410 lines
15 KiB
Python
410 lines
15 KiB
Python
|
from dirty_equals import IsDict, IsOneOf
|
||
|
from fastapi.testclient import TestClient
|
||
|
|
||
|
from docs_src.security.tutorial005 import (
|
||
|
app,
|
||
|
create_access_token,
|
||
|
fake_users_db,
|
||
|
get_password_hash,
|
||
|
verify_password,
|
||
|
)
|
||
|
|
||
|
client = TestClient(app)
|
||
|
|
||
|
|
||
|
def get_access_token(username="johndoe", password="secret", scope=None):
|
||
|
data = {"username": username, "password": password}
|
||
|
if scope:
|
||
|
data["scope"] = scope
|
||
|
response = client.post("/token", data=data)
|
||
|
content = response.json()
|
||
|
access_token = content.get("access_token")
|
||
|
return access_token
|
||
|
|
||
|
|
||
|
def test_login():
|
||
|
response = client.post("/token", data={"username": "johndoe", "password": "secret"})
|
||
|
assert response.status_code == 200, response.text
|
||
|
content = response.json()
|
||
|
assert "access_token" in content
|
||
|
assert content["token_type"] == "bearer"
|
||
|
|
||
|
|
||
|
def test_login_incorrect_password():
|
||
|
response = client.post(
|
||
|
"/token", data={"username": "johndoe", "password": "incorrect"}
|
||
|
)
|
||
|
assert response.status_code == 400, response.text
|
||
|
assert response.json() == {"detail": "Incorrect username or password"}
|
||
|
|
||
|
|
||
|
def test_login_incorrect_username():
|
||
|
response = client.post("/token", data={"username": "foo", "password": "secret"})
|
||
|
assert response.status_code == 400, response.text
|
||
|
assert response.json() == {"detail": "Incorrect username or password"}
|
||
|
|
||
|
|
||
|
def test_no_token():
|
||
|
response = client.get("/users/me")
|
||
|
assert response.status_code == 401, response.text
|
||
|
assert response.json() == {"detail": "Not authenticated"}
|
||
|
assert response.headers["WWW-Authenticate"] == "Bearer"
|
||
|
|
||
|
|
||
|
def test_token():
|
||
|
access_token = get_access_token(scope="me")
|
||
|
response = client.get(
|
||
|
"/users/me", headers={"Authorization": f"Bearer {access_token}"}
|
||
|
)
|
||
|
assert response.status_code == 200, response.text
|
||
|
assert response.json() == {
|
||
|
"username": "johndoe",
|
||
|
"full_name": "John Doe",
|
||
|
"email": "johndoe@example.com",
|
||
|
"disabled": False,
|
||
|
}
|
||
|
|
||
|
|
||
|
def test_incorrect_token():
|
||
|
response = client.get("/users/me", headers={"Authorization": "Bearer nonexistent"})
|
||
|
assert response.status_code == 401, response.text
|
||
|
assert response.json() == {"detail": "Could not validate credentials"}
|
||
|
assert response.headers["WWW-Authenticate"] == 'Bearer scope="me"'
|
||
|
|
||
|
|
||
|
def test_incorrect_token_type():
|
||
|
response = client.get(
|
||
|
"/users/me", headers={"Authorization": "Notexistent testtoken"}
|
||
|
)
|
||
|
assert response.status_code == 401, response.text
|
||
|
assert response.json() == {"detail": "Not authenticated"}
|
||
|
assert response.headers["WWW-Authenticate"] == "Bearer"
|
||
|
|
||
|
|
||
|
def test_verify_password():
|
||
|
assert verify_password("secret", fake_users_db["johndoe"]["hashed_password"])
|
||
|
|
||
|
|
||
|
def test_get_password_hash():
