349 lines
11 KiB
Python
349 lines
11 KiB
Python
import enum
|
|
import pytest
|
|
|
|
from aiohttp import web
|
|
from aiohttp_security import setup as _setup
|
|
from aiohttp_security import (AbstractAuthorizationPolicy, authorized_userid,
|
|
forget, has_permission, is_anonymous,
|
|
login_required, permits, remember,
|
|
check_authorized, check_permission)
|
|
from aiohttp_security.cookies_identity import CookiesIdentityPolicy
|
|
|
|
|
|
class Autz(AbstractAuthorizationPolicy):
|
|
|
|
async def permits(self, identity, permission, context=None):
|
|
if identity == 'UserID':
|
|
return permission in {'read', 'write'}
|
|
else:
|
|
return False
|
|
|
|
async def authorized_userid(self, identity):
|
|
if identity == 'UserID':
|
|
return 'Andrew'
|
|
else:
|
|
return None
|
|
|
|
|
|
async def test_authorized_userid(loop, aiohttp_client):
|
|
|
|
async def login(request):
|
|
response = web.HTTPFound(location='/')
|
|
await remember(request, response, 'UserID')
|
|
raise response
|
|
|
|
async def check(request):
|
|
userid = await authorized_userid(request)
|
|
assert 'Andrew' == userid
|
|
return web.Response(text=userid)
|
|
|
|
app = web.Application()
|
|
_setup(app, CookiesIdentityPolicy(), Autz())
|
|
app.router.add_route('GET', '/', check)
|
|
app.router.add_route('POST', '/login', login)
|
|
client = await aiohttp_client(app)
|
|
|
|
resp = await client.post('/login')
|
|
assert 200 == resp.status
|
|
txt = await resp.text()
|
|
assert 'Andrew' == txt
|
|
|
|
|
|
async def test_authorized_userid_not_authorized(loop, aiohttp_client):
|
|
|
|
async def check(request):
|
|
userid = await authorized_userid(request)
|
|
assert userid is None
|
|
return web.Response()
|
|
|
|
app = web.Application()
|
|
_setup(app, CookiesIdentityPolicy(), Autz())
|
|
app.router.add_route('GET', '/', check)
|
|
client = await aiohttp_client(app)
|
|
|
|
resp = await client.get('/')
|
|
assert 200 == resp.status
|
|
|
|
|
|
async def test_permits_enum_permission(loop, aiohttp_client):
|
|
class Permission(enum.Enum):
|
|
READ = '101'
|
|
WRITE = '102'
|
|
UNKNOWN = '103'
|
|
|
|
class Autz(AbstractAuthorizationPolicy):
|
|
|
|
async def permits(self, identity, permission, context=None):
|
|
if identity == 'UserID':
|
|
return permission in {Permission.READ, Permission.WRITE}
|
|
else:
|
|
return False
|
|
|
|
async def authorized_userid(self, identity):
|
|
if identity == 'UserID':
|
|
return 'Andrew'
|
|
else:
|
|
return None
|
|
|
|
async def login(request):
|
|
response = web.HTTPFound(location='/')
|
|
await remember(request, response, 'UserID')
|
|
raise response
|
|
|
|
async def check(request):
|
|
ret = await permits(request, Permission.READ)
|
|
assert ret
|
|
ret = await permits(request, Permission.WRITE)
|
|
assert ret
|
|
ret = await permits(request, Permission.UNKNOWN)
|
|
assert not ret
|
|
return web.Response()
|
|
|
|
app = web.Application()
|
|
_setup(app, CookiesIdentityPolicy(), Autz())
|
|
app.router.add_route('GET', '/', check)
|
|
app.router.add_route('POST', '/login', login)
|
|
client = await aiohttp_client(app)
|
|
resp = await client.post('/login')
|
|
assert 200 == resp.status
|
|
|
|
|
|
async def test_permits_unauthorized(loop, aiohttp_client):
|
|
|
|
async def check(request):
|
|
ret = await permits(request, 'read')
|
|
assert not ret
|
|
ret = await permits(request, 'write')
|
|
assert not ret
|
|
ret = await permits(request, 'unknown')
|
|
assert not ret
|
|
return web.Response()
|
|
|
|
app = web.Application()
|
|
_setup(app, CookiesIdentityPolicy(), Autz())
|
|
app.router.add_route('GET', '/', check)
|
|
client = await aiohttp_client(app)
|
|
resp = await client.get('/')
|
