feat(client): replace basic auth with OAuth ROPC flowfeat/oauth2-resource-password-flow

author: Nejc Habjan <nejc.habjan@siemens.com> 2022-01-19 23:05:47 +0100
committer: Nejc Habjan <nejc.habjan@siemens.com> 2023-02-16 20:22:10 +0100
commit: be7745dc3dfee64d453287ed7d350adc7e5cadae (patch)
tree: d2c2134b539893c73b6c6ee31242f3b995e0eb16 /tests/unit
parent: 1da7c53fd3476a1ce94025bb15265f674af40e1a (diff)
download: gitlab-feat/oauth2-resource-password-flow.tar.gz
2 files changed, 77 insertions, 13 deletions
diff --git a/tests/unit/test_gitlab_auth.py b/tests/unit/test_gitlab_auth.py
index 8d6677f..3e0c87d 100644
--- a/tests/unit/test_gitlab_auth.py
+++ b/tests/unit/test_gitlab_auth.py
@@ -1,8 +1,35 @@
 import pytest
-import requests
+import responses
 
 from gitlab import Gitlab
 from gitlab.config import GitlabConfigParser
+from gitlab.oauth import PasswordCredentials
+
+
+# /oauth/token endpoint might be missing correct content-type header
+@pytest.fixture(params=["application/json", None])
+def resp_oauth_token(gl: Gitlab, request: pytest.FixtureRequest):
+    ropc_payload = {
+        "username": "foo",
+        "password": "bar",
+        "grant_type": "password",
+        "scope": "api",
+    }
+    ropc_response = {
+        "access_token": "test-token",
+        "token_type": "bearer",
+        "expires_in": 7200,
+    }
+    with responses.RequestsMock() as rsps:
+        rsps.add(
+            method=responses.POST,
+            url=f"{gl._base_url}/oauth/token",
+            status=201,
+            match=[responses.matchers.json_params_matcher(ropc_payload)],
+            json=ropc_response,
+            content_type=request.param,
+        )
+        yield rsps
 
 
 def test_invalid_auth_args():
@@ -42,7 +69,6 @@ def test_private_token_auth():
     assert gl.private_token == "private_token"
     assert gl.oauth_token is None
     assert gl.job_token is None
-    assert gl._http_auth is None
     assert "Authorization" not in gl.headers
     assert gl.headers["PRIVATE-TOKEN"] == "private_token"
     assert "JOB-TOKEN" not in gl.headers
@@ -53,7 +79,6 @@ def test_oauth_token_auth():
     assert gl.private_token is None
     assert gl.oauth_token == "oauth_token"
     assert gl.job_token is None
-    assert gl._http_auth is None
     assert gl.headers["Authorization"] == "Bearer oauth_token"
     assert "PRIVATE-TOKEN" not in gl.headers
     assert "JOB-TOKEN" not in gl.headers
@@ -64,26 +89,38 @@ def test_job_token_auth():
     assert gl.private_token is None
     assert gl.oauth_token is None
     assert gl.job_token == "CI_JOB_TOKEN"
-    assert gl._http_auth is None
     assert "Authorization" not in gl.headers
     assert "PRIVATE-TOKEN" not in gl.headers
     assert gl.headers["JOB-TOKEN"] == "CI_JOB_TOKEN"
 
 
-def test_http_auth():
+def test_oauth_resource_password_auth(resp_oauth_token):
+    oauth_credentials = PasswordCredentials("foo", "bar")
     gl = Gitlab(
         "http://localhost",
-        private_token="private_token",
-        http_username="foo",
-        http_password="bar",
         api_version="4",
+        oauth_credentials=oauth_credentials,
     )
-    assert gl.private_token == "private_token"
-    assert gl.oauth_token is None
+    assert gl.oauth_token == "test-token"
+    assert gl.private_token is None
     assert gl.job_token is None
-    assert isinstance(gl._http_auth, requests.auth.HTTPBasicAuth)
-    assert gl.headers["PRIVATE-TOKEN"] == "private_token"
-    assert "Authorization" not in gl.headers
+    assert "Authorization" in gl.headers
+    assert "PRIVATE-TOKEN" not in gl.headers
+
+
+def test_oauth_resource_password_auth_with_legacy_params_warns(resp_oauth_token):
+    with pytest.warns(DeprecationWarning, match="use the OAuth ROPC flow"):
+        gl = Gitlab(
+            "http://localhost",
+            http_username="foo",
+            http_password="bar",
+            api_version="4",
+        )
+    assert gl.oauth_token == "test-token"
+    assert gl.private_token is None
+    assert gl.job_token is None
+    assert "Authorization" in gl.headers
+    assert "PRIVATE-TOKEN" not in gl.headers
 
 
 @pytest.mark.parametrize(
diff --git a/tests/unit/test_oauth.py b/tests/unit/test_oauth.py
new file mode 100644
index 0000000..ecc256b
--- /dev/null
+++ b/tests/unit/test_oauth.py
@@ -0,0 +1,27 @@
+import pytest
+
+from gitlab.oauth import PasswordCredentials
+
+
+def test_password_credentials_without_password_raises():
+    with pytest.raises(TypeError, match="missing 1 required positional argument"):
+        PasswordCredentials("username")
+
+
+def test_password_credentials_with_client_id_without_client_secret_raises():
+    with pytest.raises(TypeError, match="client_id and client_secret must be defined"):
+        PasswordCredentials(
+            "username",
+            "password",
+            client_id="abcdef123456",
+        )
+
+
+def test_password_credentials_with_client_credentials_sets_basic_auth():
+    credentials = PasswordCredentials(
+        "username",
+        "password",
+        client_id="abcdef123456",
+        client_secret="123456abcdef",
+    )
+    assert credentials.basic_auth == ("abcdef123456", "123456abcdef")
author	Nejc Habjan <nejc.habjan@siemens.com>	2022-01-19 23:05:47 +0100
committer	Nejc Habjan <nejc.habjan@siemens.com>	2023-02-16 20:22:10 +0100
commit	be7745dc3dfee64d453287ed7d350adc7e5cadae (patch)
tree	d2c2134b539893c73b6c6ee31242f3b995e0eb16 /tests/unit
parent	1da7c53fd3476a1ce94025bb15265f674af40e1a (diff)
download	gitlab-feat/oauth2-resource-password-flow.tar.gz