pytest-nhsd-apim 4.0.1__tar.gz → 5.0.2__tar.gz

{pytest_nhsd_apim-4.0.1 → pytest_nhsd_apim-5.0.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pytest-nhsd-apim
-Version: 4.0.1
+Version: 5.0.2
 Summary: Pytest plugin accessing NHSDigital's APIM proxies
 Home-page: https://github.com/NHSDigital/pytest-nhsd-apim
 Author: Adrian Ciobanita
@@ -13,7 +13,7 @@ Requires-Python: >=3.8
 Description-Content-Type: text/markdown
 Requires-Dist: Authlib==1.3.1
 Requires-Dist: cryptography==42.0.0
-Requires-Dist: lxml==4.9.1
+Requires-Dist: lxml==5.3.1
 Requires-Dist: pycryptodome==3.20.0
 Requires-Dist: PyJWT==2.8.0
 Requires-Dist: pyotp==2.9.0

{pytest_nhsd_apim-4.0.1 → pytest_nhsd_apim-5.0.2}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "pytest-nhsd-apim"
-version = "4.0.1"
+version = "5.0.2"
 description = "Pytest plugin accessing NHSDigital's APIM proxies"
 authors = ["Adrian Ciobanita <adrian.ciobanita1@nhs.net>", "Alex Carrie <alexander.carrie1@nhs.net>", "Lucas Fantini <lucas.fantini@nhs.net>"]
 maintainers = ["Alex Carrie <alexander.carrie1@nhs.net>", "Alex Hawdon <alex.hawdon1@nhs.net"]
@@ -12,7 +12,7 @@ license = "MIT"
 [tool.poetry.dependencies]
 Authlib = "^1.3.1"
 cryptography = ">42.0.0"
-lxml = "^4.9.1"
+lxml = "^5.3.1"
 python = "^3.8"
 pycryptodome = "^3.20.0"
 PyJWT = "^2.8.0"

{pytest_nhsd_apim-4.0.1 → pytest_nhsd_apim-5.0.2}/src/pytest_nhsd_apim/apigee_edge.py

@@ -5,6 +5,7 @@ This includes app setup/teardown, getting proxy info (proxy-under-test
 + identity-service of choice), getting products, registering them with
 the test app.
 """
+
 import functools
 import warnings
 from datetime import datetime
@@ -22,7 +23,7 @@ from .apigee_apis import (
     DebugSessionsAPI,
     AccessTokensAPI,
     ApiProductsAPI,
-    DeveloperAppsAPI
+    DeveloperAppsAPI,
 )
 
 APIGEE_BASE_URL = "https://api.enterprise.apigee.com/v1/"
@@ -48,6 +49,7 @@ def _apigee_app_base_url(nhsd_apim_config):
     url = APIGEE_BASE_URL + f"organizations/{org}/developers/{dev}/apps"
     return url
 
+
 @pytest.fixture(scope="session")
 @log_method
 def _apigee_app_base_url_no_dev(nhsd_apim_config):
@@ -55,6 +57,7 @@ def _apigee_app_base_url_no_dev(nhsd_apim_config):
     url = APIGEE_BASE_URL + f"organizations/{org}/apps"
     return url
 
+
 @functools.lru_cache(maxsize=None)
 @log_method
 def _get_proxy_json(session, nhsd_apim_proxy_url):
@@ -62,8 +65,8 @@ def _get_proxy_json(session, nhsd_apim_proxy_url):
     Query the apigee edge API to get data about the desired proxy, in particular its current deployment.
     """
     deployment_err_msg = (
-        "\n\tFailed to retrieve the proxy deployment data. " +
-        "Please check the validity of the APIGEE credentials and token as well as any headers."
+        "\n\tFailed to retrieve the proxy deployment data. "
+        + "Please check the validity of the APIGEE credentials and token as well as any headers."
     )
     deployment_resp = session.get(f"{nhsd_apim_proxy_url}/deployments")
     assert deployment_resp.status_code == 200, deployment_err_msg.format(deployment_resp.content)
@@ -283,7 +286,9 @@ _TEST_APP = None
 
 @pytest.fixture(scope="session")
 @log_method
-def nhsd_apim_test_app(_create_test_app, _apigee_edge_session, _apigee_app_base_url, _apigee_app_base_url_no_dev, _test_app_id) -> Callable:
+def nhsd_apim_test_app(
+    _create_test_app, _apigee_edge_session, _apigee_app_base_url, _apigee_app_base_url_no_dev, _test_app_id
+) -> Callable:
     """
     A Callable that gets you the current state of the test app.
     """
@@ -314,7 +319,7 @@ def nhsd_apim_test_app(_create_test_app, _apigee_edge_session, _apigee_app_base_
             return _TEST_APP
         if _test_app_id:
             resp = _apigee_edge_session.get(_apigee_app_base_url_no_dev + "/" + _test_app_id)
-        else: 
+        else:
             resp = _apigee_edge_session.get(_apigee_app_base_url + "/" + _create_test_app["name"])
         _TEST_APP = resp.json()
         return _TEST_APP
@@ -468,7 +473,7 @@ def _create_test_app(
     else:
         app = {
             "name": f"apim-auto-{uuid4()}",
-            "callbackUrl": "https://example.org/callback",
+            "callbackUrl": "https://google.com/callback",
             "attributes": [{"name": "jwks-resource-url", "value": jwt_public_key_url}],
         }
         create_resp = _apigee_edge_session.post(_apigee_app_base_url, json=app)
@@ -512,7 +517,7 @@ def _create_function_scoped_test_app(
     else:
         app = {
             "name": f"apim-auto-{uuid4()}",
-            "callbackUrl": "https://example.org/callback",
+            "callbackUrl": "https://google.com/callback",
             "attributes": [{"name": "jwks-resource-url", "value": jwt_public_key_url}],
         }
         create_resp = _apigee_edge_session.post(_apigee_app_base_url, json=app)
@@ -538,6 +543,7 @@ def _test_app_callback_url(_create_test_app):
 def _test_app_id(nhsd_apim_config):
     return nhsd_apim_config["APIGEE_APP_ID"]
 
+
 @pytest.fixture()
 @log_method
 def trace(_apigee_proxy):
@@ -545,15 +551,16 @@ def trace(_apigee_proxy):
     Authenticated wrapper around the DebugSessionsAPI class
     """
     config = ApigeeNonProdCredentials()
-    client =  ApigeeClient(config=config)
+    client = ApigeeClient(config=config)
     debug = DebugSessionsAPI(
         client=client,
         env_name=_apigee_proxy["environment"],
         api_name=_apigee_proxy["name"],
-        revision_number=_apigee_proxy["revision"]
+        revision_number=_apigee_proxy["revision"],
     )
     return debug
 
+
 @pytest.fixture(scope="session")
 @log_method
 def access_token_api():
@@ -575,6 +582,7 @@ def products_api():
     client = ApigeeClient(config=config)
     return ApiProductsAPI(client=client)
 
+
 @pytest.fixture(scope="session")
 @log_method
 def developer_apps_api():
@@ -585,6 +593,7 @@ def developer_apps_api():
     client = ApigeeClient(config=config)
     return DeveloperAppsAPI(client=client)
 
+
 @pytest.fixture(scope="session")
 @log_method
 def developer_app_keys_api():

{pytest_nhsd_apim-4.0.1 → pytest_nhsd_apim-5.0.2}/src/pytest_nhsd_apim/identity_service.py

@@ -1,8 +1,8 @@
 """
 This is a self-contained wrapper for a bunch of authentication
-methods in APIM. NOT ONLY the identity service is taken into 
-account in here, you will also find authenticators for keycloak 
-and more... Feel free to keep adding authenticators here and 
+methods in APIM. NOT ONLY the identity service is taken into
+account in here, you will also find authenticators for keycloak
+and more... Feel free to keep adding authenticators here and
 maybe move this file to its own library.
 """
 
