Changeset View
Changeset View
Standalone View
Standalone View
swh/web/tests/auth/test_api_auth.py
| Show First 20 Lines • Show All 76 Lines • ▼ Show 20 Lines | def test_drf_oidc_bearer_token_auth_failure(mocker, api_client): | ||||
| response = api_client.get(url) | response = api_client.get(url) | ||||
| request = response.wsgi_request | request = response.wsgi_request | ||||
| assert response.status_code == 403 | assert response.status_code == 403 | ||||
| assert isinstance(request.user, AnonymousUser) | assert isinstance(request.user, AnonymousUser) | ||||
| # check for failed authentication when token format is invalid | # check for failed authentication when token format is invalid | ||||
| mock_keycloak(mocker) | mock_keycloak(mocker) | ||||
| api_client.credentials(HTTP_AUTHORIZATION=f"Bearer invalid-token-format") | api_client.credentials(HTTP_AUTHORIZATION="Bearer invalid-token-format") | ||||
| response = api_client.get(url) | response = api_client.get(url) | ||||
| request = response.wsgi_request | request = response.wsgi_request | ||||
| assert response.status_code == 403 | assert response.status_code == 403 | ||||
| assert isinstance(request.user, AnonymousUser) | assert isinstance(request.user, AnonymousUser) | ||||
| def test_drf_oidc_auth_invalid_or_missing_authorization_type(api_client): | def test_drf_oidc_auth_invalid_or_missing_authorization_type(api_client): | ||||
| url = reverse("api-1-stat-counters") | url = reverse("api-1-stat-counters") | ||||
| access_token = sample_data.oidc_profile["access_token"] | access_token = sample_data.oidc_profile["access_token"] | ||||
| # missing authorization type | # missing authorization type | ||||
| api_client.credentials(HTTP_AUTHORIZATION=f"{access_token}") | api_client.credentials(HTTP_AUTHORIZATION=f"{access_token}") | ||||
| response = api_client.get(url) | response = api_client.get(url) | ||||
| request = response.wsgi_request | request = response.wsgi_request | ||||
| assert response.status_code == 403 | assert response.status_code == 403 | ||||
| assert isinstance(request.user, AnonymousUser) | assert isinstance(request.user, AnonymousUser) | ||||
| # invalid authorization type | # invalid authorization type | ||||
| api_client.credentials(HTTP_AUTHORIZATION=f"Foo token") | api_client.credentials(HTTP_AUTHORIZATION="Foo token") | ||||
| response = api_client.get(url) | response = api_client.get(url) | ||||
| request = response.wsgi_request | request = response.wsgi_request | ||||
| assert response.status_code == 403 | assert response.status_code == 403 | ||||
| assert isinstance(request.user, AnonymousUser) | assert isinstance(request.user, AnonymousUser) | ||||