mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
fix(test_auth): cover mismatched referer situation
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris
parent
043ac7fe92
commit
112837e0e9
2 changed files with 31 additions and 3 deletions
|
|
@ -1,3 +1,5 @@
|
||||||
|
from typing import Dict
|
||||||
|
|
||||||
import aurweb.config
|
import aurweb.config
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -27,7 +29,13 @@ class URL:
|
||||||
class Request:
|
class Request:
|
||||||
""" A fake Request object which mimics a FastAPI Request for tests. """
|
""" A fake Request object which mimics a FastAPI Request for tests. """
|
||||||
client = Client()
|
client = Client()
|
||||||
cookies = dict()
|
|
||||||
headers = dict()
|
|
||||||
user = User()
|
user = User()
|
||||||
url = URL()
|
url = URL()
|
||||||
|
|
||||||
|
def __init__(self,
|
||||||
|
method: str = "GET",
|
||||||
|
headers: Dict[str, str] = dict(),
|
||||||
|
cookies: Dict[str, str] = dict()) -> "Request":
|
||||||
|
self.method = method.upper()
|
||||||
|
self.headers = headers
|
||||||
|
self.cookies = cookies
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,13 @@
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
|
||||||
|
import fastapi
|
||||||
import pytest
|
import pytest
|
||||||
|
|
||||||
|
from fastapi import HTTPException
|
||||||
from sqlalchemy.exc import IntegrityError
|
from sqlalchemy.exc import IntegrityError
|
||||||
|
|
||||||
from aurweb import db
|
from aurweb import db
|
||||||
from aurweb.auth import AnonymousUser, BasicAuthBackend, account_type_required
|
from aurweb.auth import AnonymousUser, BasicAuthBackend, account_type_required, auth_required
|
||||||
from aurweb.models.account_type import USER, USER_ID
|
from aurweb.models.account_type import USER, USER_ID
|
||||||
from aurweb.models.session import Session
|
from aurweb.models.session import Session
|
||||||
from aurweb.models.user import User
|
from aurweb.models.user import User
|
||||||
|
|
@ -74,6 +76,24 @@ async def test_basic_auth_backend(user: User, backend: BasicAuthBackend):
|
||||||
assert result == user
|
assert result == user
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.asyncio
|
||||||
|
async def test_auth_required_redirection_bad_referrer():
|
||||||
|
# Create a fake route function which can be wrapped by auth_required.
|
||||||
|
def bad_referrer_route(request: fastapi.Request):
|
||||||
|
pass
|
||||||
|
|
||||||
|
# Get down to the nitty gritty internal wrapper.
|
||||||
|
bad_referrer_route = auth_required()(bad_referrer_route)
|
||||||
|
|
||||||
|
# Execute the route with a "./blahblahblah" Referer, which does not
|
||||||
|
# match aur_location; `./` has been used as a prefix to attempt to
|
||||||
|
# ensure we're providing a fake referer.
|
||||||
|
with pytest.raises(HTTPException) as exc:
|
||||||
|
request = Request(method="POST", headers={"Referer": "./blahblahblah"})
|
||||||
|
await bad_referrer_route(request)
|
||||||
|
assert exc.detail == "Bad Referer header."
|
||||||
|
|
||||||
|
|
||||||
def test_account_type_required():
|
def test_account_type_required():
|
||||||
""" This test merely asserts that a few different paths
|
""" This test merely asserts that a few different paths
|
||||||
do not raise exceptions. """
|
do not raise exceptions. """
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue