Skip tests that fail with auth emulator

Author: muru

integration/test_auth.py

@@ -15,6 +15,7 @@
 """Integration tests for firebase_admin.auth module."""
 import base64
 import datetime
+import os
 import random
 import string
 import time
@@ -32,11 +33,18 @@
 from firebase_admin import credentials
 
 
-_verify_token_url = 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken'
-_verify_password_url = 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword'
-_password_reset_url = 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/resetPassword'
-_verify_email_url = 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/setAccountInfo'
-_email_sign_in_url = 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/emailLinkSignin'
+_EMULATOR_HOST_ENV_VAR = 'FIREBASE_AUTH_EMULATOR_HOST'
+URL_PREFIX = 'https://www.googleapis.com/identitytoolkit'
+
+emulator_host = os.getenv(_EMULATOR_HOST_ENV_VAR)
+if emulator_host:
+    URL_PREFIX = 'http://{0}/www.googleapis.com/identitytoolkit'.format(emulator_host)
+
+_verify_token_url = '{0}/v3/relyingparty/verifyCustomToken'.format(URL_PREFIX)
+_verify_password_url = '{0}/v3/relyingparty/verifyPassword'.format(URL_PREFIX)
+_password_reset_url = '{0}/v3/relyingparty/resetPassword'.format(URL_PREFIX)
+_verify_email_url = '{0}/v3/relyingparty/setAccountInfo'.format(URL_PREFIX)
+_email_sign_in_url = '{0}/v3/relyingparty/emailLinkSignin'.format(URL_PREFIX)
 
 ACTION_LINK_CONTINUE_URL = 'http://localhost?a=1&b=5#f=1'
 
@@ -123,6 +131,8 @@ def test_custom_token(api_key):
     assert claims['uid'] == 'user1'
 
 def test_custom_token_without_service_account(api_key):
+    if emulator_host:
+        pytest.skip("Not supported with auth emulator")
     google_cred = firebase_admin.get_app().credential.get_credential()
     cred = CredentialWrapper.from_existing_credential(google_cred)
     custom_app = firebase_admin.initialize_app(cred, {
@@ -427,7 +437,8 @@ def test_create_user(new_user):
     assert user.disabled is False
     assert user.custom_claims is None
     assert user.user_metadata.creation_timestamp > 0
-    assert user.user_metadata.last_sign_in_timestamp is None
+    if not emulator_host:
+        assert user.user_metadata.last_sign_in_timestamp is None
     assert len(user.provider_data) == 0
     with pytest.raises(auth.UidAlreadyExistsError):
         auth.create_user(uid=new_user.uid)
@@ -560,6 +571,9 @@ def test_verify_id_token_revoked(new_user, api_key):
     # verify_id_token succeeded because it didn't check revoked.
     assert claims['iat'] * 1000 < user.tokens_valid_after_timestamp
 
+    if emulator_host:
+        pytest.skip("Not supported with auth emulator")
+
     with pytest.raises(auth.RevokedIdTokenError) as excinfo:
         claims = auth.verify_id_token(id_token, check_revoked=True)
     assert str(excinfo.value) == 'The Firebase ID token has been revoked.'
@@ -604,6 +618,8 @@ def test_import_users():
         auth.delete_user(uid)
 
 def test_import_users_with_password(api_key):
+    if emulator_host:
+        pytest.skip("Not supported with auth emulator")
     uid, email = _random_id()
     password_hash = base64.b64decode(
         'V358E8LdWJXAO7muq0CufVpEOXaj8aFiC7T/rcaGieN04q/ZPJ08WhJEHGjj9lz/2TT+/86N5VjVoc5DdBhBiw==')
@@ -687,6 +703,8 @@ def oidc_provider():
 
