diff options
Diffstat (limited to 'muck/authz_tests.py')
-rw-r--r-- | muck/authz_tests.py | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/muck/authz_tests.py b/muck/authz_tests.py index 7e16cbe..0128c6b 100644 --- a/muck/authz_tests.py +++ b/muck/authz_tests.py @@ -20,16 +20,31 @@ import muck class AuthorizationCheckerTests(unittest.TestCase): - def test_denies_if_token_parsing_fails(self): + def setUp(self): + self.ac = muck.AuthorizationChecker(muck.test_key_text) + + def create_token(self, scopes): claims = { - 'foo': 'bar', + 'scope': ' '.join(scopes), } - token = muck.create_token(claims, muck.test_key_text) + return muck.create_token(claims, muck.test_key_text) + def create_request(self, scopes): + token = self.create_token(scopes) r = muck.Request(method='GET') r.add_headers({ - 'Authorization': 'Bearer {}'.format(token) + 'Authorization': 'Bearer {}'.format(token), }) + return r + + def test_denies_if_token_parsing_fails(self): + r = muck.Request(method='GET') + self.assertFalse(self.ac.request_is_allowed(r, [])) + + def test_denies_if_token_lacks_required_scope(self): + r = self.create_request([]) + self.assertFalse(self.ac.request_is_allowed(r, ['foo'])) - ac = muck.AuthorizationChecker() - self.assertFalse(ac.request_is_allowed(r)) + def test_allows_for_acceptable_request(self): + r = self.create_request(['foo']) + self.assertTrue(self.ac.request_is_allowed(r, ['foo'])) |