Changeset View
Changeset View
Standalone View
Standalone View
swh/web/tests/auth/test_backends.py
Show First 20 Lines • Show All 115 Lines • ▼ Show 20 Lines | def test_drf_oidc_bearer_token_auth_backend_failure(mocker, api_request_factory): | ||||
with pytest.raises(AuthenticationFailed): | with pytest.raises(AuthenticationFailed): | ||||
drf_auth_backend.authenticate(request) | drf_auth_backend.authenticate(request) | ||||
# simulate a failed authentication with an invalid bearer token format | # simulate a failed authentication with an invalid bearer token format | ||||
mock_keycloak(mocker) | mock_keycloak(mocker) | ||||
request = api_request_factory.get( | request = api_request_factory.get( | ||||
url, HTTP_AUTHORIZATION=f"Bearer invalid-token-format" | url, HTTP_AUTHORIZATION="Bearer invalid-token-format" | ||||
) | ) | ||||
with pytest.raises(AuthenticationFailed): | with pytest.raises(AuthenticationFailed): | ||||
drf_auth_backend.authenticate(request) | drf_auth_backend.authenticate(request) | ||||
def test_drf_oidc_auth_invalid_or_missing_auth_type(api_request_factory): | def test_drf_oidc_auth_invalid_or_missing_auth_type(api_request_factory): | ||||
url = reverse("api-1-stat-counters") | url = reverse("api-1-stat-counters") | ||||
drf_auth_backend = OIDCBearerTokenAuthentication() | drf_auth_backend = OIDCBearerTokenAuthentication() | ||||
access_token = sample_data.oidc_profile["access_token"] | access_token = sample_data.oidc_profile["access_token"] | ||||
# Invalid authorization type | # Invalid authorization type | ||||
request = api_request_factory.get(url, HTTP_AUTHORIZATION=f"Foo token") | request = api_request_factory.get(url, HTTP_AUTHORIZATION="Foo token") | ||||
with pytest.raises(AuthenticationFailed): | with pytest.raises(AuthenticationFailed): | ||||
drf_auth_backend.authenticate(request) | drf_auth_backend.authenticate(request) | ||||
# Missing authorization type | # Missing authorization type | ||||
request = api_request_factory.get(url, HTTP_AUTHORIZATION=f"{access_token}") | request = api_request_factory.get(url, HTTP_AUTHORIZATION=f"{access_token}") | ||||
with pytest.raises(AuthenticationFailed): | with pytest.raises(AuthenticationFailed): | ||||
drf_auth_backend.authenticate(request) | drf_auth_backend.authenticate(request) |