python/aiohttp-security
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Switch to async/await syntax

Browse Source
This commit is contained in:
Andrew Svetlov
2017-12-13 16:51:46 +02:00
parent b9dee120c3
commit 5b2ff779c3
16 changed files with 257 additions and 393 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
tests/test_cookies_identity.py
View File

@@ -1,5 +1,3 @@
import asyncio
from aiohttp import web
from aiohttp_security import (remember, forget,
AbstractAuthorizationPolicy)
@@ -10,47 +8,39 @@ from aiohttp_security.api import IDENTITY_KEY
class Autz(AbstractAuthorizationPolicy):
@asyncio.coroutine
def permits(self, identity, permission, context=None):
async def permits(self, identity, permission, context=None):
pass
@asyncio.coroutine
def authorized_userid(self, identity):
async def authorized_userid(self, identity):
pass
@asyncio.coroutine
def test_remember(loop, test_client):
async def test_remember(loop, test_client):
@asyncio.coroutine
def handler(request):
async def handler(request):
response = web.Response()
yield from remember(request, response, 'Andrew')
await remember(request, response, 'Andrew')
return response
app = web.Application(loop=loop)
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', handler)
client = yield from test_client(app)
resp = yield from client.get('/')
client = await test_client(app)
resp = await client.get('/')
assert 200 == resp.status
assert 'Andrew' == resp.cookies['AIOHTTP_SECURITY'].value
yield from resp.release()
@asyncio.coroutine
def test_identify(loop, test_client):
async def test_identify(loop, test_client):
@asyncio.coroutine
def create(request):
async def create(request):
response = web.Response()
yield from remember(request, response, 'Andrew')
await remember(request, response, 'Andrew')
return response
@asyncio.coroutine
def check(request):
async def check(request):
policy = request.app[IDENTITY_KEY]
user_id = yield from policy.identify(request)
user_id = await policy.identify(request)
assert 'Andrew' == user_id
return web.Response()
@@ -58,32 +48,27 @@ def test_identify(loop, test_client):
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
app.router.add_route('POST', '/', create)
client = yield from test_client(app)
resp = yield from client.post('/')
client = await test_client(app)
resp = await client.post('/')
assert 200 == resp.status
yield from resp.release()
resp = yield from client.get('/')
await resp.release()
resp = await client.get('/')
assert 200 == resp.status
yield from resp.release()
@asyncio.coroutine
def test_forget(loop, test_client):
async def test_forget(loop, test_client):
@asyncio.coroutine
def index(request):
async def index(request):
return web.Response()
@asyncio.coroutine
def login(request):
async def login(request):
response = web.HTTPFound(location='/')
yield from remember(request, response, 'Andrew')
await remember(request, response, 'Andrew')
return response
@asyncio.coroutine
def logout(request):
async def logout(request):
response = web.HTTPFound(location='/')
yield from forget(request, response)
await forget(request, response)
return response
app = web.Application(loop=loop)
@@ -91,18 +76,17 @@ def test_forget(loop, test_client):
app.router.add_route('GET', '/', index)
app.router.add_route('POST', '/login', login)
app.router.add_route('POST', '/logout', logout)
client = yield from test_client(app)
resp = yield from client.post('/login')
client = await test_client(app)
resp = await client.post('/login')
assert 200 == resp.status
assert str(resp.url).endswith('/')
cookies = client.session.cookie_jar.filter_cookies(
client.make_url('/'))
assert 'Andrew' == cookies['AIOHTTP_SECURITY'].value
yield from resp.release()
resp = yield from client.post('/logout')
resp = await client.post('/logout')
assert 200 == resp.status
assert str(resp.url).endswith('/')
cookies = client.session.cookie_jar.filter_cookies(
client.make_url('/'))
assert 'AIOHTTP_SECURITY' not in cookies
yield from resp.release()