@@ -20,6 +20,7 @@ from typing_extensions import Annotated
 
 HttpUrlString = Annotated[HttpUrl, AfterValidator(lambda v: str(v))]
 
+
 #### Config models
 class KeycloakConfig(BaseModel):
     """Basic Keycloak config"""
@@ -55,7 +56,7 @@ class KeycloakConfig(BaseModel):
 class KeycloakUserConfig(KeycloakConfig):
     client_id: str
     client_secret: str
-    redirect_uri: HttpUrlString = "https://example.org"
+    redirect_uri: HttpUrlString = "https://google.com"
     login_form: dict
 
 
@@ -92,9 +93,7 @@ class AuthorizationCodeConfig(BaseModel):
     @validator("environment")
     def validate_environment(cls, environment):
         if environment == "prod":
-            raise ValueError(
-                f"We dont support testing in the production environment"
-            )
+            raise ValueError(f"We dont support testing in the production environment")
         return environment
 
 
@@ -136,9 +135,7 @@ class ClientCredentialsConfig(BaseModel):
             "exp": int(time()) + 300,  # 5 minutes in the future
         }
         additional_headers = {"kid": self.jwt_kid}
-        client_assertion = jwt.encode(
-            claims, self.jwt_private_key, algorithm="RS512", headers=additional_headers
-        )
+        client_assertion = jwt.encode(claims, self.jwt_private_key, algorithm="RS512", headers=additional_headers)
         return client_assertion
 
 
@@ -150,6 +147,7 @@ class TokenExchangeConfig(ClientCredentialsConfig):
 class KeycloakSignedJWTConfig:
     pass
 
+
 # currently only targets AOS environment
 class NHSLoginConfig(BaseModel):
     """Config needed to authenticate using NHS Login"""
@@ -159,7 +157,7 @@ class NHSLoginConfig(BaseModel):
         self.nhs_login_base_url = openid_config["issuer"]
 
         well_known_jwks: list = requests.get(openid_config["jwks_uri"]).json()
-        well_known_key = well_known_jwks['keys'].pop()
+        well_known_key = well_known_jwks["keys"].pop()
         self.jwt_kid = well_known_key["kid"]
         self.alg = well_known_key["alg"]
 
@@ -184,16 +182,14 @@ class NHSLoginConfig(BaseModel):
             "exp": int(time()) + 300,  # 5 minutes in the future
         }
         additional_headers = {"kid": self.jwt_kid}
-        client_assertion = jwt.encode(
-            claims, self.jwt_private_key, algorithm=self.alg, headers=additional_headers
-        )
+        client_assertion = jwt.encode(claims, self.jwt_private_key, algorithm=self.alg, headers=additional_headers)
         return client_assertion
-    
 
 
 class BananaAuthenticatorConfig:  # Placeholder
     pass
 
+
 ### Authenticators
 class Authenticator(ABC):
     """Defines the interface"""
@@ -263,9 +259,7 @@ class AuthorizationCodeAuthenticator(Authenticator):
             },
         )
         if resp.status_code != 200:
-            raise RuntimeError(
-                f"{auth_url} request returned {resp.status_code}: {resp.text}"
-            )
+            raise RuntimeError(f"{auth_url} request returned {resp.status_code}: {resp.text}")
         return resp
 
     @staticmethod
@@ -299,9 +293,7 @@ class AuthorizationCodeAuthenticator(Authenticator):
         form_submission_data,
     ):
         form_submit_url = authorize_form.action or authorize_response.request.url
-        resp = session.request(
-            authorize_form.method, form_submit_url, data=form_submission_data
-        )
+        resp = session.request(authorize_form.method, form_submit_url, data=form_submission_data)
         # TODO: Investigate why when using the fixtures it returns 404 and when
         # using with external credentials returns 200
         # if resp.status_code != 200:
@@ -312,9 +304,7 @@ class AuthorizationCodeAuthenticator(Authenticator):
 
