blob: 0128c6b28adcc3f0b8ed4b0e6a1f939cc9014aef (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
# Copyright (C) 2018 Lars Wirzenius
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import unittest
import muck
class AuthorizationCheckerTests(unittest.TestCase):
def setUp(self):
self.ac = muck.AuthorizationChecker(muck.test_key_text)
def create_token(self, scopes):
claims = {
'scope': ' '.join(scopes),
}
return muck.create_token(claims, muck.test_key_text)
def create_request(self, scopes):
token = self.create_token(scopes)
r = muck.Request(method='GET')
r.add_headers({
'Authorization': 'Bearer {}'.format(token),
})
return r
def test_denies_if_token_parsing_fails(self):
r = muck.Request(method='GET')
self.assertFalse(self.ac.request_is_allowed(r, []))
def test_denies_if_token_lacks_required_scope(self):
r = self.create_request([])
self.assertFalse(self.ac.request_is_allowed(r, ['foo']))
def test_allows_for_acceptable_request(self):
r = self.create_request(['foo'])
self.assertTrue(self.ac.request_is_allowed(r, ['foo']))
|