 
 def test_create_oidc_provider_config(oidc_provider):
+    if emulator_host:
+        pytest.skip("Not supported with auth emulator")
     assert isinstance(oidc_provider, auth.OIDCProviderConfig)
     assert oidc_provider.client_id == 'OIDC_CLIENT_ID'
     assert oidc_provider.issuer == 'https://oidc.com/issuer'
@@ -695,6 +713,8 @@ def test_create_oidc_provider_config(oidc_provider):
 
 
 def test_get_oidc_provider_config(oidc_provider):
+    if emulator_host:
+        pytest.skip("Not supported with auth emulator")
     provider_config = auth.get_oidc_provider_config(oidc_provider.provider_id)
     assert isinstance(provider_config, auth.OIDCProviderConfig)
     assert provider_config.provider_id == oidc_provider.provider_id
@@ -705,6 +725,8 @@ def test_get_oidc_provider_config(oidc_provider):
 
 
 def test_list_oidc_provider_configs(oidc_provider):
+    if emulator_host:
+        pytest.skip("Not supported with auth emulator")
     page = auth.list_oidc_provider_configs()
     result = None
     for provider_config in page.iterate_all():
@@ -716,6 +738,8 @@ def test_list_oidc_provider_configs(oidc_provider):
 
 
 def test_update_oidc_provider_config():
+    if emulator_host:
+        pytest.skip("Not supported with auth emulator")
     provider_config = _create_oidc_provider_config()
     try:
         provider_config = auth.update_oidc_provider_config(
@@ -733,6 +757,8 @@ def test_update_oidc_provider_config():
 
 
 def test_delete_oidc_provider_config():
+    if emulator_host:
+        pytest.skip("Not supported with auth emulator")
     provider_config = _create_oidc_provider_config()
     auth.delete_oidc_provider_config(provider_config.provider_id)
     with pytest.raises(auth.ConfigurationNotFoundError):
@@ -747,6 +773,8 @@ def saml_provider():
 
 
 def test_create_saml_provider_config(saml_provider):
+    if emulator_host:
+        pytest.skip("Not supported with auth emulator")
     assert isinstance(saml_provider, auth.SAMLProviderConfig)
     assert saml_provider.idp_entity_id == 'IDP_ENTITY_ID'
     assert saml_provider.sso_url == 'https://example.com/login'
@@ -758,6 +786,8 @@ def test_create_saml_provider_config(saml_provider):
 
 
 def test_get_saml_provider_config(saml_provider):
+    if emulator_host:
+        pytest.skip("Not supported with auth emulator")
     provider_config = auth.get_saml_provider_config(saml_provider.provider_id)
     assert isinstance(provider_config, auth.SAMLProviderConfig)
     assert provider_config.provider_id == saml_provider.provider_id
@@ -771,6 +801,8 @@ def test_get_saml_provider_config(saml_provider):
 
 
 def test_list_saml_provider_configs(saml_provider):
+    if emulator_host:
+        pytest.skip("Not supported with auth emulator")
     page = auth.list_saml_provider_configs()
     result = None
     for provider_config in page.iterate_all():
@@ -782,6 +814,8 @@ def test_list_saml_provider_configs(saml_provider):
 
 
 def test_update_saml_provider_config():
+    if emulator_host:
+        pytest.skip("Not supported with auth emulator")
     provider_config = _create_saml_provider_config()
     try:
         provider_config = auth.update_saml_provider_config(
@@ -806,13 +840,17 @@ def test_update_saml_provider_config():
 
 
 def test_delete_saml_provider_config():
+    if emulator_host:
+        pytest.skip("Not supported with auth emulator")
     provider_config = _create_saml_provider_config()
     auth.delete_saml_provider_config(provider_config.provider_id)
     with pytest.raises(auth.ConfigurationNotFoundError):
         auth.get_saml_provider_config(provider_config.provider_id)
 
 
 def _create_oidc_provider_config():
+    if emulator_host:
+        pytest.skip("Not supported with auth emulator")
     provider_id = 'oidc.{0}'.format(_random_string())
     return auth.create_oidc_provider_config(
         provider_id=provider_id,
@@ -823,6 +861,8 @@ def _create_oidc_provider_config():
 
