fix failing tests

papermerge · Nov 14, 2024 · 5e414c5 · 5e414c5
1 parent fcbf689
commit 5e414c5
Show file tree

Hide file tree

Showing 4 changed files with 78 additions and 81 deletions.
diff --git a/auth_server/db/orm.py b/auth_server/db/orm.py
@@ -149,7 +149,7 @@ class Folder(Node):
 class Permission(Base):
     __tablename__ = "permissions"
 
-    id: Mapped[int] = mapped_column(primary_key=True, default=uuid.uuid4)
+    id: Mapped[uuid.UUID] = mapped_column(primary_key=True, default=uuid.uuid4)
     name: Mapped[str]
     codename: Mapped[str]
     groups = relationship(
@@ -163,7 +163,7 @@ class Permission(Base):
 class Group(Base):
     __tablename__ = "groups"
 
-    id: Mapped[int] = mapped_column(primary_key=True)
+    id: Mapped[uuid.UUID] = mapped_column(primary_key=True, default=uuid.uuid4)
     name: Mapped[str]
     permissions: Mapped[list["Permission"]] = relationship(
         secondary=group_permissions_association, back_populates="groups"

diff --git a/auth_server/schema.py b/auth_server/schema.py
@@ -18,13 +18,13 @@ class User(BaseModel):
 
 class Token(BaseModel):
     access_token: str
-    token_type: str = 'bearer'
+    token_type: str = "bearer"
 
     model_config = ConfigDict(from_attributes=True)
 
 
 class TokenData(BaseModel):
-    sub: str   # same as `user_id`
+    sub: str  # same as `user_id`
     preferred_username: str  # standard claim for `username`
     email: str
     scopes: list[str] = []
@@ -47,20 +47,17 @@ class UserCredentials(BaseModel):
 
 
 class Group(BaseModel):
-    id: int
+    id: UUID
     name: str
 
     # Config
     model_config = ConfigDict(from_attributes=True)
 
 
 class Permission(BaseModel):
-    id: int
+    id: UUID
     name: str  # e.g. "Can create tags"
     codename: str  # e.g. "tag.create"
-    # content_type_id field is not used
-    # it is legacy field coming from Django's model centric permissions
-    content_type_id: int = 1
 
     # Config
     model_config = ConfigDict(from_attributes=True)
diff --git a/tests/test_user.py b/tests/test_user.py
@@ -133,12 +133,12 @@ def test_user_inherits_scopes_from_perms_and_groups(db_session):
     User inherits his/her scopes from his/her direct permissions and groups
     """
     # make sure all scope values are in DB
-    db.sync_perms(db_session)
+    dbapi.sync_perms(db_session)
 
-    db.create_group(db_session, name="g1", scopes=["node.create", "node.view"])
-    db.create_group(db_session, name="g2", scopes=["tag.create", "tag.view"])
+    dbapi.create_group(db_session, name="g1", scopes=["node.create", "node.view"])
+    dbapi.create_group(db_session, name="g2", scopes=["tag.create", "tag.view"])
 
-    db.create_user(
+    dbapi.create_user(
         db_session,
         username="erasmus",
         email="[email protected]",
@@ -147,7 +147,7 @@ def test_user_inherits_scopes_from_perms_and_groups(db_session):
         perm_names=["page.move", "page.extract"],
         group_names=["g1", "g2"],
     )
-    user = db.get_user_by_username(db_session, "erasmus")
+    user = dbapi.get_user_by_username(db_session, "erasmus")
 
     assert user.username == "erasmus"
     # check that user inherits scopes from his/her direct permissions and groups
@@ -170,19 +170,19 @@ def test_get_user_by_email_inherits_scopes_from_groups(db_session):
     User inherits his/her scopes from the group he/she belongs
     """
     # make sure all scope values are in DB
-    db.sync_perms(db_session)
+    dbapi.sync_perms(db_session)
 
