Refactor fixtures into conftest.py (HarryMWinters#17) 🔂

HarryMWinters · web-flow · commit 04838e38c449 · 2021-08-07T16:56:23.000-07:00
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -0,0 +1,144 @@
+import json
+import os
+import time
+import uuid
+
+import jwt
+import pytest
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+
+FIXTURES_DIRECTORY = os.path.join(os.path.dirname(__file__), "fixtures")
+
+
+KEY = rsa.generate_private_key(
+    backend=default_backend(), public_exponent=65537, key_size=2048
+)
+
+
+@pytest.fixture
+def oidc_discovery():
+    with open(FIXTURES_DIRECTORY + "/AuthServerDiscovery.json") as f:
+        OIDC_DISCOVERY_RESPONSE = json.load(f)
+
+    return OIDC_DISCOVERY_RESPONSE
+
+
+@pytest.fixture
+def test_email():
+    return "AnticipationOfANewLoversArrivalThe@VeryLittleGravitasIndeed"
+
+
+@pytest.fixture
+def key():
+    # keeping the key global so it isn't regenerated with each fixture use.
+    return KEY
+
+
+@pytest.fixture
+def private_key(key):
+    return key.private_bytes(
+        serialization.Encoding.PEM,
+        serialization.PrivateFormat.PKCS8,
+        serialization.NoEncryption(),
+    ).decode("UTF-8")
+
+
+@pytest.fixture
+def public_key(key):
+    return (
+        key.public_key()
+        .public_bytes(serialization.Encoding.PEM, serialization.PublicFormat.PKCS1)
+        .decode("UTF-8")
+    )
+
+
+@pytest.fixture
+def config_w_aud():
+    return {
+        "client_id": "CongenitalOptimist",
+        "audience": "NeverAgain",
+        "base_authorization_server_uri": "WhatAreTheCivilianApplications?",
+        "issuer": "PokeItWithAStick",
+        "signature_cache_ttl": 6e3,
+    }
+
+
+@pytest.fixture
+def no_audience_config():
+    return {
+        "client_id": "CongenitalOptimist",
+        "base_authorization_server_uri": "WhatAreTheCivilianApplications?",
+        "issuer": "PokeItWithAStick",
+        "signature_cache_ttl": 6e3,
+    }
+
+
+@pytest.fixture
+def token_with_audience(private_key, config_w_aud, test_email) -> str:
+    audience: str = str(config_w_aud["audience"])
+    issuer: str = str(config_w_aud["issuer"])
+    now = int(time.time())
+
+    return jwt.encode(
+        {
+            "aud": audience,
+            "iss": issuer,
+            "email": test_email,
+            "name": "SweetAndFullOfGrace",
+            "preferred_username": "Sweet",
+            "exp": now + 30,
+            "auth_time": now,
+            "sub": "foo",
+            "ver": "1",
+            "iat": now,
+            "jti": str(uuid.uuid4()),
+            "amr": [],
+            "idp": "",
+            "nonce": "",
+            "at_hash": "",
+        },
+        private_key,
+        algorithm="RS256",
+    ).decode("UTF-8")
+
+
+@pytest.fixture
+def token_without_audience(private_key, no_audience_config, test_email) -> str:
+    # Make a token where audience is client_id
+    client_id: str = str(no_audience_config["client_id"])
+    issuer: str = str(no_audience_config["issuer"])
+    now = int(time.time())
+
+    return jwt.encode(
+        {
+            "aud": client_id,
+            "iss": issuer,
+            "email": test_email,
+            "name": "SweetAndFullOfGrace",
+            "preferred_username": "Sweet",
+            "exp": now + 30,
+            "auth_time": now,
+            "sub": "foo",
+            "ver": "1",
+            "iat": now,
+            "jti": str(uuid.uuid4()),
+            "amr": [],
+            "idp": "",
+            "nonce": "",
+            "at_hash": "",
+        },
+        private_key,
+        algorithm="RS256",
+    ).decode("UTF-8")
+
+
+@pytest.fixture
+def mock_discovery(oidc_discovery, public_key):
+    class functions:
+        auth_server = lambda **_: oidc_discovery
+        public_keys = lambda _: public_key
+        signing_algos = lambda x: x["id_token_signing_alg_values_supported"]
+
+    return lambda *args, **kwargs: functions
diff --git a/tests/test_auth.py b/tests/test_auth.py
@@ -1,149 +1,42 @@
-import json
-import os
-import time
-import uuid
-
-import jwt
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.primitives.asymmetric import rsa
-
 from fastapi_oidc import auth
+from fastapi_oidc.types import IDToken
 
 
-class Fixtures:
-    _fixtures_directory = os.path.join(os.path.dirname(__file__), "fixtures")
-
-    with open(_fixtures_directory + "/AuthServerDiscovery.json") as f:
-        OIDC_DISCOVERY_RESPONSE = json.load(f)
-
-    _key = rsa.generate_private_key(
-        backend=default_backend(), public_exponent=65537, key_size=2048
-    )
-
-    TESTING_PRIVATE_KEY = _key.private_bytes(
-        serialization.Encoding.PEM,
-        serialization.PrivateFormat.PKCS8,
-        serialization.NoEncryption(),
-    ).decode("UTF-8")
-
-    TESTING_PUBLIC_KEY = (
-        _key.public_key()
-        .public_bytes(serialization.Encoding.PEM, serialization.PublicFormat.PKCS1)
-        .decode("UTF-8")
-    )
-
+def test__authenticate_user(
+    monkeypatch,
+    mock_discovery,
+    token_with_audience,
+    config_w_aud,
+    test_email,
+):
 