     @staticmethod
     def _get_auth_code_from_mock_auth(response_identity_service_login):
-        qs = urlparse(
-            response_identity_service_login.history[-1].headers["Location"]
-        ).query
+        qs = urlparse(response_identity_service_login.history[-1].headers["Location"]).query
         auth_code = parse_qs(qs)["code"]
         if isinstance(auth_code, list):
             # in case there's multiple, this was a bug at one stage
@@ -336,16 +326,12 @@ class AuthorizationCodeAuthenticator(Authenticator):
             self.config.scope,
         )
 
-        authorize_form = self._get_authorization_form(
-            authorize_response.content.decode()
-        )
+        authorize_form = self._get_authorization_form(authorize_response.content.decode())
         # 2. Parse the login page.  For keycloak this presents an
         # HTML form, which must be filled in with valid data.  The tester
         # can submits their login data with the `login_form` field.
 
-        form_submission_data = self._get_authorize_form_submission_data(
-            authorize_form, self.config.login_form
-        )
+        form_submission_data = self._get_authorize_form_submission_data(authorize_form, self.config.login_form)
 
         # form_submission_data["username"] = 656005750104
         #     # And here we inject a valid mock username for keycloak.
@@ -508,6 +494,7 @@ class NHSLoginSandpitAuthenticator(Authenticator):
 
 class NHSLoginAosAuthenticator(Authenticator):
     """Authenticates you against NHS-Login aos environment"""
+
     # This is only partially implemented. See below for usage:
     # https://nhsd-confluence.digital.nhs.uk/display/APM/KOP-085+Generating+NHS+login+ID+tokens
 

{pytest_nhsd_apim-4.0.1 → pytest_nhsd_apim-5.0.2}/src/pytest_nhsd_apim.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pytest-nhsd-apim
-Version: 4.0.1
+Version: 5.0.2
 Summary: Pytest plugin accessing NHSDigital's APIM proxies
 Home-page: https://github.com/NHSDigital/pytest-nhsd-apim
 Author: Adrian Ciobanita
@@ -13,7 +13,7 @@ Requires-Python: >=3.8
 Description-Content-Type: text/markdown
 Requires-Dist: Authlib==1.3.1
 Requires-Dist: cryptography==42.0.0
-Requires-Dist: lxml==4.9.1
+Requires-Dist: lxml==5.3.1
 Requires-Dist: pycryptodome==3.20.0
 Requires-Dist: PyJWT==2.8.0
 Requires-Dist: pyotp==2.9.0

{pytest_nhsd_apim-4.0.1 → pytest_nhsd_apim-5.0.2}/src/pytest_nhsd_apim.egg-info/requires.txt

@@ -1,6 +1,6 @@
 Authlib==1.3.1
 cryptography==42.0.0
-lxml==4.9.1
+lxml==5.3.1
 pycryptodome==3.20.0
 PyJWT==2.8.0
 pyotp==2.9.0

{pytest_nhsd_apim-4.0.1 → pytest_nhsd_apim-5.0.2}/tests/test_examples.py

@@ -3,6 +3,7 @@ Example tests that show all the features of pytest_nhsd_apim.
 
 These tests actually work!
 """
+
 import json
 import pytest
 import requests
@@ -43,9 +44,7 @@ def test_status_endpoint(nhsd_apim_proxy_url, status_endpoint_auth_headers):
     # {"apikey": "thesecretvalue"} Use it to access your proxy's
     # _status endpoint.
 
