import pytest from flask import Flask from fittrackee.users.models import User from ..mixins import ApiTestCaseMixin class TestOAuth2Scopes(ApiTestCaseMixin): @pytest.mark.parametrize( 'endpoint_url,scope', [ ('/api/auth/profile', 'profile:read'), ('/api/workouts', 'workouts:read'), ], ) def test_oauth_client_can_access_authorized_endpoints( self, app: Flask, user_1: User, endpoint_url: str, scope: str ) -> None: ( client, oauth_client, access_token, _, ) = self.create_oauth_client_and_issue_token(app, user_1, scope=scope) response = client.get( endpoint_url, content_type='application/json', headers=dict(Authorization=f'Bearer {access_token}'), ) self.assert_not_insufficient_scope_error(response) @pytest.mark.parametrize( 'endpoint_url,scope', [ ('/api/auth/profile', 'workouts:read'), ('/api/workouts', 'profile:read'), ], ) def test_oauth_client_can_not_access_unauthorized_endpoints( self, app: Flask, user_1: User, endpoint_url: str, scope: str ) -> None: ( client, oauth_client, access_token, _, ) = self.create_oauth_client_and_issue_token(app, user_1, scope=scope) response = client.get( endpoint_url, content_type='application/json', headers=dict(Authorization=f'Bearer {access_token}'), ) self.assert_insufficient_scope(response)