Add test for remember/forbid when library was not setted up

aiohttp_security/api.py

@@ -1,4 +1,5 @@
 import asyncio
+from aiohttp import web
 from aiohttp_security.abc import (AbstractIdentityPolicy,
                                   AbstractAuthorizationPolicy)
 
@@ -8,13 +9,27 @@ AUTZ_KEY = 'aiohttp_security_autz_policy'
 
 @asyncio.coroutine
 def remember(request, response, identity, **kwargs):
-    identity_policy = request.app[IDENTITY_KEY]
+    identity_policy = request.app.get(IDENTITY_KEY)
+    if identity_policy is None:
+        text = ("Security subsystem is not initialized, "
+                "call aiohttp_security.setup(...) first")
+        # in order to see meaningful exception message both: on console
+        # output and rendered page we add same message to *reason* and
+        # *text* arguments.
+        raise web.HTTPInternalServerError(reason=text, text=text)
     yield from identity_policy.remember(request, response, identity, **kwargs)
 
 
 @asyncio.coroutine
 def forget(request, response):
-    identity_policy = request.app[IDENTITY_KEY]
+    identity_policy = request.app.get(IDENTITY_KEY)
+    if identity_policy is None:
+        text = ("Security subsystem is not initialized, "
+                "call aiohttp_security.setup(...) first")
+        # in order to see meaningful exception message both: on console
+        # output and rendered page we add same message to *reason* and
+        # *text* arguments.
+        raise web.HTTPInternalServerError(reason=text, text=text)
     yield from identity_policy.forget(request, response)
 
 

tests/test_no_identity.py

@@ -0,0 +1,82 @@
+import asyncio
+import socket
+import unittest
+
+import aiohttp
+from aiohttp import web
+from aiohttp_security import remember, forget
+
+
+class TestNoAuth(unittest.TestCase):
+
+    def setUp(self):
+        self.loop = asyncio.new_event_loop()
+        asyncio.set_event_loop(None)
+        self.client = aiohttp.ClientSession(loop=self.loop)
+
+    def tearDown(self):
+        self.client.close()
+        self.loop.run_until_complete(self.handler.finish_connections())
+        self.srv.close()
+        self.loop.run_until_complete(self.srv.wait_closed())
+        self.loop.close()
+
+    def find_unused_port(self):
+        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        s.bind(('127.0.0.1', 0))
+        port = s.getsockname()[1]
+        s.close()
+        return port
+
+    @asyncio.coroutine
+    def create_server(self):
+        app = web.Application(loop=self.loop)
+
+        port = self.find_unused_port()
+        self.handler = app.make_handler(
+            debug=False, keep_alive_on=False)
+        srv = yield from self.loop.create_server(
+            self.handler, '127.0.0.1', port)
+        url = "http://127.0.0.1:{}/".format(port)
+        self.srv = srv
+        return app, srv, url
+
+    def test_remember(self):
+
+        @asyncio.coroutine
+        def do_remember(request):
+            response = web.Response()
+            yield from remember(request, response, 'Andrew')
+
+        @asyncio.coroutine
+        def go():
+            app, srv, url = yield from self.create_server()
+            app.router.add_route('POST', '/', do_remember)
+            resp = yield from self.client.post(url)
+            self.assertEqual(500, resp.status)
+            self.assertEqual(('Security subsystem is not initialized, '
+                              'call aiohttp_security.setup(...) first'),
+                             resp.reason)
+            yield from resp.release()
+
+        self.loop.run_until_complete(go())
+
+    def test_forget(self):
+
+        @asyncio.coroutine
+        def do_forget(request):
+            response = web.Response()
+            yield from forget(request, response)
+
+        @asyncio.coroutine
+        def go():
+            app, srv, url = yield from self.create_server()
+            app.router.add_route('POST', '/', do_forget)
+            resp = yield from self.client.post(url)
+            self.assertEqual(500, resp.status)
+            self.assertEqual(('Security subsystem is not initialized, '
+                              'call aiohttp_security.setup(...) first'),
+                             resp.reason)
+            yield from resp.release()
+
+        self.loop.run_until_complete(go())