Changeset View
Changeset View
Standalone View
Standalone View
swh/web/tests/auth/test_api_auth.py
Show First 20 Lines • Show All 76 Lines • ▼ Show 20 Lines | def test_drf_oidc_bearer_token_auth_failure(mocker, api_client): | ||||
response = api_client.get(url) | response = api_client.get(url) | ||||
request = response.wsgi_request | request = response.wsgi_request | ||||
assert response.status_code == 403 | assert response.status_code == 403 | ||||
assert isinstance(request.user, AnonymousUser) | assert isinstance(request.user, AnonymousUser) | ||||
# check for failed authentication when token format is invalid | # check for failed authentication when token format is invalid | ||||
mock_keycloak(mocker) | mock_keycloak(mocker) | ||||
api_client.credentials(HTTP_AUTHORIZATION=f"Bearer invalid-token-format") | api_client.credentials(HTTP_AUTHORIZATION="Bearer invalid-token-format") | ||||
response = api_client.get(url) | response = api_client.get(url) | ||||
request = response.wsgi_request | request = response.wsgi_request | ||||
assert response.status_code == 403 | assert response.status_code == 403 | ||||
assert isinstance(request.user, AnonymousUser) | assert isinstance(request.user, AnonymousUser) | ||||
def test_drf_oidc_auth_invalid_or_missing_authorization_type(api_client): | def test_drf_oidc_auth_invalid_or_missing_authorization_type(api_client): | ||||
url = reverse("api-1-stat-counters") | url = reverse("api-1-stat-counters") | ||||
access_token = sample_data.oidc_profile["access_token"] | access_token = sample_data.oidc_profile["access_token"] | ||||
# missing authorization type | # missing authorization type | ||||
api_client.credentials(HTTP_AUTHORIZATION=f"{access_token}") | api_client.credentials(HTTP_AUTHORIZATION=f"{access_token}") | ||||
response = api_client.get(url) | response = api_client.get(url) | ||||
request = response.wsgi_request | request = response.wsgi_request | ||||
assert response.status_code == 403 | assert response.status_code == 403 | ||||
assert isinstance(request.user, AnonymousUser) | assert isinstance(request.user, AnonymousUser) | ||||
# invalid authorization type | # invalid authorization type | ||||
api_client.credentials(HTTP_AUTHORIZATION=f"Foo token") | api_client.credentials(HTTP_AUTHORIZATION="Foo token") | ||||
response = api_client.get(url) | response = api_client.get(url) | ||||
request = response.wsgi_request | request = response.wsgi_request | ||||
assert response.status_code == 403 | assert response.status_code == 403 | ||||
assert isinstance(request.user, AnonymousUser) | assert isinstance(request.user, AnonymousUser) |