Coverage for gws-app/gws/plugin/auth_method/web/_test.py: 0%
107 statements
« prev ^ index » next coverage.py v7.8.0, created at 2025-04-17 01:37 +0200
1import gws
2import gws.lib.jsonx as jsonx
3import gws.test.util as u
6@u.fixture(scope='module')
7def root():
8 cfg = '''
9 permissions.all "allow all"
11 auth.providers+ {
12 type mockAuthProvider1
13 }
14 auth.mfa+ {
15 type mockAuthMfaAdapter1
16 uid "MFA_1"
17 maxVerifyAttempts 3
18 }
19 auth.methods+ {
20 type web
21 secure False
22 cookieName AUTH_COOKIE
23 }
24 auth.session {
25 type "sqlite"
26 }
27 actions [
28 { type auth }
29 { type project }
30 ]
31 projects [
32 { uid ALL permissions.read 'allow all' }
33 { uid one permissions.read 'allow role1, deny all' }
34 { uid two permissions.read 'allow role2, deny all' }
35 ]
36 '''
38 yield u.gws_root(cfg)
41def _login(root, username, password):
42 return u.http.api(root, 'authLogin', {'username': username, 'password': password})
45def _get_project(root, project_uid, cookie):
46 if cookie is None:
47 return u.http.api(root, 'projectInfo', {'projectUid': project_uid})
48 else:
49 return u.http.api(root, 'projectInfo', {'projectUid': project_uid}, cookies=[cookie])
52#
55def test_login_ok(root: gws.Root):
56 u.mock.add_user('me', 'foo', displayName='123')
57 res = _login(root, 'me', 'foo')
59 assert res.status_code == 200
60 assert res.cookies.get('AUTH_COOKIE') is not None
61 assert res.json['user']['displayName'] == '123'
64def test_login_wrong_credentials(root: gws.Root):
65 u.mock.add_user('me', 'foo', displayName='123')
67 assert _login(root, 'XXX', 'foo').status_code == 403
68 assert _login(root, '', 'foo').status_code == 403
70 assert _login(root, 'me', 'XXX').status_code == 403
71 assert _login(root, 'me', '').status_code == 403
74def test_request_with_cookie_ok(root: gws.Root):
75 u.mock.add_user('one', 'foo', roles=['role1'])
77 res = _login(root, 'one', 'foo')
78 cookie = res.cookies.get('AUTH_COOKIE')
80 assert _get_project(root, 'ALL', cookie).status_code == 200
81 assert _get_project(root, 'one', cookie).status_code == 200
82 assert _get_project(root, 'two', cookie).status_code == 403
84 u.mock.add_user('two', 'bar', roles=['role2'])
86 res = _login(root, 'two', 'bar')
87 cookie = res.cookies.get('AUTH_COOKIE')
89 assert _get_project(root, 'ALL', cookie).status_code == 200
90 assert _get_project(root, 'one', cookie).status_code == 403
91 assert _get_project(root, 'two', cookie).status_code == 200
94def test_request_without_cookie_fails(root: gws.Root):
95 u.mock.add_user('one', 'foo', roles=['role1'])
96 res = _login(root, 'one', 'foo')
97 assert _get_project(root, 'one', None).status_code == 403
100def test_request_with_wrong_cookie_fails(root: gws.Root):
101 u.mock.add_user('one', 'foo', roles=['role1'])
103 res = _login(root, 'one', 'foo')
104 cookie = res.cookies.get('AUTH_COOKIE')
106 assert _get_project(root, 'one', cookie).status_code == 200
107 cookie.value = 'XXX'
108 assert _get_project(root, 'one', cookie).status_code == 403
111def test_request_with_wrong_cookie_user_fails(root: gws.Root):
112 u.mock.add_user('one', 'foo', roles=['role1'])
114 res = _login(root, 'one', 'foo')
115 cookie = res.cookies.get('AUTH_COOKIE')
117 assert _get_project(root, 'one', cookie).status_code == 200
118 u.mock.delete_user('one')
119 assert _get_project(root, 'one', cookie).status_code == 403
122def test_request_with_expired_cookie_fails(root: gws.Root):
123 u.mock.add_user('one', 'foo', roles=['role1'])
125 ttl = 5
126 root.app.authMgr.sessionMgr.lifeTime = ttl
128 res = _login(root, 'one', 'foo')
129 cookie = res.cookies.get('AUTH_COOKIE')
131 gws.u.sleep(ttl - 1)
133 res = _get_project(root, 'one', cookie)
134 assert res.status_code == 200
136 gws.u.sleep(ttl + 1)
138 res = _get_project(root, 'one', cookie)
139 assert res.status_code == 403
142def test_mfa_ok(root: gws.Root):
143 u.mock.add_user('one', 'foo', roles=['role1'], mfaUid='MFA_1')
145 res = _login(root, 'one', 'foo')
146 cookie = res.cookies.get('AUTH_COOKIE')
148 # no login yet
149 assert _get_project(root, 'one', cookie).status_code == 403
151 res = u.http.api(root, 'authMfaVerify', {'payload': {'code': u.mock.AuthMfaAdapter1.VALID_CODE}}, cookies=[cookie])
152 assert res.status_code == 200
153 cookie = res.cookies.get('AUTH_COOKIE')
155 # logged in!
156 assert _get_project(root, 'one', cookie).status_code == 200
159def test_mfa_retry(root: gws.Root):
160 u.mock.add_user('one', 'foo', roles=['role1'], mfaUid='MFA_1')
162 res = _login(root, 'one', 'foo')
163 cookie = res.cookies.get('AUTH_COOKIE')
165 res = u.http.api(root, 'authMfaVerify', {'payload': {'code': 'BAD_1'}}, cookies=[cookie])
166 assert res.status_code == 200
167 cookie = res.cookies.get('AUTH_COOKIE')
168 assert _get_project(root, 'one', cookie).status_code == 403
170 res = u.http.api(root, 'authMfaVerify', {'payload': {'code': 'BAD_2'}}, cookies=[cookie])
171 assert res.status_code == 200
172 cookie = res.cookies.get('AUTH_COOKIE')
173 assert _get_project(root, 'one', cookie).status_code == 403
175 res = u.http.api(root, 'authMfaVerify', {'payload': {'code': u.mock.AuthMfaAdapter1.VALID_CODE}}, cookies=[cookie])
176 assert res.status_code == 200
177 cookie = res.cookies.get('AUTH_COOKIE')
178 assert _get_project(root, 'one', cookie).status_code == 200
181def test_mfa_fail(root: gws.Root):
182 u.mock.add_user('one', 'foo', roles=['role1'], mfaUid='MFA_1')
184 res = _login(root, 'one', 'foo')
185 cookie = res.cookies.get('AUTH_COOKIE')
187 res = u.http.api(root, 'authMfaVerify', {'payload': {'code': 'BAD_1'}}, cookies=[cookie])
188 assert res.status_code == 200
189 cookie = res.cookies.get('AUTH_COOKIE')
190 assert _get_project(root, 'one', cookie).status_code == 403
192 res = u.http.api(root, 'authMfaVerify', {'payload': {'code': 'BAD_2'}}, cookies=[cookie])
193 assert res.status_code == 200
194 cookie = res.cookies.get('AUTH_COOKIE')
195 assert _get_project(root, 'one', cookie).status_code == 403
197 res = u.http.api(root, 'authMfaVerify', {'payload': {'code': 'BAD_3'}}, cookies=[cookie])
198 assert res.status_code == 403