189
tests/test_dict_autz.py
View File

@@ -1,4 +1,3 @@
import asyncio
import enum
from aiohttp import web
@@ -11,33 +10,28 @@ from aiohttp_security.cookies_identity import CookiesIdentityPolicy
class Autz(AbstractAuthorizationPolicy):
@asyncio.coroutine
def permits(self, identity, permission, context=None):
async def permits(self, identity, permission, context=None):
if identity == 'UserID':
return permission in {'read', 'write'}
else:
return False
@asyncio.coroutine
def authorized_userid(self, identity):
async def authorized_userid(self, identity):
if identity == 'UserID':
return 'Andrew'
else:
return None
@asyncio.coroutine
def test_authorized_userid(loop, test_client):
async def test_authorized_userid(loop, test_client):
@asyncio.coroutine
def login(request):
async def login(request):
response = web.HTTPFound(location='/')
yield from remember(request, response, 'UserID')
await remember(request, response, 'UserID')
return response
@asyncio.coroutine
def check(request):
userid = yield from authorized_userid(request)
async def check(request):
userid = await authorized_userid(request)
assert 'Andrew' == userid
return web.Response(text=userid)
@@ -45,36 +39,31 @@ def test_authorized_userid(loop, test_client):
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
app.router.add_route('POST', '/login', login)
client = yield from test_client(app)
client = await test_client(app)
resp = yield from client.post('/login')
resp = await client.post('/login')
assert 200 == resp.status
txt = yield from resp.text()
txt = await resp.text()
assert 'Andrew' == txt
yield from resp.release()
@asyncio.coroutine
def test_authorized_userid_not_authorized(loop, test_client):
async def test_authorized_userid_not_authorized(loop, test_client):
@asyncio.coroutine
def check(request):
userid = yield from authorized_userid(request)
async def check(request):
userid = await authorized_userid(request)
assert userid is None
return web.Response()
app = web.Application(loop=loop)
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
client = yield from test_client(app)
client = await test_client(app)
resp = yield from client.get('/')
resp = await client.get('/')
assert 200 == resp.status
yield from resp.release()
@asyncio.coroutine
def test_permits_enum_permission(loop, test_client):
async def test_permits_enum_permission(loop, test_client):
class Permission(enum.Enum):
READ = '101'
WRITE = '102'
@@ -82,33 +71,29 @@ def test_permits_enum_permission(loop, test_client):
class Autz(AbstractAuthorizationPolicy):
@asyncio.coroutine
def permits(self, identity, permission, context=None):
async def permits(self, identity, permission, context=None):
if identity == 'UserID':
return permission in {Permission.READ, Permission.WRITE}
else:
return False
@asyncio.coroutine
def authorized_userid(self, identity):
async def authorized_userid(self, identity):
if identity == 'UserID':
return 'Andrew'
else:
return None
@asyncio.coroutine
def login(request):
async def login(request):
response = web.HTTPFound(location='/')
yield from remember(request, response, 'UserID')
await remember(request, response, 'UserID')
return response
@asyncio.coroutine
def check(request):
ret = yield from permits(request, Permission.READ)
async def check(request):
ret = await permits(request, Permission.READ)
assert ret
ret = yield from permits(request, Permission.WRITE)
ret = await permits(request, Permission.WRITE)
assert ret
ret = yield from permits(request, Permission.UNKNOWN)
ret = await permits(request, Permission.UNKNOWN)
assert not ret
return web.Response()
@@ -116,54 +101,46 @@ def test_permits_enum_permission(loop, test_client):
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
app.router.add_route('POST', '/login', login)
client = yield from test_client(app)
resp = yield from client.post('/login')
client = await test_client(app)
resp = await client.post('/login')
assert 200 == resp.status
yield from resp.release()
@asyncio.coroutine
def test_permits_unauthorized(loop, test_client):
async def test_permits_unauthorized(loop, test_client):
@asyncio.coroutine
def check(request):
ret = yield from permits(request, 'read')
async def check(request):
ret = await permits(request, 'read')
assert not ret
ret = yield from permits(request, 'write')
ret = await permits(request, 'write')
assert not ret
ret = yield from permits(request, 'unknown')
ret = await permits(request, 'unknown')
assert not ret
return web.Response()
app = web.Application(loop=loop)
_setup(app, CookiesIdentityPolicy(), Autz())
app.router.add_route('GET', '/', check)
client = yield from test_client(app)
resp = yield from client.get('/')
client = await test_client(app)
resp = await client.get('/')
assert 200 == resp.status
yield from resp.release()
@asyncio.coroutine
def test_is_anonymous(loop, test_client):
async def test_is_anonymous(loop, test_client):
@asyncio.coroutine
def index(request):
is_anon = yield from is_anonymous(request)
async def index(request):
is_anon = await is_anonymous(request)
if is_anon:
return web.HTTPUnauthorized()
return web.HTTPOk()
@asyncio.coroutine
def login(request):
async def login(request):
response = web.HTTPFound(location='/')
