domagoj/zavrsni-rad-otel-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
adb5c1a43983747bedb119728f85e0bd787fc2b5
zavrsni-rad-otel-app/backend/tests/test_security_tokens.py

66 lines
2.2 KiB
Python
Raw Blame History

from __future__ import annotations
import pytest
from fastapi import HTTPException
from app.core.config import settings
from app.core.security import InternalTokenManager, require_internal_principal
def test_internal_token_round_trip(monkeypatch: pytest.MonkeyPatch) -> None:
monkeypatch.setattr(
settings,
"internal_service_shared_secret",
"unit-test-shared-secret-key-at-least-32b",
)
monkeypatch.setattr(settings, "internal_service_token_audience", "bi-internal-test")
monkeypatch.setattr(settings, "internal_service_allowed_issuers", "api-gateway")
monkeypatch.setattr(settings, "internal_token_clock_skew_seconds", 0)
manager = InternalTokenManager()
token = manager.mint(
subject="user-123",
scopes=["openid", "profile"],
source_service="api-gateway",
)
principal = manager.verify(token)
assert principal.subject == "user-123"
assert principal.claims["iss"] == "api-gateway"
assert principal.claims["typ"] == "internal-service"
def test_internal_token_rejects_untrusted_issuer(
monkeypatch: pytest.MonkeyPatch,
) -> None:
monkeypatch.setattr(
settings,
"internal_service_shared_secret",
"unit-test-shared-secret-key-at-least-32b",
)
monkeypatch.setattr(settings, "internal_service_token_audience", "bi-internal-test")
monkeypatch.setattr(settings, "internal_service_allowed_issuers", "api-gateway")
monkeypatch.setattr(settings, "internal_token_clock_skew_seconds", 0)
manager = InternalTokenManager()
token = manager.mint(
subject="user-123",
scopes=["openid"],
source_service="analytics",
)
with pytest.raises(HTTPException) as exc:
manager.verify(token)
assert exc.value.status_code == 401
assert exc.value.detail == "Internal token issuer is not allowed."
def test_require_internal_principal_rejects_missing_token(
monkeypatch: pytest.MonkeyPatch,
) -> None:
monkeypatch.setattr(settings, "internal_service_auth_enabled", True)
with pytest.raises(HTTPException) as exc:
require_internal_principal(None)
assert exc.value.status_code == 401
assert exc.value.detail == "Missing x-internal-service-token header."
Reference in New Issue View Git Blame Copy Permalink