def test_remove_expired_tokens(self, monkeypatch: MonkeyPatch) -> None:
auth_settings = get_auth_settings()
def real_get_epoch() -> int:
return timegm(
datetime.utcnow().utctimetuple()) # seconds since epoch
assert abs(get_epoch() - real_get_epoch()) <= 1
def refresh_not_expired_epoch() -> int:
return real_get_epoch(
) + auth_settings.refresh_token_expire_seconds - 100
def refresh_expired_epoch() -> int:
return real_get_epoch(
) + auth_settings.refresh_token_expire_seconds + 100
with context_session() as session:
assert len(session.query(RefreshToken).all()) == 3
assert remove_expired_tokens(db=session) == 0
assert len(session.query(RefreshToken).all()) == 3
monkeypatch.setattr(fastapi_auth.auth_app, "get_epoch",
refresh_not_expired_epoch)
assert remove_expired_tokens(db=session) == 0
assert len(session.query(RefreshToken).all()) == 3
monkeypatch.setattr(fastapi_auth.auth_app, "get_epoch",
refresh_expired_epoch)
assert remove_expired_tokens(db=session) == 3
assert len(session.query(RefreshToken).all()) == 0
def test_session_rollback(debug_auth_app: FastAPI) -> None:
debug_client = TestClient(debug_auth_app)
rollback_endpoint = "/session_rollback"
non_rollback_endpoint = "/non_session_rollback"
class Sentinel(Exception):
pass
@debug_auth_app.get(rollback_endpoint)
def session_rollback(db: Session = Depends(get_db)) -> NoReturn:
user = User(username="******", hashed_password="******")
db.add(user)
raise Sentinel
@debug_auth_app.get(non_rollback_endpoint)
def session_non_rollback(db: Session = Depends(get_db)) -> None:
user = User(username="******",
hashed_password="******",
is_superuser=False)
db.add(user)
db.commit()
with context_session() as sess:
original_n_users = len(sess.query(User).all())
with pytest.raises(Sentinel):
debug_client.get(rollback_endpoint)
assert len(sess.query(User).all()) == original_n_users
debug_client.get(non_rollback_endpoint)
assert len(sess.query(User).all()) == original_n_users + 1
def test_sqlalchemy_logging(json_model: "Type[JsonModel]",
caplog: LogCaptureFixture) -> None:
with context_session() as db:
json_value = {"hello": "world"}
instance = json_model(json=json_value)
db.add(instance)
assert len(caplog.record_tuples) == 0
db.commit()
assert len(caplog.record_tuples) == 4
db.refresh(instance)
assert len(caplog.record_tuples) == 7
for name, level, _message in caplog.record_tuples:
assert name == "sqlalchemy.engine.base.Engine"
assert level == logging.INFO
id1_str = "".join(str(instance.id1).split("-"))
id2_str = "".join(str(instance.id2).split("-"))
assert [x[2] for x in caplog.record_tuples] == [
"BEGIN (implicit)",
"INSERT INTO json_model (id1, id2, json) VALUES (?, ?, ?)",
"('" + f"{id1_str}', '{id2_str}" + '\', \'{"hello": "world"}\')',
"COMMIT",
"BEGIN (implicit)",
"SELECT json_model.id1 AS json_model_id1, json_model.id2 AS json_model_id2, "
"json_model.json AS json_model_json, json_model.created_at AS "
"json_model_created_at, json_model.updated_at AS json_model_updated_at \n"
"FROM json_model \nWHERE json_model.id1 = ? AND json_model.id2 = ?",
f"('{id1_str}', '{id2_str}')",
]
def test_raise_integrity_error_rollback(json_model: "Type[JsonModel]",
raise_error: bool,
n_created: int) -> None:
with context_session() as db:
json_value = {"hello": "world"}
n_instances = len(db.query(json_model).all())
instance = json_model(json=json_value)
db.add(instance)
if raise_error:
with pytest.raises(HTTPException) as exc_info:
raise_integrity_error(db)
assert exc_info.value.status_code == HTTP_409_CONFLICT
db.commit()
assert len(db.query(json_model).all()) == n_instances + n_created
def test_create_user(self, admin_access_headers: Dict[str, str],
non_admin_access_headers: Dict[str, str],
registered_user: AuthUser) -> None:
user_create_request_1 = UserCreateRequest(username=username1,
password=password1)
create_user_url = self.debug_auth_app.url_path_for(
AdminAuthEndpointName.create_user)
body_json = jsonable_encoder(user_create_request_1)
message = self.request("POST",
create_user_url,
APIMessage,
HTTP_401_UNAUTHORIZED,
json=body_json)
assert message.detail == "Not authenticated"
message = self.request("POST",
create_user_url,
APIMessage,
HTTP_403_FORBIDDEN,
json=body_json,
headers=non_admin_access_headers)
assert message.detail == "Insufficient permissions"
user_create_request_2 = UserCreateRequest(username=username3,
password=password3,
email=email3)
body_json = jsonable_encoder(user_create_request_2)
created_user_model = self.request("POST",
create_user_url,
AuthUser,
json=body_json,
headers=admin_access_headers)
assert created_user_model.username == username3
assert created_user_model.email == email3
with context_session() as session:
created_user: User = session.query(User).get(
created_user_model.user_id)
assert created_user is not None
assert not created_user.is_superuser
assert created_user.email == email3
def setup_first_superuser(self, engine: sa.engine.Engine,
**extra_create_kwargs: Any) -> None:
settings = self.settings
username = settings.first_superuser
password = RawPassword(settings.first_superuser_password
) if settings.first_superuser_password else None
assert username, f"Invalid superuser username: {username}"
assert password, f"Invalid superuser password: {password}"
user_create = self.create_request_type(username=username,
password=password,
**extra_create_kwargs)
with context_session(engine) as session:
try:
self.create_user(db=session,
user_create_request=user_create,
is_superuser=True)
logger.info("First superuser created.")
except IntegrityError:
session.rollback()
logger.info("First superuser already exists.")
def remove_expired_tokens_task() -> None: # pragma: no cover
with context_session() as db:
remove_expired_tokens(db=db)