make auth method asyncs

2025-07-29 05:39:56 +00:00 · 2021-09-12 03:22:17 +03:00
parent 1b29b5773d
commit c4e7f63d7c
12 changed files with 199 additions and 192 deletions
--- a/tests/ahriman/core/auth/conftest.py
+++ b/tests/ahriman/core/auth/conftest.py
@ -1,13 +1,13 @@
 import pytest

-from ahriman.core.auth.mapping_auth import MappingAuth
+from ahriman.core.auth.mapping import Mapping
 from ahriman.core.configuration import Configuration


@pytest.fixture
-def mapping_auth(configuration: Configuration) -> MappingAuth:
+def mapping_auth(configuration: Configuration) -> Mapping:
    """
    auth provider fixture
    :return: auth service instance
    """
-    return MappingAuth(configuration)
+    return Mapping(configuration)
--- a/tests/ahriman/core/auth/test_auth.py
+++ b/tests/ahriman/core/auth/test_auth.py
@ -1,6 +1,9 @@
+import pytest
+
 from ahriman.core.auth.auth import Auth
-from ahriman.core.auth.mapping_auth import MappingAuth
+from ahriman.core.auth.mapping import Mapping
 from ahriman.core.configuration import Configuration
+from ahriman.core.exceptions import DuplicateUser
 from ahriman.models.user import User
 from ahriman.models.user_access import UserAccess

@ -28,63 +31,109 @@ def test_load_mapping(configuration: Configuration) -> None:
    """
    configuration.set_option("auth", "target", "configuration")
    auth = Auth.load(configuration)
-    assert isinstance(auth, MappingAuth)
+    assert isinstance(auth, Mapping)


-def test_check_credentials(auth: Auth, user: User) -> None:
+def test_get_users(mapping_auth: Auth, configuration: Configuration) -> None:
+    """
+    must return valid user list
+    """
+    user_write = User("user_write", "pwd_write", UserAccess.Write)
+    write_section = Configuration.section_name("auth", user_write.access.value)
+    configuration.set_option(write_section, user_write.username, user_write.password)
+    user_read = User("user_read", "pwd_read", UserAccess.Read)
+    read_section = Configuration.section_name("auth", user_read.access.value)
+    configuration.set_option(read_section, user_read.username, user_read.password)
+    user_read = User("user_read", "pwd_read", UserAccess.Read)
+    read_section = Configuration.section_name("auth", user_read.access.value)
+    configuration.set_option(read_section, user_read.username, user_read.password)
+
+    users = mapping_auth.get_users(configuration)
+    expected = {user_write.username: user_write, user_read.username: user_read}
+    assert users == expected
+
+
+def test_get_users_normalized(mapping_auth: Auth, configuration: Configuration) -> None:
+    """
+    must return user list with normalized usernames in keys
+    """
+    user = User("UsEr", "pwd_read", UserAccess.Read)
+    read_section = Configuration.section_name("auth", user.access.value)
+    configuration.set_option(read_section, user.username, user.password)
+
+    users = mapping_auth.get_users(configuration)
+    expected = user.username.lower()
+    assert expected in users
+    assert users[expected].username == expected
+
+
+def test_get_users_duplicate(mapping_auth: Auth, configuration: Configuration, user: User) -> None:
+    """
+    must raise exception on duplicate username
+    """
+    write_section = Configuration.section_name("auth", UserAccess.Write.value)
+    configuration.set_option(write_section, user.username, user.password)
+    read_section = Configuration.section_name("auth", UserAccess.Read.value)
+    configuration.set_option(read_section, user.username, user.password)
+
+    with pytest.raises(DuplicateUser):
+        mapping_auth.get_users(configuration)
+
+
+async def test_check_credentials(auth: Auth, user: User) -> None:
    """
    must pass any credentials
    """
-    assert auth.check_credentials(user.username, user.password)
-    assert auth.check_credentials(None, "")
-    assert auth.check_credentials("", None)
-    assert auth.check_credentials(None, None)
+    assert await auth.check_credentials(user.username, user.password)
+    assert await auth.check_credentials(None, "")
+    assert await auth.check_credentials("", None)
+    assert await auth.check_credentials(None, None)


