def test_denies_valid_macaroon_for_incorrect_permission( self, monkeypatch, invalid_permission): macaroon_service = pretend.stub( verify=pretend.call_recorder(lambda *a: pretend.stub())) request = pretend.stub(find_service=pretend.call_recorder( lambda interface, **kw: macaroon_service)) get_current_request = pretend.call_recorder(lambda: request) monkeypatch.setattr(auth_policy, "get_current_request", get_current_request) _extract_http_macaroon = pretend.call_recorder( lambda r: b"not a real macaroon") monkeypatch.setattr(auth_policy, "_extract_http_macaroon", _extract_http_macaroon) permits = pretend.stub() backing_policy = pretend.stub( permits=pretend.call_recorder(lambda *a, **kw: permits)) policy = auth_policy.MacaroonAuthorizationPolicy(policy=backing_policy) result = policy.permits(pretend.stub(), pretend.stub(), invalid_permission) assert result == Denied("") assert result.s == ( f"API tokens are not valid for permission: {invalid_permission}!")
def test_principals_allowed_by_permission(self): principals = pretend.stub() backing_policy = pretend.stub(principals_allowed_by_permission=pretend. call_recorder(lambda *a: principals)) policy = auth_policy.MacaroonAuthorizationPolicy(policy=backing_policy) assert (policy.principals_allowed_by_permission( pretend.stub(), pretend.stub()) is principals)
def test_permits_no_active_request(self, monkeypatch): get_current_request = pretend.call_recorder(lambda: None) monkeypatch.setattr(auth_policy, "get_current_request", get_current_request) backing_policy = pretend.stub( permits=pretend.call_recorder(lambda *a, **kw: pretend.stub()) ) policy = auth_policy.MacaroonAuthorizationPolicy(policy=backing_policy) result = policy.permits(pretend.stub(), pretend.stub(), pretend.stub()) assert result == Denied("There was no active request.")
def test_permits_no_macaroon(self, monkeypatch): request = pretend.stub() get_current_request = pretend.call_recorder(lambda: request) monkeypatch.setattr(auth_policy, "get_current_request", get_current_request) _extract_http_macaroon = pretend.call_recorder(lambda r: None) monkeypatch.setattr(auth_policy, "_extract_http_macaroon", _extract_http_macaroon) permits = pretend.stub() backing_policy = pretend.stub( permits=pretend.call_recorder(lambda *a, **kw: permits)) policy = auth_policy.MacaroonAuthorizationPolicy(policy=backing_policy) result = policy.permits(pretend.stub(), pretend.stub(), pretend.stub()) assert result == permits
def test_permits_invalid_macaroon(self, monkeypatch): macaroon_service = pretend.stub(verify=pretend.raiser(InvalidMacaroon("foo"))) request = pretend.stub( find_service=pretend.call_recorder(lambda interface, **kw: macaroon_service) ) get_current_request = pretend.call_recorder(lambda: request) monkeypatch.setattr(auth_policy, "get_current_request", get_current_request) _extract_http_macaroon = pretend.call_recorder(lambda r: b"not a real macaroon") monkeypatch.setattr( auth_policy, "_extract_http_macaroon", _extract_http_macaroon ) permits = pretend.stub() backing_policy = pretend.stub( permits=pretend.call_recorder(lambda *a, **kw: permits) ) policy = auth_policy.MacaroonAuthorizationPolicy(policy=backing_policy) result = policy.permits(pretend.stub(), pretend.stub(), pretend.stub()) assert result == Denied("The supplied token was invalid: foo")