add unit tests

Author: npeshkov

test/unit/test_auth_callback_server.py

@@ -24,7 +24,10 @@ def test_auth_callback_success(monkeypatch, dontwait, timeout, reuse_port) -> No
     monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_REUSE_PORT", reuse_port)
     monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_MSG_DONTWAIT", dontwait)
     test_response: requests.Response | None = None
-    with AuthHttpServer("http://127.0.0.1/test_request") as callback_server:
+    with AuthHttpServer(
+        uri="http://127.0.0.1/test_request",
+        redirect_uri="http://127.0.0.1/test_request",
+    ) as callback_server:
 
         def request_callback():
             nonlocal test_response
@@ -57,7 +60,103 @@ def request_callback():
 def test_auth_callback_timeout(monkeypatch, dontwait, timeout, reuse_port) -> None:
     monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_REUSE_PORT", reuse_port)
     monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_MSG_DONTWAIT", dontwait)
-    with AuthHttpServer("http://127.0.0.1/test_request") as callback_server:
+    with AuthHttpServer(
+        uri="http://127.0.0.1/test_request",
+        redirect_uri="http://127.0.0.1/test_request",
+    ) as callback_server:
         block, client_socket = callback_server.receive_block(timeout=timeout)
         assert block is None
         assert client_socket is None
+
+
+@pytest.mark.parametrize(
+    "socket_host",
+    [
+        "127.0.0.1",
+        "localhost",
+    ],
+)
+@pytest.mark.parametrize(
+    "socket_port",
+    [
+        "",
+        ":0",
+        ":12345",
+    ],
+)
+@pytest.mark.parametrize(
+    "redirect_host",
+    [
+        "127.0.0.1",
+        "localhost",
+    ],
+)
+@pytest.mark.parametrize(
+    "redirect_port",
+    [
+        "",
+        ":0",
+        ":12345",
+    ],
+)
+@pytest.mark.parametrize(
+    "dontwait",
+    ["false", "true"],
+)
+@pytest.mark.parametrize("reuse_port", ["true", "false"])
+def test_auth_callback_server_updates_localhost_redirect_uri_port_to_match_socket_port(
+    monkeypatch,
+    socket_host,
+    socket_port,
+    redirect_host,
+    redirect_port,
+    dontwait,
+    reuse_port,
+) -> None:
+    monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_REUSE_PORT", reuse_port)
+    monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_MSG_DONTWAIT", dontwait)
+    with AuthHttpServer(
+        uri=f"http://{socket_host}{socket_port}/test_request",
+        redirect_uri=f"http://{redirect_host}{redirect_port}/test_request",
+    ) as callback_server:
+        assert callback_server._redirect_uri.port == callback_server.port
+
+
+@pytest.mark.parametrize(
+    "socket_host",
+    [
+        "127.0.0.1",
+        "localhost",
+    ],
+)
+@pytest.mark.parametrize(
+    "socket_port",
+    [
+        "",
+        ":0",
+        ":12345",
+    ],
+)
+@pytest.mark.parametrize(
+    "redirect_port",
+    [
+        "",
+        ":0",
+        ":12345",
+    ],
+)
+@pytest.mark.parametrize(
+    "dontwait",
+    ["false", "true"],
+)
+@pytest.mark.parametrize("reuse_port", ["true", "false"])
+def test_auth_callback_server_does_not_updates_nonlocalhost_redirect_uri_port_to_match_socket_port(
+    monkeypatch, socket_host, socket_port, redirect_port, dontwait, reuse_port
+) -> None:
+    monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_REUSE_PORT", reuse_port)
+    monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_MSG_DONTWAIT", dontwait)
+    redirect_uri = f"http://not_localhost{redirect_port}/test_request"
+    with AuthHttpServer(
+        uri=f"http://{socket_host}{socket_port}/test_request", redirect_uri=redirect_uri
+    ) as callback_server:
+        assert callback_server.redirect_uri == redirect_uri

