funkwhale/api/tests/users/test_authentication.py

import pytest

from django.core import signing

from funkwhale_api.users import authentication


def test_generate_scoped_token(mocker):
    dumps = mocker.patch("django.core.signing.dumps")

    result = authentication.generate_scoped_token(
        user_id=42, user_secret="hello", scopes=["read"],
    )

    assert result == dumps.return_value
    dumps.assert_called_once_with(
        {"scopes": ["read"], "user_secret": "hello", "user_id": 42},
        salt="scoped_tokens",
    )


def test_authenticate_scoped_token(mocker, factories, settings):
    loads = mocker.spy(signing, "loads")
    user = factories["users.User"]()
    token = signing.dumps(
        {"user_id": user.pk, "user_secret": str(user.secret_key), "scopes": ["read"]},
        salt="scoped_tokens",
    )

    logged_user, scopes = authentication.authenticate_scoped_token(token)

    assert scopes == ["read"]
    assert logged_user == user
    loads.assert_called_once_with(
        token, salt="scoped_tokens", max_age=settings.SCOPED_TOKENS_MAX_AGE
    )


def test_authenticate_scoped_token_bad_signature():
    with pytest.raises(authentication.exceptions.AuthenticationFailed):
        authentication.authenticate_scoped_token("hello")


def test_authenticate_scoped_token_bad_secret_key(factories):
    user = factories["users.User"]()
    token = authentication.generate_scoped_token(
        user_id=user.pk, user_secret="invalid", scopes=["read"]
    )

    with pytest.raises(authentication.exceptions.AuthenticationFailed):
        authentication.authenticate_scoped_token(token)


def test_scope_token_authentication(fake_request, factories, mocker):
    user = factories["users.User"]()
    actor = user.create_actor()
    authenticate_scoped_token = mocker.spy(authentication, "authenticate_scoped_token")
    token = authentication.generate_scoped_token(
        user_id=user.pk, user_secret=user.secret_key, scopes=["read"]
    )
    request = fake_request.get("/", {"token": token})
    auth = authentication.ScopedTokenAuthentication()

    assert auth.authenticate(request) == (user, None)
    assert request.scopes == ["read"]
    assert request.actor == actor
    authenticate_scoped_token.assert_called_once_with(token)


def test_scope_token_invalid(fake_request, factories):
    token = "test"
    request = fake_request.get("/", {"token": token})
    auth = authentication.ScopedTokenAuthentication()

    with pytest.raises(authentication.exceptions.AuthenticationFailed):
        auth.authenticate(request)


def test_scope_token_missing(fake_request, factories):
    request = fake_request.get("/")
    auth = authentication.ScopedTokenAuthentication()

    assert auth.authenticate(request) is None
Use scoped tokens to load <audio> urls instead of JWT 2020-05-11 08:06:35 +00:00			`import pytest`

			`from django.core import signing`

			`from funkwhale_api.users import authentication`


			`def test_generate_scoped_token(mocker):`
			`dumps = mocker.patch("django.core.signing.dumps")`

			`result = authentication.generate_scoped_token(`
			`user_id=42, user_secret="hello", scopes=["read"],`
			`)`

			`assert result == dumps.return_value`
			`dumps.assert_called_once_with(`
			`{"scopes": ["read"], "user_secret": "hello", "user_id": 42},`
			`salt="scoped_tokens",`
			`)`


			`def test_authenticate_scoped_token(mocker, factories, settings):`
			`loads = mocker.spy(signing, "loads")`
			`user = factories["users.User"]()`
			`token = signing.dumps(`
			`{"user_id": user.pk, "user_secret": str(user.secret_key), "scopes": ["read"]},`
			`salt="scoped_tokens",`
			`)`

			`logged_user, scopes = authentication.authenticate_scoped_token(token)`

			`assert scopes == ["read"]`
			`assert logged_user == user`
			`loads.assert_called_once_with(`
			`token, salt="scoped_tokens", max_age=settings.SCOPED_TOKENS_MAX_AGE`
			`)`


			`def test_authenticate_scoped_token_bad_signature():`
			`with pytest.raises(authentication.exceptions.AuthenticationFailed):`
			`authentication.authenticate_scoped_token("hello")`


			`def test_authenticate_scoped_token_bad_secret_key(factories):`
			`user = factories["users.User"]()`
			`token = authentication.generate_scoped_token(`
			`user_id=user.pk, user_secret="invalid", scopes=["read"]`
			`)`

			`with pytest.raises(authentication.exceptions.AuthenticationFailed):`
			`authentication.authenticate_scoped_token(token)`


			`def test_scope_token_authentication(fake_request, factories, mocker):`
			`user = factories["users.User"]()`
			`actor = user.create_actor()`
			`authenticate_scoped_token = mocker.spy(authentication, "authenticate_scoped_token")`
			`token = authentication.generate_scoped_token(`
			`user_id=user.pk, user_secret=user.secret_key, scopes=["read"]`
			`)`
			`request = fake_request.get("/", {"token": token})`
			`auth = authentication.ScopedTokenAuthentication()`

			`assert auth.authenticate(request) == (user, None)`
			`assert request.scopes == ["read"]`
			`assert request.actor == actor`
			`authenticate_scoped_token.assert_called_once_with(token)`


			`def test_scope_token_invalid(fake_request, factories):`
			`token = "test"`
			`request = fake_request.get("/", {"token": token})`
			`auth = authentication.ScopedTokenAuthentication()`

			`with pytest.raises(authentication.exceptions.AuthenticationFailed):`
			`auth.authenticate(request)`


			`def test_scope_token_missing(fake_request, factories):`
			`request = fake_request.get("/")`
			`auth = authentication.ScopedTokenAuthentication()`

			`assert auth.authenticate(request) is None`