You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
109 lines
3.4 KiB
109 lines
3.4 KiB
import pytest |
|
|
|
from pyramid.testing import DummyRequest |
|
|
|
from . import app_config, dbsession, get_example_user # noqa: F401 |
|
|
|
|
|
def test_crypt_context_to_settings(): |
|
from ordr.security import crypt_context_settings_to_string |
|
settings = { |
|
'no_prefix': 'should not appear', |
|
'prefix.something': 'left unchanged', |
|
'prefix.schemes': 'adjust list', |
|
'prefix.depreceated': 'do, not, adjust, this, list' |
|
} |
|
result = crypt_context_settings_to_string(settings, 'prefix.') |
|
expected_lines = { |
|
'[passlib]', |
|
'something = left unchanged', |
|
'schemes = adjust,list', |
|
'depreceated = do, not, adjust, this, list', |
|
} |
|
assert set(result.split('\n')) == expected_lines |
|
|
|
|
|
def test_authentication_policy_authenticated_user_id_no_user(): |
|
from ordr.security import AuthenticationPolicy |
|
ap = AuthenticationPolicy('') |
|
request = DummyRequest(user=None) |
|
assert ap.authenticated_userid(request) is None |
|
|
|
|
|
def test_authentication_policy_authenticated_user_id_with_user(): |
|
from ordr.security import AuthenticationPolicy |
|
from ordr.models import User |
|
ap = AuthenticationPolicy('') |
|
request = DummyRequest(user=User(id=123)) |
|
assert ap.authenticated_userid(request) == 123 |
|
|
|
|
|
def test_authentication_policy_effective_principals_no_user(): |
|
from ordr.security import AuthenticationPolicy |
|
from pyramid.security import Everyone |
|
request = DummyRequest(user=None) |
|
ap = AuthenticationPolicy('') |
|
result = ap.effective_principals(request) |
|
assert result == [Everyone] |
|
|
|
|
|
def test_authentication_policy_effective_principals_with_user(): |
|
from ordr.security import AuthenticationPolicy |
|
from ordr.models import User, Role |
|
from pyramid.security import Authenticated, Everyone |
|
ap = AuthenticationPolicy('') |
|
user = User(id=123, role=Role.PURCHASER) |
|
request = DummyRequest(user=user) |
|
result = ap.effective_principals(request) |
|
expected = [ |
|
Everyone, |
|
Authenticated, |
|
'user:123', |
|
'role:purchaser', |
|
'role:user' |
|
] |
|
assert result == expected |
|
|
|
|
|
@pytest.mark.parametrize( # noqa: F811 |
|
'uauid,role_name', [ |
|
(3, 'USER'), |
|
(4, 'PURCHASER'), |
|
(5, 'ADMIN'), |
|
] |
|
) |
|
def test_get_user_returns_user(dbsession, uauid, role_name): |
|
from ordr.security import get_user |
|
from ordr.models import Role |
|
# this is a dirty hack, but DummyRequest does not accept setting an |
|
# unauthenticated_userid |
|
from pyramid.testing import DummyResource |
|
request = DummyResource(unauthenticated_userid=uauid, dbsession=dbsession) |
|
user_role = Role[role_name] |
|
user = get_example_user(user_role) |
|
dbsession.add(user) |
|
dbsession.flush() |
|
assert get_user(request) == user |
|
|
|
|
|
@pytest.mark.parametrize( # noqa: F811 |
|
'uauid,role_name', [ |
|
(1, 'UNVALIDATED'), |
|
(2, 'NEW'), |
|
(6, 'INACTIVE'), |
|
(2, 'USER'), |
|
(None, 'USER'), |
|
] |
|
) |
|
def test_get_user_returns_none(dbsession, uauid, role_name): |
|
from ordr.security import get_user |
|
from ordr.models import Role |
|
# this is a dirty hack, but DummyRequest does not accept setting an |
|
# unauthenticated_userid |
|
from pyramid.testing import DummyResource |
|
request = DummyResource(unauthenticated_userid=uauid, dbsession=dbsession) |
|
user_role = Role[role_name] |
|
user = get_example_user(user_role) |
|
dbsession.add(user) |
|
dbsession.flush() |
|
assert get_user(request) is None
|
|
|