From acb5ba7eba1780fad88aeda698da7718f3660512 Mon Sep 17 00:00:00 2001
From: oauth2 <bluenixdev@gmail.com>
Date: Wed, 19 Oct 2022 13:28:14 +0200
Subject: [PATCH] Implement admin ID for automated tests

---
 config.ci.py      |  3 +++
 config.example.py | 29 ++++++++++++++++++++++++++++-
 litecord/auth.py  |  6 ++++++
 3 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/config.ci.py b/config.ci.py
index 83290d3..ead65ee 100644
--- a/config.ci.py
+++ b/config.ci.py
@@ -48,6 +48,9 @@ class Config:
     # Postgres credentials
     POSTGRES = {}
 
+    ADMIN_ID = None
+    ADMIN_TOKEN = None
+
 
 class Development(Config):
     DEBUG = True
diff --git a/config.example.py b/config.example.py
index 56d701b..07bce03 100644
--- a/config.example.py
+++ b/config.example.py
@@ -17,6 +17,13 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 """
 
+import os
+from logbook import Logger
+
+
+log = Logger(__name__)
+
+
 MODE = "Development"
 
 
@@ -65,10 +72,27 @@ class Config:
 
     #: Postgres credentials
     POSTGRES = {}
-    
+
     #: Shared secret for LVSP
     LVSP_SECRET = ""
 
+    #: Admin credentials for automated testing
+    #  The token is the value to pass in the Authorization header, and the ID
+    #  is the user ID to use when it is passed.
+    ADMIN_ID = os.getenv("ADMIN_ID")
+    ADMIN_TOKEN = os.getenv("ADMIN_TOKEN")
+
+    if None in {ADMIN_ID, ADMIN_TOKEN} and not ADMIN_ID == ADMIN_TOKEN:
+        log.warning(
+            "Not both admin ID ({}) and token ({}) configured; ignoring",
+            ADMIN_ID,
+            ADMIN_TOKEN,
+        )
+        ADMIN_ID = ADMIN_TOKEN = None
+
+    if ADMIN_ID is not None:
+        ADMIN_ID = int(ADMIN_ID)
+
 
 class Development(Config):
     DEBUG = True
@@ -91,3 +115,6 @@ class Production(Config):
         "password": "some_production_password",
         "database": "litecord_or_anything_else_really",
     }
+
+    ADMIN_TOKEN = None
+    ADMIN_ID = None
diff --git a/litecord/auth.py b/litecord/auth.py
index 841c49d..e462c58 100644
--- a/litecord/auth.py
+++ b/litecord/auth.py
@@ -19,6 +19,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import base64
 import binascii
+import os
 
 import bcrypt
 from itsdangerous import TimestampSigner, BadSignature
@@ -47,6 +48,9 @@ async def raw_token_check(token: str, db=None) -> int:
     Forbidden
         If token validation fails.
     """
+    if app.config["ADMIN_TOKEN"] is not None:
+        return app.config["ADMIN_ID"]
+
     db = db or app.db
 
     # just try by fragments instead of
@@ -121,6 +125,8 @@ async def token_check() -> int:
 async def admin_check() -> int:
     """Check if the user is an admin."""
     user_id = await token_check()
+    if user_id == app.config["ADMIN_ID"]:
+        return user_id
 
     flags = await app.db.fetchval(
         """