added tests for authn

biothings · Dec 25, 2021 · d1e155b · d1e155b
1 parent 76a6966
commit d1e155b
Show file tree

Hide file tree

Showing 3 changed files with 104 additions and 0 deletions.
diff --git a/tests/web/auth/authn_provider.py b/tests/web/auth/authn_provider.py
@@ -0,0 +1,34 @@
+from typing import Optional
+
+
+from biothings.web.auth.authn import BioThingsAuthenticationProviderInterface
+
+
+class DummyCookieAuthProvider(BioThingsAuthenticationProviderInterface):
+    WWW_AUTHENTICATE_HEADER = None
+
+    def __init__(self, handler, cookie_name='USER_ID'):
+        super(DummyCookieAuthProvider, self).__init__(handler)
+        self.cookie_name = cookie_name
+
+    def get_current_user(self) -> Optional[dict]:
+        uid = self.handler.get_cookie(self.cookie_name, None)
+        if uid:
+            return {'user_id': int(uid)}
+        return None
+
+
+class DummyBearerAuthProvider(BioThingsAuthenticationProviderInterface):
+    WWW_AUTHENTICATE_HEADER = 'Bearer realm=dummy_bearer'
+
+    def get_current_user(self) -> Optional[dict]:
+        token: str = self.handler.request.headers.get('Authorization', None)
+        if token is None:
+            return None
+        parts = token.split()
+        if len(parts) != 2 or parts[0] != "Bearer":
+            return None
+        if parts[1].startswith('BioThingsUser'):
+            uid = int(parts[1][13:])
+            return {'user_id': uid}
+        return None
diff --git a/tests/web/auth/handlers.py b/tests/web/auth/handlers.py
@@ -0,0 +1,26 @@
+from tornado.web import HTTPError
+
+from biothings.web.handlers.base import BaseAPIHandler
+from biothings.web.auth.authn import BioThingsAuthnMixin
+
+from authn_provider import DummyCookieAuthProvider
+
+
+class BaseUserIdHandler(BioThingsAuthnMixin, BaseAPIHandler):
+    def get(self):
+        if self.current_user:
+            self.write(self.current_user)
+        else:
+            # return 401 or 403
+            header = self.get_www_authenticate_header()
+            if header:
+                self.clear()
+                self.set_header('WWW-Authenticate', header)
+                self.set_status(401, "Unauthorized")
+                self.finish()
+            else:
+                raise HTTPError(403)
+
+
+class SpecialCookieUserIdHandler(BaseUserIdHandler):
+    AUTHN_PROVIDERS = [(DummyCookieAuthProvider, {'cookie_name': 'USR'})]
diff --git a/tests/web/auth/test_authn.py b/tests/web/auth/test_authn.py
@@ -0,0 +1,44 @@
+import pytest
+import random
+
+
+from biothings.tests.web import BiothingsWebAppTest
+
+
+class TestAuthn(BiothingsWebAppTest):
+    def test_401(self):
+        resp = self.request('/user1', expect=401)
+        assert resp.headers['WWW-Authenticate'] == 'Bearer realm=dummy_bearer'
+
+    def test_403(self):
+        # the second endpoint only has 403 because it can't have www-authenticate
+        self.request('/user2', expect=403)
+
+    def test_user_cookie(self):
+        uid = random.randint(0, 2 << 10)
+        resp = self.request('/user1', cookies={'USER_ID': str(uid)})
+        assert resp.json() == {'user_id': uid}
+
+    def test_user_header(self):
+        uid = random.randint(0, 2 << 10)
+        resp = self.request(
+            '/user1',
+            headers={'Authorization': f'Bearer BioThingsUser{uid}'}
+        )
+        assert resp.json() == {'user_id': uid}
+
+    def test_user2_header_not_work(self):
+        uid = random.randint(0, 2 << 10)
+        self.request(
+            '/user2',
+            expect=403,
+            headers={'Authorization': f'Bearer BioThingsUser{uid}'}
+        )
+
+    def test_user2_cookie(self):
+        uid = random.randint(0, 2 << 10)
+        resp = self.request(
+            '/user2',
+            cookies={'USR': f'{uid}'}
+        )
+        assert resp.json()['user_id'] == uid