|
||
|
assert get_password_hash("secretalice")
|
||
|
|
||
|
|
||
|
def test_create_access_token():
|
||
|
access_token = create_access_token(data={"data": "foo"})
|
||
|
assert access_token
|
||
|
|
||
|
|
||
|
def test_token_no_sub():
|
||
|
response = client.get(
|
||
|
"/users/me",
|
||
|
headers={
|
||
|
"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjoiZm9vIn0.9ynBhuYb4e6aW3oJr_K_TBgwcMTDpRToQIE25L57rOE"
|
||
|
},
|
||
|
)
|
||
|
assert response.status_code == 401, response.text
|
||
|
assert response.json() == {"detail": "Could not validate credentials"}
|
||
|
assert response.headers["WWW-Authenticate"] == 'Bearer scope="me"'
|
||
|
|
||
|
|
||
|
def test_token_no_username():
|
||
|
response = client.get(
|
||
|
"/users/me",
|
||
|
headers={
|
||
|
"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJmb28ifQ.NnExK_dlNAYyzACrXtXDrcWOgGY2JuPbI4eDaHdfK5Y"
|
||
|
},
|
||
|
)
|
||
|
assert response.status_code == 401, response.text
|
||
|
assert response.json() == {"detail": "Could not validate credentials"}
|
||
|
assert response.headers["WWW-Authenticate"] == 'Bearer scope="me"'
|
||
|
|
||
|
|
||
|
def test_token_no_scope():
|
||
|
access_token = get_access_token()
|
||
|
response = client.get(
|
||
|
"/users/me", headers={"Authorization": f"Bearer {access_token}"}
|
||
|
)
|
||
|
assert response.status_code == 401, response.text
|
||
|
assert response.json() == {"detail": "Not enough permissions"}
|
||
|
assert response.headers["WWW-Authenticate"] == 'Bearer scope="me"'
|
||
|
|
||
|
|
||
|
def test_token_nonexistent_user():
|
||
|
response = client.get(
|
||
|
"/users/me",
|
||
|
headers={
|
||
|
"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VybmFtZTpib2IifQ.HcfCW67Uda-0gz54ZWTqmtgJnZeNem0Q757eTa9EZuw"
|
||
|
},
|
||
|
)
|
||
|
assert response.status_code == 401, response.text
|
||
|
assert response.json() == {"detail": "Could not validate credentials"}
|
||
|
assert response.headers["WWW-Authenticate"] == 'Bearer scope="me"'
|
||
|
|
||
|
|
||
|
def test_token_inactive_user():
|
||
|
access_token = get_access_token(
|
||
|
username="alice", password="secretalice", scope="me"
|
||
|
)
|
||
|
response = client.get(
|
||
|
"/users/me", headers={"Authorization": f"Bearer {access_token}"}
|
||
|
)
|
||
|
assert response.status_code == 400, response.text
|
||
|
assert response.json() == {"detail": "Inactive user"}
|
||
|
|
||
|
|
||
|
def test_read_items():
|
||
|
access_token = get_access_token(scope="me items")
|
||
|
response = client.get(
|
||
|
"/users/me/items/", headers={"Authorization": f"Bearer {access_token}"}
|
||
|
)
|
||
|
assert response.status_code == 200, response.text
|
||
|
assert response.json() == [{"item_id": "Foo", "owner": "johndoe"}]
|
||
|
|
||
|
|
||
|
def test_read_system_status():
|
||
|
access_token = get_access_token()
|
||
|
response = client.get(
|
||
|
"/status/", headers={"Authorization": f"Bearer {access_token}"}
|
||
|
)
|
||
|
assert response.status_code == 200, response.text
|
||
|
assert response.json() == {"status": "ok"}
|
||
|
|
||
|
|
||
|
def test_read_system_status_no_token():
|
||
|
response = client.get("/status/")
|
||
|
assert response.status_code == 401, response.text
