mirror of
https://github.com/fastapi-users/fastapi-users.git
synced 2025-08-15 11:11:16 +08:00
49deb437a6
* Revamp authentication to allow multiple backends * Make router generate a login route for each backend * Apply black * Remove unused imports * Complete docstrings * Update documentation * WIP add cookie auth * Complete cookie auth unit tests * Add documentation for cookie auth * Fix cookie backend default name * Don't make cookie return a Response
106 lines
3.1 KiB
Python
106 lines
3.1 KiB
Python
import re
|
|
|
|
import jwt
|
|
import pytest
|
|
from starlette.responses import Response
|
|
|
|
from fastapi_users.authentication.cookie import CookieAuthentication
|
|
from fastapi_users.utils import JWT_ALGORITHM, generate_jwt
|
|
|
|
SECRET = "SECRET"
|
|
LIFETIME = 3600
|
|
COOKIE_NAME = "COOKIE_NAME"
|
|
|
|
|
|
@pytest.fixture
|
|
def cookie_authentication():
|
|
return CookieAuthentication(SECRET, LIFETIME, COOKIE_NAME)
|
|
|
|
|
|
@pytest.fixture
|
|
def token():
|
|
def _token(user=None, lifetime=LIFETIME):
|
|
data = {"aud": "fastapi-users:auth"}
|
|
if user is not None:
|
|
data["user_id"] = user.id
|
|
return generate_jwt(data, lifetime, SECRET, JWT_ALGORITHM)
|
|
|
|
return _token
|
|
|
|
|
|
@pytest.mark.authentication
|
|
def test_default_name(cookie_authentication):
|
|
assert cookie_authentication.name == "cookie"
|
|
|
|
|
|
@pytest.mark.authentication
|
|
class TestAuthenticate:
|
|
@pytest.mark.asyncio
|
|
async def test_missing_token(
|
|
self, cookie_authentication, mock_user_db, request_builder
|
|
):
|
|
request = request_builder()
|
|
authenticated_user = await cookie_authentication(request, mock_user_db)
|
|
assert authenticated_user is None
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_invalid_token(
|
|
self, cookie_authentication, mock_user_db, request_builder
|
|
):
|
|
cookies = {}
|
|
cookies[COOKIE_NAME] = "foo"
|
|
request = request_builder(cookies=cookies)
|
|
authenticated_user = await cookie_authentication(request, mock_user_db)
|
|
assert authenticated_user is None
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_valid_token_missing_user_payload(
|
|
self, cookie_authentication, mock_user_db, request_builder, token
|
|
):
|
|
cookies = {}
|
|
cookies[COOKIE_NAME] = token()
|
|
request = request_builder(cookies=cookies)
|
|
authenticated_user = await cookie_authentication(request, mock_user_db)
|
|
assert authenticated_user is None
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_valid_token(
|
|
self, cookie_authentication, mock_user_db, request_builder, token, user
|
|
):
|
|
cookies = {}
|
|
cookies[COOKIE_NAME] = token(user)
|
|
request = request_builder(cookies=cookies)
|
|
authenticated_user = await cookie_authentication(request, mock_user_db)
|
|
assert authenticated_user.id == user.id
|
|
|
|
|
|
@pytest.mark.authentication
|
|
@pytest.mark.asyncio
|
|
async def test_get_login_response(cookie_authentication, user):
|
|
response = Response()
|
|
login_response = await cookie_authentication.get_login_response(user, response)
|
|
|
|
# We shouldn't return directly the response
|
|
# so that FastAPI can terminate it properly
|
|
assert login_response is None
|
|
|
|
cookies = [
|
|
header for header in response.raw_headers if header[0] == b"set-cookie"
|
|
]
|
|
assert len(cookies) == 1
|
|
|
|
cookie = cookies[0][1].decode("latin-1")
|
|
|
|
assert f"Max-Age={LIFETIME}" in cookie
|
|
|
|
cookie_name_value = re.match(r"^(\w+)=([^;]+);", cookie)
|
|
|
|
cookie_name = cookie_name_value[1]
|
|
assert cookie_name == COOKIE_NAME
|
|
|
|
cookie_value = cookie_name_value[2]
|
|
decoded = jwt.decode(
|
|
cookie_value, SECRET, audience="fastapi-users:auth", algorithms=[JWT_ALGORITHM]
|
|
)
|
|
assert decoded["user_id"] == user.id
|