|
assert 200 == resp.status
|
|
|
|
|
|
async def test_is_anonymous(loop, aiohttp_client):
|
|
|
|
async def index(request):
|
|
is_anon = await is_anonymous(request)
|
|
if is_anon:
|
|
raise web.HTTPUnauthorized()
|
|
return web.Response()
|
|
|
|
async def login(request):
|
|
response = web.HTTPFound(location='/')
|
|
await remember(request, response, 'UserID')
|
|
raise response
|
|
|
|
async def logout(request):
|
|
response = web.HTTPFound(location='/')
|
|
await forget(request, response)
|
|
raise response
|
|
|
|
app = web.Application()
|
|
_setup(app, CookiesIdentityPolicy(), Autz())
|
|
app.router.add_route('GET', '/', index)
|
|
app.router.add_route('POST', '/login', login)
|
|
app.router.add_route('POST', '/logout', logout)
|
|
client = await aiohttp_client(app)
|
|
resp = await client.get('/')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
|
|
await client.post('/login')
|
|
resp = await client.get('/')
|
|
assert web.HTTPOk.status_code == resp.status
|
|
|
|
await client.post('/logout')
|
|
resp = await client.get('/')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
|
|
|
|
async def test_login_required(loop, aiohttp_client):
|
|
with pytest.raises(DeprecationWarning):
|
|
|
|
@login_required
|
|
async def index(request):
|
|
return web.Response()
|
|
|
|
async def login(request):
|
|
response = web.HTTPFound(location='/')
|
|
await remember(request, response, 'UserID')
|
|
raise response
|
|
|
|
async def logout(request):
|
|
response = web.HTTPFound(location='/')
|
|
await forget(request, response)
|
|
raise response
|
|
|
|
app = web.Application()
|
|
_setup(app, CookiesIdentityPolicy(), Autz())
|
|
app.router.add_route('GET', '/', index)
|
|
app.router.add_route('POST', '/login', login)
|
|
app.router.add_route('POST', '/logout', logout)
|
|
|
|
client = await aiohttp_client(app)
|
|
resp = await client.get('/')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
|
|
await client.post('/login')
|
|
resp = await client.get('/')
|
|
assert web.HTTPOk.status_code == resp.status
|
|
|
|
await client.post('/logout')
|
|
resp = await client.get('/')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
|
|
|
|
async def test_check_authorized(loop, aiohttp_client):
|
|
async def index(request):
|
|
await check_authorized(request)
|
|
return web.Response()
|
|
|
|
async def login(request):
|
|
response = web.HTTPFound(location='/')
|
|
await remember(request, response, 'UserID')
|
|
raise response
|
|
|
|
async def logout(request):
|
|
response = web.HTTPFound(location='/')
|
|
await forget(request, response)
|
|
raise response
|
|
|
|
app = web.Application()
|
|
_setup(app, CookiesIdentityPolicy(), Autz())
|
|
app.router.add_route('GET', '/', index)
|
|
app.router.add_route('POST', '/login', login)
|
|
app.router.add_route('POST', '/logout', logout)
|
|
client = await aiohttp_client(app)
|
|
resp = await client.get('/')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
|
|
await client.post('/login')
|
|
resp = await client.get('/')
|
|
assert web.HTTPOk.status_code == resp.status
|
|
|
|
await client.post('/logout')
|
|
resp = await client.get('/')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
|
|
|
|
async def test_has_permission(loop, aiohttp_client):
|
|
|
|
with pytest.warns(DeprecationWarning):
|
|
|
|
@has_permission('read')
|
|
async def index_read(request):
|
|
return web.Response()
|
|
|
|
@has_permission('write')
|
|
async def index_write(request):
|
|
return web.Response()
|
|
|
|
@has_permission('forbid')
|
|
async def index_forbid(request):
|
|
return web.Response()
|
|
|
|
async def login(request):
|
|
response = web.HTTPFound(location='/')
|
|