-    resp = requests.get(
-        nhsd_apim_proxy_url + "/_status", headers=status_endpoint_auth_headers
-    )
+    resp = requests.get(nhsd_apim_proxy_url + "/_status", headers=status_endpoint_auth_headers)
     status_json = resp.json()
     assert resp.status_code == 200
     assert status_json["status"] == "pass"
@@ -63,9 +62,7 @@ def test_app_level0_access(nhsd_apim_proxy_url, nhsd_apim_auth_headers):
     resp = requests.get(nhsd_apim_proxy_url + "/test-auth/app/level0")
     assert resp.status_code == 401  # unauthorized
 
-    resp = requests.get(
-        nhsd_apim_proxy_url + "/test-auth/app/level0", headers=nhsd_apim_auth_headers
-    )
+    resp = requests.get(nhsd_apim_proxy_url + "/test-auth/app/level0", headers=nhsd_apim_auth_headers)
     assert resp.status_code == 200  # authorized
 
 
@@ -81,9 +78,7 @@ def test_app_level3_access(nhsd_apim_proxy_url, nhsd_apim_auth_headers):
     resp = requests.get(nhsd_apim_proxy_url + "/test-auth/app/level3")
     assert resp.status_code == 401  # unauthorized
 
-    resp = requests.get(
-        nhsd_apim_proxy_url + "/test-auth/app/level3", headers=nhsd_apim_auth_headers
-    )
+    resp = requests.get(nhsd_apim_proxy_url + "/test-auth/app/level3", headers=nhsd_apim_auth_headers)
     assert resp.status_code == 200  # authorized
 
 
@@ -103,17 +98,13 @@ def test_app_level3_access_repeatedly(count, nhsd_apim_auth_headers):
             return "rd"
         return "th"
 
-    print(
-        f"This is the {count}{th(count)} test using the same credentials - {nhsd_apim_auth_headers}"
-    )
+    print(f"This is the {count}{th(count)} test using the same credentials - {nhsd_apim_auth_headers}")
 
 
 # If for any reason you want to override the caching
 # the force_new_token flag can be added
 @pytest.mark.parametrize(("count"), [1, 2, 3])
-@pytest.mark.nhsd_apim_authorization(
-    {"access": "application", "level": "level3", "force_new_token": True}
-)
+@pytest.mark.nhsd_apim_authorization({"access": "application", "level": "level3", "force_new_token": True})
 def test_app_level3_with_force_new_token(count, nhsd_apim_auth_headers):
     def th(i):
         if i == 1:
@@ -124,9 +115,7 @@ def test_app_level3_with_force_new_token(count, nhsd_apim_auth_headers):
             return "rd"
         return "th"
 
-    print(
-        f"This is the {count}{th(count)} test using different credentials - {nhsd_apim_auth_headers}"
-    )
+    print(f"This is the {count}{th(count)} test using different credentials - {nhsd_apim_auth_headers}")
 
 
 # You can include marks in a pytest parametrization to reduce
@@ -218,7 +207,8 @@ MOCK_CIS2_USERNAMES = {
 # Create a list of pytest.param for each combination of username and level for combined auth
 combined_auth_params = [
     pytest.param(
-        username, level,
+        username,
+        level,
         marks=pytest.mark.nhsd_apim_authorization(
             access="healthcare_worker",
             level=level,
@@ -231,9 +221,7 @@ combined_auth_params = [
 
 
 @pytest.mark.parametrize("username, level", combined_auth_params)
-def test_healthcare_worker_user_restricted_combined_auth(
-    nhsd_apim_proxy_url, nhsd_apim_auth_headers, username, level
-):
+def test_healthcare_worker_user_restricted_combined_auth(nhsd_apim_proxy_url, nhsd_apim_auth_headers, username, level):
     url = f"{nhsd_apim_proxy_url}/test-auth/nhs-cis2/{level}"
     resp0 = requests.get(url)
     assert resp0.status_code == 401
@@ -252,7 +240,8 @@ def test_healthcare_worker_user_restricted_combined_auth(
 # Create a combined list for separate authentication testing
 separate_auth_params = [
     pytest.param(
-        username, level,
+        username,
+        level,
         marks=pytest.mark.nhsd_apim_authorization(
             access="healthcare_worker",
             level=level,
@@ -266,9 +255,7 @@ separate_auth_params = [
 
