[debug] better handling of debug routes

2020-07-10 12:58:53 +02:00 · 2020-07-10 12:58:53 +02:00 · 9eead5cd85
parent 1983383071
commit 9eead5cd85
3 changed files with 67 additions and 5 deletions
--- a/halfapi/lib/acl_middleware.py
+++ b/halfapi/lib/acl_middleware.py
@ -16,6 +16,16 @@ class AclMiddleware(BaseHTTPMiddleware):
        """
        print(f'Hit acl {__name__} middleware')

+        if 'dev_route' in request.scope.keys():
+            print('[DEBUG] Dev route, no ACL')
+            return await call_next(request)
+
+        if not('acls' in request.scope.keys()
+            and type(request.scope['acls']) == list):
+
+            print('BUG : scope["acls"] does not exist or is not a list')
+            raise HTTPException(500)
+
        for acl_fct_name in request.scope['acls']:
            print(f'Will apply {acl_fct_name}')
            try:
--- a/tests/test_debug_routes.py
+++ b/tests/test_debug_routes.py
@ -0,0 +1,15 @@
+#!/usr/bin/env python3
+import pytest
+from starlette.authentication import UnauthenticatedUser
+from starlette.testclient import TestClient
+from halfapi.app import app
+
+def test_itworks():
+    c = TestClient(app)
+    r = c.get('/')
+    assert r.text == 'It Works!'
+
+def test_user():
+    c = TestClient(app)
+    r = c.get('/user')
+    assert r.status_code == 200
--- a/tests/test_jwt_middleware.py
+++ b/tests/test_jwt_middleware.py
@ -12,11 +12,6 @@ from halfapi.app import app
 from halfapi.lib.jwt_middleware import (JWTUser, JWTAuthenticationBackend,
    JWTWebSocketAuthenticationBackend)

-def coucou():
-    return 
-def test_connected():
-    app.route('/', coucou)
-
@pytest.fixture
 def token():
    # This fixture needs to have a running auth-lirmm on 127.0.0.1:3000
@ -38,6 +33,27 @@ def token():

    return res['token']

+@pytest.fixture
+def token_dirser():
+    # This fixture needs to have a running auth-lirmm on 127.0.0.1:3000
+    # Sets a valid token
+
+    r = requests.post('http://127.0.0.1:3000/',
+        data={'email':'dhenaut', 'password':'a'})
+
+    if len(r.text) <= 0:
+        raise Exception('No result in token retrieval')
+
+    try:
+        res = json.loads(r.text)
+    except JSONDecodeError:
+        raise Exception('Malformed response from token retrieval')
+
+    if 'token' not in res.keys():
+        raise Exception('Missing token in token request')
+
+    return res['token']
+

 def test_token(token):
    client = TestClient(app)
@ -53,3 +69,24 @@ def test_token(token):
    assert 'id' in res['user'].keys()
    assert 'token' in res['user'].keys()
    assert 'payload' in res['user'].keys()
+
+def test_labopers(token, token_dirser):
+    res = requests.get('http://127.0.0.1:8080/api/v4/organigramme/laboratoire/personnel',
+        params={
+            'q': 'limit:10|format:csv'
+        },
+        headers={
+            'Authorization': token
+        })
+
+    assert res.status_code == 401
+
+    res = requests.get('http://127.0.0.1:8080/api/v4/organigramme/laboratoire/personnel',
+        params={
+            'q': 'limit:10|format:csv'
+        },
+        headers={
+            'Authorization': token_dirser
+        })
+
+    assert res.status_code == 200