Skip to content

Commit

Permalink
Revert to pre-2fa
Browse files Browse the repository at this point in the history
  • Loading branch information
TheByronHimes committed Feb 12, 2024
1 parent b8abb63 commit 0ee8fd7
Show file tree
Hide file tree
Showing 8 changed files with 53 additions and 14 deletions.
2 changes: 1 addition & 1 deletion .pyproject_generation/pyproject_custom.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ version = "1.1.0"
description = "Access Request Service"
dependencies = [
"ghga-event-schemas~=3.0.0",
"ghga-service-commons[api,auth]>=3.0.0",
"ghga-service-commons[api,auth]>=2.0.0, <3",
"hexkit[mongodb,akafka]>=2.1.0",
"httpx>=0.25.2",
"typer>=0.9.0",
Expand Down
8 changes: 4 additions & 4 deletions lock/requirements-dev.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# This file is autogenerated by pip-compile with Python 3.9
# by the following command:
#
# pip-compile --generate-hashes --output-file=/workspace/lock/requirements-dev.txt /tmp/tmpwwlym0pt/pyproject.toml /workspace/lock/requirements-dev.in
# pip-compile --generate-hashes --output-file=/workspace/lock/requirements-dev.txt /tmp/tmp0a12brzr/pyproject.toml /workspace/lock/requirements-dev.in
#
aiokafka==0.8.1 \
--hash=sha256:1e24839088fd6d3ff481cc09a48ea487b997328df11630bc0a1b88255edbcfe9 \
Expand Down Expand Up @@ -352,9 +352,9 @@ ghga-event-schemas==3.0.0 \
--hash=sha256:67dce9db2d45be862f69a58a903fac43416997ad50fd4f1f1d25822533a187d1 \
--hash=sha256:7a8952e37bd935809f324aa21653b008e01a5ea920d36217734ee35776d92602
# via ars (pyproject.toml)
ghga-service-commons[api,auth,objectstorage]==3.0.1 \
--hash=sha256:524ad992b6e0da4870f110dc0609d8e364bb52bea074035c2b4e7bf91186ab38 \
--hash=sha256:c6a511917ad5c79887e831d161d00de73265d0270e8d672a6c8b1f9ab5e6dc2b
ghga-service-commons[api,auth,objectstorage]==2.0.0 \
--hash=sha256:56b91fdff152715cbb4649e9deb683a03fcac3cbca1021374a3e2877da944b69 \
--hash=sha256:c552c884cb3fc6d810b81bd900bd9f43f096a6c3f7bdd9ecdda6e94a7e92aa01
# via
# ars (pyproject.toml)
# ghga-service-commons
Expand Down
8 changes: 4 additions & 4 deletions lock/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# This file is autogenerated by pip-compile with Python 3.9
# by the following command:
#
# pip-compile --constraint=/workspace/lock/requirements-dev.txt --generate-hashes --output-file=/workspace/lock/requirements.txt /tmp/tmpwwlym0pt/pyproject.toml
# pip-compile --constraint=/workspace/lock/requirements-dev.txt --generate-hashes --output-file=/workspace/lock/requirements.txt /tmp/tmp0a12brzr/pyproject.toml
#
aiokafka==0.8.1 \
--hash=sha256:1e24839088fd6d3ff481cc09a48ea487b997328df11630bc0a1b88255edbcfe9 \
Expand Down Expand Up @@ -198,9 +198,9 @@ ghga-event-schemas==3.0.0 \
# via
# -c /workspace/lock/requirements-dev.txt
# ars (pyproject.toml)
ghga-service-commons[api,auth,objectstorage]==3.0.1 \
--hash=sha256:524ad992b6e0da4870f110dc0609d8e364bb52bea074035c2b4e7bf91186ab38 \
--hash=sha256:c6a511917ad5c79887e831d161d00de73265d0270e8d672a6c8b1f9ab5e6dc2b
ghga-service-commons[api,auth,objectstorage]==2.0.0 \
--hash=sha256:56b91fdff152715cbb4649e9deb683a03fcac3cbca1021374a3e2877da944b69 \
--hash=sha256:c552c884cb3fc6d810b81bd900bd9f43f096a6c3f7bdd9ecdda6e94a7e92aa01
# via
# -c /workspace/lock/requirements-dev.txt
# ars (pyproject.toml)
Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ version = "1.1.0"
description = "Access Request Service"
dependencies = [
"ghga-event-schemas~=3.0.0",
"ghga-service-commons[api,auth]>=3.0.0",
"ghga-service-commons[api,auth]>=2.0.0, <3",
"hexkit[mongodb,akafka]>=2.1.0",
"httpx>=0.25.2",
"typer>=0.9.0",
Expand Down
6 changes: 4 additions & 2 deletions src/ars/adapters/inbound/fastapi_/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@

