From a776e1f05e2357c2ab57abad1f7ae5a8b476ecd5 Mon Sep 17 00:00:00 2001 From: Marcos Prieto Date: Wed, 19 Jun 2024 12:37:09 +0200 Subject: [PATCH] Switch to a non-permissive security policy by default in the tests While this requires setting up the right permissions for each test it makes the test condition's more explicit as the alternatives will always return True for any permissions check. --- tests/unit/conftest.py | 12 +++++++----- .../lms/resources/_js_config/__init___test.py | 1 - tests/unit/lms/views/lti/basic_launch_test.py | 18 ++++++++++++++++-- 3 files changed, 23 insertions(+), 8 deletions(-) diff --git a/tests/unit/conftest.py b/tests/unit/conftest.py index b42dd8925e..f1411ddc08 100644 --- a/tests/unit/conftest.py +++ b/tests/unit/conftest.py @@ -10,7 +10,7 @@ from lms.models import ApplicationSettings, LTIParams from lms.models.lti_role import Role, RoleScope, RoleType from lms.product import Product -from lms.security import Identity +from lms.security import Identity, Permissions from tests import factories from tests.conftest import TEST_SETTINGS from tests.unit.services import * # pylint: disable=wildcard-import,unused-wildcard-import @@ -182,9 +182,7 @@ def user_has_no_roles(lti_user): def configure_jinja2_assets(config): jinja2_env = config.get_jinja2_environment() jinja2_env.globals["asset_url"] = "http://example.com" - jinja2_env.globals["asset_urls"] = ( - lambda bundle: "http://example.com" # noqa: ARG005 - ) # pragma: no cover + jinja2_env.globals["asset_urls"] = lambda bundle: "http://example.com" # noqa: ARG005 # pragma: no cover jinja2_env.globals["js_config"] = {} @@ -202,7 +200,11 @@ def pyramid_config(pyramid_request, lti_v11_params): # Align request.identity with request.lti_user config.testing_securitypolicy( userid=lti_v11_params["user_id"], - identity=Identity(lti_v11_params["user_id"], permissions=[]), + identity=Identity( + lti_v11_params["user_id"], + permissions=[Permissions.LTI_LAUNCH_ASSIGNMENT], + ), + permissive=False, ) config.include("pyramid_jinja2") diff --git a/tests/unit/lms/resources/_js_config/__init___test.py b/tests/unit/lms/resources/_js_config/__init___test.py index b1b02dd4ae..f82b5fbce6 100644 --- a/tests/unit/lms/resources/_js_config/__init___test.py +++ b/tests/unit/lms/resources/_js_config/__init___test.py @@ -788,7 +788,6 @@ def pyramid_request(pyramid_request): ) pyramid_request.lti_params = LTIParams.from_request(pyramid_request) pyramid_request.product.route = Routes(oauth2_authorize="welcome") - return pyramid_request diff --git a/tests/unit/lms/views/lti/basic_launch_test.py b/tests/unit/lms/views/lti/basic_launch_test.py index 37b8fe25ea..195e13e1db 100644 --- a/tests/unit/lms/views/lti/basic_launch_test.py +++ b/tests/unit/lms/views/lti/basic_launch_test.py @@ -129,8 +129,15 @@ def test_lti_launch_configured( pyramid_request.registry.notify.has_call_with(LTIEvent.return_value) def test_lti_launch_unconfigured( - self, svc, context, pyramid_request, assignment_service, course_service + self, + svc, + context, + pyramid_request, + assignment_service, + course_service, + has_permission, ): + has_permission.return_value = True assignment_service.get_assignment_for_launch.return_value = None pyramid_request.lti_params = mock.create_autospec( @@ -185,8 +192,15 @@ def test_lti_launch_check_h_license_fails( assert not response def test_reconfigure_assignment_config( - self, svc, context, pyramid_request, assignment_service, course_service + self, + svc, + context, + pyramid_request, + assignment_service, + course_service, + has_permission, ): + has_permission.return_value = True pyramid_request.lti_params = mock.create_autospec( LTIParams, spec_set=True, instance=True )