|
||
|
assert response.json() == {"detail": "Not authenticated"}
|
||
|
assert response.headers["WWW-Authenticate"] == "Bearer"
|
||
|
|
||
|
|
||
|
def test_openapi_schema():
|
||
|
response = client.get("/openapi.json")
|
||
|
assert response.status_code == 200, response.text
|
||
|
assert response.json() == {
|
||
|
"openapi": "3.1.0",
|
||
|
"info": {"title": "FastAPI", "version": "0.1.0"},
|
||
|
"paths": {
|
||
|
"/token": {
|
||
|
"post": {
|
||
|
"responses": {
|
||
|
"200": {
|
||
|
"description": "Successful Response",
|
||
|
"content": {
|
||
|
"application/json": {
|
||
|
"schema": {"$ref": "#/components/schemas/Token"}
|
||
|
}
|
||
|
},
|
||
|
},
|
||
|
"422": {
|
||
|
"description": "Validation Error",
|
||
|
"content": {
|
||
|
"application/json": {
|
||
|
"schema": {
|
||
|
"$ref": "#/components/schemas/HTTPValidationError"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
},
|
||
|
},
|
||
|
"summary": "Login For Access Token",
|
||
|
"operationId": "login_for_access_token_token_post",
|
||
|
"requestBody": {
|
||
|
"content": {
|
||
|
"application/x-www-form-urlencoded": {
|
||
|
"schema": {
|
||
|
"$ref": "#/components/schemas/Body_login_for_access_token_token_post"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
"required": True,
|
||
|
},
|
||
|
}
|
||
|
},
|
||
|
"/users/me/": {
|
||
|
"get": {
|
||
|
"responses": {
|
||
|
"200": {
|
||
|
"description": "Successful Response",
|
||
|
"content": {
|
||
|
"application/json": {
|
||
|
"schema": {"$ref": "#/components/schemas/User"}
|
||
|
}
|
||
|
},
|
||
|
}
|
||
|
},
|
||
|
"summary": "Read Users Me",
|
||
|
"operationId": "read_users_me_users_me__get",
|
||
|
"security": [{"OAuth2PasswordBearer": ["me"]}],
|
||
|
}
|
||
|
},
|
||
|
"/users/me/items/": {
|
||
|
"get": {
|
||
|
"responses": {
|
||
|
"200": {
|
||
|
"description": "Successful Response",
|
||
|
"content": {"application/json": {"schema": {}}},
|
||
|
}
|
||
|
},
|
||
|
"summary": "Read Own Items",
|
||
|
"operationId": "read_own_items_users_me_items__get",
|
||
|
"security": [{"OAuth2PasswordBearer": ["items", "me"]}],
|
||
|
}
|
||
|
},
|
||
|
"/status/": {
|
||
|
"get": {
|
||
|
"responses": {
|
||
|
"200": {
|
||
|
"description": "Successful Response",
|
||
|
"content": {"application/json": {"schema": {}}},
|
||
|
}
|
||
|
},
|
||
|
"summary": "Read System Status",
|
||
|
"operationId": "read_system_status_status__get",
|
||
|
"security": [{"OAuth2PasswordBearer": []}],
|
||
|
}
|
||
|
},
|
||
|
},
|
||
|
"components": {
|
||
|
"schemas": {
|
||
|
"User": {
|
||
|
"title": "User",
|
||
|
"required": IsOneOf(
|
||
|
["username", "email", "full_name", "disabled"],
|
||
|
# TODO: remove when deprecating Pydantic v1
|
||
|
["username"],
|
||
|
),
|
||
|
"type": "object",
|
||
|
"properties": {
|
||
|
"username": {"title": "Username", "type": "string"},
|
||
|
"email": IsDict(
|
||
|
{
|
||
|
"title": "Email",
|
||
|
"anyOf": [{"type": "string"}, {"type": "null"}],
|
||
|
}
|
||
|
)
|
||
|
| IsDict(
|
||
|
# TODO: remove when deprecating Pydantic v1
|
||
|
{"title": "Email", "type": "string"}
|
||
|
),
|
||
|
"full_name": IsDict(
|
||
|
{
|
||
|
"title": "Full Name",
