Replace query to FAS with OIDC groups scope check.

This removes our query to FAS and fixes #304. It is more flexible too, where we can now configure production to only allow in members of the `modularity-wg` group, and then later open it up to all packagers after F26 is out (as was agreed with FESCo). In the process of working on this, I discovered that #305 is not necessary. We don't need our own scope; we can just use the `groups` scope as done here.
2026-05-03 01:21:33 +08:00 · 2017-02-10 15:50:41 -05:00
parent d093c5eef3
commit 88aca055ce
10 changed files with 120 additions and 181 deletions
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -33,25 +33,25 @@ import module_build_service.errors

 class TestAuthModule(unittest.TestCase):
    @raises(module_build_service.errors.Unauthorized)
-    def test_get_username_no_token(self):
+    def test_get_user_no_token(self):
        request = mock.MagicMock()
        request.cookies.return_value = {}
-        module_build_service.auth.get_username(request)
+        module_build_service.auth.get_user(request)

    @raises(module_build_service.errors.Unauthorized)
    @patch('module_build_service.auth.get_token_info')
-    def test_get_username_failure(self, get_token_info):
+    def test_get_user_failure(self, get_token_info):
        def mocked_get_token_info(token):
            return {"active": False}
        get_token_info.return_value = mocked_get_token_info

        request = mock.MagicMock()
        request.cookies.return_value = {"oidc_token", "1234"}
-        module_build_service.auth.get_username(request)
+        module_build_service.auth.get_user(request)

    @raises(module_build_service.errors.Unauthorized)
    @patch('module_build_service.auth.get_token_info')
-    def test_get_username_good(self, get_token_info):
+    def test_get_user_good(self, get_token_info):
        # https://www.youtube.com/watch?v=G-LtddOgUCE
        name = "Joey Jo Jo Junior Shabadoo"
        def mocked_get_token_info(token):
@@ -60,34 +60,5 @@ class TestAuthModule(unittest.TestCase):

        request = mock.MagicMock()
        request.cookies.return_value = {"oidc_token", "1234"}
-        result = module_build_service.auth.get_username(request)
+        result = module_build_service.auth.get_user(request)
        eq_(result, name)
-
-    @mock.patch('fedora.client.AccountSystem')
-    def test_assert_is_packager(self, AccountSystem):
-        FAS = mock.MagicMock()
-        FAS.person_by_username.return_value = {
-            'group_roles': {
-                'packager': {
-                    'role_status': 'approved',
-                },
-            },
-        }
-        AccountSystem.return_value = FAS
-        # This should not raise an exception
-        module_build_service.auth.assert_is_packager('ralph', dict())
-
-    @raises(module_build_service.errors.Unauthorized)
-    @mock.patch('fedora.client.AccountSystem')
-    def test_assert_is_packager_failure(self, AccountSystem):
-        FAS = mock.MagicMock()
-        FAS.person_by_username.return_value = {
-            'group_roles': {
-                'packager': {
-                    'role_status': 'FAILLLL',
-                },
-            },
-        }
-        AccountSystem.return_value = FAS
-        # This should not raise an exception
-        module_build_service.auth.assert_is_packager('ralph', dict())