Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[16.0][FIX] fastapi_auth_jwt: unauthenticated partner #402

Merged
merged 1 commit into from
Dec 6, 2023
+33 −2
Merged

[16.0][FIX] fastapi_auth_jwt: unauthenticated partner #402

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions fastapi_auth_jwt/dependencies.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,8 +204,9 @@ def __call__(
except Unauthorized as e:
raise HTTPException(status_code=HTTP_401_UNAUTHORIZED) from e
if not partner_id:
_logger.info("Could not determine partner from JWT payload.")
raise HTTPException(status_code=HTTP_401_UNAUTHORIZED)
if not self.allow_unauthenticated or validator.partner_id_required:
_logger.info("Could not determine partner from JWT payload.")
raise HTTPException(status_code=HTTP_401_UNAUTHORIZED)
sbidoul marked this conversation as resolved.
Show resolved Hide resolved
return env["res.partner"].with_user(uid).browse(partner_id)


Expand Down
30 changes: 30 additions & 0 deletions fastapi_auth_jwt_demo/tests/test_fastapi_auth_jwt_demo.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,14 @@ def test_whoami(self):
self.assertEqual(whoami.get("email"), partner.email)
self.assertEqual(whoami.get("uid"), self.env.ref("base.user_demo").id)

def test_whoami_no_partner(self):
"""A end-to-end test with positive authentication but no partner retrieved."""
token = self._get_token()
resp = self.url_open(
"/fastapi_auth_jwt_demo/whoami", headers={"Authorization": token}
)
self.assertEqual(resp.status_code, 401)

def test_whoami_cookie(self):
"""A end-to-end test with positive authentication and cookie."""
partner = self.env["res.users"].search([("email", "!=", False)])[0]
Expand Down Expand Up @@ -105,6 +113,28 @@ def test_public(self):
self.assertEqual(whoami.get("email"), partner.email)
self.assertEqual(whoami.get("uid"), self.env.ref("base.user_demo").id)

def test_public_no_partner(self):
"""A end-to-end test for anonymous/public access without partner."""
token = self._get_token()
resp = self.url_open(
"/fastapi_auth_jwt_demo/whoami-public-or-jwt",
headers={"Authorization": token},
)
resp.raise_for_status()
whoami = resp.json()
self.assertFalse(whoami.get("name"))
self.assertFalse(whoami.get("email"))
self.assertEqual(whoami.get("uid"), self.env.ref("base.user_demo").id)
# now with partner required on validator
self.env["auth.jwt.validator"].search(
[("name", "=", "demo")]
).partner_id_required = True
resp = self.url_open(
"/fastapi_auth_jwt_demo/whoami-public-or-jwt",
headers={"Authorization": token},
)
self.assertEqual(resp.status_code, 401)

def test_public_cookie_mode(self):
"""A end-to-end test for anonymous/public access with cookie."""
resp = self.url_open("/fastapi_auth_jwt_demo/cookie/whoami-public-or-jwt")
Expand Down
Loading