def app(monkeypatch): os.environ['TOKENINFO_URL'] = 'https://ouath.example/token_info' app = setup_webapp(FakeConfig()) app_client = app.app.test_client() monkeypatch.setattr(lizzy.api, 'Stack', FakeStack) return app_client
def test_security_now_allowed_user_pattern(monkeypatch, mock_senza): os.environ['TOKENINFO_URL'] = 'https://ouath.example/token_info' class AllowedOtherUsersConfig(FakeConfig): def __init__(self): super().__init__() self.allowed_users = None self.allowed_user_pattern = '^somethingelse_.*' app = setup_webapp(AllowedOtherUsersConfig()) app_client = app.app.test_client() monkeypatch.setattr(lizzy.security, 'Configuration', AllowedOtherUsersConfig) monkeypatch.setattr(lizzy.api, 'Stack', FakeStack) stacks_response = app_client.get('/api/stacks', headers=GOOD_HEADERS) assert stacks_response.status_code == 403