Add test for identity provider being used

The websocket test is failing as of this commit
because as pointed out in review the `_maybe_auth`
is using the default user rather the one from `IdentityProvider`

Author: krassowski

tests/base/test_handlers.py

@@ -8,7 +8,7 @@
 from tornado.httpserver import HTTPRequest
 from tornado.httputil import HTTPHeaders
 
-from jupyter_server.auth import AllowAllAuthorizer, IdentityProvider
+from jupyter_server.auth import AllowAllAuthorizer, IdentityProvider, User
 from jupyter_server.auth.decorator import allow_unauthenticated
 from jupyter_server.base.handlers import (
     APIHandler,
@@ -162,6 +162,37 @@ async def test_jupyter_handler_auth_calls_prepare(jp_serverapp, jp_fetch):
         assert mock.call_count == 1
 
 
+class IndiscriminateIdentityProvider(IdentityProvider):
+    async def get_user(self, handler):
+        return User(username="test")
+
+
+@pytest.mark.parametrize(
+    "jp_server_config", [{"ServerApp": {"allow_unauthenticated_access": False}}]
+)
+async def test_jupyter_handler_auth_respsects_identity_provider(jp_serverapp, jp_fetch):
+    app: ServerApp = jp_serverapp
+    app.web_app.add_handlers(
+        ".*$",
+        [(url_path_join(app.base_url, "no-rules"), NoAuthRulesHandler)],
+    )
+
+    def fetch():
+        return jp_fetch("no-rules", method="OPTIONS", headers={"Authorization": ""})
+
+    # If no identity provider is set the following request should fail
+    # because the default tornado user would not be found:
+    with pytest.raises(HTTPClientError) as exception:
+        await fetch()
+    assert exception.value.code == 403
+
+    iidp = IndiscriminateIdentityProvider()
+    # should allow access with the user set be the identity provider
+    with patch.dict(jp_serverapp.web_app.settings, {"identity_provider": iidp}):
+        res = await fetch()
+        assert res.code == 200
+
+
 def test_api_handler(jp_serverapp):
     app: ServerApp = jp_serverapp
     headers = HTTPHeaders({"Origin": "foo"})

tests/base/test_websocket.py

@@ -1,14 +1,15 @@
 """Test Base Websocket classes"""
 import logging
 import time
-from unittest.mock import MagicMock
+from unittest.mock import MagicMock, patch
 
 import pytest
 from tornado.httpclient import HTTPClientError
 from tornado.httpserver import HTTPRequest
 from tornado.httputil import HTTPHeaders
 from tornado.websocket import WebSocketClosedError, WebSocketHandler
 
+from jupyter_server.auth import IdentityProvider, User
 from jupyter_server.auth.decorator import allow_unauthenticated
 from jupyter_server.base.websocket import WebSocketMixin
 from jupyter_server.serverapp import ServerApp
@@ -118,3 +119,34 @@ async def test_websocket_auth_required(jp_serverapp, jp_ws_fetch):
     with pytest.raises(HTTPClientError) as exception:
         ws = await jp_ws_fetch("no-rules", headers={"Authorization": ""})
     assert exception.value.code == 403
+
+
+class IndiscriminateIdentityProvider(IdentityProvider):
+    async def get_user(self, handler):
+        return User(username="test")
+
+
+@pytest.mark.parametrize(
+    "jp_server_config", [{"ServerApp": {"allow_unauthenticated_access": False}}]
+)
+async def test_websocket_auth_respsects_identity_provider(jp_serverapp, jp_ws_fetch):
+    app: ServerApp = jp_serverapp
+    app.web_app.add_handlers(
+        ".*$",
+        [(url_path_join(app.base_url, "no-rules"), NoAuthRulesWebsocketHandler)],
+    )
+
+    def fetch():
+        return jp_ws_fetch("no-rules", headers={"Authorization": ""})
+
+    # If no identity provider is set the following request should fail
+    # because the default tornado user would not be found:
+    with pytest.raises(HTTPClientError) as exception:
+        await fetch()
+    assert exception.value.code == 403
+
+    iidp = IndiscriminateIdentityProvider()
+    # should allow access with the user set be the identity provider
+    with patch.dict(jp_serverapp.web_app.settings, {"identity_provider": iidp}):
+        res = await fetch()
+        assert res.code == 200