Implement admin ID for automated tests

2022-10-19 13:28:14 +02:00 · 2022-10-19 13:28:14 +02:00 · acb5ba7eba
parent febdee5bd9
commit acb5ba7eba
3 changed files with 37 additions and 1 deletions
--- a/config.ci.py
+++ b/config.ci.py
@ -48,6 +48,9 @@ class Config:
    # Postgres credentials
    POSTGRES = {}

+    ADMIN_ID = None
+    ADMIN_TOKEN = None
+

 class Development(Config):
    DEBUG = True
--- a/config.example.py
+++ b/config.example.py
@ -17,6 +17,13 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.

 """

+import os
+from logbook import Logger
+
+
+log = Logger(__name__)
+
+
 MODE = "Development"


@ -65,10 +72,27 @@ class Config:

    #: Postgres credentials
    POSTGRES = {}
-    
+
    #: Shared secret for LVSP
    LVSP_SECRET = ""

+    #: Admin credentials for automated testing
+    #  The token is the value to pass in the Authorization header, and the ID
+    #  is the user ID to use when it is passed.
+    ADMIN_ID = os.getenv("ADMIN_ID")
+    ADMIN_TOKEN = os.getenv("ADMIN_TOKEN")
+
+    if None in {ADMIN_ID, ADMIN_TOKEN} and not ADMIN_ID == ADMIN_TOKEN:
+        log.warning(
+            "Not both admin ID ({}) and token ({}) configured; ignoring",
+            ADMIN_ID,
+            ADMIN_TOKEN,
+        )
+        ADMIN_ID = ADMIN_TOKEN = None
+
+    if ADMIN_ID is not None:
+        ADMIN_ID = int(ADMIN_ID)
+

 class Development(Config):
    DEBUG = True
@ -91,3 +115,6 @@ class Production(Config):
        "password": "some_production_password",
        "database": "litecord_or_anything_else_really",
    }
+
+    ADMIN_TOKEN = None
+    ADMIN_ID = None
--- a/litecord/auth.py
+++ b/litecord/auth.py
@ -19,6 +19,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.

 import base64
 import binascii
+import os

 import bcrypt
 from itsdangerous import TimestampSigner, BadSignature
@ -47,6 +48,9 @@ async def raw_token_check(token: str, db=None) -> int:
    Forbidden
        If token validation fails.
    """
+    if app.config["ADMIN_TOKEN"] is not None:
+        return app.config["ADMIN_ID"]
+
    db = db or app.db

    # just try by fragments instead of
@ -121,6 +125,8 @@ async def token_check() -> int:
 async def admin_check() -> int:
    """Check if the user is an admin."""
    user_id = await token_check()
+    if user_id == app.config["ADMIN_ID"]:
+        return user_id

    flags = await app.db.fetchval(
        """