log access attempts in access decorator
This commit is contained in:
dandds
@@ -14,6 +14,7 @@ from atst.domain.authnid.crl import (
|
||||
)
|
||||
|
||||
from tests.mocks import FIXTURE_EMAIL_ADDRESS, DOD_CN
|
||||
from tests.utils import FakeLogger
|
||||
|
||||
|
||||
class MockX509Store:
|
||||
@@ -119,20 +120,6 @@ def test_multistep_certificate_chain():
|
||||
assert cache.crl_check(cert)
|
||||
|
||||
|
||||
class FakeLogger:
|
||||
def __init__(self):
|
||||
self.messages = []
|
||||
|
||||
def info(self, msg):
|
||||
self.messages.append(msg)
|
||||
|
||||
def warning(self, msg):
|
||||
self.messages.append(msg)
|
||||
|
||||
def error(self, msg):
|
||||
self.messages.append(msg)
|
||||
|
||||
|
||||
def test_no_op_crl_cache_logs_common_name():
|
||||
logger = FakeLogger()
|
||||
cert = open("ssl/client-certs/atat.mil.crt", "rb").read()
|
||||
|
||||
@@ -12,6 +12,8 @@ from atst.domain.permission_sets import PermissionSets
|
||||
from atst.domain.exceptions import UnauthorizedError
|
||||
from atst.models.permissions import Permissions
|
||||
|
||||
from tests.utils import FakeLogger
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def invalid_user():
|
||||
@@ -146,3 +148,41 @@ def test_user_can_access_decorator_exceptions(set_current_user):
|
||||
|
||||
set_current_user(rando_calrissian)
|
||||
assert _edit_portfolio_name(portfolio_id=portfolio.id)
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def mock_logger(app):
|
||||
real_logger = app.logger
|
||||
app.logger = FakeLogger()
|
||||
|
||||
yield app.logger
|
||||
|
||||
app.logger = real_logger
|
||||
|
||||
|
||||
def test_user_can_access_decorator_logs_access(
|
||||
set_current_user, monkeypatch, mock_logger
|
||||
):
|
||||
user = UserFactory.create()
|
||||
|
||||
@user_can_access_decorator(Permissions.EDIT_PORTFOLIO_NAME)
|
||||
def _do_something(*args, **kwargs):
|
||||
return True
|
||||
|
||||
set_current_user(user)
|
||||
|
||||
monkeypatch.setattr(
|
||||
"atst.domain.authz.decorator.check_access", lambda *a, **k: True
|
||||
)
|
||||
_do_something()
|
||||
assert len(mock_logger.messages) == 1
|
||||
assert "accessed" in mock_logger.messages[0]
|
||||
|
||||
def _unauthorized(*a, **k):
|
||||
raise UnauthorizedError(user, "do something")
|
||||
|
||||
monkeypatch.setattr("atst.domain.authz.decorator.check_access", _unauthorized)
|
||||
with pytest.raises(UnauthorizedError):
|
||||
_do_something()
|
||||
assert len(mock_logger.messages) == 2
|
||||
assert "denied access" in mock_logger.messages[1]
|
||||
|
||||
@@ -14,3 +14,17 @@ def captured_templates(app):
|
||||
yield recorded
|
||||
finally:
|
||||
template_rendered.disconnect(record, app)
|
||||
|
||||
|
||||
class FakeLogger:
|
||||
def __init__(self):
|
||||
self.messages = []
|
||||
|
||||
def info(self, msg):
|
||||
self.messages.append(msg)
|
||||
|
||||
def warning(self, msg):
|
||||
self.messages.append(msg)
|
||||
|
||||
def error(self, msg):
|
||||
self.messages.append(msg)
|
||||
|
||||
Reference in New Issue
Block a user