 
 @pytest.mark.parametrize("username, level", separate_auth_params)
-def test_healthcare_work_user_restricted_separate_auth(
-    nhsd_apim_proxy_url, nhsd_apim_auth_headers, username, level
-):
+def test_healthcare_work_user_restricted_separate_auth(nhsd_apim_proxy_url, nhsd_apim_auth_headers, username, level):
     aal_url = f"{nhsd_apim_proxy_url}/test-auth/nhs-cis2/{level}"
     resp0 = requests.get(aal_url)
     assert resp0.status_code == 401
@@ -288,9 +275,7 @@ def test_healthcare_work_user_restricted_separate_auth(
         "authentication": "separate",
     }
 )
-def test_patient_user_restricted_separate_auth(
-    nhsd_apim_proxy_url, nhsd_apim_auth_headers
-):
+def test_patient_user_restricted_separate_auth(nhsd_apim_proxy_url, nhsd_apim_auth_headers):
     P9_url = f"{nhsd_apim_proxy_url}/test-auth/nhs-login/P9"
     resp0 = requests.get(P9_url)
     assert resp0.status_code == 401
@@ -302,25 +287,19 @@ def test_patient_user_restricted_separate_auth(
 # nhsd_apim_authorization marker.  This allows you to parameterize
 # unauthenicated access tests in the same way as authenticated API calls.
 @pytest.mark.nhsd_apim_authorization()
-def test_no_authorization_explicitly_marked(
-    nhsd_apim_proxy_url, nhsd_apim_auth_headers
-):
+def test_no_authorization_explicitly_marked(nhsd_apim_proxy_url, nhsd_apim_auth_headers):
     assert nhsd_apim_auth_headers == {}
 
 
 # You can also do it without marking, though this raises a warning.
-def test_no_authorization_with_not_explicitly_marked(
-    nhsd_apim_proxy_url, nhsd_apim_auth_headers
-):
+def test_no_authorization_with_not_explicitly_marked(nhsd_apim_proxy_url, nhsd_apim_auth_headers):
     assert nhsd_apim_auth_headers == {}
 
 
 # You can also use the authenticators directly in case you want to run the tests
 # using a specific app already available in Apigee, leaving all the marker magic
 # behind this is how you can implement the diferent authenticators
-def test_client_credentials_authenticator(
-    _test_app_credentials, _jwt_keys, apigee_environment
-):
+def test_client_credentials_authenticator(_test_app_credentials, _jwt_keys, apigee_environment):
     # 1. Set your app config
     config = ClientCredentialsConfig(
         environment=apigee_environment,
@@ -352,7 +331,7 @@ def test_authorization_code_authenticator(_test_app_credentials, apigee_environm
     config = AuthorizationCodeConfig(
         environment=apigee_environment,
         identity_service_base_url=f"https://{apigee_environment}.api.service.nhs.uk/oauth2-mock",
-        callback_url="https://example.org/callback",
+        callback_url="https://google.com/callback",
         client_id=_test_app_credentials["consumerKey"],
         client_secret=_test_app_credentials["consumerSecret"],
         scope="nhs-cis2",
@@ -439,13 +418,9 @@ def test_trace(nhsd_apim_proxy_url, nhsd_apim_auth_headers, trace):
 
     trace_ids = trace.get_transaction_data(session_name=session_name)
 
-    trace_data = trace.get_transaction_data_by_id(
-        session_name=session_name, transaction_id=trace_ids[0]
-    )
-    status_code_from_trace = trace.get_apigee_variable_from_trace(
-        name="message.status.code", data=trace_data
-    )
+    trace_data = trace.get_transaction_data_by_id(session_name=session_name, transaction_id=trace_ids[0])
+    status_code_from_trace = trace.get_apigee_variable_from_trace(name="message.status.code", data=trace_data)
 
     trace.delete_debugsession_by_name(session_name)
 
-    assert status_code_from_trace == "200"
+    assert status_code_from_trace == "200"