170 lines
5.7 KiB
Python
170 lines
5.7 KiB
Python
from unittest.mock import MagicMock, patch
|
|
|
|
import pytest
|
|
from fastapi import HTTPException, status
|
|
|
|
# Test constants
|
|
TEST_CLIENT_ID = "test_client_id"
|
|
TEST_CLIENT_SECRET = "test_client_secret"
|
|
|
|
# Patch constants before importing the module
|
|
with (
|
|
patch("app.utils.constants.COGNITO_CLIENT_ID", TEST_CLIENT_ID),
|
|
patch("app.utils.constants.COGNITO_CLIENT_SECRET", TEST_CLIENT_SECRET),
|
|
):
|
|
from app.auth.cognito import get_user_from_token, initiate_auth
|
|
from app.models.auth import CognitoUser
|
|
from app.utils.constants import USER_ROLE_ATTRIBUTE
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def mock_cognito_client():
|
|
with patch("app.auth.cognito.cognito_client") as mock_client:
|
|
# Setup mock client and exceptions
|
|
mock_client.exceptions = MagicMock()
|
|
mock_client.exceptions.NotAuthorizedException = type(
|
|
"NotAuthorizedException", (Exception,), {}
|
|
)
|
|
mock_client.exceptions.UserNotFoundException = type(
|
|
"UserNotFoundException", (Exception,), {}
|
|
)
|
|
yield mock_client
|
|
|
|
|
|
def test_initiate_auth_success(mock_cognito_client):
|
|
# Mock successful authentication response
|
|
mock_cognito_client.initiate_auth.return_value = {
|
|
"AuthenticationResult": {
|
|
"AccessToken": "mock_access_token",
|
|
"IdToken": "mock_id_token",
|
|
"RefreshToken": "mock_refresh_token",
|
|
}
|
|
}
|
|
|
|
result = initiate_auth("test_user", "test_pass")
|
|
assert result == {
|
|
"AccessToken": "mock_access_token",
|
|
"IdToken": "mock_id_token",
|
|
"RefreshToken": "mock_refresh_token",
|
|
}
|
|
|
|
|
|
def test_initiate_auth_with_secret_hash(mock_cognito_client):
|
|
with patch(
|
|
"app.auth.cognito.calculate_secret_hash", return_value="mocked_secret_hash"
|
|
) as mock_hash:
|
|
mock_cognito_client.initiate_auth.return_value = {
|
|
"AuthenticationResult": {"AccessToken": "token"}
|
|
}
|
|
|
|
initiate_auth("test_user", "test_pass")
|
|
|
|
# Verify calculate_secret_hash was called
|
|
mock_hash.assert_called_once_with(
|
|
"test_user", TEST_CLIENT_ID, TEST_CLIENT_SECRET
|
|
)
|
|
|
|
# Verify SECRET_HASH was included in auth params
|
|
call_args = mock_cognito_client.initiate_auth.call_args[1]
|
|
assert "SECRET_HASH" in call_args["AuthParameters"]
|
|
assert call_args["AuthParameters"]["SECRET_HASH"] == "mocked_secret_hash"
|
|
|
|
|
|
def test_initiate_auth_not_authorized(mock_cognito_client):
|
|
mock_cognito_client.initiate_auth.side_effect = (
|
|
mock_cognito_client.exceptions.NotAuthorizedException()
|
|
)
|
|
|
|
with pytest.raises(HTTPException) as exc_info:
|
|
initiate_auth("invalid_user", "wrong_pass")
|
|
|
|
assert exc_info.value.status_code == status.HTTP_401_UNAUTHORIZED
|
|
assert exc_info.value.detail == "Invalid username or password"
|
|
|
|
|
|
def test_initiate_auth_user_not_found(mock_cognito_client):
|
|
mock_cognito_client.initiate_auth.side_effect = (
|
|
mock_cognito_client.exceptions.UserNotFoundException()
|
|
)
|
|
|
|
with pytest.raises(HTTPException) as exc_info:
|
|
initiate_auth("nonexistent_user", "any_pass")
|
|
|
|
assert exc_info.value.status_code == status.HTTP_404_NOT_FOUND
|
|
assert exc_info.value.detail == "User not found"
|
|
|
|
|
|
def test_initiate_auth_generic_error(mock_cognito_client):
|
|
mock_cognito_client.initiate_auth.side_effect = Exception("Some error")
|
|
|
|
with pytest.raises(HTTPException) as exc_info:
|
|
initiate_auth("test_user", "test_pass")
|
|
|
|
assert exc_info.value.status_code == status.HTTP_500_INTERNAL_SERVER_ERROR
|
|
assert "An error occurred during authentication" in exc_info.value.detail
|
|
|
|
|
|
def test_get_user_from_token_success(mock_cognito_client):
|
|
mock_response = {
|
|
"Username": "test_user",
|
|
"UserAttributes": [
|
|
{"Name": "sub", "Value": "123"},
|
|
{"Name": USER_ROLE_ATTRIBUTE, "Value": "admin,user"},
|
|
],
|
|
}
|
|
mock_cognito_client.get_user.return_value = mock_response
|
|
|
|
result = get_user_from_token("valid_token")
|
|
|
|
assert isinstance(result, CognitoUser)
|
|
assert result.username == "test_user"
|
|
assert set(result.roles) == {"admin", "user"}
|
|
|
|
|
|
def test_get_user_from_token_no_roles(mock_cognito_client):
|
|
mock_response = {
|
|
"Username": "test_user",
|
|
"UserAttributes": [{"Name": "sub", "Value": "123"}],
|
|
}
|
|
mock_cognito_client.get_user.return_value = mock_response
|
|
|
|
result = get_user_from_token("valid_token")
|
|
|
|
assert isinstance(result, CognitoUser)
|
|
assert result.username == "test_user"
|
|
assert result.roles == []
|
|
|
|
|
|
def test_get_user_from_token_invalid_token(mock_cognito_client):
|
|
mock_cognito_client.get_user.side_effect = (
|
|
mock_cognito_client.exceptions.NotAuthorizedException()
|
|
)
|
|
|
|
with pytest.raises(HTTPException) as exc_info:
|
|
get_user_from_token("invalid_token")
|
|
|
|
assert exc_info.value.status_code == status.HTTP_401_UNAUTHORIZED
|
|
assert exc_info.value.detail == "Invalid or expired token."
|
|
|
|
|
|
def test_get_user_from_token_user_not_found(mock_cognito_client):
|
|
mock_cognito_client.get_user.side_effect = (
|
|
mock_cognito_client.exceptions.UserNotFoundException()
|
|
)
|
|
|
|
with pytest.raises(HTTPException) as exc_info:
|
|
get_user_from_token("token_for_nonexistent_user")
|
|
|
|
assert exc_info.value.status_code == status.HTTP_401_UNAUTHORIZED
|
|
assert exc_info.value.detail == "User not found or invalid token."
|
|
|
|
|
|
def test_get_user_from_token_generic_error(mock_cognito_client):
|
|
mock_cognito_client.get_user.side_effect = Exception("Some error")
|
|
|
|
with pytest.raises(HTTPException) as exc_info:
|
|
get_user_from_token("test_token")
|
|
|
|
assert exc_info.value.status_code == status.HTTP_500_INTERNAL_SERVER_ERROR
|
|
assert "Token verification failed" in exc_info.value.detail
|