# Copyright (C) 2018 Lars Wirzenius # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . import unittest import muck class AuthorizationCheckerTests(unittest.TestCase): def setUp(self): self.ac = muck.AuthorizationChecker(muck.test_key_text) def create_token(self, scopes): claims = { 'scope': ' '.join(scopes), } return muck.create_token(claims, muck.test_key_text) def create_request(self, scopes): token = self.create_token(scopes) r = muck.Request(method='GET') r.add_headers({ 'Authorization': 'Bearer {}'.format(token), }) return r def test_denies_if_token_parsing_fails(self): r = muck.Request(method='GET') self.assertFalse(self.ac.request_is_allowed(r, 'GET', [])) def test_denies_if_token_lacks_required_scope(self): r = self.create_request([]) self.assertFalse(self.ac.request_is_allowed(r, 'GET', ['foo'])) def test_denies_if_method_is_wrong(self): r = self.create_request(['foo']) self.assertFalse(self.ac.request_is_allowed(r, 'DELETE', ['foo'])) def test_allows_for_acceptable_request(self): r = self.create_request(['foo']) self.assertTrue(self.ac.request_is_allowed(r, 'GET', ['foo'])) def test_returns_claims_from_token(self): r = self.create_request(['foo']) expected = { 'scope': 'foo', } self.assertTrue(self.ac.get_claims_from_token(r), expected)