feat: add new config parameter to disable extension

mblackgeo · mblackgeo · commit fcafc510e80e · 2022-05-06T15:22:39.000+01:00
A new boolean parameter added that will dislable the @auth_required decorator. This is useful for local development or testing, to prevent the need for a JWT cookie from Cognito.
diff --git a/src/flask_cognito_lib/config.py b/src/flask_cognito_lib/config.py
@@ -49,6 +49,11 @@ class Config:
     CONTEXT_KEY_TOKEN_SERVICE = "aws_jwt_service"
     COOKIE_NAME = "cognito_access_token"
 
+    @property
+    def disabled(self) -> bool:
+        """Return True if Cognito Authentication is disabled"""
+        return get("AWS_COGNITO_DISABLED", required=False, default=False)
+
     @property
     def user_pool_id(self) -> str:
         """Return the Cognito user pool ID"""
diff --git a/src/flask_cognito_lib/decorators.py b/src/flask_cognito_lib/decorators.py
@@ -149,6 +149,9 @@ def auth_required(groups: Optional[Iterable[str]] = None):
     def wrapper(fn):
         @wraps(fn)
         def decorator(*args, **kwargs):
+            # return early if the extension is disabled
+            if cfg.disabled:
+                return fn(*args, **kwargs)
 
             # Try and validate the access token stored in the cookie
             try:
diff --git a/tests/test_config.py b/tests/test_config.py
@@ -17,6 +17,11 @@ def test_missing_config(app, cfg):
         print(cfg.region)
 
 
+def test_disabled(cfg):
+    """Check if extension is enabled (by default it should be)"""
+    assert not cfg.disabled
+
+
 def test_issuer(cfg):
     """Check if forms the issuer URL correctly"""
     expected = "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_c7O90SNDF"
diff --git a/tests/test_decorators.py b/tests/test_decorators.py
@@ -128,3 +128,11 @@ def test_auth_required_groups_invalid(client_with_cookie):
     # 403 as the token isn't in this group
     response = client_with_cookie.get("/invalid_group")
     assert response.status_code == 403
+
+
+def test_auth_required_extension_dislabled(client, app):
+    # Return page with 200 OK if the extension is disabled (bypass Cognito)
+    app.config["AWS_COGNITO_DISABLED"] = True
+    response = client.get("/private")
+    assert response.status_code == 200
+    assert response.data.decode("utf-8") == "ok"
