|
| 1 | +"""Tests for AuthenticationExtensionMiddleware.""" |
| 2 | + |
| 3 | +import pytest |
| 4 | +from starlette.datastructures import Headers |
| 5 | +from starlette.requests import Request |
| 6 | + |
| 7 | +from stac_auth_proxy.config import EndpointMethods |
| 8 | +from stac_auth_proxy.middleware.AuthenticationExtensionMiddleware import ( |
| 9 | + AuthenticationExtensionMiddleware, |
| 10 | +) |
| 11 | + |
| 12 | + |
| 13 | +@pytest.fixture |
| 14 | +def middleware(): |
| 15 | + """Create a test instance of the middleware.""" |
| 16 | + return AuthenticationExtensionMiddleware( |
| 17 | + app=None, # We don't need the actual app for these tests |
| 18 | + default_public=True, |
| 19 | + private_endpoints=EndpointMethods(), |
| 20 | + public_endpoints=EndpointMethods(), |
| 21 | + auth_scheme_name="test_auth", |
| 22 | + auth_scheme={}, |
| 23 | + ) |
| 24 | + |
| 25 | + |
| 26 | +@pytest.fixture |
| 27 | +def request_scope(): |
| 28 | + """Create a basic request scope.""" |
| 29 | + return { |
| 30 | + "type": "http", |
| 31 | + "method": "GET", |
| 32 | + "path": "/", |
| 33 | + "headers": [], |
| 34 | + } |
| 35 | + |
| 36 | + |
| 37 | +@pytest.fixture |
| 38 | +def json_headers(): |
| 39 | + """Create headers with JSON content type.""" |
| 40 | + return Headers({"content-type": "application/json"}) |
| 41 | + |
| 42 | + |
| 43 | +@pytest.fixture |
| 44 | +def oidc_metadata(): |
| 45 | + """Create test OIDC metadata.""" |
| 46 | + return { |
| 47 | + "authorization_endpoint": "https://auth.example.com/auth", |
| 48 | + "token_endpoint": "https://auth.example.com/token", |
| 49 | + "scopes_supported": ["openid", "profile"], |
| 50 | + } |
| 51 | + |
| 52 | + |
| 53 | +def test_should_transform_response_valid_paths(middleware, request_scope, json_headers): |
| 54 | + """Test that valid STAC paths are transformed.""" |
| 55 | + valid_paths = [ |
| 56 | + "/", |
| 57 | + "/collections", |
| 58 | + "/collections/test-collection", |
| 59 | + "/collections/test-collection/items", |
| 60 | + "/collections/test-collection/items/test-item", |
| 61 | + "/search", |
| 62 | + ] |
| 63 | + |
| 64 | + for path in valid_paths: |
| 65 | + request_scope["path"] = path |
| 66 | + request = Request(request_scope) |
| 67 | + assert middleware.should_transform_response(request, json_headers) |
| 68 | + |
| 69 | + |
| 70 | +def test_should_transform_response_invalid_paths( |
| 71 | + middleware, request_scope, json_headers |
| 72 | +): |
| 73 | + """Test that invalid paths are not transformed.""" |
| 74 | + invalid_paths = [ |
| 75 | + "/api", |
| 76 | + "/collections/test-collection/items/test-item/assets", |
| 77 | + "/random", |
| 78 | + ] |
| 79 | + |
| 80 | + for path in invalid_paths: |
| 81 | + request_scope["path"] = path |
| 82 | + request = Request(request_scope) |
| 83 | + assert not middleware.should_transform_response(request, json_headers) |
| 84 | + |
| 85 | + |
| 86 | +def test_should_transform_response_invalid_content_type(middleware, request_scope): |
| 87 | + """Test that non-JSON content types are not transformed.""" |
| 88 | + request = Request(request_scope) |
| 89 | + headers = Headers({"content-type": "text/html"}) |
| 90 | + assert not middleware.should_transform_response(request, headers) |
| 91 | + |
| 92 | + |
| 93 | +def test_transform_json_catalog(middleware, request_scope, oidc_metadata): |
| 94 | + """Test transforming a STAC catalog.""" |
| 95 | + request = Request(request_scope) |
| 96 | + request.state.oidc_metadata = oidc_metadata |
| 97 | + |
| 98 | + catalog = { |
| 99 | + "stac_version": "1.0.0", |
| 100 | + "id": "test-catalog", |
| 101 | + "description": "Test catalog", |
