Refactor authentication test methods

jmaruland · Dec 12, 2023 · 8912032 · 8912032
1 parent ba9774f
commit 8912032
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 23 deletions.
diff --git a/tiled/_tests/test_authentication.py b/tiled/_tests/test_authentication.py
@@ -539,9 +539,10 @@ def test_admin_api_key_any_principal(
             context.authenticate(username="alice")
 
         principal_uuid = principals_context["uuid"][username]
-        api_key = _create_api_key_other_principal(
-            context=context, uuid=principal_uuid, scopes=scopes
+        api_key_info = context.admin.create_api_key_other_principal(
+            principal_uuid, scopes=scopes
         )
+        api_key = api_key_info["secret"]
         assert api_key
         context.logout()
 
@@ -564,11 +565,11 @@ def test_admin_api_key_any_principal_exceeds_scopes(enter_password, principals_c
 
         principal_uuid = principals_context["uuid"]["bob"]
         with fail_with_status_code(400) as fail_info:
-            _create_api_key_other_principal(
-                context=context, uuid=principal_uuid, scopes=["read:principals"]
+            context.admin.create_api_key_other_principal(
+                principal_uuid, scopes=["read:principals"]
             )
-            fail_message = " must be a subset of the principal's scopes "
-            assert fail_message in fail_info.response.text
+        fail_message = " must be a subset of the principal's scopes "
+        assert fail_message in fail_info.value.response.text
         context.logout()
 
 
@@ -584,8 +585,8 @@ def test_api_key_any_principal(enter_password, principals_context, username):
 
         principal_uuid = principals_context["uuid"][username]
         with fail_with_status_code(401):
-            _create_api_key_other_principal(
-                context=context, uuid=principal_uuid, scopes=["read:metadata"]
+            context.admin.create_api_key_other_principal(
+                principal_uuid, scopes=["read:metadata"]
             )
 
 
@@ -619,18 +620,3 @@ def test_api_key_bypass_scopes(enter_password, principals_context):
                     context.http_client.get(
                         resource, params=query_params
                     ).raise_for_status()
-
-
-def _create_api_key_other_principal(context, uuid, scopes=None):
-    """
-    Return api_key or raise error.
-    """
-    response = context.http_client.post(
-        f"/api/v1/auth/principal/{uuid}/apikey",
-        json={"expires_in": None, "scopes": scopes or []},
-    )
-    response.raise_for_status()
-    api_key_info = response.json()
-    api_key = api_key_info["secret"]
-
-    return api_key
diff --git a/tiled/client/context.py b/tiled/client/context.py
@@ -765,6 +765,34 @@ def show_principal(self, uuid):
             self.context.http_client.get(f"{self.base_url}/auth/principal/{uuid}")
         ).json()
 
+    def create_api_key_other_principal(
+        self, uuid, scopes=None, expires_in=None, note=None
+    ):
+        """
+        Generate a new API for another user or service.
+
+        Parameters
+        ----------
+        uuid : str
+            Identify the user or service
+        scopes : Optional[List[str]]
+            Restrict the access available to the API key by listing specific scopes.
+            By default, this will have the same access as the user.
+        expires_in : Optional[int]
+            Number of seconds until API key expires. If None,
+            it will never expire or it will have the maximum lifetime
+            allowed by the server.
+        note : Optional[str]
+            Description (for humans).
+        """
+        return handle_error(
+            self.context.http_client.post(
+                f"{self.base_url}/auth/principal/{uuid}/apikey",
+                headers={"Accept": MSGPACK_MIME_TYPE},
+                json={"scopes": scopes, "expires_in": expires_in, "note": note},
+            )
+        ).json()
+
 
 class CannotPrompt(Exception):
     pass