-    db.create_group(db_session, name="g1", scopes=["node.create", "node.view"])
-    db.create_group(db_session, name="g2", scopes=["tag.create", "tag.view"])
-    db.create_user(
+    dbapi.create_group(db_session, name="g1", scopes=["node.create", "node.view"])
+    dbapi.create_group(db_session, name="g2", scopes=["tag.create", "tag.view"])
+    dbapi.create_user(
         db_session,
         username="erasmus",
         email="[email protected]",
         password="freewill41",
         is_superuser=False,
         group_names=["g1", "g2"],  # user inherits scopes from these groups
     )
-    user = db.get_user_by_email(db_session, "[email protected]")
+    user = dbapi.get_user_by_email(db_session, "[email protected]")
 
     assert user.username == "erasmus"
     # check that user inherits all permissions from his/her group
@@ -198,17 +198,17 @@ def test_get_user_by_email_scopes_from_perms(db_session):
     User inherits his/her scopes from his/her direct permissions
     """
     # make sure all scope values are in DB
-    db.sync_perms(db_session)
+    dbapi.sync_perms(db_session)
 
-    db.create_user(
+    dbapi.create_user(
         db_session,
         username="erasmus",
         email="[email protected]",
         password="freewill41",
         is_superuser=False,
         perm_names=["page.move", "page.extract"],
     )
-    user = db.get_user_by_email(db_session, "[email protected]")
+    user = dbapi.get_user_by_email(db_session, "[email protected]")
 
     assert user.username == "erasmus"
     # check that user inherits his/her direct permissions
@@ -224,12 +224,12 @@ def test_get_user_by_email_inherits_scopes_from_perms_and_groups(db_session):
     User inherits his/her scopes from his/her direct permissions and groups
     """
     # make sure all scope values are in DB
-    db.sync_perms(db_session)
+    dbapi.sync_perms(db_session)
 
-    db.create_group(db_session, name="g1", scopes=["node.create", "node.view"])
-    db.create_group(db_session, name="g2", scopes=["tag.create", "tag.view"])
+    dbapi.create_group(db_session, name="g1", scopes=["node.create", "node.view"])
+    dbapi.create_group(db_session, name="g2", scopes=["tag.create", "tag.view"])
 
-    db.create_user(
+    dbapi.create_user(
         db_session,
         username="erasmus",
         email="[email protected]",
@@ -238,7 +238,7 @@ def test_get_user_by_email_inherits_scopes_from_perms_and_groups(db_session):
         perm_names=["page.move", "page.extract"],
         group_names=["g1", "g2"],
     )
-    user = db.get_user_by_email(db_session, "[email protected]")
+    user = dbapi.get_user_by_email(db_session, "[email protected]")
 
     assert user.username == "erasmus"
     # check that user inherits scopes from his/her direct permissions and groups
@@ -261,16 +261,16 @@ def test_get_user_by_email_for_superuser(db_session):
     User inherits all scopes if he/she is superuser
     """
     # make sure all scope values are in DB
-    db.sync_perms(db_session)
+    dbapi.sync_perms(db_session)
 
-    db.create_user(
+    dbapi.create_user(
         db_session,
         username="erasmus",
         email="[email protected]",
         password="freewill41",
         is_superuser=True,
     )
-    user = db.get_user_by_email(db_session, "[email protected]")
+    user = dbapi.get_user_by_email(db_session, "[email protected]")
 
     assert user.username == "erasmus"
     assert len(user.scopes) == len(scopes.SCOPES)
@@ -285,16 +285,16 @@ def test_get_user_by_email_for_non_superuser(db_session):
     groups assigned
     """
     # make sure all scope values are in DB
-    db.sync_perms(db_session)
+    dbapi.sync_perms(db_session)
 
-    db.create_user(
+    dbapi.create_user(
         db_session,
         username="erasmus",
         email="[email protected]",
         password="freewill41",
         is_superuser=False,
     )
-    user = db.get_user_by_email(db_session, "[email protected]")
+    user = dbapi.get_user_by_email(db_session, "[email protected]")
 
     assert user.username == "erasmus"
     # user is not superuser and does not have any

diff --git a/tests/test_views.py b/tests/test_views.py
@@ -3,11 +3,10 @@
 import httpx
 import pytest
 
-from sqlalchemy import Connection
 from sqlalchemy.orm import Session
 
 from auth_server.main import settings
-from auth_server import db
+from auth_server.db import api as dbapi
 
 logger = logging.getLogger(__name__)
 