-TEST_CONFIG = {
-    "client_id": "CongenitalOptimist",
-    "audience": "NeverAgain",
-    "base_authorization_server_uri": "WhatAreTheCivilianApplications?",
-    "issuer": "PokeItWithAStick",
-    "signature_cache_ttl": 6e3,
-}
-
-# Test configuration without audience
-TEST_CONFIG_NO_AUD = {
-    "client_id": "CongenitalOptimist",
-    "base_authorization_server_uri": "WhatAreTheCivilianApplications?",
-    "issuer": "PokeItWithAStick",
-    "signature_cache_ttl": 6e3,
-}
-
-
-def _make_token(
-    email: str,
-    private_key: str = Fixtures.TESTING_PRIVATE_KEY,
-    client_id: str = str(TEST_CONFIG["client_id"]),
-    audience: str = str(TEST_CONFIG["audience"]),
-    issuer: str = str(TEST_CONFIG["issuer"]),
-) -> str:
-    now = int(time.time())
-    return jwt.encode(
-        {
-            "aud": audience,
-            "iss": issuer,
-            "email": email,
-            "name": "SweetAndFullOfGrace",
-            "preferred_username": "Sweet",
-            "exp": now + 30,
-            "auth_time": now,
-            "sub": "foo",
-            "ver": "1",
-            "iat": now,
-            "jti": str(uuid.uuid4()),
-            "amr": [],
-            "idp": "",
-            "nonce": "",
-            "at_hash": "",
-        },
-        private_key,
-        algorithm="RS256",
-    ).decode("UTF-8")
+    monkeypatch.setattr(auth.discovery, "configure", mock_discovery)
 
+    token = token_with_audience
 
-# Make a token where audience is client_id
-def _make_token_no_aud(
-    email: str,
-    private_key: str = Fixtures.TESTING_PRIVATE_KEY,
-    client_id: str = str(TEST_CONFIG_NO_AUD["client_id"]),
-    issuer: str = str(TEST_CONFIG_NO_AUD["issuer"]),
-) -> str:
-    now = int(time.time())
-    return jwt.encode(
-        {
-            "aud": client_id,
-            "iss": issuer,
-            "email": email,
-            "name": "SweetAndFullOfGrace",
-            "preferred_username": "Sweet",
-            "exp": now + 30,
-            "auth_time": now,
-            "sub": "foo",
-            "ver": "1",
-            "iat": now,
-            "jti": str(uuid.uuid4()),
-            "amr": [],
-            "idp": "",
-            "nonce": "",
-            "at_hash": "",
-        },
-        private_key,
-        algorithm="RS256",
-    ).decode("UTF-8")
+    authenticate_user = auth.get_auth(**config_w_aud)
+    id_token: IDToken = authenticate_user(auth_header=f"Bearer {token}")
 
+    assert id_token.email == test_email  # nosec
+    assert id_token.aud == config_w_aud["audience"]
 
-def test__authenticate_user(monkeypatch):
-    def mock_discovery(*args, **kwargs):
-        class functions:
-            auth_server = lambda **_: Fixtures.OIDC_DISCOVERY_RESPONSE
-            public_keys = lambda _: Fixtures.TESTING_PUBLIC_KEY
-            signing_algos = lambda x: x["id_token_signing_alg_values_supported"]
 
-        return functions
+# Ensure that when no audience is supplied, that the audience defaults to client ID
+def test__authenticate_user_no_aud(
+    monkeypatch,
+    mock_discovery,
+    token_without_audience,
+    no_audience_config,
+    test_email,
+):
 
     monkeypatch.setattr(auth.discovery, "configure", mock_discovery)
-    email = "AnticipationOfANewLoversArrivalThe@VeryLittleGravitasIndeed"
-    token = _make_token(email=email)
-    authenticate_user = auth.get_auth(**TEST_CONFIG)
-    IDToken = authenticate_user(auth_header=f"Bearer {token}")
-    assert IDToken.email == email  # nosec
 
+    token = token_without_audience
 
-# Ensure that when no audience is supplied, that the audience defaults to client ID
-def test__authenticate_user_no_aud(monkeypatch):
-    def mock_discovery(*args, **kwargs):
-        class functions:
-            auth_server = lambda **_: Fixtures.OIDC_DISCOVERY_RESPONSE
-            public_keys = lambda _: Fixtures.TESTING_PUBLIC_KEY
-            signing_algos = lambda x: x["id_token_signing_alg_values_supported"]
+    authenticate_user = auth.get_auth(**no_audience_config)
 
-        return functions
+    id_token: IDToken = authenticate_user(auth_header=f"Bearer {token}")
 
-    monkeypatch.setattr(auth.discovery, "configure", mock_discovery)
-    email = "AnticipationOfANewLoversArrivalThe@VeryLittleGravitasIndeed"
-    token = _make_token_no_aud(email=email)
-    authenticate_user = auth.get_auth(**TEST_CONFIG_NO_AUD)
-    IDToken = authenticate_user(auth_header=f"Bearer {token}")
-    assert IDToken.email == email  # nosec
-    assert IDToken.aud == TEST_CONFIG_NO_AUD["client_id"]
+    assert id_token.email == test_email  # nosec
+    assert id_token.aud == no_audience_config["client_id"]