yield from remember(request, response, 'UserID')
await remember(request, response, 'UserID')
return response
@asyncio.coroutine
def logout(request):
async def logout(request):
response = web.HTTPFound(location='/')
yield from forget(request, response)
await forget(request, response)
return response
app = web.Application(loop=loop)
@@ -171,36 +148,32 @@ def test_is_anonymous(loop, test_client):
app.router.add_route('GET', '/', index)
app.router.add_route('POST', '/login', login)
app.router.add_route('POST', '/logout', logout)
client = yield from test_client(app)
resp = yield from client.get('/')
client = await test_client(app)
resp = await client.get('/')
assert web.HTTPUnauthorized.status_code == resp.status
yield from client.post('/login')
resp = yield from client.get('/')
await client.post('/login')
resp = await client.get('/')
assert web.HTTPOk.status_code == resp.status
yield from client.post('/logout')
resp = yield from client.get('/')
await client.post('/logout')
resp = await client.get('/')
assert web.HTTPUnauthorized.status_code == resp.status
@asyncio.coroutine
def test_login_required(loop, test_client):
async def test_login_required(loop, test_client):
@login_required
@asyncio.coroutine
def index(request):
async def index(request):
return web.HTTPOk()
@asyncio.coroutine
def login(request):
async def login(request):
response = web.HTTPFound(location='/')
yield from remember(request, response, 'UserID')
await remember(request, response, 'UserID')
return response
@asyncio.coroutine
def logout(request):
async def logout(request):
response = web.HTTPFound(location='/')
yield from forget(request, response)
await forget(request, response)
return response
app = web.Application(loop=loop)
@@ -208,47 +181,41 @@ def test_login_required(loop, test_client):
app.router.add_route('GET', '/', index)
app.router.add_route('POST', '/login', login)
app.router.add_route('POST', '/logout', logout)
client = yield from test_client(app)
resp = yield from client.get('/')
client = await test_client(app)
resp = await client.get('/')
assert web.HTTPUnauthorized.status_code == resp.status
yield from client.post('/login')
resp = yield from client.get('/')
await client.post('/login')
resp = await client.get('/')
assert web.HTTPOk.status_code == resp.status
yield from client.post('/logout')
resp = yield from client.get('/')
await client.post('/logout')
resp = await client.get('/')
assert web.HTTPUnauthorized.status_code == resp.status
@asyncio.coroutine
def test_has_permission(loop, test_client):
async def test_has_permission(loop, test_client):
@has_permission('read')
@asyncio.coroutine
def index_read(request):
async def index_read(request):
return web.HTTPOk()
@has_permission('write')
@asyncio.coroutine
def index_write(request):
async def index_write(request):
return web.HTTPOk()
@has_permission('forbid')
@asyncio.coroutine
def index_forbid(request):
async def index_forbid(request):
return web.HTTPOk()
@asyncio.coroutine
def login(request):
async def login(request):
response = web.HTTPFound(location='/')
yield from remember(request, response, 'UserID')
await remember(request, response, 'UserID')
return response
@asyncio.coroutine
def logout(request):
async def logout(request):
response = web.HTTPFound(location='/')
yield from forget(request, response)
await forget(request, response)
return response
app = web.Application(loop=loop)
@@ -258,27 +225,27 @@ def test_has_permission(loop, test_client):
app.router.add_route('GET', '/permission/forbid', index_forbid)
app.router.add_route('POST', '/login', login)
app.router.add_route('POST', '/logout', logout)
client = yield from test_client(app)
client = await test_client(app)
resp = yield from client.get('/permission/read')
resp = await client.get('/permission/read')
assert web.HTTPUnauthorized.status_code == resp.status
resp = yield from client.get('/permission/write')
resp = await client.get('/permission/write')
assert web.HTTPUnauthorized.status_code == resp.status
resp = yield from client.get('/permission/forbid')
resp = await client.get('/permission/forbid')
assert web.HTTPUnauthorized.status_code == resp.status
yield from client.post('/login')
resp = yield from client.get('/permission/read')
await client.post('/login')
resp = await client.get('/permission/read')
assert web.HTTPOk.status_code == resp.status
resp = yield from client.get('/permission/write')
resp = await client.get('/permission/write')
assert web.HTTPOk.status_code == resp.status
resp = yield from client.get('/permission/forbid')
resp = await client.get('/permission/forbid')
assert web.HTTPForbidden.status_code == resp.status
yield from client.post('/logout')
resp = yield from client.get('/permission/read')
await client.post('/logout')
resp = await client.get('/permission/read')
assert web.HTTPUnauthorized.status_code == resp.status
resp = yield from client.get('/permission/write')
resp = await client.get('/permission/write')
assert web.HTTPUnauthorized.status_code == resp.status
resp = yield from client.get('/permission/forbid')
resp = await client.get('/permission/forbid')
assert web.HTTPUnauthorized.status_code == resp.status

