pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

apply auth requirement to virtually all endpoints

Browse Source
This commit is contained in:
dandds
2018-08-06 10:43:44 -04:00
committed by richard-dds
parent ed1e8bffd1
commit 2d5651a21d
11 changed files with 59 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
tests/test_auth.py
View File

@@ -1,4 +1,4 @@
from flask import session
from flask import session, url_for
from .mocks import DOD_SDN
@@ -31,3 +31,24 @@ def test_unsuccessful_login_redirect(client, monkeypatch):
assert resp.status_code == 302
assert "unauthorized" in resp.headers["Location"]
assert "user_id" not in session
UNPROTECTED_ROUTES = ["/", "/login-dev", "/login-redirect", "/unauthorized"]
# checks that all of the routes in the app are protected by auth
def test_protected_route(client, app):
for rule in app.url_map.iter_rules():
args = [1] * len(rule.arguments)
mock_args = dict(zip(rule.arguments, args))
_n, route = rule.build(mock_args)
if route in UNPROTECTED_ROUTES or "/static" in route:
continue
if "GET" in rule.methods:
resp = client.get(route)
assert resp.status_code == 302
assert resp.headers["Location"] == "http://localhost/"
if "POST" in rule.methods:
resp = client.post(route)
assert resp.status_code == 302
assert resp.headers["Location"] == "http://localhost/"