Commit 0076eb4b authored by mashony's avatar mashony
Browse files

feat: update auth cookies format to be able to work with multi users per auction

parent 3c76d21a
......@@ -147,4 +147,4 @@ help:
} \
} \
{ lastLine = $$0 }' $(MAKEFILE_LIST)
@echo ''
\ No newline at end of file
@echo ''
......@@ -80,10 +80,14 @@ async def auth_auction(request):
data = utils.get_token(request)
bid_token = utils.create_auth_token(data)
auction_id = data['id']
redirect_url = utils.build_redirect_url(auction_id)
bid_uid = utils.create_bid_id_token(data['bid'])
redirect_url = utils.build_redirect_url(auction_id, bid_uid)
response = web.HTTPSeeOther(redirect_url)
response.set_cookie(name=f'auth_token-{auction_id}', value=bid_token, httponly='1', max_age=utils.COOKIE_MAX_AGE,
domain=utils.DOMAIN, path=f'/api/auctions/{auction_id}')
response.set_cookie(
name=f'auth_token-{auction_id}-{bid_uid}',
value=bid_token, httponly='1', max_age=utils.COOKIE_MAX_AGE,
domain=utils.DOMAIN, path=f'/api/auctions/{auction_id}'
)
LOG.info(f'bidder {data["bid"]} successfuly redirected to auction {auction_id}')
return response
......
......@@ -2,6 +2,7 @@ from prozorro_sale.auth import errors
import jwt
import os
from datetime import datetime, timedelta
from hashlib import blake2b
PRIVATE_KEY = None
PUBLIC_KEY = None
......@@ -84,5 +85,9 @@ def create_auth_token(data):
return encode_token(data)
def build_redirect_url(auction_id):
return f'{AUCTIONS_API}/{auction_id}'
def create_bid_id_token(bid_id):
return blake2b(str.encode(bid_id), digest_size=8).hexdigest()
def build_redirect_url(auction_id, bid_uid=None):
return f'{AUCTIONS_API}/{auction_id}' + (f'?bid_uid={bid_uid}' if bid_uid else '')
......@@ -26,15 +26,25 @@ def create_auth_token(monkeypatch):
@pytest.fixture
def build_redirect_url(monkeypatch):
monkeypatch.setattr('prozorro_sale.auth.utils.build_redirect_url', lambda url: 'redirect-url')
monkeypatch.setattr('prozorro_sale.auth.utils.build_redirect_url', lambda auction_id, bid_uid: 'redirect-url')
@pytest.fixture
def get_token(monkeypatch):
monkeypatch.setattr('prozorro_sale.auth.utils.get_token', lambda data: {
def patch_create_bid_id_token(monkeypatch):
monkeypatch.setattr('prozorro_sale.auth.utils.create_bid_id_token', lambda bid_id: 'test-token')
@pytest.fixture
def token_data():
return {
"id": "TIE001-UA-20200915-16563",
"dur": 86400,
"bid": "3123636e447c40f3bc53e4ffc127b64c",
"exp": 1900203886,
"iss": "prozorro.api"
})
}
@pytest.fixture
def get_token(monkeypatch, token_data):
monkeypatch.setattr('prozorro_sale.auth.utils.get_token', lambda data: token_data)
import pytest
@pytest.mark.usefixtures('create_auth_token', 'build_redirect_url', 'get_token')
@pytest.mark.usefixtures('create_auth_token', 'build_redirect_url', 'get_token', 'patch_create_bid_id_token')
class TestApi:
async def test_ping(self, client):
......@@ -11,7 +11,8 @@ class TestApi:
assert data['text'] == 'pong'
async def test_auth(self, client):
async def test_auth(self, client, token_data):
resp = await client.get('api/auth/auction?token=token', allow_redirects=False)
assert resp.status == 303
assert resp.cookies.get('auth_token-TIE001-UA-20200915-16563').value == 'auth-token'
assert resp.cookies.get('auth_token-TIE001-UA-20200915-16563-test-token').value == 'auth-token'
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment