mirror of
https://github.com/fastapi-users/fastapi-users.git
synced 2025-08-15 11:11:16 +08:00
173 lines
5.1 KiB
Python
173 lines
5.1 KiB
Python
import re
|
|
|
|
import pytest
|
|
from fastapi import Response
|
|
|
|
from fastapi_users.authentication.cookie import CookieAuthentication
|
|
from fastapi_users.jwt import SecretType, decode_jwt, generate_jwt
|
|
|
|
LIFETIME = 3600
|
|
COOKIE_NAME = "COOKIE_NAME"
|
|
|
|
|
|
@pytest.fixture(
|
|
params=[
|
|
("/", None, True, True),
|
|
("/arthur", None, True, True),
|
|
("/", "camelot.bt", True, True),
|
|
("/", None, False, True),
|
|
("/", None, True, False),
|
|
]
|
|
)
|
|
def cookie_authentication(secret: SecretType, request):
|
|
path, domain, secure, httponly = request.param
|
|
return CookieAuthentication(
|
|
secret,
|
|
lifetime_seconds=LIFETIME,
|
|
cookie_name=COOKIE_NAME,
|
|
cookie_path=path,
|
|
cookie_domain=domain,
|
|
cookie_secure=secure,
|
|
cookie_httponly=httponly,
|
|
)
|
|
|
|
|
|
@pytest.fixture
|
|
def token(secret):
|
|
def _token(user_id=None, lifetime=LIFETIME):
|
|
data = {"aud": "fastapi-users:auth"}
|
|
if user_id is not None:
|
|
data["user_id"] = str(user_id)
|
|
return generate_jwt(data, secret, lifetime)
|
|
|
|
return _token
|
|
|
|
|
|
@pytest.mark.authentication
|
|
def test_default_name(cookie_authentication: CookieAuthentication):
|
|
assert cookie_authentication.name == "cookie"
|
|
|
|
|
|
@pytest.mark.authentication
|
|
class TestAuthenticate:
|
|
@pytest.mark.asyncio
|
|
async def test_missing_token(
|
|
self, user_manager, cookie_authentication: CookieAuthentication
|
|
):
|
|
authenticated_user = await cookie_authentication(None, user_manager)
|
|
assert authenticated_user is None
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_invalid_token(
|
|
self, user_manager, cookie_authentication: CookieAuthentication
|
|
):
|
|
authenticated_user = await cookie_authentication("foo", user_manager)
|
|
assert authenticated_user is None
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_valid_token_missing_user_payload(
|
|
self, user_manager, token, cookie_authentication: CookieAuthentication
|
|
):
|
|
authenticated_user = await cookie_authentication(token(), user_manager)
|
|
assert authenticated_user is None
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_valid_token_invalid_uuid(
|
|
self, user_manager, token, cookie_authentication: CookieAuthentication
|
|
):
|
|
authenticated_user = await cookie_authentication(token("foo"), user_manager)
|
|
assert authenticated_user is None
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_valid_token_not_existing_user(
|
|
self, user_manager, token, cookie_authentication: CookieAuthentication
|
|
):
|
|
authenticated_user = await cookie_authentication(
|
|
token("d35d213e-f3d8-4f08-954a-7e0d1bea286f"), user_manager
|
|
)
|
|
assert authenticated_user is None
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_valid_token(
|
|
self, user_manager, token, user, cookie_authentication: CookieAuthentication
|
|
):
|
|
authenticated_user = await cookie_authentication(token(user.id), user_manager)
|
|
assert authenticated_user is not None
|
|
assert authenticated_user.id == user.id
|
|
|
|
|
|
@pytest.mark.authentication
|
|
@pytest.mark.asyncio
|
|
async def test_get_login_response(
|
|
user, cookie_authentication: CookieAuthentication, user_manager
|
|
):
|
|
secret = cookie_authentication.secret
|
|
path = cookie_authentication.cookie_path
|
|
domain = cookie_authentication.cookie_domain
|
|
secure = cookie_authentication.cookie_secure
|
|
httponly = cookie_authentication.cookie_httponly
|
|
|
|
response = Response()
|
|
login_response = await cookie_authentication.get_login_response(
|
|
user, response, user_manager
|
|
)
|
|
|
|
# We shouldn't return directly the response
|
|
# so that FastAPI can terminate it properly
|
|
assert login_response is None
|
|
|
|
cookies = [header for header in response.raw_headers if header[0] == b"set-cookie"]
|
|
assert len(cookies) == 1
|
|
|
|
cookie = cookies[0][1].decode("latin-1")
|
|
|
|
assert f"Max-Age={LIFETIME}" in cookie
|
|
assert f"Path={path}" in cookie
|
|
|
|
if domain:
|
|
assert f"Domain={domain}" in cookie
|
|
else:
|
|
assert "Domain=" not in cookie
|
|
|
|
if secure:
|
|
assert "Secure" in cookie
|
|
else:
|
|
assert "Secure" not in cookie
|
|
|
|
if httponly:
|
|
assert "HttpOnly" in cookie
|
|
else:
|
|
assert "HttpOnly" not in cookie
|
|
|
|
cookie_name_value = re.match(r"^(\w+)=([^;]+);", cookie)
|
|
assert cookie_name_value is not None
|
|
|
|
cookie_name = cookie_name_value[1]
|
|
assert cookie_name == COOKIE_NAME
|
|
|
|
cookie_value = cookie_name_value[2]
|
|
decoded = decode_jwt(cookie_value, secret, audience=["fastapi-users:auth"])
|
|
assert decoded["user_id"] == str(user.id)
|
|
|
|
|
|
@pytest.mark.authentication
|
|
@pytest.mark.asyncio
|
|
async def test_get_logout_response(
|
|
user, cookie_authentication: CookieAuthentication, user_manager
|
|
):
|
|
response = Response()
|
|
logout_response = await cookie_authentication.get_logout_response(
|
|
user, response, user_manager
|
|
)
|
|
|
|
# We shouldn't return directly the response
|
|
# so that FastAPI can terminate it properly
|
|
assert logout_response is None
|
|
|
|
cookies = [header for header in response.raw_headers if header[0] == b"set-cookie"]
|
|
assert len(cookies) == 1
|
|
|
|
cookie = cookies[0][1].decode("latin-1")
|
|
|
|
assert "Max-Age=0" in cookie
|