@@ -38,6 +38,17 @@ class TestUserRoles:
3838 ),
3939 id = "User role sent in header (no in id token, multiple in user info)" ,
4040 ),
41+ pytest .param (
42+ {"NHSD-Session-URID" : "656014452101" },
43+ marks = pytest .mark .nhsd_apim_authorization (
44+ access = "healthcare_worker" ,
45+ level = "aal3" ,
46+ login_form = {"username" : "656005750104" },
47+ authentication = "separate" ,
48+ force_new_token = True ,
49+ ),
50+ id = "CIS2 separate: User role sent in header" ,
51+ ),
4152 ],
4253 )
4354 def test_user_role_happy_path (
@@ -109,26 +120,6 @@ def test_user_role_happy_path(
109120 ),
110121 id = "Invalid role in header" ,
111122 ),
112- ],
113- )
114- def test_user_role_unhappy_path (
115- self ,
116- nhsd_apim_proxy_url ,
117- nhsd_apim_auth_headers ,
118- additional_headers ,
119- error_description ,
120- ):
121- resp = requests .get (
122- url = f"{ nhsd_apim_proxy_url } ,
123- headers = {** nhsd_apim_auth_headers , ** additional_headers },
124- )
125-
126- assert resp .status_code == 400
127- assert resp .text == error_description
128-
129- @pytest .mark .parametrize (
130- "additional_headers,error_description" ,
131- [
132123 pytest .param (
133124 {},
134125 "selected_roleid is missing in your token" ,
@@ -151,57 +142,9 @@ def test_user_role_unhappy_path(
151142 ),
152143 id = "NHS Login combined: Can't use header to fetch from userinfo" ,
153144 ),
154- pytest .param (
155- {},
156- "selected_roleid is missing in your token" ,
157- marks = pytest .mark .nhsd_apim_authorization (
158- access = "patient" ,
159- level = "P9" ,
160- login_form = {"username" : "9912003071" },
161- authentication = "separate" ,
162- force_new_token = True ,
163- ),
164- id = "NHS Login separate: Role can't be used from token" ,
165- ),
166- pytest .param (
167- {"NHSD-Session-URID" : "9912003071" },
168- "unable to retrieve user info" ,
169- marks = pytest .mark .nhsd_apim_authorization (
170- access = "patient" ,
171- level = "P9" ,
172- login_form = {"username" : "9912003071" },
173- authentication = "separate" ,
174- force_new_token = True ,
175- ),
176- id = "NHS Login separate: Can't use header to fetch from userinfo" ,
177- ),
178- pytest .param (
179- {},
180- "selected_roleid is missing in your token" ,
181- marks = pytest .mark .nhsd_apim_authorization (
182- access = "healthcare_worker" ,
183- level = "aal3" ,
184- login_form = {"username" : "656005750104" },
185- authentication = "separate" ,
186- force_new_token = True ,
187- ),
188- id = "CIS2 separate: Role can't be used from token" ,
189- ),
190- pytest .param (
191- {"NHSD-Session-URID" : "656005750104" },
192- "unable to retrieve user info" ,
193- marks = pytest .mark .nhsd_apim_authorization (
194- access = "healthcare_worker" ,
195- level = "aal3" ,
196- login_form = {"username" : "656005750104" },
197- authentication = "separate" ,
198- force_new_token = True ,
199- ),
200- id = "CIS2 separate: Can't use header to fetch from userinfo" ,
201- ),
202145 ],
203146 )
204- def test_error_when_not_cis2_combined_auth (
147+ def test_user_role_unhappy_path (
205148 self ,
206149 nhsd_apim_proxy_url ,
207150 nhsd_apim_auth_headers ,
0 commit comments