test/unit/test_auth_oauth_auth_code.py

@@ -5,7 +5,7 @@
 
 import unittest.mock as mock
 from test.helpers import apply_auth_class_update_body, create_mock_auth_body
-from unittest.mock import patch
+from unittest.mock import PropertyMock, patch
 
 import pytest
 
@@ -285,3 +285,69 @@ def mock_request_tokens(self, **kwargs):
     assert isinstance(conn.auth_class, AuthByOauthCode)
 
     conn.close()
+
+
+@pytest.mark.parametrize("redirect_uri", ["https://redirect/uri"])
+@pytest.mark.parametrize("rtr_enabled", [True, False])
+def test_auth_oauth_auth_code_uses_redirect_uri(
+    redirect_uri, rtr_enabled: bool, omit_oauth_urls_check
+):
+    """Test that the redirect URI is used correctly in the OAuth authorization code flow."""
+    auth = AuthByOauthCode(
+        "app",
+        "clientId",
+        "clientSecret",
+        "auth_url",
+        "tokenRequestUrl",
+        redirect_uri,
+        "scope",
+        "host",
+        pkce_enabled=False,
+        enable_single_use_refresh_tokens=rtr_enabled,
+    )
+
+    def fake_get_request_token_response(_, fields: dict[str, str]):
+        if rtr_enabled:
+            assert fields.get("enable_single_use_refresh_tokens") == "true"
+        else:
+            assert "enable_single_use_refresh_tokens" not in fields
+        return ("access_token", "refresh_token")
+
+    with patch(
+        "snowflake.connector.auth.AuthByOauthCode._construct_authorization_request",
+        return_value="authorization_request",
+    ) as mock_construct_authorization_request:
+        with patch(
+            "snowflake.connector.auth.AuthByOauthCode._receive_authorization_callback",
+            return_value=("code", auth._state),
+        ):
+            with patch(
+                "snowflake.connector.auth.AuthByOauthCode._ask_authorization_callback_from_user",
+                return_value=("code", auth._state),
+            ):
+                with patch(
+                    "snowflake.connector.auth.AuthByOauthCode._get_request_token_response",
+                    side_effect=fake_get_request_token_response,
+                ) as mock_get_request_token_response:
+                    with patch(
+                        "snowflake.connector.auth._http_server.AuthHttpServer.redirect_uri",
+                        return_value=redirect_uri,
+                        new_callable=PropertyMock,
+                    ):
+                        auth.prepare(
+                            conn=None,
+                            authenticator=OAUTH_AUTHORIZATION_CODE,
+                            service_name=None,
+                            account="acc",
+                            user="user",
+                        )
+                        mock_construct_authorization_request.assert_called_once_with(
+                            redirect_uri
+                        )
+                        assert mock_get_request_token_response.call_count == 1
+                        assert (
+                            mock_get_request_token_response.call_args[0][1][
+                                "redirect_uri"
+                            ]
+                            == redirect_uri
+                        )

test/unit/test_oauth_token.py

@@ -124,6 +124,7 @@ def test_oauth_code_successful_flow(
     omit_oauth_urls_check,
 ) -> None:
     monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_REUSE_PORT", "true")
+    monkeypatch.setenv("SNOWFLAKE_OAUTH_SOCKET_PORT", "8009")
 
     wiremock_client.import_mapping(
         wiremock_oauth_authorization_code_dir / "successful_flow.json"
@@ -166,6 +167,7 @@ def test_oauth_code_invalid_state(
     omit_oauth_urls_check,
 ) -> None:
     monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_REUSE_PORT", "true")
+    monkeypatch.setenv("SNOWFLAKE_OAUTH_SOCKET_PORT", "8009")
 
     wiremock_client.import_mapping(
         wiremock_oauth_authorization_code_dir / "invalid_state_error.json"
@@ -201,6 +203,7 @@ def test_oauth_code_scope_error(
     monkeypatch,
 ) -> None:
     monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_REUSE_PORT", "true")
+    monkeypatch.setenv("SNOWFLAKE_OAUTH_SOCKET_PORT", "8009")
 
