|
3 | 3 | """ |
4 | 4 |
|
5 | 5 | import shutil |
| 6 | +from datetime import datetime, timedelta |
6 | 7 |
|
7 | 8 | import keyring |
8 | 9 | import pytest |
| 10 | +from click.testing import Result |
9 | 11 | from keyring.errors import NoKeyringError |
10 | 12 | from pydantic import SecretStr |
11 | 13 | from typer.testing import CliRunner |
@@ -39,9 +41,9 @@ def make_tokens_expired(access: bool = False, refresh: bool = False): |
39 | 41 | Helper function to make either the access token or refresh token expired in the tokens file. |
40 | 42 | Sets the expiry time to 1970 (unix time stamp) |
41 | 43 | """ |
42 | | - with open(cli_settings.TOKENS_PATH, "r") as token_file: |
| 44 | + with open(cli_settings.TOKENS_FALLBACK_PATH, "r") as token_file: |
43 | 45 | lines = token_file.readlines() |
44 | | - with open(cli_settings.TOKENS_PATH, "w") as token_file: |
| 46 | + with open(cli_settings.TOKENS_FALLBACK_PATH, "w") as token_file: |
45 | 47 | for line in lines: |
46 | 48 | if access and line.startswith("access_token_expires_at:"): |
47 | 49 | token_file.write("access_token_expires_at: 1\n") |
@@ -220,12 +222,12 @@ def test_using_revoked_refresh_token_fails(tmp_path, disable_keyring_backend): |
220 | 222 | log_in_as_user() |
221 | 223 |
|
222 | 224 | shutil.copy(cli_settings.CONFIG_PATH, tmp_path / "config_backup.yaml") |
223 | | - shutil.copy(cli_settings.TOKENS_PATH, tmp_path / "tokens_backup.yaml") |
| 225 | + shutil.copy(cli_settings.TOKENS_FALLBACK_PATH, tmp_path / "tokens_backup.yaml") |
224 | 226 |
|
225 | 227 | result = runner.invoke(app=app, args=logout_command) |
226 | 228 | assert result.exit_code == 0 |
227 | 229 |
|
228 | | - shutil.copy(tmp_path / "tokens_backup.yaml", cli_settings.TOKENS_PATH) |
| 230 | + shutil.copy(tmp_path / "tokens_backup.yaml", cli_settings.TOKENS_FALLBACK_PATH) |
229 | 231 | shutil.copy(tmp_path / "config_backup.yaml", cli_settings.CONFIG_PATH) |
230 | 232 | make_tokens_expired(access=True) |
231 | 233 |
|
@@ -282,3 +284,121 @@ def test_jwt_session_takes_priority_over_pat(disable_keyring_backend, monkeypatc |
282 | 284 | result = runner.invoke(app=app, args="auth whoami") |
283 | 285 | assert result.exit_code == 0 |
284 | 286 | assert USER_EMAIL in result.stdout |
| 287 | + |
| 288 | + |
| 289 | +_FAKE_PAT_NAME = "work-laptop" |
| 290 | +_FAKE_PAT = "divbase_pat_fakefakefakefakefakefakefake" |
| 291 | + |
| 292 | + |
| 293 | +def run_add_pat_cmd( |
| 294 | + name: str = _FAKE_PAT_NAME, |
| 295 | + expires: int | None = 9999999999, |
| 296 | + pat: str = _FAKE_PAT, |
| 297 | + overwrite: bool = False, |
| 298 | +) -> Result: |
| 299 | + """Helper fn to run the add-pat command.""" |
| 300 | + args = f"auth add-pat {name}" |
| 301 | + if expires is not None: |
| 302 | + args += f" --expires {expires}" |
| 303 | + if overwrite: |
| 304 | + args += " --overwrite-existing" |
| 305 | + return runner.invoke( |
| 306 | + app=app, |
| 307 | + args=args, |
| 308 | + input=f"{pat}\n", |
| 309 | + ) |
| 310 | + |
| 311 | + |
| 312 | +@pytest.fixture |
| 313 | +def cleanup_stored_cli_pat(): |
| 314 | + """Remove any possibly stored PAT from a add-pat command in a test""" |
| 315 | + yield |
| 316 | + # rm-pat is idempotent, so doesn't matter if there is no PAT. |
| 317 | + result = runner.invoke(app=app, args="auth rm-pat") |
| 318 | + assert result.exit_code == 0 |
| 319 | + |
| 320 | + |
| 321 | +def test_add_pat_stores_pat(cleanup_stored_cli_pat): |
| 322 | + """add-pat should store the PAT and pat-info should now show the PATs is stored""" |
| 323 | + result = run_add_pat_cmd() |
| 324 | + assert result.exit_code == 0 |
| 325 | + assert _FAKE_PAT_NAME in result.stdout |
| 326 | + |
