56 lines
1.6 KiB
Python
56 lines
1.6 KiB
Python
from __future__ import annotations
|
|
|
|
from opensquilla.gateway.auth import OpenScopeResolver
|
|
from opensquilla.gateway.config import AuthConfig, GatewayConfig
|
|
from opensquilla.gateway.scopes import (
|
|
CLI_DEFAULT_OPERATOR_SCOPES,
|
|
PROPOSALS_SCOPE,
|
|
REMOTE_OPERATOR_SCOPES,
|
|
normalize_operator_scopes,
|
|
)
|
|
|
|
|
|
def test_open_auth_loopback_operator_gets_local_owner_scopes_when_debug_false() -> None:
|
|
principal = OpenScopeResolver().resolve(
|
|
{},
|
|
"operator",
|
|
GatewayConfig(debug=False, host="127.0.0.1"),
|
|
peer_ip="127.0.0.1",
|
|
)
|
|
|
|
assert principal.scopes == CLI_DEFAULT_OPERATOR_SCOPES
|
|
assert principal.is_owner is True
|
|
assert principal.authenticated is False
|
|
|
|
|
|
def test_open_auth_exposed_operator_gets_remote_scopes_when_debug_false() -> None:
|
|
principal = OpenScopeResolver().resolve(
|
|
{},
|
|
"operator",
|
|
GatewayConfig(debug=False, host="0.0.0.0"),
|
|
peer_ip="127.0.0.1",
|
|
)
|
|
|
|
assert principal.scopes == REMOTE_OPERATOR_SCOPES
|
|
assert PROPOSALS_SCOPE not in principal.scopes
|
|
assert principal.is_owner is False
|
|
assert principal.authenticated is False
|
|
|
|
|
|
def test_open_auth_debug_operator_uses_configured_token_scopes() -> None:
|
|
configured_scopes = ["operator.write"]
|
|
principal = OpenScopeResolver().resolve(
|
|
{},
|
|
"operator",
|
|
GatewayConfig(
|
|
debug=True,
|
|
host="0.0.0.0",
|
|
auth=AuthConfig(token_scopes=configured_scopes),
|
|
),
|
|
peer_ip="203.0.113.7",
|
|
)
|
|
|
|
assert principal.scopes == normalize_operator_scopes(configured_scopes)
|
|
assert principal.is_owner is False
|
|
assert principal.authenticated is False
|