32
tests/test_no_auth.py
View File

@@ -1,42 +1,34 @@
import asyncio
from aiohttp import web
from aiohttp_security import authorized_userid, permits
@asyncio.coroutine
def test_authorized_userid(loop, test_client):
async def test_authorized_userid(loop, test_client):
@asyncio.coroutine
def check(request):
userid = yield from authorized_userid(request)
async def check(request):
userid = await authorized_userid(request)
assert userid is None
return web.Response()
app = web.Application(loop=loop)
app.router.add_route('GET', '/', check)
client = yield from test_client(app)
resp = yield from client.get('/')
client = await test_client(app)
resp = await client.get('/')
assert 200 == resp.status
yield from resp.release()
@asyncio.coroutine
def test_permits(loop, test_client):
async def test_permits(loop, test_client):
@asyncio.coroutine
def check(request):
ret = yield from permits(request, 'read')
async def check(request):
ret = await permits(request, 'read')
assert ret
ret = yield from permits(request, 'write')
ret = await permits(request, 'write')
assert ret
ret = yield from permits(request, 'unknown')
ret = await permits(request, 'unknown')
assert ret
return web.Response()
app = web.Application(loop=loop)
app.router.add_route('GET', '/', check)
client = yield from test_client(app)
resp = yield from client.get('/')
client = await test_client(app)
resp = await client.get('/')
assert 200 == resp.status
yield from resp.release()

28
tests/test_no_identity.py
View File

@@ -1,42 +1,34 @@
import asyncio
from aiohttp import web
from aiohttp_security import remember, forget
@asyncio.coroutine
def test_remember(loop, test_client):
async def test_remember(loop, test_client):
@asyncio.coroutine
def do_remember(request):
async def do_remember(request):
response = web.Response()
yield from remember(request, response, 'Andrew')
await remember(request, response, 'Andrew')
app = web.Application(loop=loop)
app.router.add_route('POST', '/', do_remember)
client = yield from test_client(app)
resp = yield from client.post('/')
client = await test_client(app)
resp = await client.post('/')
assert 500 == resp.status
assert (('Security subsystem is not initialized, '
'call aiohttp_security.setup(...) first') ==
resp.reason)
yield from resp.release()
@asyncio.coroutine
def test_forget(loop, test_client):
async def test_forget(loop, test_client):
@asyncio.coroutine
def do_forget(request):
async def do_forget(request):
response = web.Response()
yield from forget(request, response)
await forget(request, response)
app = web.Application(loop=loop)
app.router.add_route('POST', '/', do_forget)
client = yield from test_client(app)
resp = yield from client.post('/')
client = await test_client(app)
resp = await client.post('/')
assert 500 == resp.status
assert (('Security subsystem is not initialized, '
'call aiohttp_security.setup(...) first') ==
resp.reason)
yield from resp.release()