@@ -37,12 +36,12 @@ def test_retrieve_token_endpoint(client: httpx.Client):
                 "provider": "google",
                 "client_id": "123",
                 "code": "abc",
-                "redirect_uri": "http://site.com/callback"
-            }
+                "redirect_uri": "http://site.com/callback",
+            },
         )
 
         assert response.status_code == 200, response.text
-        assert response.json()['access_token'] is not None
+        assert response.json()["access_token"] is not None
 
 
 def test_invalid_post_request(client: httpx.Client):
@@ -61,82 +60,83 @@ def test_invalid_post_request(client: httpx.Client):
     # are empty
     assert response.status_code == 400, response.text
 
-    response = client.post("/token", params={
-        "code": "123",
-        "redirect_uri": "http://some/callback",
-        "provider": "oidc"
-    })
+    response = client.post(
+        "/token",
+        params={
+            "code": "123",
+            "redirect_uri": "http://some/callback",
+            "provider": "oidc",
+        },
+    )
     # should return 400 Bad request as "client_id" parameter is missing
     assert response.status_code == 400, response.text
 
-    response = client.post("/token", params={
-        "client_id": "cl123",
-        "redirect_uri": "http://some/callback",
-        "provider": "oidc"
-    })
+    response = client.post(
+        "/token",
+        params={
+            "client_id": "cl123",
+            "redirect_uri": "http://some/callback",
+            "provider": "oidc",
+        },
+    )
     # should return 400 Bad request as "code" parameter is missing
     assert response.status_code == 400, response.text
 
-    response = client.post("/token", params={
-        "client_id": "cl123",
-        "redirect_uri": "http://some/callback",
-        "code": "abc"
-    })
+    response = client.post(
+        "/token",
+        params={
+            "client_id": "cl123",
+            "redirect_uri": "http://some/callback",
+            "code": "abc",
+        },
+    )
     # should return 400 Bad request as "provider" parameter is missing
     assert response.status_code == 400, response.text
 
-    response = client.post("/token", params={
-        "client_id": "cl123",
-        "provider": "oidc",
-        "code": "abc"
-    })
+    response = client.post(
+        "/token", params={"client_id": "cl123", "provider": "oidc", "code": "abc"}
+    )
     # should return 400 Bad request as "redirect_uri" parameter is missing
     assert response.status_code == 400, response.text
 
 
 def test_db_based_authentication_for_existing_user(
-    client: httpx.Client,
-    db_session: Session
+    client: httpx.Client, db_session: Session
 ):
     """
     Validate that DB based authentication can be performed
     """
     # create user "socrates"
-    db.create_user(
-        db_session,
-        username="socrates",
-        email="[email protected]",
-        password="secret"
+    dbapi.create_user(
+        db_session, username="socrates", email="[email protected]", password="secret"
     )
 
     # socrates enters wrong password
-    response = client.post("/token", json={
-        "username": "socrates",
-        "password": "wrongsecret"  # this is wrong password!
-    })
+    response = client.post(
+        "/token",
+        json={
+            "username": "socrates",
+            "password": "wrongsecret",  # this is wrong password!
+        },
+    )
 
     assert response.status_code == 401
 
     # socrates enters correct credentials
-    response = client.post("/token", json={
-        "username": "socrates",
-        "password": "secret"
-    })
+    response = client.post(
+        "/token", json={"username": "socrates", "password": "secret"}
+    )
 
     assert response.status_code == 200, response.text
     # now socrates has its access token
-    assert response.json()['access_token'] is not None
+    assert response.json()["access_token"] is not None
 
 
 def test_db_based_authentication_for_non_existing_user(
-    client: httpx.Client,
-    db_session: Session
+    client: httpx.Client, db_session: Session
 ):
     # There is no user "kant" in DB
-    response = client.post("/token", json={
-        "username": "kant",
-        "password": "secret"
-    })
+    response = client.post("/token", json={"username": "kant", "password": "secret"})
 
     assert response.status_code == 401, response.text
-    assert response.json()['detail'] == "Unauthorized"
+    assert response.json()["detail"] == "Unauthorized"