resources_api/tests/unit/test_auth.py at c871a5b2cd16510787d9fde91cda93af1a42d0e4 · OperationCode/resources_api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
from unittest.mock import patch

from app.api.auth import (ApiKeyError, ApiKeyErrorCode, authenticate,
                          blacklist_key, find_key_by_apikey_or_email,
                          rotate_key)
from tests.utils import create_fake_key, FAKE_EMAIL, FAKE_APIKEY
from flask import g


def test_authenticate_failure(module_client, function_empty_db):
    # Arrange
    def callback(*args, **kwargs):
        return 1

    # Act
    wrapper = authenticate(callback)
    with patch('app.api.auth.request') as fake_request:
        fake_request.headers = {
            'x-apikey': FAKE_APIKEY
        }
        result = wrapper()

    # Assert
    assert result[1] == 401


def test_authenticate_success(module_client, function_empty_db):
    # Arrange
    key = create_fake_key(function_empty_db.session)

    def callback(*args, **kwargs):
        return 1

    # Act
    wrapper = authenticate(callback)
    with patch('app.api.auth.request') as fake_request:
        fake_request.headers = {
            'x-apikey': FAKE_APIKEY
        }
        result = wrapper()

    # Assert
    assert result == 1
    assert g.auth_key == key


def test_authenticate_blacklisted(module_client, function_empty_db):
    # Arrange
    create_fake_key(function_empty_db.session, blacklisted=True)

    def callback(*args, **kwargs):
        return 1

    # Act
    wrapper = authenticate(callback)
    with patch('app.api.auth.request') as fake_request:
        fake_request.headers = {
            'x-apikey': FAKE_APIKEY
        }
        result = wrapper()

    # Assert
    assert result[1] == 401


def test_find_key_by_apikey_or_email(module_client, function_empty_db):
    # Arrange
    key = create_fake_key(function_empty_db.session)

    # Act
    key1 = find_key_by_apikey_or_email(FAKE_EMAIL)
    key2 = find_key_by_apikey_or_email(FAKE_APIKEY)

    # Assert
    assert key == key1
    assert key == key2


def test_blacklist_key_not_found(module_client, function_empty_db):
    # Arrange
    error = None

    # Act
    try:
        blacklist_key(FAKE_APIKEY + 'b', True, function_empty_db.session)
    except ApiKeyError as e:
        error = e

    # Assert
    assert error.error_code == ApiKeyErrorCode.NOT_FOUND


def test_blacklist_key_already_blacklisted(module_client, function_empty_db):
    # Arrange
    error = None
    key1 = None
    create_fake_key(function_empty_db.session, blacklisted=True)

    # Act
    try:
        key1 = blacklist_key(FAKE_APIKEY, True, function_empty_db.session)
    except ApiKeyError as e:
        error = e

    # Assert
    assert error.error_code == ApiKeyErrorCode.ALREADY_BLACKLISTED
    assert key1 is None


def test_blacklist_key_not_blacklisted(module_client, function_empty_db):
    # Arrange
    error = None
    key1 = None
    create_fake_key(function_empty_db.session)

    # Act
    try:
        key1 = blacklist_key(FAKE_APIKEY, False, function_empty_db.session)
    except ApiKeyError as e:
        error = e

    # Assert
    assert error.error_code == ApiKeyErrorCode.NOT_BLACKLISTED
    assert key1 is None


def test_blacklist_key_set_blacklisted_on(module_client, function_empty_db):
    # Arrange
    key = create_fake_key(function_empty_db.session)

    # Act
    key1 = blacklist_key(FAKE_APIKEY, True, function_empty_db.session)

    # Assert
    assert key.blacklisted
    assert key == key1


def test_blacklist_key_set_blacklisted_off(module_client, function_empty_db):
    # Arrange
    key = create_fake_key(function_empty_db.session, blacklisted=True)

    # Act
    key1 = blacklist_key(FAKE_APIKEY, False, function_empty_db.session)

    # Assert
    assert not key.blacklisted
    assert key == key1


def test_rotate_key(module_client, function_empty_db):
    # Arrange
    key = create_fake_key(function_empty_db.session)
    function_empty_db.session.add(key)
    function_empty_db.session.commit()

    # Act
    rotate_key(key, function_empty_db.session)

    # Assert
    assert key.apikey != FAKE_APIKEY