79
tests/test_session_identity.py
View File

@@ -1,4 +1,3 @@
import asyncio
import pytest
from aiohttp import web
@@ -13,12 +12,10 @@ from aiohttp_session import setup as setup_session
class Autz(AbstractAuthorizationPolicy):
@asyncio.coroutine
def permits(self, identity, permission, context=None):
async def permits(self, identity, permission, context=None):
pass
@asyncio.coroutine
def authorized_userid(self, identity):
async def authorized_userid(self, identity):
pass
@@ -30,81 +27,67 @@ def make_app(loop):
return app
@asyncio.coroutine
def test_remember(make_app, test_client):
async def test_remember(make_app, test_client):
@asyncio.coroutine
def handler(request):
async def handler(request):
response = web.Response()
yield from remember(request, response, 'Andrew')
await remember(request, response, 'Andrew')
return response
@asyncio.coroutine
def check(request):
session = yield from get_session(request)
async def check(request):
session = await get_session(request)
assert session['AIOHTTP_SECURITY'] == 'Andrew'
return web.HTTPOk()
app = make_app()
app.router.add_route('GET', '/', handler)
app.router.add_route('GET', '/check', check)
client = yield from test_client(app)
resp = yield from client.get('/')
client = await test_client(app)
resp = await client.get('/')
assert 200 == resp.status
yield from resp.release()
resp = yield from client.get('/check')
resp = await client.get('/check')
assert 200 == resp.status
yield from resp.release()
@asyncio.coroutine
def test_identify(make_app, test_client):
async def test_identify(make_app, test_client):
@asyncio.coroutine
def create(request):
async def create(request):
response = web.Response()
yield from remember(request, response, 'Andrew')
await remember(request, response, 'Andrew')
return response
@asyncio.coroutine
def check(request):
async def check(request):
policy = request.app[IDENTITY_KEY]
user_id = yield from policy.identify(request)
user_id = await policy.identify(request)
assert 'Andrew' == user_id
return web.Response()
app = make_app()
app.router.add_route('GET', '/', check)
app.router.add_route('POST', '/', create)
client = yield from test_client(app)
resp = yield from client.post('/')
client = await test_client(app)
resp = await client.post('/')
assert 200 == resp.status
yield from resp.release()
resp = yield from client.get('/')
resp = await client.get('/')
assert 200 == resp.status
yield from resp.release()
@asyncio.coroutine
def test_forget(make_app, test_client):
async def test_forget(make_app, test_client):
@asyncio.coroutine
def index(request):
session = yield from get_session(request)
async def index(request):
session = await get_session(request)
return web.HTTPOk(text=session.get('AIOHTTP_SECURITY', ''))
@asyncio.coroutine
def login(request):
async def login(request):
response = web.HTTPFound(location='/')
yield from remember(request, response, 'Andrew')
await remember(request, response, 'Andrew')
return response
@asyncio.coroutine
def logout(request):
async def logout(request):
response = web.HTTPFound('/')
yield from forget(request, response)
await forget(request, response)
return response
app = make_app()
@@ -112,18 +95,16 @@ def test_forget(make_app, test_client):
app.router.add_route('POST', '/login', login)
app.router.add_route('POST', '/logout', logout)
client = yield from test_client(app)
client = await test_client(app)
resp = yield from client.post('/login')
resp = await client.post('/login')
assert 200 == resp.status
assert str(resp.url).endswith('/')
txt = yield from resp.text()
txt = await resp.text()
assert 'Andrew' == txt
yield from resp.release()
resp = yield from client.post('/logout')
resp = await client.post('/logout')
assert 200 == resp.status
assert str(resp.url).endswith('/')
txt = yield from resp.text()
txt = await resp.text()
assert '' == txt
yield from resp.release()