Skip to content

Commit

Permalink
Add custom 'deny with' test and code range assert
Browse files Browse the repository at this point in the history
  • Loading branch information
azgabur committed Nov 3, 2023
1 parent 4a7b314 commit 9537135
Showing 1 changed file with 64 additions and 0 deletions.
64 changes: 64 additions & 0 deletions testsuite/tests/kuadrant/authorino/response/test_deny_with.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
"""Test for custom deny responses."""
from json import loads
import pytest

from testsuite.objects import Value, ValueFrom, Rule

HEADERS = {
"x-string-header": Value("abc"),
"x-int-header": Value(16),
"x-list-header": Value([1, 2, 3]),
"x-dict-header": Value({"anything": "something"}),
"x-dynamic-header": ValueFrom("context.request.http.path"),
}

TESTING_PATH = "/deny"


@pytest.fixture(scope="module")
def authorization(authorization):
"""Set custom deny responses and auth rule with only allowed path '/allow'"""
authorization.responses.set_deny_with(
"unauthenticated",
code=333,
headers=HEADERS,
message=Value("Unauthenticated message"),
body=Value("You are unauthenticated."),
)
authorization.responses.set_deny_with(
"unauthorized",
code=444,
headers=HEADERS,
message=ValueFrom("My path is: " + "{context.request.http.path}"),
body=ValueFrom("You are not authorized to access path: " + "{context.request.http.path}"),
)
# Authorize only when url path is "/allow"
authorization.authorization.add_auth_rules("Whitelist", [Rule("context.request.http.path", "eq", "/allow")])
return authorization


def check_headers(response):
"""Check deny headers with normalization between HTTP (JSON) strings and Python objects."""
assert response.headers["x-string-header"] == HEADERS["x-string-header"].value
assert loads(response.headers["x-int-header"]) == HEADERS["x-int-header"].value
assert loads(response.headers["x-list-header"]) == HEADERS["x-list-header"].value
assert loads(response.headers["x-dict-header"]) == HEADERS["x-dict-header"].value
assert response.headers["x-dynamic-header"] == TESTING_PATH


def test_unauthenticated(client):
"""Test when no auth is passed results in custom unauthenticated response."""
response = client.get(TESTING_PATH, auth=None)
assert response.status_code == 333
check_headers(response)
assert response.headers["x-ext-auth-reason"] == "Unauthenticated message"
assert response.content.decode() == "You are unauthenticated."


def test_unauthorized(client, auth):
"""Test when not allowed path is passed results in custom unauthorized response."""
response = client.get(TESTING_PATH, auth=auth)
assert response.status_code == 444
check_headers(response)
assert response.headers["x-ext-auth-reason"] == f"My path is: {TESTING_PATH}"
assert response.content.decode() == f"You are not authorized to access path: {TESTING_PATH}"

0 comments on commit 9537135

Please sign in to comment.