nope'}), [requirement]) requirement.handle(context) assert context.has_succeeded is False
def test_authenticated_requirement_succeeds_with_identity(): requirement = AuthenticatedRequirement() context = AuthorizationContext(User({}, 'oidc'), [requirement]) requirement.handle(context) assert context.has_succeeded
def test_claims_requirement_fails_for_missing_identity(): requirement = ClaimsRequirement('name') context = AuthorizationContext(None, [requirement]) requirement.handle(context) assert context.forced_failure == 'Missing identity'
def _handle_with_policy(policy: Policy, identity: Identity): with AuthorizationContext(identity, policy.requirements) as context: for requirement in policy.requirements: requirement.handle(context) if not context.has_succeeded: raise UnauthorizedError(context.forced_failure, context.pending_requirements)
async def _handle_with_policy(policy: Policy, identity: Identity): with AuthorizationContext(identity, policy.requirements) as context: for requirement in policy.requirements: if isinstance(requirement, SyncRequirement): requirement.handle(context) else: await requirement.handle(context) if not context.has_succeeded: raise UnauthorizedError(context.forced_failure, context.pending_requirements)
def handle(self, context: AuthorizationContext): identity = context.identity if identity is not None and identity.claims.get("role") == "admin": context.succeed(self)
async def handle(self, context: AuthorizationContext): context.succeed(self)
async def handle(self, context: AuthorizationContext): assert context.identity is not None if context.identity.has_claim_value('name', self.expected_name): context.succeed(self)
async def handle(self, context: AuthorizationContext): context.succeed(self) context.fail('Crash Test') # <-- force failure
def handle(self, context: AuthorizationContext): identity = context.identity if identity is not None and identity['role'] == 'admin': context.succeed(self)