saladeaula.digital/id.saladeaula.digital/tests/routes/test_authorize.py

from http import HTTPMethod, HTTPStatus

from layercake.dynamodb import DynamoDBPersistenceLayer

from routes.session import new_session

from ..conftest import HttpApiProxy, LambdaContext

USER_ID = '357db1c5-7442-4075-98a3-fbe5c938a419'


def test_authorize(
    app,
    seeds,
    dynamodb_persistence_layer: DynamoDBPersistenceLayer,
    http_api_proxy: HttpApiProxy,
    lambda_context: LambdaContext,
):
    session = new_session(USER_ID)

    r = app.lambda_handler(
        http_api_proxy(
            raw_path='/authorize',
            method=HTTPMethod.GET,
            query_string_parameters={
                'response_type': 'code',
                'client_id': 'd72d4005-1fa7-4430-9754-80d5e2487bb6',
                'redirect_uri': 'https://localhost/callback',
                'scope': 'openid offline_access read:users',
                'nonce': '123',
                'state': '456',
            },
            cookies=[
                f'__session={session}; HttpOnly; Secure',
            ],
        ),
        lambda_context,
    )

    assert 'Location' in r['headers']

    r = dynamodb_persistence_layer.query(
        key_cond_expr='#pk = :pk',
        expr_attr_name={
            '#pk': 'id',
        },
        expr_attr_values={
            ':pk': 'OAUTH2#CODE',
        },
    )

    # One item was added from seeds
    assert len(r['items']) == 3


def test_forbidden(
    app,
    seeds,
    dynamodb_persistence_layer: DynamoDBPersistenceLayer,
    http_api_proxy: HttpApiProxy,
    lambda_context: LambdaContext,
):
    session = new_session('fd5914ec-fd37-458b-b6b9-8aeab38b666b')

    r = app.lambda_handler(
        http_api_proxy(
            raw_path='/authorize',
            method=HTTPMethod.GET,
            query_string_parameters={
                'response_type': 'code',
                'client_id': '6ebe1709-0831-455c-84c0-d4c753bf33c6',
                'redirect_uri': 'https://localhost/callback',
                'scope': 'openid email offline_access',
                'nonce': '123',
                'state': '456',
            },
            cookies=[
                f'__session={session}; HttpOnly; Secure',
            ],
        ),
        lambda_context,
    )

    assert r['statusCode'] == HTTPStatus.FORBIDDEN


def test_invalid_session(
    app,
    seeds,
    dynamodb_persistence_layer: DynamoDBPersistenceLayer,
    http_api_proxy: HttpApiProxy,
    lambda_context: LambdaContext,
):
    r = app.lambda_handler(
        http_api_proxy(
            raw_path='/authorize',
            method=HTTPMethod.GET,
            query_string_parameters={
                'response_type': 'code',
                'client_id': 'd72d4005-1fa7-4430-9754-80d5e2487bb6',
                'redirect_uri': 'https://localhost/callback',
                'scope': 'openid offline_access',
                'nonce': '123',
                'state': '456',
            },
            cookies=[
                '__session=10:10; HttpOnly; Secure',
            ],
        ),
        lambda_context,
    )

    assert r['statusCode'] == HTTPStatus.BAD_REQUEST