-def test_is_safe_request(auth: Auth) -> None:
+async def test_is_safe_request(auth: Auth) -> None:
    """
    must validate safe request
    """
    # login and logout are always safe
-    assert auth.is_safe_request("/user-api/v1/login", UserAccess.Write)
-    assert auth.is_safe_request("/user-api/v1/logout", UserAccess.Write)
+    assert await auth.is_safe_request("/user-api/v1/login", UserAccess.Write)
+    assert await auth.is_safe_request("/user-api/v1/logout", UserAccess.Write)

    auth.allowed_paths.add("/safe")
    auth.allowed_paths_groups.add("/unsafe/safe")

-    assert auth.is_safe_request("/safe", UserAccess.Write)
-    assert not auth.is_safe_request("/unsafe", UserAccess.Write)
-    assert auth.is_safe_request("/unsafe/safe", UserAccess.Write)
-    assert auth.is_safe_request("/unsafe/safe/suffix", UserAccess.Write)
+    assert await auth.is_safe_request("/safe", UserAccess.Write)
+    assert not await auth.is_safe_request("/unsafe", UserAccess.Write)
+    assert await auth.is_safe_request("/unsafe/safe", UserAccess.Write)
+    assert await auth.is_safe_request("/unsafe/safe/suffix", UserAccess.Write)


-def test_is_safe_request_empty(auth: Auth) -> None:
+async def test_is_safe_request_empty(auth: Auth) -> None:
    """
    must not allow requests without path
    """
-    assert not auth.is_safe_request(None, UserAccess.Read)
-    assert not auth.is_safe_request("", UserAccess.Read)
+    assert not await auth.is_safe_request(None, UserAccess.Read)
+    assert not await auth.is_safe_request("", UserAccess.Read)


-def test_is_safe_request_read_only(auth: Auth) -> None:
+async def test_is_safe_request_read_only(auth: Auth) -> None:
    """
    must allow read-only requests if it is set in settings
    """
-    assert auth.is_safe_request("/", UserAccess.Read)
+    assert await auth.is_safe_request("/", UserAccess.Read)
    auth.allow_read_only = True
-    assert auth.is_safe_request("/unsafe", UserAccess.Read)
+    assert await auth.is_safe_request("/unsafe", UserAccess.Read)


-def test_known_username(auth: Auth, user: User) -> None:
+async def test_known_username(auth: Auth, user: User) -> None:
    """
    must allow any username
    """
-    assert auth.known_username(user.username)
+    assert await auth.known_username(user.username)


