saladeaula.digital/id.saladeaula.digital/tests/routes/test_authorize.py

from http import HTTPMethod, HTTPStatus

from layercake.dynamodb import DynamoDBPersistenceLayer

from routes.session import new_session

from ..conftest import HttpApiProxy, LambdaContext

CLIENT_ID = 'd72d4005-1fa7-4430-9754-80d5e2487bb6'
USER_ID = '357db1c5-7442-4075-98a3-fbe5c938a419'


def test_authorize(
    app,
    seeds,
    dynamodb_persistence_layer: DynamoDBPersistenceLayer,
    http_api_proxy: HttpApiProxy,
    lambda_context: LambdaContext,
):
    session_id = new_session(USER_ID, 'read:users')

    r = app.lambda_handler(
        http_api_proxy(
            raw_path='/authorize',
            method=HTTPMethod.GET,
            query_string_parameters={
                'response_type': 'code',
                'client_id': CLIENT_ID,
                'redirect_uri': 'https://localhost/callback',
                'scope': 'openid offline_access read:users',
                'nonce': '123',
                'state': '456',
            },
            cookies=[
                f'session_id={session_id}; HttpOnly; Secure',
            ],
        ),
        lambda_context,
    )

    assert 'Location' in r['headers']

    r = dynamodb_persistence_layer.query(
        key_cond_expr='#pk = :pk',
        expr_attr_name={
            '#pk': 'id',
        },
        expr_attr_values={
            ':pk': 'OAUTH2#CODE',
        },
    )

    # One item was added from seeds
    assert len(r['items']) == 3


def test_unauthorized(
    app,
    seeds,
    dynamodb_persistence_layer: DynamoDBPersistenceLayer,
    http_api_proxy: HttpApiProxy,
    lambda_context: LambdaContext,
):
    session_id = new_session(USER_ID, 'read:users')

    r = app.lambda_handler(
        http_api_proxy(
            raw_path='/authorize',
            method=HTTPMethod.GET,
            query_string_parameters={
                'response_type': 'code',
                'client_id': CLIENT_ID,
                'redirect_uri': 'https://localhost/callback',
                'scope': 'openid email offline_access',
                'nonce': '123',
                'state': '456',
            },
            cookies=[
                f'session_id={session_id}; HttpOnly; Secure',
            ],
        ),
        lambda_context,
    )

    assert r['statusCode'] == HTTPStatus.UNAUTHORIZED


def test_authorize_revoked(
    app,
    seeds,
    dynamodb_persistence_layer: DynamoDBPersistenceLayer,
    http_api_proxy: HttpApiProxy,
    lambda_context: LambdaContext,
):
    invalid_session_id = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzaWQiOiIwNTgzNTBhYi02NGU1LTQ0MzEtYmQyNy01MGVhOWIxNmQxZGYiLCJzdWIiOiIzNTdkYjFjNS03NDQyLTQwNzUtOThhMy1mYmU1YzkzOGE0MTkiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0IiwiaWF0IjoxNzU1Mzk3Nzk5LCJleHAiOjE3NTUzOTg2OTl9.dDbiHYReVERbkNH2df4sXK2VIwT7G1KjNC5UrBuN6IQ'

    r = app.lambda_handler(
        http_api_proxy(
            raw_path='/authorize',
            method=HTTPMethod.GET,
            query_string_parameters={
                'response_type': 'code',
                'client_id': CLIENT_ID,
                'redirect_uri': 'https://localhost/callback',
                'scope': 'openid offline_access',
                'nonce': '123',
                'state': '456',
            },
            cookies=[
                f'session_id={invalid_session_id}; HttpOnly; Secure',
            ],
        ),
        lambda_context,
    )

    assert r['statusCode'] == HTTPStatus.BAD_REQUEST