Rework gendigest script into fastapi_security.cli

jacobsvante · immerrr · Jul 11, 2021 · Dec 4, 2021 · Dec 4, 2021 · Jan 5, 2022
commit 6b791da2c95528bf5812e898fb3f485627fb42a2
diff --git a/fastapi_security/cli.py b/fastapi_security/cli.py
@@ -0,0 +1,93 @@
+"""fastapi_security command-line interface"""
+
+import argparse
+import sys
+import textwrap
+from getpass import getpass
+from typing import Optional, Sequence, Text
+
+from fastapi_security.basic import generate_digest
+
+
+def _wrap_paragraphs(s):
+    paragraphs = s.strip().split("\n\n")
+    wrapped_paragraphs = [
+        "\n".join(textwrap.wrap(paragraph)) for paragraph in paragraphs
+    ]
+    return "\n\n".join(wrapped_paragraphs)
+
+
+main_parser = argparse.ArgumentParser(
+    description=_wrap_paragraphs(__doc__),
+    formatter_class=argparse.RawDescriptionHelpFormatter,
+)
-main_parser = argparse.ArgumentParser(
-    description=_wrap_paragraphs(__doc__),
-    formatter_class=argparse.RawDescriptionHelpFormatter,
-)
+main_parser = argparse.ArgumentParser(
+    prog="fastapi-security",
+    description=_wrap_paragraphs(__doc__),
+    formatter_class=argparse.RawDescriptionHelpFormatter,
+)
-main_parser = argparse.ArgumentParser(
-    description=_wrap_paragraphs(__doc__),
-    formatter_class=argparse.RawDescriptionHelpFormatter,
-)
+main_parser = argparse.ArgumentParser(
+    prog="fastapi-security",
+    description=_wrap_paragraphs(__doc__),
+    formatter_class=argparse.RawDescriptionHelpFormatter,
+)
+subcommand_parsers = main_parser.add_subparsers(
+    help="Specify a sub-command",
+    dest="subcommand",
+    required=True,
+)
+
+gendigest_description = """
+Generate digest for basic_auth_with_digest credentials.
+
+Example:
+
+$ fastapi-security gendigest --salt=very-strong-salt
+Password:
+Confirm password:
+
+Here is your digest:
+0jFS-cNapwQf_lpyULF7_hEelbl_zreNVHbxqKwKIFmPRQ09bYTEDQLrr_UEWZc9fdYFiU5F3il3rovJQ_UEpg==
+
+$ cat fastapi_security_conf.py
+from fastapi_security import FastAPISecurity
+
+security = FastAPISecurity()
+security.init_basic_auth_with_digest(
+    [
+        {'user': 'me', 'password': '0jFS-cNapwQf_lpyULF7_hEelbl_zreNVHbxqKwKIFmPRQ09bYTEDQLrr_UEWZc9fdYFiU5F3il3rovJQ_UEpg=='}
+    ],
+    salt='very-strong-salt',
+)
+"""
+
+gendigest_parser = subcommand_parsers.add_parser(
+    "gendigest",
+    description=gendigest_description,
+    formatter_class=argparse.RawDescriptionHelpFormatter,
+)
+gendigest_parser.add_argument(
+    "--salt",
+    help="Salt value used in fastapi_security configuration.",
+    required=True,
+)
+
+
+def gendigest(parsed_args):
+    # if not parsed_args.salt:
+    #     print("Cannot generate digest: --salt must be non-empty",
+    #           file=sys.stderr)
+    #     sys.exit(1)
+
+    password = getpass(prompt="Password: ")
+    password_confirmation = getpass(prompt="Confirm password: ")
+
+    if password != password_confirmation:
+        print("Cannot generate digest: passwords don't match", file=sys.stderr)
+        sys.exit(1)
+
+    print("\nHere is your digest:", file=sys.stderr)
+    print(generate_digest(password, salt=parsed_args.salt))
+
+
+def main(args: Optional[Sequence[Text]] = None):
+    parsed_args = main_parser.parse_args(args)
+    if parsed_args.subcommand == "gendigest":
+        return gendigest(parsed_args)
+
+    main_parser.print_usage(file=sys.stderr)
+    sys.exit(2)  # invalid usage: missing subcommand
+
+
+if __name__ == "__main__":
+    main()
diff --git a/fastapi_security/gendigest.py b/fastapi_security/gendigest.py
diff --git a/pyproject.toml b/pyproject.toml
@@ -32,6 +32,9 @@ classifiers = [
     "Typing :: Typed",
 ]
 