-def test_verify_access(auth: Auth, user: User) -> None:
+async def test_verify_access(auth: Auth, user: User) -> None:
    """
    must allow any access
    """
-    assert auth.verify_access(user.username, user.access, None)
-    assert auth.verify_access(user.username, UserAccess.Write, None)
+    assert await auth.verify_access(user.username, user.access, None)
+    assert await auth.verify_access(user.username, UserAccess.Write, None)
--- a/tests/ahriman/core/auth/test_mapping.py
+++ b/tests/ahriman/core/auth/test_mapping.py
@ -0,0 +1,72 @@
+from ahriman.core.auth.mapping import Mapping
+from ahriman.models.user import User
+from ahriman.models.user_access import UserAccess
+
+
+async def test_check_credentials(mapping_auth: Mapping, user: User) -> None:
+    """
+    must return true for valid credentials
+    """
+    current_password = user.password
+    user.password = user.hash_password(mapping_auth.salt)
+    mapping_auth._users[user.username] = user
+    assert await mapping_auth.check_credentials(user.username, current_password)
+    # here password is hashed so it is invalid
+    assert not await mapping_auth.check_credentials(user.username, user.password)
+
+
+async def test_check_credentials_empty(mapping_auth: Mapping) -> None:
+    """
+    must reject on empty credentials
+    """
+    assert not await mapping_auth.check_credentials(None, "")
+    assert not await mapping_auth.check_credentials("", None)
+    assert not await mapping_auth.check_credentials(None, None)
+
+
+async def test_check_credentials_unknown(mapping_auth: Mapping, user: User) -> None:
+    """
+    must reject on unknown user
+    """
+    assert not await mapping_auth.check_credentials(user.username, user.password)
+
+
+def test_get_user(mapping_auth: Mapping, user: User) -> None:
+    """
+    must return user from storage by username
+    """
+    mapping_auth._users[user.username] = user
+    assert mapping_auth.get_user(user.username) == user
+
+
+def test_get_user_normalized(mapping_auth: Mapping, user: User) -> None:
+    """
+    must return user from storage by username case-insensitive
+    """
+    mapping_auth._users[user.username] = user
+    assert mapping_auth.get_user(user.username.upper()) == user
+
+
+def test_get_user_unknown(mapping_auth: Mapping, user: User) -> None:
+    """
+    must return None in case if no user found
+    """
+    assert mapping_auth.get_user(user.username) is None
+
+
+async def test_known_username(mapping_auth: Mapping, user: User) -> None:
+    """
+    must allow only known users
+    """
+    mapping_auth._users[user.username] = user
+    assert await mapping_auth.known_username(user.username)
+    assert not await mapping_auth.known_username(user.password)
+
+
+async def test_verify_access(mapping_auth: Mapping, user: User) -> None:
+    """
+    must verify user access
+    """
+    mapping_auth._users[user.username] = user
+    assert await mapping_auth.verify_access(user.username, user.access, None)
+    assert not await mapping_auth.verify_access(user.username, UserAccess.Write, None)
--- a/tests/ahriman/core/auth/test_mapping_auth.py
+++ b/tests/ahriman/core/auth/test_mapping_auth.py
@ -1,121 +0,0 @@
-import pytest
-
-from ahriman.core.auth.mapping_auth import MappingAuth
-from ahriman.core.configuration import Configuration
-from ahriman.core.exceptions import DuplicateUser
-from ahriman.models.user import User
-from ahriman.models.user_access import UserAccess
-
-
-def test_get_users(mapping_auth: MappingAuth, configuration: Configuration) -> None:
-    """
-    must return valid user list
-    """
-    user_write = User("user_write", "pwd_write", UserAccess.Write)
-    write_section = Configuration.section_name("auth", user_write.access.value)
-    configuration.set_option(write_section, user_write.username, user_write.password)
-    user_read = User("user_read", "pwd_read", UserAccess.Read)
-    read_section = Configuration.section_name("auth", user_read.access.value)
-    configuration.set_option(read_section, user_read.username, user_read.password)
-    user_read = User("user_read", "pwd_read", UserAccess.Read)
-    read_section = Configuration.section_name("auth", user_read.access.value)
-    configuration.set_option(read_section, user_read.username, user_read.password)
-
-    users = mapping_auth.get_users(configuration)
-    expected = {user_write.username: user_write, user_read.username: user_read}
-    assert users == expected
-
-
-def test_get_users_normalized(mapping_auth: MappingAuth, configuration: Configuration) -> None:
-    """
-    must return user list with normalized usernames in keys
-    """
-    user = User("UsEr", "pwd_read", UserAccess.Read)
-    read_section = Configuration.section_name("auth", user.access.value)
-    configuration.set_option(read_section, user.username, user.password)
-
-    users = mapping_auth.get_users(configuration)
-    expected = user.username.lower()
-    assert expected in users
-    assert users[expected].username == expected
-
-
-def test_get_users_duplicate(mapping_auth: MappingAuth, configuration: Configuration, user: User) -> None:
-    """
-    must raise exception on duplicate username
-    """
-    write_section = Configuration.section_name("auth", UserAccess.Write.value)
-    configuration.set_option(write_section, user.username, user.password)
-    read_section = Configuration.section_name("auth", UserAccess.Read.value)
-    configuration.set_option(read_section, user.username, user.password)
-
-    with pytest.raises(DuplicateUser):
-        mapping_auth.get_users(configuration)
-
-
-def test_check_credentials(mapping_auth: MappingAuth, user: User) -> None:
-    """
-    must return true for valid credentials
-    """
-    current_password = user.password
-    user.password = user.hash_password(mapping_auth.salt)
-    mapping_auth._users[user.username] = user
-    assert mapping_auth.check_credentials(user.username, current_password)
-    assert not mapping_auth.check_credentials(user.username, user.password)  # here password is hashed so it is invalid
-
-
-def test_check_credentials_empty(mapping_auth: MappingAuth) -> None:
-    """
-    must reject on empty credentials
-    """
-    assert not mapping_auth.check_credentials(None, "")
-    assert not mapping_auth.check_credentials("", None)
-    assert not mapping_auth.check_credentials(None, None)
-
-
-def test_check_credentials_unknown(mapping_auth: MappingAuth, user: User) -> None:
-    """
-    must reject on unknown user
-    """
-    assert not mapping_auth.check_credentials(user.username, user.password)
-
-
-def test_get_user(mapping_auth: MappingAuth, user: User) -> None:
-    """
-    must return user from storage by username
-    """
-    mapping_auth._users[user.username] = user
-    assert mapping_auth.get_user(user.username) == user
-
-
-def test_get_user_normalized(mapping_auth: MappingAuth, user: User) -> None:
-    """
-    must return user from storage by username case-insensitive
-    """
-    mapping_auth._users[user.username] = user
-    assert mapping_auth.get_user(user.username.upper()) == user
-
-
-def test_get_user_unknown(mapping_auth: MappingAuth, user: User) -> None:
-    """
-    must return None in case if no user found
-    """
-    assert mapping_auth.get_user(user.username) is None
-
-
-def test_known_username(mapping_auth: MappingAuth, user: User) -> None:
-    """
-    must allow only known users
-    """
-    mapping_auth._users[user.username] = user
-    assert mapping_auth.known_username(user.username)
-    assert not mapping_auth.known_username(user.password)
-
-
-def test_verify_access(mapping_auth: MappingAuth, user: User) -> None:
-    """
-    must verify user access
-    """
-    mapping_auth._users[user.username] = user
-    assert mapping_auth.verify_access(user.username, user.access, None)
-    assert not mapping_auth.verify_access(user.username, UserAccess.Write, None)
--- a/tests/ahriman/models/test_auth_settings.py
+++ b/tests/ahriman/models/test_auth_settings.py
@ -21,6 +21,10 @@ def test_from_option_valid() -> None:
    assert AuthSettings.from_option("no") == AuthSettings.Disabled
    assert AuthSettings.from_option("NO") == AuthSettings.Disabled

