-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
test_datasette_auth_existing_cookies.py
136 lines (121 loc) · 4.19 KB
/
test_datasette_auth_existing_cookies.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
from datasette.app import Datasette
import asyncio
import pytest
ACTOR = {"id": "1", "name": "Trish"}
@pytest.fixture
def non_mocked_hosts():
# This ensures httpx-mock will not affect Datasette's own
# httpx calls made in the tests by datasette.client:
return ["localhost"]
@pytest.mark.asyncio
async def test_no_config_does_nothing():
datasette = Datasette()
response = await datasette.client.get("/-/actor.json")
assert response.json() == {"actor": None}
@pytest.mark.asyncio
@pytest.mark.parametrize(
"cookies,expected_cookie",
(
({}, None),
({"sessionid": "123"}, "sessionid=123"),
({"one": "1", "two": "2"}, "one=1; two=2"),
),
)
async def test_auth_user_default_passes_cookies(httpx_mock, cookies, expected_cookie):
httpx_mock.add_response(json=ACTOR)
datasette = Datasette(
metadata={
"plugins": {
"datasette-auth-existing-cookies": {
"api_url": "https://www.example.com/user-from-cookies"
}
}
}
)
response = await datasette.client.get("/-/actor.json", cookies=cookies)
assert response.json() == {"actor": ACTOR}
request = httpx_mock.get_request()
if expected_cookie:
assert request.headers["cookie"] == expected_cookie
else:
assert "cookie" not in request.headers
@pytest.mark.asyncio
async def test_cookie_configuration(httpx_mock):
httpx_mock.add_response(json=ACTOR)
datasette = Datasette(
metadata={
"plugins": {
"datasette-auth-existing-cookies": {
"api_url": "https://www.example.com/user-from-cookies",
"cookies": ["sessionid"],
}
}
}
)
response = await datasette.client.get(
"/-/actor.json", cookies={"sessionid": "abc", "ignoreme": "1"}
)
assert response.json() == {"actor": ACTOR}
request = httpx_mock.get_request()
assert request.headers["cookie"] == "sessionid=abc"
@pytest.mark.asyncio
async def test_headers_configuration(httpx_mock):
httpx_mock.add_response(json=ACTOR)
datasette = Datasette(
metadata={
"plugins": {
"datasette-auth-existing-cookies": {
"api_url": "https://www.example.com/user-from-cookies",
"headers": ["host"],
}
}
}
)
response = await datasette.client.get(
"/-/actor.json", cookies={"sessionid": "abc", "ignoreme": "1"}
)
assert response.json() == {"actor": ACTOR}
request = httpx_mock.get_request()
assert (
str(request.url) == "https://www.example.com/user-from-cookies?host=localhost"
)
@pytest.mark.asyncio
async def test_cache_configuration(httpx_mock):
httpx_mock.add_response(json=ACTOR)
datasette = Datasette(
metadata={
"plugins": {
"datasette-auth-existing-cookies": {
"api_url": "https://www.example.com/user-from-cookies",
"headers": ["host"],
"cookies": ["sessionid"],
"ttl": 1,
}
}
}
)
datasette._auth_existing_cookies_cache = None
response = await datasette.client.get(
"/-/actor.json", cookies={"sessionid": "abc", "ignoreme": "1"}
)
assert response.json() == {"actor": ACTOR}
request = httpx_mock.get_request()
assert (
str(request.url) == "https://www.example.com/user-from-cookies?host=localhost"
)
assert request.headers["cookie"] == "sessionid=abc"
# Running it again instantly should return a cached value and NOT hit the API
httpx_mock._requests = []
httpx_mock.add_response(json=ACTOR)
response2 = await datasette.client.get(
"/-/actor.json", cookies={"sessionid": "abc", "ignoreme": "1"}
)
assert response2.json() == {"actor": ACTOR}
assert not httpx_mock.get_requests()
# Now wait a second and try again
await asyncio.sleep(1.1)
response3 = await datasette.client.get(
"/-/actor.json", cookies={"sessionid": "abc", "ignoreme": "1"}
)
assert response3.json() == {"actor": ACTOR}
assert httpx_mock.get_requests()