Fix create_access_token passing hour/minute/second (#14)

* Add tests for create_access_token CLI * Hide pydantic settings missing secrets_dir warning
dials · Jun 9, 2023 · 4095b19 · 4095b19
1 parent 075ce48
commit 4095b19
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 6 deletions.
diff --git a/src/dials_rest/cli/create_access_token.py b/src/dials_rest/cli/create_access_token.py
@@ -6,7 +6,7 @@
 from ..auth import create_access_token
 
 
-def run():
+def run(args=None):
     parser = argparse.ArgumentParser(
         "Generate an access token for the dials-rest server"
     )
@@ -17,9 +17,18 @@ def run():
         type=dateutil.parser.parse,
     )
 
-    args = parser.parse_args()
-    expires = datetime.datetime(
-        args.expiry.year, args.expiry.month, args.expiry.day, tzinfo=dateutil.tz.UTC
-    )
+    args = parser.parse_args(args=args)
+    if args.expiry:
+        expires = datetime.datetime(
+            args.expiry.year,
+            args.expiry.month,
+            args.expiry.day,
+            args.expiry.hour,
+            args.expiry.minute,
+            args.expiry.second,
+            tzinfo=dateutil.tz.UTC,
+        )
+    else:
+        expires = None
     token = create_access_token({}, expires=expires)
     print(token)
diff --git a/src/dials_rest/settings.py b/src/dials_rest/settings.py
@@ -1,9 +1,13 @@
 from __future__ import annotations
 
 from functools import lru_cache
+from pathlib import Path
 
 from pydantic import BaseSettings, Field
 
+# The pydantic secrets-reading dir, for settings secret settings from file
+SECRETS_DIR = Path("/opt/secrets")
+
 
 class Settings(BaseSettings):
     jwt_secret: str
@@ -19,4 +23,5 @@ def get():
 
     class Config:
         env_prefix = "DIALS_REST_"
-        secrets_dir = "/opt/secrets"
+        if SECRETS_DIR.is_dir():
+            secrets_dir = SECRETS_DIR
diff --git a/tests/cli/test_create_access_token.py b/tests/cli/test_create_access_token.py
@@ -0,0 +1,33 @@
+from calendar import timegm
+from datetime import datetime
+
+import jose.jwt
+from dateutil.tz import UTC
+
+
+def test_create_access_token_default_expiry_time(access_token, capsys):
+    from dials_rest import auth
+    from dials_rest.cli import create_access_token
+
+    create_access_token.run(args=[])
+    captured = capsys.readouterr()
+    token = captured.out.strip()
+    data = jose.jwt.decode(token, auth.SECRET_KEY, algorithms=[auth.ALGORITHM])
+    exp = data["exp"]
+    now = timegm(datetime.utcnow().utctimetuple())
+    assert exp - now <= auth.ACCESS_TOKEN_EXPIRE_MINUTES * 60
+
+
+def test_create_access_token_user_expiry_time(access_token, capsys):
+    from dials_rest import auth
+    from dials_rest.cli import create_access_token
+
+    now = timegm(datetime.utcnow().utctimetuple())
+    delta = 30
+    expiry = datetime.fromtimestamp(now + delta, tz=UTC)
+    create_access_token.run(args=["--expiry", expiry.isoformat()])
+    captured = capsys.readouterr()
+    token = captured.out.strip()
+    data = jose.jwt.decode(token, auth.SECRET_KEY, algorithms=[auth.ALGORITHM])
+    exp = data["exp"]
+    assert exp - now <= delta