fix(FastAPI): reorganize credential checkin into dedicated file

Signed-off-by: Steven Guikal <void@fluix.one>
2025-02-03 10:43:03 +01:00 · 2021-11-30 15:44:18 -05:00 · 2021-11-30 15:44:18 -05:00 · a10f8663fd
commit a10f8663fd
parent 125b244f44
15 changed files with 143 additions and 172 deletions
--- a/test/test_auth.py
+++ b/test/test_auth.py
@ -5,7 +5,7 @@ import pytest
 from sqlalchemy.exc import IntegrityError

 from aurweb import db
-from aurweb.auth import AnonymousUser, BasicAuthBackend, account_type_required, has_credential
+from aurweb.auth import AnonymousUser, BasicAuthBackend, account_type_required
 from aurweb.models.account_type import USER, USER_ID
 from aurweb.models.session import Session
 from aurweb.models.user import User
@ -67,11 +67,6 @@ async def test_basic_auth_backend():
    assert result == user


-def test_has_fake_credential_fails():
-    # Fake credential 666 does not exist.
-    assert not has_credential(user, 666)
-
-
 def test_account_type_required():
    """ This test merely asserts that a few different paths
    do not raise exceptions. """
@ -109,8 +104,3 @@ def test_voted_for():
 def test_notified():
    user_ = AnonymousUser()
    assert not user_.notified(None)
-
-
-def test_has_credential():
-    user_ = AnonymousUser()
-    assert not user_.has_credential("FAKE_CREDENTIAL")
--- a/test/test_user.py
+++ b/test/test_user.py
@ -10,6 +10,7 @@ import aurweb.auth
 import aurweb.config

 from aurweb import db
+from aurweb.auth import creds
 from aurweb.models.account_type import AccountType
 from aurweb.models.ban import Ban
 from aurweb.models.package import Package
@ -154,7 +155,7 @@ def test_user_minimum_passwd_length():


 def test_user_has_credential():
-    assert not user.has_credential("CRED_ACCOUNT_CHANGE_TYPE")
+    assert not user.has_credential(aurweb.auth.creds.ACCOUNT_CHANGE_TYPE)


 def test_user_ssh_pub_key():
@ -169,10 +170,10 @@ def test_user_ssh_pub_key():


 def test_user_credential_types():
-    assert aurweb.auth.user_developer_or_trusted_user(user)
-    assert not aurweb.auth.trusted_user(user)
-    assert not aurweb.auth.developer(user)
-    assert not aurweb.auth.trusted_user_or_dev(user)
+    assert user.AccountTypeID in creds.user_developer_or_trusted_user
+    assert user.AccountTypeID not in creds.trusted_user
+    assert user.AccountTypeID not in creds.developer
+    assert user.AccountTypeID not in creds.trusted_user_or_dev

    trusted_user_type = db.query(AccountType).filter(
        AccountType.AccountType == "Trusted User"
@ -180,16 +181,16 @@ def test_user_credential_types():
    with db.begin():
        user.AccountType = trusted_user_type

-    assert aurweb.auth.trusted_user(user)
-    assert aurweb.auth.trusted_user_or_dev(user)
+    assert user.AccountTypeID in creds.trusted_user
+    assert user.AccountTypeID in creds.trusted_user_or_dev

    developer_type = db.query(AccountType,
                              AccountType.AccountType == "Developer").first()
    with db.begin():
        user.AccountType = developer_type

-    assert aurweb.auth.developer(user)
-    assert aurweb.auth.trusted_user_or_dev(user)
+    assert user.AccountTypeID in creds.developer
+    assert user.AccountTypeID in creds.trusted_user_or_dev

    type_str = "Trusted User & Developer"
    elevated_type = db.query(AccountType,
@ -197,9 +198,9 @@ def test_user_credential_types():
    with db.begin():
        user.AccountType = elevated_type

-    assert aurweb.auth.trusted_user(user)
-    assert aurweb.auth.developer(user)
-    assert aurweb.auth.trusted_user_or_dev(user)
+    assert user.AccountTypeID in creds.trusted_user
+    assert user.AccountTypeID in creds.developer
+    assert user.AccountTypeID in creds.trusted_user_or_dev

    # Some model authorization checks.
    assert user.is_elevated()