mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
1702075875
Renaming of symbols. Functions, variables, values, DB values, etc. Basically everything that is not user-facing. This only covers "Trusted User" things: tests, comments, etc. will covered in a following commit.
162 lines
4.7 KiB
Python
162 lines
4.7 KiB
Python
import fastapi
|
|
import pytest
|
|
from fastapi import HTTPException
|
|
from sqlalchemy.exc import IntegrityError
|
|
|
|
from aurweb import config, db, time
|
|
from aurweb.auth import (
|
|
AnonymousUser,
|
|
BasicAuthBackend,
|
|
_auth_required,
|
|
account_type_required,
|
|
)
|
|
from aurweb.models.account_type import USER, USER_ID
|
|
from aurweb.models.session import Session
|
|
from aurweb.models.user import User
|
|
from aurweb.testing.requests import Request
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def setup(db_test):
|
|
return
|
|
|
|
|
|
@pytest.fixture
|
|
def user() -> User:
|
|
with db.begin():
|
|
user = db.create(
|
|
User,
|
|
Username="test",
|
|
Email="test@example.com",
|
|
RealName="Test User",
|
|
Passwd="testPassword",
|
|
AccountTypeID=USER_ID,
|
|
)
|
|
yield user
|
|
|
|
|
|
@pytest.fixture
|
|
def backend() -> BasicAuthBackend:
|
|
yield BasicAuthBackend()
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_auth_backend_missing_sid(backend: BasicAuthBackend):
|
|
# The request has no AURSID cookie, so authentication fails, and
|
|
# AnonymousUser is returned.
|
|
_, result = await backend.authenticate(Request())
|
|
assert not result.is_authenticated()
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_auth_backend_invalid_sid(backend: BasicAuthBackend):
|
|
# Provide a fake AURSID that won't be found in the database.
|
|
# This results in our path going down the invalid sid route,
|
|
# which gives us an AnonymousUser.
|
|
request = Request()
|
|
request.cookies["AURSID"] = "fake"
|
|
_, result = await backend.authenticate(request)
|
|
assert not result.is_authenticated()
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_auth_backend_invalid_user_id():
|
|
# Create a new session with a fake user id.
|
|
now_ts = time.utcnow()
|
|
with pytest.raises(IntegrityError):
|
|
Session(UsersID=666, SessionID="realSession", LastUpdateTS=now_ts + 5)
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_basic_auth_backend(user: User, backend: BasicAuthBackend):
|
|
# This time, everything matches up. We expect the user to
|
|
# equal the real_user.
|
|
now_ts = time.utcnow()
|
|
with db.begin():
|
|
db.create(
|
|
Session, UsersID=user.ID, SessionID="realSession", LastUpdateTS=now_ts + 5
|
|
)
|
|
|
|
request = Request()
|
|
request.cookies["AURSID"] = "realSession"
|
|
_, result = await backend.authenticate(request)
|
|
assert result == user
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_expired_session(backend: BasicAuthBackend, user: User):
|
|
"""Login, expire the session manually, then authenticate."""
|
|
# First, build a Request with a logged in user.
|
|
request = Request()
|
|
request.user = user
|
|
sid = request.user.login(Request(), "testPassword")
|
|
request.cookies["AURSID"] = sid
|
|
|
|
# Set Session.LastUpdateTS to 20 seconds expired.
|
|
timeout = config.getint("options", "login_timeout")
|
|
now_ts = time.utcnow()
|
|
with db.begin():
|
|
request.user.session.LastUpdateTS = now_ts - timeout - 20
|
|
|
|
# Run through authentication backend and get the session
|
|
# deleted due to its expiration.
|
|
await backend.authenticate(request)
|
|
session = db.query(Session).filter(Session.SessionID == sid).first()
|
|
assert session is None
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_auth_required_redirection_bad_referrer():
|
|
# Create a fake route function which can be wrapped by auth_required.
|
|
def bad_referrer_route(request: fastapi.Request):
|
|
pass
|
|
|
|
# Get down to the nitty gritty internal wrapper.
|
|
bad_referrer_route = _auth_required()(bad_referrer_route)
|
|
|
|
# Execute the route with a "./blahblahblah" Referer, which does not
|
|
# match aur_location; `./` has been used as a prefix to attempt to
|
|
# ensure we're providing a fake referer.
|
|
with pytest.raises(HTTPException) as exc:
|
|
request = Request(method="POST", headers={"Referer": "./blahblahblah"})
|
|
await bad_referrer_route(request)
|
|
assert exc.detail == "Bad Referer header."
|
|
|
|
|
|
def test_account_type_required():
|
|
"""This test merely asserts that a few different paths
|
|
do not raise exceptions."""
|
|
# This one shouldn't raise.
|
|
account_type_required({USER})
|
|
|
|
# This one also shouldn't raise.
|
|
account_type_required({USER_ID})
|
|
|
|
# But this one should! We have no "FAKE" key.
|
|
with pytest.raises(KeyError):
|
|
account_type_required({"FAKE"})
|
|
|
|
|
|
def test_is_package_maintainer():
|
|
user_ = AnonymousUser()
|
|
assert not user_.is_package_maintainer()
|
|
|
|
|
|
def test_is_developer():
|
|
user_ = AnonymousUser()
|
|
assert not user_.is_developer()
|
|
|
|
|
|
def test_is_elevated():
|
|
user_ = AnonymousUser()
|
|
assert not user_.is_elevated()
|
|
|
|
|
|
def test_voted_for():
|
|
user_ = AnonymousUser()
|
|
assert not user_.voted_for(None)
|
|
|
|
|
|
def test_notified():
|
|
user_ = AnonymousUser()
|
|
assert not user_.notified(None)
|