def test_blueprint_enable_openapi_with_methodview(app, client):
auth = HTTPBasicAuth()
@app.get('/hello')
@auth_required(auth)
def hello():
pass
bp = APIBlueprint('foo', __name__, tag='test', enable_openapi=False)
auth = HTTPTokenAuth()
@bp.before_request
@auth_required(auth)
def before():
pass
@bp.route('/foo')
class Foo(MethodView):
def get(self):
pass
def post(self):
pass
app.register_blueprint(bp)
rv = client.get('/foo')
assert rv.status_code == 401
rv = client.get('/openapi.json')
assert rv.status_code == 200
validate_spec(rv.json)
assert rv.json['tags'] == []
assert '/hello' in rv.json['paths']
assert '/foo' not in rv.json['paths']
assert 'BearerAuth' not in rv.json['components']['securitySchemes']
def test_auth_error_schema_bad_type(app):
app.config['AUTH_ERROR_SCHEMA'] = 'schema'
auth = HTTPBasicAuth()
@app.post('/foo')
@auth_required(auth)
def foo():
pass
with pytest.raises(RuntimeError):
app.spec
def test_auth_error_schema(app, client):
auth = HTTPBasicAuth()
@app.post('/foo')
@auth_required(auth)
def foo():
pass
rv = client.get('/openapi.json')
assert rv.status_code == 200
validate_spec(rv.json)
assert rv.json['paths']['/foo']['post']['responses']['401']
assert 'HTTPError' in rv.json['components']['schemas']
def test_auth_error_schema(app, client, schema):
app.config['AUTH_ERROR_SCHEMA'] = schema
auth = HTTPBasicAuth()
@app.post('/foo')
@auth_required(auth)
def foo():
pass
rv = client.get('/openapi.json')
assert rv.status_code == 200
validate_spec(rv.json)
assert rv.json['paths']['/foo']['post']['responses']['401']
assert rv.json['paths']['/foo']['post']['responses']['401'][
'description'] == 'Authentication error'
assert 'AuthorizationError' in rv.json['components']['schemas']
def test_auth_error_status_code_and_description(app, client):
app.config['AUTH_ERROR_STATUS_CODE'] = 403
app.config['AUTH_ERROR_DESCRIPTION'] = 'Bad'
auth = HTTPBasicAuth()
@app.post('/foo')
@auth_required(auth)
def foo():
pass
rv = client.get('/openapi.json')
assert rv.status_code == 200
validate_spec(rv.json)
assert rv.json['paths']['/foo']['post']['responses']['403'] is not None
assert rv.json['paths']['/foo']['post']['responses']['403'][
'description'] == 'Bad'
def test_current_user_as_property(app, client):
auth = HTTPBasicAuth()
@auth.verify_password
def verify_password(username, password):
if username == 'foo' and password == 'bar':
return {'user': '******'}
@app.route('/foo')
@auth_required(auth)
def foo():
return auth.current_user
rv = client.get('/foo', headers={'Authorization': 'Basic Zm9vOmJhcg=='})
assert rv.status_code == 200
assert rv.json == {'user': '******'}
def test_auto_auth_error_response(app, client, config_value):
app.config['AUTO_AUTH_ERROR_RESPONSE'] = config_value
auth = HTTPBasicAuth()
@app.post('/foo')
@auth_required(auth)
def foo():
pass
rv = client.get('/openapi.json')
assert rv.status_code == 200
validate_spec(rv.json)
assert bool('401' in rv.json['paths']['/foo']['post']['responses']) is config_value
if config_value:
assert 'AuthorizationError' in rv.json['components']['schemas']
assert '#/components/schemas/AuthorizationError' in \
rv.json['paths']['/foo']['post']['responses']['401'][
'content']['application/json']['schema']['$ref']
def test_auth_required(app, client):
auth = HTTPBasicAuth()
@auth.verify_password
def verify_password(username, password):
if username == 'foo' and password == 'bar':
return {'user': '******'}
elif username == 'bar' and password == 'foo':
return {'user': '******'}
@auth.get_user_roles
def get_roles(user):
if user['user'] == 'bar':
return 'admin'
return 'normal'
@app.route('/foo')
@auth_required(auth)
def foo():
return auth.current_user
@app.route('/bar')
@auth_required(auth, role='admin')
def bar():
return auth.current_user
rv = client.get('/foo')
assert rv.status_code == 401
rv = client.get('/foo', headers={'Authorization': 'Basic Zm9vOmJhcg=='})
assert rv.status_code == 200
assert rv.json == {'user': '******'}
