Skip to content

Commit

Permalink
Merge branch 'master' into broken-links
Browse files Browse the repository at this point in the history
  • Loading branch information
@smvgarcia
smvgarcia authored Nov 12, 2024
2 parents 44ee289 + 0f8a6bb commit 8768514
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 19 deletions.
21 changes: 3 additions & 18 deletions fence/auth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
from fence.user import get_current_user
from fence.utils import clear_cookies
from fence.config import config
from fence.authz.auth import check_arborist_auth

logger = get_logger(__name__)

Expand Down Expand Up @@ -275,25 +276,9 @@ def get_user_from_claims(claims):
)


def admin_required(f):
"""
Require user to be an admin user.
"""

@wraps(f)
def wrapper(*args, **kwargs):
if not flask.g.user:
raise Unauthorized("Require login")
if flask.g.user.is_admin is not True:
raise Unauthorized("Require admin user")
return f(*args, **kwargs)

return wrapper


def admin_login_required(function):
"""Compose the login required and admin required decorators."""
return login_required({"admin"})(admin_required(function))
"""Use the check_arborist_auth decorator checking on admin authorization."""
return check_arborist_auth(["/services/fence/admin"], "*")(function)


def _update_users_email(user, email):
Expand Down
14 changes: 13 additions & 1 deletion tests/admin/test_admin_users_endpoints.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@

@pytest.fixture(autouse=True)
def mock_arborist(mock_arborist_requests):
mock_arborist_requests()
mock_arborist_requests({"arborist/auth/request": {"POST": ({"auth": True}, 200)}})


# TODO: Not yet tested: PUT,DELETE /users/<username>/projects
Expand Down Expand Up @@ -186,6 +186,18 @@ def test_get_user_username(
assert r.json["username"] == "test_a"


def test_get_user_username_no_admin_auth(
client, encoded_admin_jwt, mock_arborist_requests
):
"""GET /users/<username>: [get_user]: rainy path where arborist authorization check fails"""
mock_arborist_requests({"arborist/auth/request": {"POST": ({"auth": False}, 200)}})
r = client.get(
"/admin/users/test_a", headers={"Authorization": "Bearer " + encoded_admin_jwt}
)
assert r.status_code == 403
assert "user does not have privileges to access this endpoint" in r.text


def test_get_user_long_username(
client, admin_user, encoded_admin_jwt, db_session, test_user_long
):
Expand Down

0 comments on commit 8768514

Please sign in to comment.