def test_raises_when_malformed_client_id(self, basic_auth_creds, pyramid_request): basic_auth_creds.return_value = ('foobar', 'somerandomsecret') with pytest.raises(ClientUnauthorized): util.request_auth_client(pyramid_request)
def test_raises_for_public_client(self, factories, basic_auth_creds, pyramid_request): auth_client = factories.AuthClient(authority='weylandindustries.com') basic_auth_creds.return_value = (auth_client.id, '') with pytest.raises(ClientUnauthorized): util.request_auth_client(pyramid_request)
def test_raises_when_client_secret_invalid(self, auth_client, basic_auth_creds, pyramid_request): basic_auth_creds.return_value = (auth_client.id, 'incorrectsecret') with pytest.raises(ClientUnauthorized): util.request_auth_client(pyramid_request)
def test_raises_when_no_client(self, basic_auth_creds, pyramid_request): basic_auth_creds.return_value = ('C69BA868-5089-4EE4-ABB6-63A1C38C395B', 'somerandomsecret') with pytest.raises(ClientUnauthorized): util.request_auth_client(pyramid_request)
def test_raises_for_invalid_client_grant_type(self, factories, basic_auth_creds, pyramid_request): auth_client = factories.ConfidentialAuthClient(authority='weylandindustries.com', grant_type=GrantType.authorization_code) basic_auth_creds.return_value = (auth_client.id, auth_client.secret) with pytest.raises(ClientUnauthorized): util.request_auth_client(pyramid_request)
def test_raises_for_invalid_client_grant_type(self, factories, basic_auth_creds, pyramid_request): auth_client = factories.ConfidentialAuthClient( authority='weylandindustries.com', grant_type=GrantType.authorization_code) basic_auth_creds.return_value = (auth_client.id, auth_client.secret) with pytest.raises(ClientUnauthorized): util.request_auth_client(pyramid_request)
def create(request): """ Create a user. This API endpoint allows authorised clients (those able to provide a valid Client ID and Client Secret) to create users in their authority. These users are created pre-activated, and are unable to log in to the web service directly. """ client = request_auth_client(request) schema = CreateUserAPISchema() appstruct = schema.validate(_json_payload(request)) validate_auth_client_authority(client, appstruct) appstruct['authority'] = client.authority user_unique_service = request.find_service(name='user_unique') try: user_unique_service.ensure_unique(appstruct, authority=client.authority) except DuplicateUserError as err: raise ConflictError(err) user_signup_service = request.find_service(name='user_signup') user = user_signup_service.signup(require_activation=False, **appstruct) presenter = UserJSONPresenter(user) return presenter.asdict()
def create(request): """ Create a user. This API endpoint allows authorised clients (those able to provide a valid Client ID and Client Secret) to create users in their authority. These users are created pre-activated, and are unable to log in to the web service directly. """ client = request_auth_client(request) schema = CreateUserAPISchema() appstruct = schema.validate(_json_payload(request)) validate_auth_client_authority(client, appstruct['authority']) appstruct['authority'] = client.authority user_unique_service = request.find_service(name='user_unique') try: user_unique_service.ensure_unique(appstruct, authority=client.authority) except DuplicateUserError as err: raise ConflictError(err) user_signup_service = request.find_service(name='user_signup') user = user_signup_service.signup(require_activation=False, **appstruct) presenter = UserJSONPresenter(user) return presenter.asdict()
def update(request): """ Update a user. This API endpoint allows authorised clients (those able to provide a valid Client ID and Client Secret) to update users in their authority. """ client = request_auth_client(request) user_svc = request.find_service(name='user') user = user_svc.fetch(request.matchdict['username'], client.authority) if user is None: raise HTTPNotFound() schema = UpdateUserAPISchema() appstruct = schema.validate(_json_payload(request)) _update_user(user, appstruct) presenter = UserJSONPresenter(user) return presenter.asdict()
def add_member(group, request): """Add a member to a given group. :raises HTTPNotFound: if the user is not found or if the use and group authorities don't match. """ client = request_auth_client(request) user_svc = request.find_service(name='user') group_svc = request.find_service(name='group') user = user_svc.fetch(request.matchdict['userid']) if user is None: raise HTTPNotFound() validate_auth_client_authority(client, user.authority) if user.authority != group.authority: raise HTTPNotFound() group_svc.member_join(group, user.userid) return HTTPNoContent()
def test_returns_client_when_valid_creds(self, pyramid_request, auth_client, valid_auth): client = util.request_auth_client(pyramid_request) assert client == auth_client
def test_raises_when_no_creds(self, pyramid_request, basic_auth_creds): with pytest.raises(ClientUnauthorized): util.request_auth_client(pyramid_request)