def test_admin_using_kwargs_permission_url(
self, mocked_generate_jwt, mocked_200_granted_permissions
):
try:
check_admin_permissions({}, fluidly_api_url=FLUIDLY_API_URL)
except ValueError:
pytest.fail("Unexpected ValueError")
def test_admin_passing_env_permission_url(
self,
mocked_generate_jwt,
mocked_200_granted_permissions,
mocked_env_permissions_url_path,
):
try:
check_admin_permissions({})
except ValueError:
pytest.fail("Unexpected ValueError")
def decorated_function(*args, **kwargs):
"""Retrieves the authentication information from Google Cloud Endpoints and passes it to user permissions service"""
encoded_info = request.headers.get("X-Endpoint-API-UserInfo", None)
if not encoded_info:
raise APIException(status=401, title="User is not authenticated")
info_json = base64_decode(encoded_info)
# First parsing of the decoded header string
user_info = json.loads(info_json)
# Claims are given as a string by Cloud Endpoints so we have
# to parse the claims attribute
claims = json.loads(user_info.get("claims", "{}"))
auth0_claims = claims.get("https://api.fluidly.com/app_metadata", {})
internal_claims = claims.get("https://api.fluidly.com/internal_metadata", {})
user_id_from_token = auth0_claims.get("userId", None)
try:
is_service_account = internal_claims.get("isServiceAccount", False)
if not is_service_account and not check_admin_permissions(claims):
raise APIException(status=403, title="User cannot access this resource")
except (
ValueError,
UserPermissionsPayloadException,
UserPermissionsRequestException,
):
raise APIException(
status=403, title="An issue occurred while fetching permissions"
)
g.user_id = user_id_from_token
return f(*args, **kwargs)
def test_admin_granted_permissions(
self, mocked_generate_jwt, mocked_200_granted_permissions
):
assert check_admin_permissions({}, fluidly_api_url=FLUIDLY_API_URL) == True
def test_admin_payload_exception_when_unavailable(
self, mocked_generate_jwt, mocked_500_permissions
):
with pytest.raises(UserPermissionsPayloadException):
check_admin_permissions({}, fluidly_api_url=FLUIDLY_API_URL)
def test_admin_required_permission_url(self):
with pytest.raises(ValueError, match="Please provide FLUIDLY_API_URL"):
check_admin_permissions({})