| 327 | + info = runner.invoke(app=app, args="auth pat-info") |
| 328 | + assert info.exit_code == 0 |
| 329 | + assert _FAKE_PAT_NAME in info.stdout |
| 330 | + assert _FAKE_PAT not in info.stdout # PAT should not be printed |
| 331 | + |
| 332 | + |
| 333 | +def test_add_pat_rejects_invalid_pat_prefix(cleanup_stored_cli_pat): |
| 334 | + """add-pat should fail if the token doesn't start with the PAT prefix.""" |
| 335 | + result = run_add_pat_cmd(pat="not_a_real_pat") |
| 336 | + assert result.exit_code != 0 |
| 337 | + assert "not a valid personal access token" in result.stdout |
| 338 | + |
| 339 | + |
| 340 | +def test_add_pat_rejects_already_expired_pat(cleanup_stored_cli_pat): |
| 341 | + """add-pat should fail if the token doesn't start with the PAT prefix.""" |
| 342 | + one_day_ago = datetime.now() - timedelta(days=1) |
| 343 | + result = run_add_pat_cmd(expires=int(one_day_ago.timestamp())) |
| 344 | + assert result.exit_code != 0 |
| 345 | + assert "expiry" in result.stdout |
| 346 | + |
| 347 | + |
| 348 | +def test_add_pat_with_no_expiry(cleanup_stored_cli_pat): |
| 349 | + """add-pat without --expires set works and stores a PAT.""" |
| 350 | + result = run_add_pat_cmd(expires=None) |
| 351 | + assert result.exit_code == 0 |
| 352 | + assert _FAKE_PAT_NAME in result.stdout |
| 353 | + |
| 354 | + info = runner.invoke(app=app, args="auth pat-info") |
| 355 | + assert info.exit_code == 0 |
| 356 | + assert _FAKE_PAT_NAME in info.stdout |
| 357 | + assert "Never" in info.stdout # expiry info |
| 358 | + assert _FAKE_PAT not in info.stdout # PAT should not be printed |
| 359 | + |
| 360 | + |
| 361 | +def test_cannot_add_pat_without_overwrite_flag(cleanup_stored_cli_pat): |
| 362 | + """add-pat must refuse to overwrite an existing PAT unless --overwrite-existing is passed.""" |
| 363 | + result = run_add_pat_cmd() |
| 364 | + assert result.exit_code == 0 |
| 365 | + assert _FAKE_PAT_NAME in result.stdout |
| 366 | + |
| 367 | + result = run_add_pat_cmd() |
| 368 | + assert result.exit_code != 0 |
| 369 | + assert "already stored" in result.stdout |
| 370 | + assert "--overwrite-existing" in result.stdout |
| 371 | + |
| 372 | + result = run_add_pat_cmd(overwrite=True) |
| 373 | + assert result.exit_code == 0 |
| 374 | + assert _FAKE_PAT_NAME in result.stdout |
| 375 | + |
| 376 | + result = run_add_pat_cmd(name="a-new-pat", overwrite=True) |
| 377 | + assert result.exit_code == 0 |
| 378 | + assert "a-new-pat" in result.stdout |
| 379 | + |
| 380 | + |
| 381 | +def test_rm_pat_removes_stored_pat(cleanup_stored_cli_pat): |
| 382 | + """rm-pat should remove the stored PAT so that pat-info shows nothing.""" |
| 383 | + result = run_add_pat_cmd() |
| 384 | + assert result.exit_code == 0 |
| 385 | + |
| 386 | + result = runner.invoke(app=app, args="auth rm-pat") |
| 387 | + assert result.exit_code == 0 |
| 388 | + |
| 389 | + info = runner.invoke(app=app, args="auth pat-info") |
| 390 | + assert info.exit_code == 0 |
| 391 | + assert "No personal access token" in info.stdout |
| 392 | + |
| 393 | + |
| 394 | +def test_rm_pat_with_no_pat_is_ok(cleanup_stored_cli_pat): |
| 395 | + """rm-pat should succeed even if no PAT is currently stored.""" |
| 396 | + result = runner.invoke(app=app, args="auth rm-pat") |
| 397 | + assert result.exit_code == 0 |
| 398 | + |
| 399 | + |
| 400 | +def test_pat_info_when_no_pat_stored(cleanup_stored_cli_pat): |
| 401 | + """pat-info should report nothing stored when no PAT has been added.""" |
| 402 | + info = runner.invoke(app=app, args="auth pat-info") |
| 403 | + assert info.exit_code == 0 |
| 404 | + assert "No personal access token" in info.stdout |
0 commit comments