Update dependencies

Author: dolfinus

pyproject.toml

@@ -65,22 +65,22 @@ exclude = ["docs", "tests"]
 
 [project.optional-dependencies]
 server = [
-  "fastapi>=0.128,<0.130",
-  "uvicorn~=0.40.0",
+  "fastapi>=0.129",
+  "uvicorn~=0.41.0",
   "starlette-exporter~=0.23.0",
   "asgi-correlation-id~=4.3.4",
   "pyjwt~=2.11.0",
   "itsdangerous~=2.2.0",
   "python-multipart~=0.0.20",
-  "python-keycloak~=7.0.3",
+  "python-keycloak>=7.0.3,<7.2.0",
 ]
 consumer = [
   "faststream[kafka,cli]~=0.6.6",
   "cramjam~=2.11.0",
 ]
 http2kafka = [
-  "fastapi>=0.128,<0.130",
-  "uvicorn~=0.40.0",
+  "fastapi>=0.129",
+  "uvicorn~=0.41.0",
   "starlette-exporter~=0.23.0",
   "asgi-correlation-id~=4.3.4",
   "faststream[kafka,cli]~=0.6.5",
@@ -133,7 +133,7 @@ docs = [
   "towncrier~=25.8.0",
   "sphinx-issues~=5.0.1",
   "sphinx-design~=0.7.0",
-  "sphinx-favicon~=1.0.1",
+  "sphinx-favicon~=1.1.0",
   "sphinx-last-updated-by-git~=0.3.8",
   # uncomment after https://github.com/zqmillet/sphinx-plantuml/pull/4
   # "sphinx-plantuml~=1.0.0",
@@ -150,10 +150,13 @@ markers = [
     "consumer: tests for consumer (require running database and kafka)",
     "http2kafka: tests for consumer (require running database and kafka)",
     "db: tests for db structure and migrations",
-    "lineage: tests for lineage endpoints (require running database)"
+    "lineage: tests for lineage endpoints (require running database)",
 ]
 asyncio_default_fixture_loop_scope = "session"
 asyncio_default_test_loop_scope = "session"
+filterwarnings = [
+    "ignore:Module already imported so cannot be rewritten:pytest.PytestAssertRewriteWarning",
+]
 
 [tool.coverage.run]
 source_pkgs = ["data_rentgen"]

tests/test_server/fixtures/keycloak.py

@@ -1,4 +1,6 @@
+import base64
 import json
+import secrets
 import time
 from base64 import b64encode
 
@@ -194,3 +196,37 @@ def mock_keycloak_logout_bad_request(server_app_settings, respx_mock):
         status_code=400,
         content_type="application/json",
     )
+
+
+@pytest.fixture
+def mock_keycloak_certs(server_app_settings, rsa_keys, respx_mock):
+    keycloak_settings = KeycloakSettings.model_validate(server_app_settings.auth.keycloak)
+    server_url = keycloak_settings.server_url
+    realm_name = keycloak_settings.realm_name
+    realm_url = f"{server_url}/realms/{realm_name}"
+    openid_url = f"{realm_url}/protocol/openid-connect"
+
+    def encode_number_base64(n: int):
+        return base64.b64encode(n.to_bytes((n.bit_length() + 7) // 8, byteorder="big")).decode("utf-8")
+
+    # return public key in Keycloak JWK format
+    # https://github.com/marcospereirampj/python-keycloak/pull/704/changes
+    public_key = rsa_keys["public_key"]
+    payload = {
+        "keys": [
+            {
+                "kid": secrets.token_hex(16),
+                "kty": "RSA",
+                "alg": "RS256",
+                "use": "sig",
+                "n": encode_number_base64(public_key.public_numbers().n),
+                "e": encode_number_base64(public_key.public_numbers().e),
+            },
+        ]
+    }
+
+    respx_mock.post(f"{openid_url}/certs").respond(
+        status_code=200,
+        json=payload,
+        content_type="application/json",
+    )

tests/test_server/test_auth/test_keycloak_auth.py

@@ -68,6 +68,7 @@ async def test_keycloak_auth(
     create_session_cookie,
     mock_keycloak_well_known,
     mock_keycloak_realm,
+    mock_keycloak_certs,
 ):
     session_cookie = create_session_cookie(user)
     headers = {
@@ -103,6 +104,7 @@ async def test_keycloak_auth_refresh_access_token(
     create_session_cookie,
     mock_keycloak_well_known,
     mock_keycloak_realm,
+    mock_keycloak_certs,
     mock_keycloak_token_refresh,
 ):
     session_cookie = create_session_cookie(user, expire_in_msec=-100000000)  # expired access token
@@ -168,6 +170,7 @@ async def test_keycloak_auth_logout(
     create_session_cookie,
     mock_keycloak_well_known,
     mock_keycloak_realm,
+    mock_keycloak_certs,
     mock_keycloak_token_refresh,
     mock_keycloak_logout,
 ):
@@ -218,6 +221,7 @@ async def test_keycloak_auth_logout_bad_request(
     create_session_cookie,
     mock_keycloak_well_known,
     mock_keycloak_realm,
+    mock_keycloak_certs,
     mock_keycloak_token_refresh,
     mock_keycloak_logout_bad_request,
 ):