diff --git a/tests/api/auth/test_basic.py b/tests/api/auth/test_basic.py index 5ee1f99e4..7d69d89f2 100644 --- a/tests/api/auth/test_basic.py +++ b/tests/api/auth/test_basic.py @@ -7,9 +7,7 @@ import pytest from fastapi.exceptions import HTTPException from fastapi.security import HTTPBasicCredentials -from fastapi.testclient import TestClient -from ralph.api import app from ralph.api.auth.basic import ( ServerUsersCredentials, UserCredentials, @@ -33,9 +31,6 @@ ) -client = TestClient(app) - - def test_api_auth_basic_model_serveruserscredentials(): """Test api.auth ServerUsersCredentials model.""" @@ -148,23 +143,28 @@ def test_api_auth_basic_no_credential_file_found(fs, monkeypatch): get_basic_auth_user(credentials) -def test_api_auth_basic_get_whoami_no_credentials(): +@pytest.mark.anyio +async def test_api_auth_basic_get_whoami_no_credentials(client): """Whoami route returns a 401 error when no credentials are sent.""" - response = client.get("/whoami") + response = await client.get("/whoami") assert response.status_code == 401 assert response.headers["www-authenticate"] == "Basic" assert response.json() == {"detail": "Invalid authentication credentials"} -def test_api_auth_basic_get_whoami_credentials_encoding_error(): +@pytest.mark.anyio +async def test_api_auth_basic_get_whoami_credentials_encoding_error(client): """Whoami route returns a 401 error when the credentials encoding is broken.""" - response = client.get("/whoami", headers={"Authorization": "Basic not-base64"}) + response = await client.get( + "/whoami", headers={"Authorization": "Basic not-base64"} + ) assert response.status_code == 401 assert response.headers["www-authenticate"] == "Basic" assert response.json() == {"detail": "Invalid authentication credentials"} -def test_api_auth_basic_get_whoami_username_not_found(fs): +@pytest.mark.anyio +async def test_api_auth_basic_get_whoami_username_not_found(fs, client): """Whoami route returns a 401 error when the username cannot be found.""" credential_bytes = base64.b64encode("john:admin".encode("utf-8")) credentials = str(credential_bytes, "utf-8") @@ -173,14 +173,17 @@ def test_api_auth_basic_get_whoami_username_not_found(fs): auth_file_path = settings.APP_DIR / "auth.json" fs.create_file(auth_file_path, contents=STORED_CREDENTIALS) - response = client.get("/whoami", headers={"Authorization": f"Basic {credentials}"}) + response = await client.get( + "/whoami", headers={"Authorization": f"Basic {credentials}"} + ) assert response.status_code == 401 assert response.headers["www-authenticate"] == "Basic" assert response.json() == {"detail": "Invalid authentication credentials"} -def test_api_auth_basic_get_whoami_wrong_password(fs): +@pytest.mark.anyio +async def test_api_auth_basic_get_whoami_wrong_password(fs, client): """Whoami route returns a 401 error when the password is wrong.""" credential_bytes = base64.b64encode("john:not-admin".encode("utf-8")) credentials = str(credential_bytes, "utf-8") @@ -189,18 +192,21 @@ def test_api_auth_basic_get_whoami_wrong_password(fs): fs.create_file(auth_file_path, contents=STORED_CREDENTIALS) get_basic_auth_user.cache_clear() - response = client.get("/whoami", headers={"Authorization": f"Basic {credentials}"}) + response = await client.get( + "/whoami", headers={"Authorization": f"Basic {credentials}"} + ) assert response.status_code == 401 assert response.json() == {"detail": "Invalid authentication credentials"} +@pytest.mark.anyio @pytest.mark.parametrize( "runserver_auth_backends", [[AuthBackend.BASIC, AuthBackend.OIDC], [AuthBackend.BASIC]], ) -def test_api_auth_basic_get_whoami_correct_credentials( - fs, monkeypatch, runserver_auth_backends +async def test_api_auth_basic_get_whoami_correct_credentials( + fs, monkeypatch, runserver_auth_backends, client ): """Whoami returns a 200 response when the credentials are correct. @@ -215,7 +221,9 @@ def test_api_auth_basic_get_whoami_correct_credentials( fs.create_file(auth_file_path, contents=STORED_CREDENTIALS) get_basic_auth_user.cache_clear() - response = client.get("/whoami", headers={"Authorization": f"Basic {credentials}"}) + response = await client.get( + "/whoami", headers={"Authorization": f"Basic {credentials}"} + ) assert response.status_code == 200 @@ -227,7 +235,8 @@ def test_api_auth_basic_get_whoami_correct_credentials( ] -def test_api_auth_basic_get_whoami_invalid_backend(fs, monkeypatch): +@pytest.mark.anyio +async def test_api_auth_basic_get_whoami_invalid_backend(fs, monkeypatch, client): """Check for an exception when providing valid credentials when Basic authentication is not supported. """ @@ -240,7 +249,9 @@ def test_api_auth_basic_get_whoami_invalid_backend(fs, monkeypatch): fs.create_file(auth_file_path, contents=STORED_CREDENTIALS) get_basic_auth_user.cache_clear() - response = client.get("/whoami", headers={"Authorization": f"Basic {credentials}"}) + response = await client.get( + "/whoami", headers={"Authorization": f"Basic {credentials}"} + ) assert response.status_code == 401 assert response.json() == {"detail": "Invalid authentication credentials"} diff --git a/tests/api/auth/test_oidc.py b/tests/api/auth/test_oidc.py index 5dd45e61c..8660e85b8 100644 --- a/tests/api/auth/test_oidc.py +++ b/tests/api/auth/test_oidc.py @@ -1,10 +1,8 @@ """Tests for the api.auth.oidc module.""" import pytest import responses -from fastapi.testclient import TestClient from pydantic import parse_obj_as -from ralph.api import app from ralph.api.auth.oidc import discover_provider, get_public_keys from ralph.conf import AuthBackend from ralph.models.xapi.base.agents import BaseXapiAgentWithOpenId @@ -12,15 +10,16 @@ from tests.fixtures.auth import ISSUER_URI, mock_oidc_user from tests.helpers import configure_env_for_mock_oidc_auth -client = TestClient(app) - +@pytest.mark.anyio @pytest.mark.parametrize( "runserver_auth_backends", [[AuthBackend.BASIC, AuthBackend.OIDC], [AuthBackend.OIDC]], ) @responses.activate -def test_api_auth_oidc_get_whoami_valid(monkeypatch, runserver_auth_backends): +async def test_api_auth_oidc_get_whoami_valid( + client, monkeypatch, runserver_auth_backends +): """Test a valid OpenId Connect authentication.""" configure_env_for_mock_oidc_auth(monkeypatch, runserver_auth_backends) @@ -28,7 +27,7 @@ def test_api_auth_oidc_get_whoami_valid(monkeypatch, runserver_auth_backends): oidc_token = mock_oidc_user(scopes=["all", "profile/read"]) headers = {"Authorization": f"Bearer {oidc_token}"} - response = client.get( + response = await client.get( "/whoami", headers=headers, ) @@ -39,9 +38,10 @@ def test_api_auth_oidc_get_whoami_valid(monkeypatch, runserver_auth_backends): assert sorted(response.json()["scopes"]) == ["all", "profile/read"] +@pytest.mark.anyio @responses.activate -def test_api_auth_oidc_get_whoami_invalid_token( - monkeypatch, mock_discovery_response, mock_oidc_jwks +async def test_api_auth_oidc_get_whoami_invalid_token( + client, monkeypatch, mock_discovery_response, mock_oidc_jwks ): """Test API with an invalid audience.""" @@ -49,7 +49,7 @@ def test_api_auth_oidc_get_whoami_invalid_token( mock_oidc_user() - response = client.get( + response = await client.get( "/whoami", headers={"Authorization": "Bearer wrong_token"}, ) @@ -59,8 +59,11 @@ def test_api_auth_oidc_get_whoami_invalid_token( assert response.json() == {"detail": "Could not validate credentials"} +@pytest.mark.anyio @responses.activate -def test_api_auth_oidc_get_whoami_invalid_discovery(monkeypatch, encoded_token): +async def test_api_auth_oidc_get_whoami_invalid_discovery( + client, monkeypatch, encoded_token +): """Test API with an invalid provider discovery.""" configure_env_for_mock_oidc_auth(monkeypatch) @@ -77,7 +80,7 @@ def test_api_auth_oidc_get_whoami_invalid_discovery(monkeypatch, encoded_token): status=500, ) - response = client.get( + response = await client.get( "/whoami", headers={"Authorization": f"Bearer {encoded_token}"}, ) @@ -87,9 +90,10 @@ def test_api_auth_oidc_get_whoami_invalid_discovery(monkeypatch, encoded_token): assert response.json() == {"detail": "Could not validate credentials"} +@pytest.mark.anyio @responses.activate -def test_api_auth_oidc_get_whoami_invalid_keys( - monkeypatch, mock_discovery_response, mock_oidc_jwks, encoded_token +async def test_api_auth_oidc_get_whoami_invalid_keys( + client, monkeypatch, mock_discovery_response, mock_oidc_jwks, encoded_token ): """Test API with an invalid request for keys.""" @@ -115,7 +119,7 @@ def test_api_auth_oidc_get_whoami_invalid_keys( status=500, ) - response = client.get( + response = await client.get( "/whoami", headers={"Authorization": f"Bearer {encoded_token}"}, ) @@ -125,15 +129,16 @@ def test_api_auth_oidc_get_whoami_invalid_keys( assert response.json() == {"detail": "Could not validate credentials"} +@pytest.mark.anyio @responses.activate -def test_api_auth_oidc_get_whoami_invalid_header(monkeypatch): +async def test_api_auth_oidc_get_whoami_invalid_header(client, monkeypatch): """Test API with an invalid request header.""" configure_env_for_mock_oidc_auth(monkeypatch) oidc_token = mock_oidc_user() - response = client.get( + response = await client.get( "/whoami", headers={"Authorization": f"Wrong header {oidc_token}"}, ) @@ -143,7 +148,8 @@ def test_api_auth_oidc_get_whoami_invalid_header(monkeypatch): assert response.json() == {"detail": "Invalid authentication credentials"} -def test_api_auth_oidc_get_whoami_invalid_backend(fs, monkeypatch): +@pytest.mark.anyio +async def test_api_auth_oidc_get_whoami_invalid_backend(client, fs, monkeypatch): """Check for an exception when providing valid OIDC credentials while OIDC authentication is not supported. """ @@ -153,7 +159,7 @@ def test_api_auth_oidc_get_whoami_invalid_backend(fs, monkeypatch): oidc_token = mock_oidc_user(scopes=["all", "profile/read"]) headers = {"Authorization": f"Bearer {oidc_token}"} - response = client.get( + response = await client.get( "/whoami", headers=headers, ) diff --git a/tests/api/test_statements_post.py b/tests/api/test_statements_post.py index 92b2ce636..9d082f369 100644 --- a/tests/api/test_statements_post.py +++ b/tests/api/test_statements_post.py @@ -720,7 +720,7 @@ async def test_api_statements_post_scopes( # noqa: PLR0913 oidc_token = mock_oidc_user(sub=sub, scopes=scopes) headers = {"Authorization": f"Bearer {oidc_token}"} - monkeypatch.setenv("RUNSERVER_AUTH_BACKENDS", [AuthBackend.OIDC]) + monkeypatch.setenv("RUNSERVER_AUTH_BACKENDS", "oidc") monkeypatch.setattr( "ralph.api.auth.settings.RUNSERVER_AUTH_BACKENDS", [AuthBackend.OIDC] )