 
 def _create_saml_provider_config():
+    if emulator_host:
+        pytest.skip("Not supported with auth emulator")
     provider_id = 'saml.{0}'.format(_random_string())
     return auth.create_saml_provider_config(
         provider_id=provider_id,

tests/test_token_gen.py

@@ -29,6 +29,7 @@
 
 import firebase_admin
 from firebase_admin import auth
+from firebase_admin import _auth_utils
 from firebase_admin import credentials
 from firebase_admin import exceptions
 from firebase_admin import _token_gen
@@ -219,6 +220,8 @@ class TestCreateCustomToken:
 
     @pytest.mark.parametrize('values', valid_args.values(), ids=list(valid_args))
     def test_valid_params(self, auth_app, values):
+        if _auth_utils.is_emulated():
+            pytest.skip("Not supported with auth emulator")
         user, claims = values
         custom_token = auth.create_custom_token(user, claims, app=auth_app)
         verify_custom_token(custom_token, claims)
@@ -230,10 +233,14 @@ def test_invalid_params(self, auth_app, values):
             auth.create_custom_token(user, claims, app=auth_app)
 
     def test_noncert_credential(self, user_mgt_app):
+        if _auth_utils.is_emulated():
+            pytest.skip("Not supported with auth emulator")
         with pytest.raises(ValueError):
             auth.create_custom_token(MOCK_UID, app=user_mgt_app)
 
     def test_sign_with_iam(self):
+        if _auth_utils.is_emulated():
+            pytest.skip("Not supported with auth emulator")
         options = {'serviceAccountId': 'test-service-account', 'projectId': 'mock-project-id'}
         app = firebase_admin.initialize_app(
             testutils.MockCredential(), name='iam-signer-app', options=options)
@@ -248,6 +255,8 @@ def test_sign_with_iam(self):
             firebase_admin.delete_app(app)
 
     def test_sign_with_iam_error(self):
+        if _auth_utils.is_emulated():
+            pytest.skip("Not supported with auth emulator")
         options = {'serviceAccountId': 'test-service-account', 'projectId': 'mock-project-id'}
         app = firebase_admin.initialize_app(
             testutils.MockCredential(), name='iam-signer-app', options=options)
@@ -264,6 +273,8 @@ def test_sign_with_iam_error(self):
             firebase_admin.delete_app(app)
 
     def test_sign_with_discovered_service_account(self):
+        if _auth_utils.is_emulated():
+            pytest.skip("Not supported with auth emulator")
         request = testutils.MockRequest(200, 'discovered-service-account')
         options = {'projectId': 'mock-project-id'}
         app = firebase_admin.initialize_app(testutils.MockCredential(), name='iam-signer-app',
@@ -287,6 +298,8 @@ def test_sign_with_discovered_service_account(self):
             firebase_admin.delete_app(app)
 
     def test_sign_with_discovery_failure(self):
+        if _auth_utils.is_emulated():
+            pytest.skip("Not supported with auth emulator")
         request = testutils.MockFailedRequest(Exception('test error'))
         options = {'projectId': 'mock-project-id'}
         app = firebase_admin.initialize_app(testutils.MockCredential(), name='iam-signer-app',
@@ -431,6 +444,8 @@ def test_valid_token_check_revoked(self, user_mgt_app, id_token):
 
     @pytest.mark.parametrize('id_token', valid_tokens.values(), ids=list(valid_tokens))
     def test_revoked_token_check_revoked(self, user_mgt_app, revoked_tokens, id_token):
+        if _auth_utils.is_emulated():
+            pytest.skip("Not supported with auth emulator")
         _overwrite_cert_request(user_mgt_app, MOCK_REQUEST)
         _instrument_user_manager(user_mgt_app, 200, revoked_tokens)
         with pytest.raises(auth.RevokedIdTokenError) as excinfo:
@@ -460,13 +475,18 @@ def test_invalid_arg(self, user_mgt_app, id_token):
 