+[tool.poetry.scripts]
+fastapi-security = 'fastapi_security.cli:main'
+
 [tool.poetry.dependencies]
 python = "^3.6"
 aiohttp = "^3"

diff --git a/tests/integration/test_cli.py b/tests/integration/test_cli.py
@@ -0,0 +1,55 @@
+import subprocess
+from unittest import mock
+
+from fastapi_security import cli
+
+
+def test_usage_output_without_params():
+    result = subprocess.run(["fastapi-security"], capture_output=True)
+    assert result.returncode == 2
+    assert result.stdout.decode().splitlines() == []
+    assert result.stderr.decode().splitlines() == [
+        "usage: fastapi-security [-h] {gendigest} ...",
+        "fastapi-security: error: the following arguments are required: subcommand",
+    ]
+
+
+def test_usage_with_help_param():
+    result = subprocess.run(["fastapi-security", "-h"], capture_output=True)
+    assert result.returncode == 0
+    assert result.stdout.decode().splitlines() == [
+        "usage: fastapi-security [-h] {gendigest} ...",
+        "",
+        "fastapi_security command-line interface",
+        "",
+        "positional arguments:",
+        "  {gendigest}  Specify a sub-command",
+        "",
+        "optional arguments:",
+        "  -h, --help   show this help message and exit",
+    ]
+    assert result.stderr.decode().splitlines() == []
+
+
+def test_gendigest_without_params():
+    result = subprocess.run(["fastapi-security", "gendigest"], capture_output=True)
+    assert result.returncode == 2
+    assert result.stdout.decode().splitlines() == []
+    assert result.stderr.decode().splitlines() == [
+        "usage: fastapi-security gendigest [-h] --salt SALT",
+        "fastapi-security gendigest: error: the following arguments are required: --salt",
+    ]
-def test_gendigest_without_params():
-    result = subprocess.run(["fastapi-security", "gendigest"], capture_output=True)
-    assert result.returncode == 2
-    assert result.stdout.decode().splitlines() == []
-    assert result.stderr.decode().splitlines() == [
-        "usage: fastapi-security gendigest [-h] --salt SALT",
-        "fastapi-security gendigest: error: the following arguments are required: --salt",
-    ]
+def test_gendigest_without_params(capsys):
+    with pytest.raises(SystemExit, match="2"):
+        cli.main(["gendigest"])
+
+    captured = capsys.readouterr()
+    assert captured.out == ""
+    assert captured.err.splitlines() == [
+        "usage: fastapi-security gendigest [-h] --salt SALT",
+        "fastapi-security gendigest: error: the following arguments are required: --salt",
+    ]
-def test_gendigest_without_params():
-    result = subprocess.run(["fastapi-security", "gendigest"], capture_output=True)
-    assert result.returncode == 2
-    assert result.stdout.decode().splitlines() == []
-    assert result.stderr.decode().splitlines() == [
-        "usage: fastapi-security gendigest [-h] --salt SALT",
-        "fastapi-security gendigest: error: the following arguments are required: --salt",
-    ]
+def test_gendigest_without_params(capsys):
+    with pytest.raises(SystemExit, match="2"):
+        cli.main(["gendigest"])
+
+    captured = capsys.readouterr()
+    assert captured.out == ""
+    assert captured.err.splitlines() == [
+        "usage: fastapi-security gendigest [-h] --salt SALT",
+        "fastapi-security gendigest: error: the following arguments are required: --salt",
+    ]
+
+
+def test_gendigest_smoke_test(capsys, monkeypatch):
+    # gendigest smoke test is performed not in a subprocess, because getpass
+    # uses /dev/tty instead of stdin/stdout for security reasons, and it is
+    # much more tricky to intercept it, so instead go for a simple monkeypatch.
+    monkeypatch.setattr(cli, "getpass", mock.Mock(return_value="hello"))
+    cli.main(["gendigest", "--salt=very-strong-salt"])
+    captured = capsys.readouterr()
+    assert (
+        captured.out
+        == "xRPfDaQHwpcXlzfWeR_uqOBTytcjEAUMv98SDnbHmpajmT_AxeJTHX6FyeM8H1T4otOe81PMWAOqAD5_tO4gYg==\n"
+    )
+    assert captured.err == "\nHere is your digest:\n"