Propagate changes on tests

This commit is contained in:
Alexandre Aubin 2021-12-22 19:22:49 +01:00
parent 2fc9611b53
commit ee1e63c7a1
4 changed files with 108 additions and 9 deletions

View file

@ -4,7 +4,6 @@
#############################
_global:
namespace: moulitest
cookie_name: moulitest
authentication:
api: dummy
cli: dummy

View file

@ -1,13 +1,16 @@
# -*- coding: utf-8 -*-
import logging
from moulinette.core import MoulinetteError
from moulinette.utils.text import random_ascii
from moulinette.core import MoulinetteError, MoulinetteAuthenticationError
from moulinette.authentication import BaseAuthenticator
logger = logging.getLogger("moulinette.authenticator.dummy")
logger = logging.getLogger("moulinette.authenticator.yoloswag")
# Dummy authenticator implementation
session_secret = random_ascii()
class Authenticator(BaseAuthenticator):
@ -24,3 +27,50 @@ class Authenticator(BaseAuthenticator):
raise MoulinetteError("invalid_password", raw_msg=True)
return
def set_session_cookie(self, infos):
from bottle import response
assert isinstance(infos, dict)
# This allows to generate a new session id or keep the existing one
current_infos = self.get_session_cookie(raise_if_no_session_exists=False)
new_infos = {"id": current_infos["id"]}
new_infos.update(infos)
response.set_cookie(
"moulitest",
new_infos,
secure=True,
secret=session_secret,
httponly=True,
# samesite="strict", # Bottle 0.12 doesn't support samesite, to be added in next versions
)
def get_session_cookie(self, raise_if_no_session_exists=True):
from bottle import request
try:
infos = request.get_cookie(
"moulitest", secret=session_secret, default={}
)
except Exception:
if not raise_if_no_session_exists:
return {"id": random_ascii()}
raise MoulinetteAuthenticationError("unable_authenticate")
if "id" not in infos:
infos["id"] = random_ascii()
return infos
@staticmethod
def delete_session_cookie(self):
from bottle import response
response.set_cookie("moulitest", "", max_age=-1)
response.delete_cookie("moulitest")

View file

@ -1,13 +1,16 @@
# -*- coding: utf-8 -*-
import logging
from moulinette.core import MoulinetteError
from moulinette.utils.text import random_ascii
from moulinette.core import MoulinetteError, MoulinetteAuthenticationError
from moulinette.authentication import BaseAuthenticator
logger = logging.getLogger("moulinette.authenticator.yoloswag")
# Dummy authenticator implementation
session_secret = random_ascii()
class Authenticator(BaseAuthenticator):
@ -24,3 +27,50 @@ class Authenticator(BaseAuthenticator):
raise MoulinetteError("invalid_password", raw_msg=True)
return
def set_session_cookie(self, infos):
from bottle import response
assert isinstance(infos, dict)
# This allows to generate a new session id or keep the existing one
current_infos = self.get_session_cookie(raise_if_no_session_exists=False)
new_infos = {"id": current_infos["id"]}
new_infos.update(infos)
response.set_cookie(
"moulitest",
new_infos,
secure=True,
secret=session_secret,
httponly=True,
# samesite="strict", # Bottle 0.12 doesn't support samesite, to be added in next versions
)
def get_session_cookie(self, raise_if_no_session_exists=True):
from bottle import request
try:
infos = request.get_cookie(
"moulitest", secret=session_secret, default={}
)
except Exception:
if not raise_if_no_session_exists:
return {"id": random_ascii()}
raise MoulinetteAuthenticationError("unable_authenticate")
if "id" not in infos:
infos["id"] = random_ascii()
return infos
@staticmethod
def delete_session_cookie(self):
from bottle import response
response.set_cookie("moulitest", "", max_age=-1)
response.delete_cookie("moulitest")

View file

@ -66,7 +66,7 @@ class TestAuthAPI:
def test_login(self, moulinette_webapi):
assert self.login(moulinette_webapi).text == "Logged in"
assert "session.moulitest" in moulinette_webapi.cookies
assert "moulitest" in moulinette_webapi.cookies
def test_login_bad_password(self, moulinette_webapi):
assert (
@ -74,7 +74,7 @@ class TestAuthAPI:
== "invalid_password"
)
assert "session.moulitest" not in moulinette_webapi.cookies
assert "moulitest" not in moulinette_webapi.cookies
def test_login_csrf_attempt(self, moulinette_webapi):
# C.f.
@ -86,7 +86,7 @@ class TestAuthAPI:
in self.login(moulinette_webapi, csrf=True, status=403).text
)
assert not any(
c.name == "session.moulitest" for c in moulinette_webapi.cookiejar
c.name == "moulitest" for c in moulinette_webapi.cookiejar
)
def test_login_then_legit_request_without_cookies(self, moulinette_webapi):
@ -99,7 +99,7 @@ class TestAuthAPI:
def test_login_then_legit_request(self, moulinette_webapi):
self.login(moulinette_webapi)
assert "session.moulitest" in moulinette_webapi.cookies
assert "moulitest" in moulinette_webapi.cookies
assert (
moulinette_webapi.get("/test-auth/default", status=200).text
@ -124,7 +124,7 @@ class TestAuthAPI:
def test_login_other_profile(self, moulinette_webapi):
self.login(moulinette_webapi, profile="yoloswag", password="yoloswag")
assert "session.moulitest" in moulinette_webapi.cookies
assert "moulitest" in moulinette_webapi.cookies
def test_login_wrong_profile(self, moulinette_webapi):
self.login(moulinette_webapi)