     @pytest.mark.parametrize('id_token', invalid_tokens.values(), ids=list(invalid_tokens))
     def test_invalid_token(self, user_mgt_app, id_token):
+        if _auth_utils.is_emulated():
+            pytest.skip("Not supported with auth emulator")
         _overwrite_cert_request(user_mgt_app, MOCK_REQUEST)
         with pytest.raises(auth.InvalidIdTokenError) as excinfo:
             auth.verify_id_token(id_token, app=user_mgt_app)
         assert isinstance(excinfo.value, exceptions.InvalidArgumentError)
         assert excinfo.value.http_response is None
 
     def test_expired_token(self, user_mgt_app):
+        if _auth_utils.is_emulated():
+            pytest.skip("Not supported with auth emulator")
+        _overwrite_cert_request(user_mgt_app, MOCK_REQUEST)
         _overwrite_cert_request(user_mgt_app, MOCK_REQUEST)
         id_token = self.invalid_tokens['ExpiredToken']
         with pytest.raises(auth.ExpiredIdTokenError) as excinfo:
@@ -505,6 +525,8 @@ def test_custom_token(self, auth_app):
         assert str(excinfo.value) == message
 
     def test_certificate_request_failure(self, user_mgt_app):
+        if _auth_utils.is_emulated():
+            pytest.skip("Not supported with auth emulator")
         _overwrite_cert_request(user_mgt_app, testutils.MockRequest(404, 'not found'))
         with pytest.raises(auth.CertificateFetchError) as excinfo:
             auth.verify_id_token(TEST_ID_TOKEN, app=user_mgt_app)
@@ -580,13 +602,17 @@ def test_invalid_args(self, user_mgt_app, cookie):
 
     @pytest.mark.parametrize('cookie', invalid_cookies.values(), ids=list(invalid_cookies))
     def test_invalid_cookie(self, user_mgt_app, cookie):
+        if _auth_utils.is_emulated():
+            pytest.skip("Not supported with auth emulator")
         _overwrite_cert_request(user_mgt_app, MOCK_REQUEST)
         with pytest.raises(auth.InvalidSessionCookieError) as excinfo:
             auth.verify_session_cookie(cookie, app=user_mgt_app)
         assert isinstance(excinfo.value, exceptions.InvalidArgumentError)
         assert excinfo.value.http_response is None
 
     def test_expired_cookie(self, user_mgt_app):
+        if _auth_utils.is_emulated():
+            pytest.skip("Not supported with auth emulator")
         _overwrite_cert_request(user_mgt_app, MOCK_REQUEST)
         cookie = self.invalid_cookies['ExpiredCookie']
         with pytest.raises(auth.ExpiredSessionCookieError) as excinfo:
@@ -620,6 +646,8 @@ def test_custom_token(self, auth_app):
             auth.verify_session_cookie(custom_token, app=auth_app)
 
     def test_certificate_request_failure(self, user_mgt_app):
+        if _auth_utils.is_emulated():
+            pytest.skip("Not supported with auth emulator")
         _overwrite_cert_request(user_mgt_app, testutils.MockRequest(404, 'not found'))
         with pytest.raises(auth.CertificateFetchError) as excinfo:
             auth.verify_session_cookie(TEST_SESSION_COOKIE, app=user_mgt_app)
@@ -632,6 +660,8 @@ def test_certificate_request_failure(self, user_mgt_app):
 class TestCertificateCaching:
 
     def test_certificate_caching(self, user_mgt_app, httpserver):
+        if _auth_utils.is_emulated():
+            pytest.skip("Not supported with auth emulator")
         httpserver.serve_content(MOCK_PUBLIC_CERTS, 200, headers={'Cache-Control': 'max-age=3600'})
         verifier = _token_gen.TokenVerifier(user_mgt_app)
         verifier.cookie_verifier.cert_url = httpserver.url