async def test_claims_requirement_mapping():
requirement = ClaimsRequirement({'name': 'Charlie'})
context = AuthorizationContext(User({'name': 'Charlie'}), [requirement])
requirement.handle(context)
assert context.has_succeeded
context = AuthorizationContext(User({'name': 'Sally'}), [requirement])
await requirement.handle(context)
assert context.has_succeeded is False
async def test_claims_requirement_sequence():
requirement = ClaimsRequirement(['name', 'foo'])
context = AuthorizationContext(User({'name': 'Charlie', 'foo': 'foo'}), [requirement])
requirement.handle(context)
assert context.has_succeeded
context = AuthorizationContext(User({'name': 'Charlie', 'ufo': 'nope'}), [requirement])
requirement.handle(context)
assert context.has_succeeded is False
def test_authenticated_requirement_succeeds_with_identity():
requirement = AuthenticatedRequirement()
context = AuthorizationContext(User({}, 'oidc'), [requirement])
requirement.handle(context)
assert context.has_succeeded
def test_claims_requirement_fails_for_missing_identity():
requirement = ClaimsRequirement('name')
context = AuthorizationContext(None, [requirement])
requirement.handle(context)
assert context.forced_failure == 'Missing identity'
def _handle_with_policy(policy: Policy, identity: Identity):
with AuthorizationContext(identity, policy.requirements) as context:
for requirement in policy.requirements:
requirement.handle(context)
if not context.has_succeeded:
raise UnauthorizedError(context.forced_failure,
context.pending_requirements)
async def _handle_with_policy(policy: Policy, identity: Identity):
with AuthorizationContext(identity, policy.requirements) as context:
for requirement in policy.requirements:
if isinstance(requirement, SyncRequirement):
requirement.handle(context)
else:
await requirement.handle(context)
if not context.has_succeeded:
raise UnauthorizedError(context.forced_failure,
context.pending_requirements)
def handle(self, context: AuthorizationContext):
identity = context.identity
if identity is not None and identity.claims.get("role") == "admin":
context.succeed(self)
async def handle(self, context: AuthorizationContext):
context.succeed(self)
async def handle(self, context: AuthorizationContext):
assert context.identity is not None
if context.identity.has_claim_value('name', self.expected_name):
context.succeed(self)
async def handle(self, context: AuthorizationContext):
context.succeed(self)
context.fail('Crash Test') # <-- force failure
def handle(self, context: AuthorizationContext):
identity = context.identity
if identity is not None and identity['role'] == 'admin':
context.succeed(self)
