1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
from typing import TYPE_CHECKING, Any, Dict, Optional
import pytest
from litestar import get
from litestar.di import Provide
from litestar.middleware.session.server_side import (
ServerSideSessionBackend,
ServerSideSessionConfig,
)
from litestar.openapi.config import OpenAPIConfig
from litestar.openapi.spec import Components, SecurityScheme
from litestar.security.session_auth import SessionAuth
from litestar.status_codes import HTTP_200_OK
from litestar.testing import create_test_client
if TYPE_CHECKING:
from litestar.connection import ASGIConnection
from litestar.handlers.base import BaseRouteHandler
def retrieve_user_handler(_: Dict[str, Any], __: "ASGIConnection") -> Any:
pass
def test_abstract_security_config_sets_guards(session_backend_config_memory: ServerSideSessionConfig) -> None:
async def guard(_: "ASGIConnection", __: "BaseRouteHandler") -> None:
pass
security_config = SessionAuth[Any, ServerSideSessionBackend](
retrieve_user_handler=retrieve_user_handler,
session_backend_config=session_backend_config_memory,
guards=[guard],
)
with create_test_client([], on_app_init=[security_config.on_app_init]) as client:
assert client.app.guards
def test_abstract_security_config_sets_dependencies(session_backend_config_memory: ServerSideSessionConfig) -> None:
security_config = SessionAuth[Any, ServerSideSessionBackend](
retrieve_user_handler=retrieve_user_handler,
session_backend_config=session_backend_config_memory,
dependencies={"value": Provide(lambda: 13, sync_to_thread=False)},
)
with create_test_client([], on_app_init=[security_config.on_app_init]) as client:
assert client.app.dependencies.get("value")
@pytest.mark.filterwarnings("ignore:Middleware 'SessionAuthMiddleware' exclude pattern")
def test_abstract_security_config_registers_route_handlers(
session_backend_config_memory: ServerSideSessionConfig,
) -> None:
@get("/")
def handler() -> dict:
return {"hello": "world"}
security_config = SessionAuth[Any, ServerSideSessionBackend](
retrieve_user_handler=retrieve_user_handler,
exclude=["/"],
session_backend_config=session_backend_config_memory,
route_handlers=[handler],
)
with create_test_client([], on_app_init=[security_config.on_app_init]) as client:
response = client.get("/")
assert response.status_code == HTTP_200_OK
assert response.json() == {"hello": "world"}
@pytest.mark.parametrize(
"openapi_config, expected",
(
(None, None),
(
OpenAPIConfig(title="Litestar API", version="1.0.0"),
{
"schemas": {},
"securitySchemes": {
"sessionCookie": {
"type": "apiKey",
"description": "Session cookie authentication.",
"name": "session",
"in": "cookie",
}
},
},
),
(
OpenAPIConfig(
title="Litestar API",
version="1.0.0",
components=[
Components(
security_schemes={
"app": SecurityScheme(
type="http",
name="test",
security_scheme_in="cookie", # pyright: ignore
description="test.",
)
}
)
],
),
{
"schemas": {},
"securitySchemes": {
"app": {"type": "http", "description": "test.", "name": "test", "in": "cookie"},
"sessionCookie": {
"type": "apiKey",
"description": "Session cookie authentication.",
"name": "session",
"in": "cookie",
},
},
},
),
(
OpenAPIConfig(
title="Litestar API",
version="1.0.0",
components=Components(
security_schemes={
"app": SecurityScheme(
type="http",
name="test",
security_scheme_in="cookie",
description="test.",
)
}
),
),
{
"schemas": {},
"securitySchemes": {
"sessionCookie": {
"type": "apiKey",
"description": "Session cookie authentication.",
"name": "session",
"in": "cookie",
},
"app": {"type": "http", "description": "test.", "name": "test", "in": "cookie"},
},
},
),
),
)
def test_abstract_security_config_setting_openapi_components(
openapi_config: Optional["OpenAPIConfig"], expected: dict, session_backend_config_memory: ServerSideSessionConfig
) -> None:
security_config = SessionAuth[Any, ServerSideSessionBackend](
retrieve_user_handler=retrieve_user_handler, exclude=["/"], session_backend_config=session_backend_config_memory
)
with create_test_client([], on_app_init=[security_config.on_app_init], openapi_config=openapi_config) as client:
if openapi_config is not None:
assert client.app.openapi_schema
assert client.app.openapi_config
assert client.app.openapi_config.components
assert client.app.openapi_config.components.to_schema() == expected
else:
assert not client.app.openapi_config
@pytest.mark.parametrize(
"openapi_config, expected",
(
(None, None),
(OpenAPIConfig(title="Litestar API", version="1.0.0", security=None), [{"sessionCookie": []}]),
(
OpenAPIConfig(title="Litestar API", version="1.0.0", security=[{"app": ["a", "b", "c"]}]),
[{"app": ["a", "b", "c"]}, {"sessionCookie": []}],
),
),
)
def test_abstract_security_config_setting_openapi_security_requirements(
openapi_config: Optional[OpenAPIConfig], expected: list, session_backend_config_memory: ServerSideSessionConfig
) -> None:
security_config = SessionAuth[Any, ServerSideSessionBackend](
retrieve_user_handler=retrieve_user_handler, exclude=["/"], session_backend_config=session_backend_config_memory
)
with create_test_client([], on_app_init=[security_config.on_app_init], openapi_config=openapi_config) as client:
if openapi_config is not None:
assert client.app.openapi_config
assert client.app.openapi_config.security
assert client.app.openapi_config.security == expected
else:
assert not client.app.openapi_config
|