rv = client.get('/bar', headers={'Authorization': 'Basic Zm9vOmJhcg=='})
assert rv.status_code == 403
rv = client.get('/foo', headers={'Authorization': 'Basic YmFyOmZvbw=='})
assert rv.status_code == 200
assert rv.json == {'user': '******'}
rv = client.get('/bar', headers={'Authorization': 'Basic YmFyOmZvbw=='})
assert rv.status_code == 200
assert rv.json == {'user': '******'}
def test_auth_required(app, client):
auth = HTTPBasicAuth()
@auth.verify_password
def verify_password(username, password):
if username == 'foo' and password == 'bar':
return {'user': '******'}
elif username == 'bar' and password == 'foo':
return {'user': '******'}
elif username == 'baz' and password == 'baz':
return {'user': '******'}
@auth.get_user_roles
def get_roles(user):
if user['user'] == 'bar':
return 'admin'
elif user['user'] == 'baz':
return 'moderator'
return 'normal'
@app.route('/foo')
@auth_required(auth)
def foo():
return auth.current_user
@app.route('/bar')
@auth_required(auth, role='admin')
def bar():
return auth.current_user
@app.route('/baz')
@auth_required(auth, roles=['admin', 'moderator'])
def baz():
return auth.current_user
rv = client.get('/foo')
assert rv.status_code == 401
rv = client.get('/foo', headers={'Authorization': 'Basic Zm9vOmJhcg=='})
assert rv.status_code == 200
assert rv.json == {'user': '******'}
rv = client.get('/bar', headers={'Authorization': 'Basic Zm9vOmJhcg=='})
assert rv.status_code == 403
rv = client.get('/foo', headers={'Authorization': 'Basic YmFyOmZvbw=='})
assert rv.status_code == 200
assert rv.json == {'user': '******'}
rv = client.get('/bar', headers={'Authorization': 'Basic YmFyOmZvbw=='})
assert rv.status_code == 200
assert rv.json == {'user': '******'}
rv = client.get('/baz', headers={'Authorization': 'Basic Zm9vOmJhcg=='})
assert rv.status_code == 403
rv = client.get('/baz', headers={'Authorization': 'Basic YmFyOmZvbw=='})
assert rv.status_code == 200
assert rv.json == {'user': '******'}
rv = client.get('/baz', headers={'Authorization': 'Basic YmF6OmJheg=='})
assert rv.status_code == 200
assert rv.json == {'user': '******'}
rv = client.get('/openapi.json')
assert rv.status_code == 200
validate_spec(rv.json)
assert 'BasicAuth' in rv.json['components']['securitySchemes']
assert rv.json['components']['securitySchemes']['BasicAuth'] == {
'scheme': 'Basic',
'type': 'http'
}
assert 'BasicAuth' in rv.json['paths']['/foo']['get']['security'][0]
assert 'BasicAuth' in rv.json['paths']['/bar']['get']['security'][0]
assert 'BasicAuth' in rv.json['paths']['/baz']['get']['security'][0]
def test_auth_required_at_app_before_request(app, client):
auth = HTTPBasicAuth()
@auth.verify_password
def verify_password(username, password):
if username == 'foo' and password == 'bar':
return {'user': '******'}
@app.before_request
@auth_required(auth)
def before():
pass
@app.get('/foo')
def foo():
pass
@app.route('/bar')
class Bar(MethodView):
def get(self):
pass
def post(self):
pass
bp = APIBlueprint('test', __name__)
@bp.get('/baz')
def baz():
pass
@bp.get('/eggs')
def eggs():
pass
app.register_blueprint(bp)
rv = client.get('/foo')
assert rv.status_code == 401
rv = client.get('/bar')
assert rv.status_code == 401
rv = client.post('/bar')
assert rv.status_code == 401
rv = client.get('/baz')
assert rv.status_code == 401
rv = client.get('/eggs')
assert rv.status_code == 401
rv = client.get('/openapi.json',
headers={'Authorization': 'Basic Zm9vOmJhcg=='})
assert rv.status_code == 200
validate_spec(rv.json)
assert 'BasicAuth' in rv.json['components']['securitySchemes']
assert rv.json['components']['securitySchemes']['BasicAuth'] == {
'scheme': 'Basic',
'type': 'http'
}
assert 'BasicAuth' in rv.json['paths']['/foo']['get']['security'][0]
assert 'BasicAuth' in rv.json['paths']['/bar']['get']['security'][0]
assert 'BasicAuth' in rv.json['paths']['/bar']['post']['security'][0]
assert 'BasicAuth' in rv.json['paths']['/baz']['get']['security'][0]
assert 'BasicAuth' in rv.json['paths']['/eggs']['get']['security'][0]
