|
3 | 3 |
|
4 | 4 | import pytest |
5 | 5 | from django.urls import reverse |
| 6 | +from django.utils import timezone |
| 7 | +from freezegun import freeze_time |
6 | 8 | from pytz import UTC |
7 | 9 | from rest_framework.test import APIRequestFactory |
8 | 10 | from rest_framework.views import APIView |
@@ -73,6 +75,48 @@ def test_get_auth_required_header_invalid_created_at( |
73 | 75 | assert str(response.data["detail"]) == "Invalid hsa_created_at" |
74 | 76 |
|
75 | 77 |
|
| 78 | +@pytest.mark.django_db |
| 79 | +@pytest.mark.parametrize( |
| 80 | + "leeway,expected_response_code,expected_response_data_contains", |
| 81 | + [(0, 403, "Invalid hsa_created_at"), (1, 200, "You are authenticated")], |
| 82 | +) |
| 83 | +def test_get_auth_required_header_clock_skew_leeway( |
| 84 | + api_client, |
| 85 | + data_source, |
| 86 | + signed_auth_key_factory, |
| 87 | + leeway, |
| 88 | + expected_response_code, |
| 89 | + expected_response_data_contains, |
| 90 | + settings, |
| 91 | +): |
| 92 | + signed_auth_key = signed_auth_key_factory(data_source=data_source) |
| 93 | + url = reverse("auth_required_test-list") |
| 94 | + |
| 95 | + now = timezone.now() |
| 96 | + settings.HSA_CLOCK_SKEW_LEEWAY_SECONDS = leeway |
| 97 | + |
| 98 | + with freeze_time(now): |
| 99 | + data = { |
| 100 | + "hsa_source": data_source.id, |
| 101 | + "hsa_username": "test_user", |
| 102 | + "hsa_created_at": (now + datetime.timedelta(seconds=1)).isoformat(), |
| 103 | + "hsa_valid_until": ( |
| 104 | + now + datetime.timedelta(hours=1, seconds=1) |
| 105 | + ).isoformat(), |
| 106 | + } |
| 107 | + |
| 108 | + source_string = join_params(data) |
| 109 | + signature = calculate_signature(signed_auth_key.signing_key, source_string) |
| 110 | + |
| 111 | + authz_string = "haukisigned " + urllib.parse.urlencode( |
| 112 | + {**data, "hsa_signature": signature} |
| 113 | + ) |
| 114 | + |
| 115 | + response = api_client.get(url, HTTP_AUTHORIZATION=authz_string) |
| 116 | + assert response.status_code == expected_response_code |
| 117 | + assert expected_response_data_contains in str(response.data) |
| 118 | + |
| 119 | + |
76 | 120 | @pytest.mark.django_db |
77 | 121 | def test_get_auth_required_header_timezone_missing_created_at( |
78 | 122 | api_client, data_source, signed_auth_key_factory |
|
0 commit comments