def test_views_auth_modes(self):
assert not is_auth_enabled()
with self.app.app_context():
assert is_auth_enabled()
# JWT authentication mode enabled
response = self.get_items(extra_uri='modes')
assert response.status_code == 200
assert response.json['auth_modes'] == ['JWT']
def test_views_auth_enabled_no_modes(self):
assert not is_auth_enabled()
with self.app.app_context():
assert not is_auth_enabled()
# no authentication mode enabled
response = self.get_items(extra_uri='modes')
assert response.status_code == 200
assert response.json['auth_modes'] == []
# Get some protected datas (no need to be logged in)
response = self._get_protected_resources()
assert response.status_code == 200
def test_views_auth_demo_disabled(self):
assert not is_auth_enabled()
with self.app.app_context():
assert not is_auth_enabled()
# authentication is disabled, demo too
# /auth/modes endpoint not loaded
response = self.get_items(extra_uri='modes')
assert response.status_code == 404
# /auth/demo/private endpoint not loaded
response = self._get_private_content()
assert response.status_code == 404
def test_views_auth_demo_modes_enabled(self):
# app context is not satisfied
assert not is_auth_enabled()
with self.app.app_context():
assert not is_auth_enabled()
# many authentication modes available
response = self.get_items(extra_uri='modes')
assert response.status_code == 200
assert response.json['auth_modes'] == ['JWT', 'CERTIFICATE']
# Get private content (access refused)
response = self._get_private_content()
assert response.status_code == 401
# WWW-Authenticate header is present to indicate the auth mode to use
assert 'WWW-Authenticate' in response.headers
def test_views_auth_disabled(self):
with self.app.app_context():
assert not is_auth_enabled()
# /auth/modes endpoint not loaded
response = self.get_items(extra_uri='modes')
assert response.status_code == 404
# Get some protected datas
response = self._get_protected_resources()
assert response.status_code == 200
def test_views_auth_demo_enabled(self):
assert not is_auth_enabled()
with self.app.app_context():
assert not is_auth_enabled()
# authentication (demo) is enabled
# no authentication mode enabled
response = self.get_items(extra_uri='modes')
assert response.status_code == 200
assert response.json['auth_modes'] == []
# Get private content (no need to be logged in)
response = self._get_private_content()
assert response.status_code == 200
assert response.json == 'Hello anonymous, access authorized!'
# Get private content with roles required (no need to be logged in)
response = self._get_private_content(case_num=0)
assert response.status_code == 200
assert response.json == 'Hello anonymous, access authorized!'
response = self._get_private_content(case_num=1)
assert response.status_code == 200
assert response.json == 'Hello anonymous, access authorized!'