fail in the extra function

FireTail-io · Dec 5, 2023 · 6af2426 · 6af2426
1 parent 49c15b0
commit 6af2426
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 0 deletions.
diff --git a/tests/fakeapi/hello/__init__.py b/tests/fakeapi/hello/__init__.py
@@ -567,12 +567,22 @@ def name_check(*args, **kwargs):
     return True
 
 
+def fail_this():
+    raise Exception("Custom auth fail!")
+
+
 def get_user_authz_extra_func():
     request.firetail_authz = {"user_id": 7}
     request.name_check = name_check
     return {"user_id": 7, "name": "max"}
 
 
+def get_user_authz_extra_func_fails():
+    request.firetail_authz = {"user_id": 7}
+    request.name_check = fail_this
+    return {"user_id": 7, "name": "max"}
+
+
 def get_user_authz_fails():
     request.firetail_authz = {"user_id": 8}
     return {"user_id": 7, "name": "max"}

diff --git a/tests/fixtures/json_validation/openapi.yaml b/tests/fixtures/json_validation/openapi.yaml
@@ -91,6 +91,20 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/User'
+  /authzEndExtraFuncFail:
+    get:
+      operationId: fakeapi.hello.get_user_authz_extra_func_fails
+      responses:
+        200:
+          description: Success
+          x-ft-security:
+            authenticated-principal-path: "user_id"
+            resource-authorized-principal-path: "user_id"
+            access-resolver: "name_check"
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
   /authzEndFails:
     get:
       operationId: fakeapi.hello.get_user_authz_fails

diff --git a/tests/fixtures/json_validation/swagger.yaml b/tests/fixtures/json_validation/swagger.yaml
@@ -97,6 +97,18 @@ paths:
             access-resolver: "name_check"
           schema:
             $ref: '#/definitions/User'
+  /authzEndExtraFuncFail:
+    get:
+      operationId: fakeapi.hello.get_user_authz_extra_func_fails
+      responses:
+        200:
+          description: User object
+          x-ft-security:
+            authenticated-principal-path: "user_id"
+            resource-authorized-principal-path: "user_id"
+            access-resolver: "name_check"
+          schema:
+            $ref: '#/definitions/User'
   /authzEndFails:
     get:
       operationId: fakeapi.hello.get_user_authz_fails

diff --git a/tests/test_json_validation.py b/tests/test_json_validation.py
@@ -78,6 +78,16 @@ def test_validator_map_ft_authz_success_extra_auth(json_validation_spec_dir, spe
     assert res.status_code == 200
 
 
+@pytest.mark.parametrize("spec", SPECS)
+def test_validator_map_ft_authz_extra_auth_fails(json_validation_spec_dir, spec):
+    app = App(__name__, specification_dir=json_validation_spec_dir)
+    app.add_api(spec, validate_responses=True)
+    app_client = app.app.test_client()
+
+    res = app_client.get("/v1.0/authzEndExtraFuncFail")  # type: flask.Response
+    assert res.status_code == 401
+
+
 @pytest.mark.parametrize("spec", SPECS)
 def x_test_validator_map_ft_authz_fails_extra_auth(json_validation_spec_dir, spec):
     app = App(__name__, specification_dir=json_validation_spec_dir)