await remember(request, response, 'UserID')
|
|
return response
|
|
|
|
async def logout(request):
|
|
response = web.HTTPFound(location='/')
|
|
await forget(request, response)
|
|
raise response
|
|
|
|
app = web.Application()
|
|
_setup(app, CookiesIdentityPolicy(), Autz())
|
|
app.router.add_route('GET', '/permission/read', index_read)
|
|
app.router.add_route('GET', '/permission/write', index_write)
|
|
app.router.add_route('GET', '/permission/forbid', index_forbid)
|
|
app.router.add_route('POST', '/login', login)
|
|
app.router.add_route('POST', '/logout', logout)
|
|
client = await aiohttp_client(app)
|
|
|
|
resp = await client.get('/permission/read')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
resp = await client.get('/permission/write')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
resp = await client.get('/permission/forbid')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
|
|
await client.post('/login')
|
|
resp = await client.get('/permission/read')
|
|
assert web.HTTPOk.status_code == resp.status
|
|
resp = await client.get('/permission/write')
|
|
assert web.HTTPOk.status_code == resp.status
|
|
resp = await client.get('/permission/forbid')
|
|
assert web.HTTPForbidden.status_code == resp.status
|
|
|
|
await client.post('/logout')
|
|
resp = await client.get('/permission/read')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
resp = await client.get('/permission/write')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
resp = await client.get('/permission/forbid')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
|
|
|
|
async def test_check_permission(loop, aiohttp_client):
|
|
|
|
async def index_read(request):
|
|
await check_permission(request, 'read')
|
|
return web.Response()
|
|
|
|
async def index_write(request):
|
|
await check_permission(request, 'write')
|
|
return web.Response()
|
|
|
|
async def index_forbid(request):
|
|
await check_permission(request, 'forbid')
|
|
return web.Response()
|
|
|
|
async def login(request):
|
|
response = web.HTTPFound(location='/')
|
|
await remember(request, response, 'UserID')
|
|
raise response
|
|
|
|
async def logout(request):
|
|
response = web.HTTPFound(location='/')
|
|
await forget(request, response)
|
|
raise response
|
|
|
|
app = web.Application()
|
|
_setup(app, CookiesIdentityPolicy(), Autz())
|
|
app.router.add_route('GET', '/permission/read', index_read)
|
|
app.router.add_route('GET', '/permission/write', index_write)
|
|
app.router.add_route('GET', '/permission/forbid', index_forbid)
|
|
app.router.add_route('POST', '/login', login)
|
|
app.router.add_route('POST', '/logout', logout)
|
|
client = await aiohttp_client(app)
|
|
|
|
resp = await client.get('/permission/read')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
resp = await client.get('/permission/write')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
resp = await client.get('/permission/forbid')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
|
|
await client.post('/login')
|
|
resp = await client.get('/permission/read')
|
|
assert web.HTTPOk.status_code == resp.status
|
|
resp = await client.get('/permission/write')
|
|
assert web.HTTPOk.status_code == resp.status
|
|
resp = await client.get('/permission/forbid')
|
|
assert web.HTTPForbidden.status_code == resp.status
|
|
|
|
await client.post('/logout')
|
|
resp = await client.get('/permission/read')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
resp = await client.get('/permission/write')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|
|
resp = await client.get('/permission/forbid')
|
|
assert web.HTTPUnauthorized.status_code == resp.status
|