+    assert AuthSettings.from_option("oauth") == AuthSettings.OAuth
+    assert AuthSettings.from_option("OAuth") == AuthSettings.OAuth
+    assert AuthSettings.from_option("OAuth2") == AuthSettings.OAuth
+
    assert AuthSettings.from_option("configuration") == AuthSettings.Configuration
    assert AuthSettings.from_option("ConFigUration") == AuthSettings.Configuration
    assert AuthSettings.from_option("mapping") == AuthSettings.Configuration
--- a/tests/ahriman/web/middlewares/test_auth_handler.py
+++ b/tests/ahriman/web/middlewares/test_auth_handler.py
@ -2,10 +2,9 @@ import pytest

 from aiohttp import web
 from pytest_mock import MockerFixture
-from unittest.mock import AsyncMock, MagicMock
+from unittest.mock import AsyncMock

 from ahriman.core.auth.auth import Auth
-from ahriman.core.configuration import Configuration
 from ahriman.models.user import User
 from ahriman.models.user_access import UserAccess
 from ahriman.web.middlewares.auth_handler import auth_handler, AuthorizationPolicy, setup_auth
@ -23,7 +22,7 @@ async def test_permits(authorization_policy: AuthorizationPolicy, user: User) ->
    """
    must call validator check
    """
-    authorization_policy.validator = MagicMock()
+    authorization_policy.validator = AsyncMock()
    authorization_policy.validator.verify_access.return_value = True

    assert await authorization_policy.permits(user.username, user.access, "/endpoint")