Skip to content

Commit b179cb3

Browse files
romaindupJonasKs
romaindup
authored and
JonasKs
committed
Assert www-authenticate token in single tenant tests
1 parent 0b44ea7 commit b179cb3

File tree

1 file changed

+21
-0
lines changed

1 file changed

+21
-0
lines changed

tests/single_tenant/test_single_tenant.py

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -123,6 +123,7 @@ async def test_no_keys_to_decode_with(single_tenant_app, mock_openid_and_empty_k
123123
'detail': {'error': 'invalid_token', 'message': 'Unable to verify token, no signing keys found'}
124124
}
125125
assert response.status_code == 401
126+
assert response.headers['www-authenticate'] == 'Bearer'
126127

127128

128129
@pytest.mark.anyio
@@ -159,6 +160,7 @@ async def test_invalid_token_claims(single_tenant_app, mock_openid_and_keys):
159160
response = await ac.get('api/v1/hello')
160161
assert response.json() == {'detail': {'error': 'invalid_token', 'message': 'Token contains invalid claims'}}
161162
assert response.status_code == 401
163+
assert response.headers['www-authenticate'] == 'Bearer'
162164

163165

164166
@pytest.mark.anyio
@@ -173,6 +175,7 @@ async def test_no_valid_keys_for_token(single_tenant_app, mock_openid_and_no_val
173175
'detail': {'error': 'invalid_token', 'message': 'Unable to verify token, no signing keys found'}
174176
}
175177
assert response.status_code == 401
178+
assert response.headers['www-authenticate'] == 'Bearer'
176179

177180

178181
@pytest.mark.anyio
@@ -211,6 +214,7 @@ async def test_no_valid_invalid_formatted_scope(single_tenant_app, mock_openid_a
211214
'detail': {'error': 'insufficient_scope', 'message': 'Token contains invalid formatted scopes'}
212215
}
213216
assert response.status_code == 403
217+
assert response.headers['www-authenticate'] == 'Bearer'
214218

215219

216220
@pytest.mark.anyio
@@ -223,6 +227,7 @@ async def test_expired_token(single_tenant_app, mock_openid_and_keys):
223227
response = await ac.get('api/v1/hello')
224228
assert response.json() == {'detail': {'error': 'invalid_token', 'message': 'Token signature has expired'}}
225229
assert response.status_code == 401
230+
assert response.headers['www-authenticate'] == 'Bearer'
226231

227232

228233
@pytest.mark.anyio
@@ -236,6 +241,7 @@ async def test_evil_token(single_tenant_app, mock_openid_and_keys):
236241
response = await ac.get('api/v1/hello')
237242
assert response.json() == {'detail': {'error': 'invalid_token', 'message': 'Unable to validate token'}}
238243
assert response.status_code == 401
244+
assert response.headers['www-authenticate'] == 'Bearer'
239245

240246

241247
@pytest.mark.anyio
@@ -247,6 +253,10 @@ async def test_malformed_token(single_tenant_app, mock_openid_and_keys):
247253
response = await ac.get('api/v1/hello')
248254
assert response.json() == {'detail': {'error': 'invalid_token', 'message': 'Invalid token format'}}
249255
assert response.status_code == 401
256+
assert (
257+
response.headers['www-authenticate']
258+
== 'Bearer, authorization_uri="https://login.microsoftonline.com/intility_tenant_id/oauth2/v2.0/authorize", client_id="oauth299-9999-9999-abcd-efghijkl1234567890"'
259+
)
250260

251261

252262
@pytest.mark.anyio
@@ -263,6 +273,10 @@ async def test_only_header(single_tenant_app, mock_openid_and_keys):
263273
response = await ac.get('api/v1/hello')
264274
assert response.json() == {'detail': {'error': 'invalid_token', 'message': 'Invalid token format'}}
265275
assert response.status_code == 401
276+
assert (
277+
response.headers['www-authenticate']
278+
== 'Bearer, authorization_uri="https://login.microsoftonline.com/intility_tenant_id/oauth2/v2.0/authorize", client_id="oauth299-9999-9999-abcd-efghijkl1234567890"'
279+
)
266280

267281

268282
@pytest.mark.anyio
@@ -276,6 +290,10 @@ async def test_none_token(single_tenant_app, mock_openid_and_keys, mocker):
276290
response = await ac.get('api/v1/hello')
277291
assert response.json() == {'detail': {'error': 'invalid_token', 'message': 'Invalid token format'}}
278292
assert response.status_code == 401
293+
assert (
294+
response.headers['www-authenticate']
295+
== 'Bearer, authorization_uri="https://login.microsoftonline.com/intility_tenant_id/oauth2/v2.0/authorize", client_id="oauth299-9999-9999-abcd-efghijkl1234567890"'
296+
)
279297

280298

281299
@pytest.mark.anyio
@@ -289,6 +307,8 @@ async def test_exception_raised(single_tenant_app, mock_openid_and_keys, mocker)
289307
response = await ac.get('api/v1/hello')
290308
assert response.json() == {'detail': {'error': 'invalid_token', 'message': 'Unable to process token'}}
291309
assert response.status_code == 401
310+
print(f"header: {response.headers.get('www-authenticate')}")
311+
assert response.headers['www-authenticate'] == 'Bearer'
292312

293313

294314
@pytest.mark.anyio
@@ -316,6 +336,7 @@ async def test_change_of_keys_works(single_tenant_app, mock_openid_ok_then_empty
316336
'detail': {'error': 'invalid_token', 'message': 'Unable to verify token, no signing keys found'}
317337
}
318338
assert second_resonse.status_code == 401
339+
assert 'www-authenticate' not in response.headers
319340

320341

321342
@pytest.mark.anyio

0 commit comments

Comments
 (0)