from fastapi import Depends, Security
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
from ghga_service_commons.auth.ghga import AuthContext, has_role
from ghga_service_commons.auth.ghga import AuthContext, has_role, is_active
from ghga_service_commons.auth.policies import require_auth_context_using_credentials

from ars.adapters.inbound.fastapi_ import dummies
Expand All @@ -37,7 +37,9 @@ async def _require_user_context(
auth_provider: dummies.AuthProviderDummy,
) -> AuthContext:
"""Require an active GHGA auth context using FastAPI."""
return await require_auth_context_using_credentials(credentials, auth_provider)
return await require_auth_context_using_credentials(
credentials, auth_provider, is_active
)


is_steward = partial(has_role, role=DATA_STEWARD_ROLE)
Expand Down
18 changes: 18 additions & 0 deletions tests/fixtures/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@
"AUTH_CLAIMS_STEWARD",
"fixture_auth_headers_doe",
"fixture_auth_headers_steward",
"fixture_auth_headers_doe_inactive",
"fixture_auth_headers_steward_inactive",
"fixture_client",
"headers_for_token",
"non_mocked_hosts",
Expand Down Expand Up @@ -66,6 +68,22 @@ def headers_for_token(token: str) -> dict[str, str]:
return {"Authorization": f"Bearer {token}"}


@fixture(name="auth_headers_doe_inactive")
def fixture_auth_headers_doe_inactive() -> dict[str, str]:
"""Get auth headers for an inactive user requesting access"""
claims_inactive = {**AUTH_CLAIMS_DOE, "status": "inactive"}
token = sign_and_serialize_token(claims_inactive, AUTH_KEY_PAIR)
return headers_for_token(token)


@fixture(name="auth_headers_steward_inactive")
def fixture_auth_headers_steward_inactive() -> dict[str, str]:
"""Get auth headers for an inactive data steward granting access"""
claims_inactive = {**AUTH_CLAIMS_STEWARD, "status": "inactive"}
token = sign_and_serialize_token(claims_inactive, AUTH_KEY_PAIR)
return headers_for_token(token)


@fixture(name="auth_headers_doe")
def fixture_auth_headers_doe() -> dict[str, str]:
"""Get auth headers for a user requesting access"""
Expand Down
17 changes: 16 additions & 1 deletion tests/test_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,9 @@

from .fixtures import ( # noqa: F401
fixture_auth_headers_doe,
fixture_auth_headers_doe_inactive,
fixture_auth_headers_steward,
fixture_auth_headers_steward_inactive,
fixture_client,
non_mocked_hosts,
)
Expand Down Expand Up @@ -157,12 +159,19 @@ async def test_create_access_request(
async def test_create_access_request_unauthorized(
client: AsyncTestClient,
auth_headers_doe: dict[str, str],
auth_headers_doe_inactive: dict[str, str],
):
"""Test that creating an access request needs authorization."""
# test without authentication
response = await client.post("/access-requests", json=CREATION_DATA)
assert response.status_code == 403

# test with inactive user
response = await client.post(
"/access-requests", json=CREATION_DATA, headers=auth_headers_doe_inactive
)
assert response.status_code == 403

# test creating an access request for another user
response = await client.post(
"/access-requests",
Expand Down Expand Up @@ -249,12 +258,18 @@ async def test_get_access_requests(


@mark.asyncio
async def test_get_access_requests_unauthorized(client: AsyncTestClient):
async def test_get_access_requests_unauthorized(
client: AsyncTestClient, auth_headers_doe_inactive: dict[str, str]
):
"""Test that getting access requests needs authorization."""
# test unauthenticated
response = await client.get("/access-requests")
assert response.status_code == 403

# test with inactive user
response = await client.get("/access-requests", headers=auth_headers_doe_inactive)
assert response.status_code == 403


@mark.asyncio
async def test_filter_access_requests(
Expand Down
6 changes: 5 additions & 1 deletion tests/test_repository.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
from operator import attrgetter
from typing import Any, NamedTuple, Optional

from ghga_service_commons.auth.ghga import AcademicTitle, AuthContext
from ghga_service_commons.auth.ghga import AcademicTitle, AuthContext, UserStatus
from ghga_service_commons.utils.utc_dates import UTCDatetime, now_as_utc, utc_datetime
from pytest import mark, raises

Expand All @@ -47,9 +47,11 @@
name="John Doe",
email="[email protected]",
title=AcademicTitle.DR,
ext_id=None,
role=None,
iat=IAT,
exp=EXP,
status=UserStatus.ACTIVE,
)


Expand All @@ -58,9 +60,11 @@
name="Rod Steward",
email="[email protected]",
title=None,
ext_id=None,
role="[email protected]",
iat=IAT,
exp=EXP,
status=UserStatus.ACTIVE,
)


Expand Down

0 comments on commit 0ee8fd7

Please sign in to comment.