     wiremock_client.import_mapping(
         wiremock_oauth_authorization_code_dir / "invalid_scope_error.json"
@@ -237,6 +240,7 @@ def test_oauth_code_token_request_error(
     omit_oauth_urls_check,
 ) -> None:
     monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_REUSE_PORT", "true")
+    monkeypatch.setenv("SNOWFLAKE_OAUTH_SOCKET_PORT", "8009")
 
     with WiremockClient() as wiremock_client:
         wiremock_client.import_mapping(
@@ -275,6 +279,7 @@ def test_oauth_code_browser_timeout(
     omit_oauth_urls_check,
 ) -> None:
     monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_REUSE_PORT", "true")
+    monkeypatch.setenv("SNOWFLAKE_OAUTH_SOCKET_PORT", "8009")
 
     wiremock_client.import_mapping(
         wiremock_oauth_authorization_code_dir
@@ -316,6 +321,7 @@ def test_oauth_code_custom_urls(
     omit_oauth_urls_check,
 ) -> None:
     monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_REUSE_PORT", "true")
+    monkeypatch.setenv("SNOWFLAKE_OAUTH_SOCKET_PORT", "8009")
 
     wiremock_client.import_mapping(
         wiremock_oauth_authorization_code_dir / "external_idp_custom_urls.json"
@@ -359,6 +365,7 @@ def test_oauth_code_local_application_custom_urls_successful_flow(
     omit_oauth_urls_check,
 ) -> None:
     monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_REUSE_PORT", "true")
+    monkeypatch.setenv("SNOWFLAKE_OAUTH_SOCKET_PORT", "8009")
 
     wiremock_client.import_mapping(
         wiremock_oauth_authorization_code_dir
@@ -403,6 +410,7 @@ def test_oauth_code_successful_refresh_token_flow(
     omit_oauth_urls_check,
 ) -> None:
     monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_REUSE_PORT", "true")
+    monkeypatch.setenv("SNOWFLAKE_OAUTH_SOCKET_PORT", "8009")
 
     wiremock_client.import_mapping(
         wiremock_generic_mappings_dir / "snowflake_login_failed.json"
@@ -463,6 +471,7 @@ def test_oauth_code_expired_refresh_token_flow(
     omit_oauth_urls_check,
 ) -> None:
     monkeypatch.setenv("SNOWFLAKE_AUTH_SOCKET_REUSE_PORT", "true")
+    monkeypatch.setenv("SNOWFLAKE_OAUTH_SOCKET_PORT", "8009")
 
     wiremock_client.import_mapping(
         wiremock_generic_mappings_dir / "snowflake_login_failed.json"
@@ -546,6 +555,10 @@ def test_client_creds_successful_flow(
     monkeypatch,
     temp_cache,
 ) -> None:
+    monkeypatch.setenv(
+        "SNOWFLAKE_OAUTH_SOCKET_PORT", wiremock_client.wiremock_http_port
+    )
+
     wiremock_client.import_mapping(
         wiremock_oauth_client_creds_dir / "successful_flow.json"
     )
@@ -596,6 +609,10 @@ def test_client_creds_token_request_error(
     wiremock_generic_mappings_dir,
     monkeypatch,
 ) -> None:
+    monkeypatch.setenv(
+        "SNOWFLAKE_OAUTH_SOCKET_PORT", wiremock_client.wiremock_http_port
+    )
+
     wiremock_client.import_mapping(
         wiremock_oauth_client_creds_dir / "token_request_error.json"
     )
@@ -637,6 +654,10 @@ def test_client_creds_expired_refresh_token_flow(
     monkeypatch,
     temp_cache,
 ) -> None:
+    monkeypatch.setenv(
+        "SNOWFLAKE_OAUTH_SOCKET_PORT", wiremock_client.wiremock_http_port
+    )
+
     wiremock_client.import_mapping(
         wiremock_generic_mappings_dir / "snowflake_login_failed.json"
     )