|
1 | 1 | from odoo.tests import tagged |
2 | 2 | from odoo.tests.common import TransactionCase |
3 | 3 |
|
4 | | -from fastapi.exceptions import HTTPException |
5 | | - |
6 | | -from ..dependencies import ( |
| 4 | +from odoo.addons.fastapi_auth_api_key.dependencies import ( |
7 | 5 | authenticated_auth_api_key, |
8 | 6 | authenticated_env_by_auth_api_key, |
9 | 7 | authenticated_partner_by_api_key, |
10 | 8 | ) |
11 | 9 |
|
| 10 | +from fastapi.exceptions import HTTPException |
| 11 | + |
12 | 12 |
|
13 | 13 | @tagged("-at_install", "post_install") |
14 | 14 | class TestFastapiAuthApiKey(TransactionCase): |
15 | 15 | @classmethod |
16 | 16 | def setUpClass(cls): |
17 | 17 | super().setUpClass() |
18 | 18 | cls.env = cls.env(context=dict(cls.env.context, tracking_disable=True)) |
19 | | - # Is it valid? We need an env without superpowers |
20 | 19 | demo_user = cls.env.ref("base.user_demo") |
21 | 20 | cls.demo_env = demo_user.with_user(demo_user).env |
22 | 21 | cls.demo_endpoint = cls.env["fastapi.endpoint"].create( |
@@ -68,29 +67,41 @@ def setUpClassApiKey(cls): |
68 | 67 | "auth_api_key_ids": [(6, 0, cls.authorized_api_key.ids)], |
69 | 68 | } |
70 | 69 | ) |
| 70 | + cls.demo_endpoint.auth_api_key_group_id = cls.authorized_api_key_group |
71 | 71 |
|
72 | | - def test_authenticated_auth_api_key(self): |
| 72 | + def test_authenticated_auth_api_key_no_api_key(self): |
73 | 73 | # An exception is raised when no api key is used |
74 | 74 | with self.assertRaises(HTTPException) as error: |
75 | 75 | authenticated_auth_api_key(False, self.demo_env, self.demo_endpoint) |
76 | | - self.assertEqual(error.exception.detail, "No HTTP-API-KEY provided") |
| 76 | + self.assertEqual(error.exception.detail, "Missing HTTP-API-KEY header") |
| 77 | + |
| 78 | + def test_authenticated_auth_api_key_no_api_key_found(self): |
77 | 79 | # An exception is raised when no api key record is found |
78 | 80 | with self.assertRaises(HTTPException) as error: |
79 | 81 | authenticated_auth_api_key("404", self.demo_env, self.demo_endpoint) |
80 | 82 | self.assertEqual(error.exception.detail, ("The key 404 is not allowed",)) |
81 | | - # TODO enable this when we know how to filter keys based |
82 | | - # on endpoint's api key group. |
| 83 | + |
| 84 | + def test_authenticated_auth_api_key_unauthorized_key(self): |
83 | 85 | # An exception is raised when unauthorized api key record is found |
84 | | - # with self.assertRaises(HTTPException) as error: |
85 | | - # authenticated_auth_api_key("not_authorized", self.demo_env) |
86 | | - self.demo_endpoint.auth_api_key_group_id = ( |
87 | | - self.authorized_api_key.auth_api_key_group_ids[0] |
88 | | - ) |
| 86 | + with self.assertRaisesRegex(HTTPException, r"Unauthorized"): |
| 87 | + authenticated_auth_api_key( |
| 88 | + "unauthorized_key", self.demo_env, self.demo_endpoint |
| 89 | + ) |
| 90 | + |
| 91 | + def test_authenticated_auth_api_key(self): |
89 | 92 | result_key = authenticated_auth_api_key( |
90 | | - self.authorized_api_key.key, self.demo_env, self.demo_endpoint |
| 93 | + "authorized_key", self.demo_env, self.demo_endpoint |
91 | 94 | ) |
92 | 95 | self.assertEqual(result_key, self.authorized_api_key) |
93 | 96 |
|
| 97 | + def test_authenticated_auth_api_key_without_group(self): |
| 98 | + # test with no group set unauthorized is allow to access |
| 99 | + self.demo_endpoint.auth_api_key_group_id = False |
| 100 | + result_key = authenticated_auth_api_key( |
| 101 | + "unauthorized_key", self.demo_env, self.demo_endpoint |
| 102 | + ) |
| 103 | + self.assertEqual(result_key, self.unauthorized_api_key) |
| 104 | + |
94 | 105 | def test_authenticated_partner_by_api_key(self): |
95 | 106 | result_partner = authenticated_partner_by_api_key(self.authorized_api_key) |
96 | 107 | self.assertEqual(result_partner, self.authorized_user.partner_id) |
|
0 commit comments