|
||
|
"anyOf": [{"type": "string"}, {"type": "null"}],
|
||
|
}
|
||
|
)
|
||
|
| IsDict(
|
||
|
# TODO: remove when deprecating Pydantic v1
|
||
|
{"title": "Full Name", "type": "string"}
|
||
|
),
|
||
|
"disabled": IsDict(
|
||
|
{
|
||
|
"title": "Disabled",
|
||
|
"anyOf": [{"type": "boolean"}, {"type": "null"}],
|
||
|
}
|
||
|
)
|
||
|
| IsDict(
|
||
|
# TODO: remove when deprecating Pydantic v1
|
||
|
{"title": "Disabled", "type": "boolean"}
|
||
|
),
|
||
|
},
|
||
|
},
|
||
|
"Token": {
|
||
|
"title": "Token",
|
||
|
"required": ["access_token", "token_type"],
|
||
|
"type": "object",
|
||
|
"properties": {
|
||
|
"access_token": {"title": "Access Token", "type": "string"},
|
||
|
"token_type": {"title": "Token Type", "type": "string"},
|
||
|
},
|
||
|
},
|
||
|
"Body_login_for_access_token_token_post": {
|
||
|
"title": "Body_login_for_access_token_token_post",
|
||
|
"required": ["username", "password"],
|
||
|
"type": "object",
|
||
|
"properties": {
|
||
|
"grant_type": IsDict(
|
||
|
{
|
||
|
"title": "Grant Type",
|
||
|
"anyOf": [
|
||
|
{"pattern": "password", "type": "string"},
|
||
|
{"type": "null"},
|
||
|
],
|
||
|
}
|
||
|
)
|
||
|
| IsDict(
|
||
|
# TODO: remove when deprecating Pydantic v1
|
||
|
{
|
||
|
"title": "Grant Type",
|
||
|
"pattern": "password",
|
||
|
"type": "string",
|
||
|
}
|
||
|
),
|
||
|
"username": {"title": "Username", "type": "string"},
|
||
|
"password": {"title": "Password", "type": "string"},
|
||
|
"scope": {"title": "Scope", "type": "string", "default": ""},
|
||
|
"client_id": IsDict(
|
||
|
{
|
||
|
"title": "Client Id",
|
||
|
"anyOf": [{"type": "string"}, {"type": "null"}],
|
||
|
}
|
||
|
)
|
||
|
| IsDict(
|
||
|
# TODO: remove when deprecating Pydantic v1
|
||
|
{"title": "Client Id", "type": "string"}
|
||
|
),
|
||
|
"client_secret": IsDict(
|
||
|
{
|
||
|
"title": "Client Secret",
|
||
|
"anyOf": [{"type": "string"}, {"type": "null"}],
|
||
|
}
|
||
|
)
|
||
|
| IsDict(
|
||
|
# TODO: remove when deprecating Pydantic v1
|
||
|
{"title": "Client Secret", "type": "string"}
|
||
|
),
|
||
|
},
|
||
|
},
|
||
|
"ValidationError": {
|
||
|
"title": "ValidationError",
|
||
|
"required": ["loc", "msg", "type"],
|
||
|
"type": "object",
|
||
|
"properties": {
|
||
|
"loc": {
|
||
|
"title": "Location",
|
||
|
"type": "array",
|
||
|
"items": {
|
||
|
"anyOf": [{"type": "string"}, {"type": "integer"}]
|
||
|
},
|
||
|
},
|
||
|
"msg": {"title": "Message", "type": "string"},
|
||
|
"type": {"title": "Error Type", "type": "string"},
|
||
|
},
|
||
|
},
|
||
|
"HTTPValidationError": {
|
||
|
"title": "HTTPValidationError",
|
||
|
"type": "object",
|
||
|
"properties": {
|
||
|
"detail": {
|
||
|
"title": "Detail",
|
||
|
"type": "array",
|
||
|
"items": {"$ref": "#/components/schemas/ValidationError"},
|
||
|
}
|
||
|
},
|
||
|
},
|
||
|
},
|
||
|
"securitySchemes": {
|
||
|
"OAuth2PasswordBearer": {
|
||
|
"type": "oauth2",
|
||
|
"flows": {
|
||
|
"password": {
|
||
|
"scopes": {
|
||
|
"me": "Read information about the current user.",
|
||
|
"items": "Read items.",
|
||
|
},
|
||
|
"tokenUrl": "token",
|
||
|
}
|
||
|
},
|
||
|
}
|
||
|
},
|
||
|
},
|
||
|
}
|