| 102 | + "links": [ |
| 103 | + {"rel": "self", "href": "/"}, |
| 104 | + {"rel": "root", "href": "/"}, |
| 105 | + ], |
| 106 | + } |
| 107 | + |
| 108 | + transformed = middleware.transform_json(catalog, request) |
| 109 | + |
| 110 | + assert "stac_extensions" in transformed |
| 111 | + assert middleware.extension_url in transformed["stac_extensions"] |
| 112 | + assert "auth:schemes" in transformed |
| 113 | + assert "test_auth" in transformed["auth:schemes"] |
| 114 | + |
| 115 | + scheme = transformed["auth:schemes"]["test_auth"] |
| 116 | + assert scheme["type"] == "oauth2" |
| 117 | + assert ( |
| 118 | + scheme["flows"]["authorizationCode"]["authorizationUrl"] |
| 119 | + == oidc_metadata["authorization_endpoint"] |
| 120 | + ) |
| 121 | + assert ( |
| 122 | + scheme["flows"]["authorizationCode"]["tokenUrl"] |
| 123 | + == oidc_metadata["token_endpoint"] |
| 124 | + ) |
| 125 | + assert "openid" in scheme["flows"]["authorizationCode"]["scopes"] |
| 126 | + assert "profile" in scheme["flows"]["authorizationCode"]["scopes"] |
| 127 | + |
| 128 | + |
| 129 | +def test_transform_json_collection(middleware, request_scope, oidc_metadata): |
| 130 | + """Test transforming a STAC collection.""" |
| 131 | + request = Request(request_scope) |
| 132 | + request.state.oidc_metadata = oidc_metadata |
| 133 | + |
| 134 | + collection = { |
| 135 | + "stac_version": "1.0.0", |
| 136 | + "type": "Collection", |
| 137 | + "id": "test-collection", |
| 138 | + "description": "Test collection", |
| 139 | + "links": [ |
| 140 | + {"rel": "self", "href": "/collections/test-collection"}, |
| 141 | + {"rel": "items", "href": "/collections/test-collection/items"}, |
| 142 | + ], |
| 143 | + } |
| 144 | + |
| 145 | + transformed = middleware.transform_json(collection, request) |
| 146 | + |
| 147 | + assert "stac_extensions" in transformed |
| 148 | + assert middleware.extension_url in transformed["stac_extensions"] |
| 149 | + assert "auth:schemes" in transformed |
| 150 | + assert "test_auth" in transformed["auth:schemes"] |
| 151 | + |
| 152 | + |
| 153 | +def test_transform_json_item(middleware, request_scope, oidc_metadata): |
| 154 | + """Test transforming a STAC item.""" |
| 155 | + request = Request(request_scope) |
| 156 | + request.state.oidc_metadata = oidc_metadata |
| 157 | + |
| 158 | + item = { |
| 159 | + "stac_version": "1.0.0", |
| 160 | + "type": "Feature", |
| 161 | + "id": "test-item", |
| 162 | + "properties": {}, |
| 163 | + "links": [ |
| 164 | + {"rel": "self", "href": "/collections/test-collection/items/test-item"}, |
| 165 | + {"rel": "collection", "href": "/collections/test-collection"}, |
| 166 | + ], |
| 167 | + } |
| 168 | + |
| 169 | + transformed = middleware.transform_json(item, request) |
| 170 | + |
| 171 | + assert "stac_extensions" in transformed |
| 172 | + assert middleware.extension_url in transformed["stac_extensions"] |
| 173 | + assert "auth:schemes" in transformed["properties"] |
| 174 | + assert "test_auth" in transformed["properties"]["auth:schemes"] |
| 175 | + |
| 176 | + |
| 177 | +def test_transform_json_missing_oidc_metadata(middleware, request_scope): |
| 178 | + """Test transforming when OIDC metadata is missing.""" |
| 179 | + request = Request(request_scope) |
| 180 | + |
| 181 | + catalog = { |
| 182 | + "stac_version": "1.0.0", |
| 183 | + "id": "test-catalog", |
| 184 | + "description": "Test catalog", |
| 185 | + } |
| 186 | + |
| 187 | + transformed = middleware.transform_json(catalog, request) |
| 188 | + # Should return unchanged when OIDC metadata is missing |
| 189 | + assert transformed == catalog |
0 commit comments