2015-07-08 17:30:24 +00:00
|
|
|
import asyncio
|
2015-11-19 12:07:06 +00:00
|
|
|
import pytest
|
2015-07-08 17:30:24 +00:00
|
|
|
|
|
|
|
from aiohttp import web
|
2016-05-13 01:40:57 +00:00
|
|
|
from aiohttp_security import (remember, permits, get_user_identity,
|
2015-07-08 17:30:24 +00:00
|
|
|
AbstractAuthorizationPolicy)
|
2015-11-19 12:07:06 +00:00
|
|
|
from aiohttp_security import setup as _setup
|
2015-07-08 17:30:24 +00:00
|
|
|
from aiohttp_security.cookies_identity import CookiesIdentityPolicy
|
|
|
|
|
|
|
|
|
|
|
|
class Autz(AbstractAuthorizationPolicy):
|
|
|
|
|
|
|
|
@asyncio.coroutine
|
|
|
|
def permits(self, identity, permission, context=None):
|
|
|
|
if identity == 'UserID':
|
|
|
|
return permission in {'read', 'write'}
|
|
|
|
else:
|
|
|
|
return False
|
|
|
|
|
2016-05-13 01:40:57 +00:00
|
|
|
'''
|
2015-07-08 17:30:24 +00:00
|
|
|
@asyncio.coroutine
|
|
|
|
def authorized_userid(self, identity):
|
|
|
|
if identity == 'UserID':
|
|
|
|
return 'Andrew'
|
|
|
|
else:
|
|
|
|
return None
|
2016-05-13 01:40:57 +00:00
|
|
|
'''
|
2015-07-08 17:30:24 +00:00
|
|
|
|
|
|
|
|
2015-11-19 12:07:06 +00:00
|
|
|
@pytest.mark.run_loop
|
|
|
|
def test_authorized_userid(create_app_and_client):
|
2015-07-08 17:30:24 +00:00
|
|
|
|
2015-11-19 12:07:06 +00:00
|
|
|
@asyncio.coroutine
|
|
|
|
def login(request):
|
|
|
|
response = web.HTTPFound(location='/')
|
2016-05-13 01:40:57 +00:00
|
|
|
yield from remember(request, response, 'Andrew')
|
2015-11-19 12:07:06 +00:00
|
|
|
return response
|
|
|
|
|
|
|
|
@asyncio.coroutine
|
|
|
|
def check(request):
|
2016-05-13 01:40:57 +00:00
|
|
|
userid = yield from get_user_identity(request)
|
2015-11-19 12:07:06 +00:00
|
|
|
assert 'Andrew' == userid
|
|
|
|
return web.Response(text=userid)
|
|
|
|
|
|
|
|
app, client = yield from create_app_and_client()
|
|
|
|
_setup(app, CookiesIdentityPolicy(), Autz())
|
|
|
|
app.router.add_route('GET', '/', check)
|
|
|
|
app.router.add_route('POST', '/login', login)
|
|
|
|
|
|
|
|
resp = yield from client.post('/login')
|
|
|
|
assert 200 == resp.status
|
|
|
|
txt = yield from resp.text()
|
|
|
|
assert 'Andrew' == txt
|
|
|
|
yield from resp.release()
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.run_loop
|
|
|
|
def test_authorized_userid_not_authorized(create_app_and_client):
|
2015-07-08 17:30:24 +00:00
|
|
|
|
2015-11-19 12:07:06 +00:00
|
|
|
@asyncio.coroutine
|
|
|
|
def check(request):
|
2016-05-13 01:40:57 +00:00
|
|
|
userid = yield from get_user_identity(request)
|
2015-11-19 12:07:06 +00:00
|
|
|
assert userid is None
|
|
|
|
return web.Response()
|
|
|
|
|
|
|
|
app, client = yield from create_app_and_client()
|
|
|
|
_setup(app, CookiesIdentityPolicy(), Autz())
|
|
|
|
app.router.add_route('GET', '/', check)
|
|
|
|
resp = yield from client.get('/')
|
|
|
|
assert 200 == resp.status
|
|
|
|
yield from resp.release()
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.run_loop
|
|
|
|
def test_permits(create_app_and_client):
|
2015-07-08 17:30:24 +00:00
|
|
|
|
2015-11-19 12:07:06 +00:00
|
|
|
@asyncio.coroutine
|
|
|
|
def login(request):
|
|
|
|
response = web.HTTPFound(location='/')
|
|
|
|
yield from remember(request, response, 'UserID')
|
|
|
|
return response
|
|
|
|
|
|
|
|
@asyncio.coroutine
|
|
|
|
def check(request):
|
|
|
|
ret = yield from permits(request, 'read')
|
|
|
|
assert ret
|
|
|
|
ret = yield from permits(request, 'write')
|
|
|
|
assert ret
|
|
|
|
ret = yield from permits(request, 'unknown')
|
|
|
|
assert not ret
|
|
|
|
return web.Response()
|
|
|
|
|
|
|
|
app, client = yield from create_app_and_client()
|
|
|
|
_setup(app, CookiesIdentityPolicy(), Autz())
|
|
|
|
app.router.add_route('GET', '/', check)
|
|
|
|
app.router.add_route('POST', '/login', login)
|
|
|
|
resp = yield from client.post('/login')
|
|
|
|
assert 200 == resp.status
|
|
|
|
yield from resp.release()
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.run_loop
|
|
|
|
def test_permits_unauthorized(create_app_and_client):
|
2015-07-08 17:30:24 +00:00
|
|
|
|
|
|
|
@asyncio.coroutine
|
2015-11-19 12:07:06 +00:00
|
|
|
def check(request):
|
|
|
|
ret = yield from permits(request, 'read')
|
|
|
|
assert not ret
|
|
|
|
ret = yield from permits(request, 'write')
|
|
|
|
assert not ret
|
|
|
|
ret = yield from permits(request, 'unknown')
|
|
|
|
assert not ret
|
|
|
|
return web.Response()
|
|
|
|
|
|
|
|
app, client = yield from create_app_and_client()
|
|
|
|
_setup(app, CookiesIdentityPolicy(), Autz())
|
|
|
|
app.router.add_route('GET', '/', check)
|
|
|
|
resp = yield from client.get('/')
|
|
|
|
assert 200 == resp.status
|
|
|
|
yield from resp.release()
|