GH-4: Using python-inject to inject the UserRepository

pyproject.toml

@@ -8,6 +8,7 @@ dependencies = [
     "flask~=2.3.0",
     "govuk-frontend-jinja~=2.7.0",
     "gunicorn~=21.2.0",
+    "inject~=5.0.0",
     "python-dotenv~=1.0.0",
     "requests~=2.31.0"
 ]

schemes/__init__.py

@@ -1,9 +1,11 @@
 import os
 from typing import Any, Mapping
 
+import inject
 from authlib.integrations.flask_client import OAuth
 from authlib.oauth2.rfc7523 import PrivateKeyJWT
 from flask import Flask, Response, request, url_for
+from inject import Binder
 from jinja2 import ChoiceLoader, FileSystemLoader, PackageLoader, PrefixLoader
 
 from schemes import api, auth, home, start
@@ -19,10 +21,13 @@ def create_app(test_config: Mapping[str, Any] | None = None) -> Flask:
     app.config.from_prefixed_env()
     app.config.from_mapping(test_config)
 
+    inject.configure(_bindings)
+
     _configure_basic_auth(app)
     _configure_govuk_frontend(app)
     _configure_oidc(app)
-    _configure_users(app)
+    if not app.testing:
+        _configure_users()
 
     app.register_blueprint(start.bp)
     app.register_blueprint(auth.bp, url_prefix="/auth")
@@ -33,6 +38,10 @@ def create_app(test_config: Mapping[str, Any] | None = None) -> Flask:
     return app
 
 
+def _bindings(binder: Binder) -> None:
+    binder.bind(UserRepository, UserRepository())
+
+
 def _configure_basic_auth(app: Flask) -> None:
     username = app.config.get("BASIC_AUTH_USERNAME")
     password = app.config.get("BASIC_AUTH_PASSWORD")
@@ -74,11 +83,7 @@ def _configure_oidc(app: Flask) -> None:
     )
 
 
-def _configure_users(app: Flask) -> None:
-    users = UserRepository()
-
-    if not app.testing:
-        users.add(User("alex.coleman@activetravelengland.gov.uk"))
-        users.add(User("mark.hobson@activetravelengland.gov.uk"))
-
-    app.extensions["users"] = users
+def _configure_users() -> None:
+    users = inject.instance(UserRepository)
+    users.add(User("alex.coleman@activetravelengland.gov.uk"))
+    users.add(User("mark.hobson@activetravelengland.gov.uk"))

schemes/api.py

@@ -1,20 +1,21 @@
-from flask import Blueprint, Response, current_app, request
+import inject
+from flask import Blueprint, Response, request
 
 from schemes.users import User, UserRepository
 
 bp = Blueprint("api", __name__)
 
 
 @bp.route("/users", methods=["POST"])
-def add_user() -> Response:
+@inject.autoparams()
+def add_user(users: UserRepository) -> Response:
     user = User(request.get_json()["email"])
-    users: UserRepository = current_app.extensions["users"]
     users.add(user)
     return Response(status=201)
 
 
 @bp.route("/users", methods=["DELETE"])
-def clear_users() -> Response:
-    users: UserRepository = current_app.extensions["users"]
+@inject.autoparams()
+def clear_users(users: UserRepository) -> Response:
     users.clear()
     return Response(status=204)

schemes/auth.py

@@ -2,6 +2,7 @@
 from typing import Callable, ParamSpec, TypeVar
 from urllib.parse import urlencode, urlparse
 
+import inject
 from authlib.integrations.flask_client import OAuth
 from authlib.oidc.core import UserInfo
 from flask import (
@@ -21,12 +22,13 @@
 
 
 @bp.route("")
-def callback() -> BaseResponse:
+@inject.autoparams()
+def callback(users: UserRepository) -> BaseResponse:
     oauth = _get_oauth()
     token = oauth.govuk.authorize_access_token()
     user = oauth.govuk.userinfo(token=token)
 
-    if not _is_authorized(user):
+    if not _is_authorized(users, user):
         return redirect(url_for("auth.unauthorized"))
 
     session["user"] = user
@@ -69,8 +71,7 @@ def decorated_function(*args: P.args, **kwargs: P.kwargs) -> T | Response:
     return decorated_function
 
 
-def _is_authorized(user: UserInfo) -> bool:
-    users: UserRepository = current_app.extensions["users"]
+def _is_authorized(users: UserRepository, user: UserInfo) -> bool:
     return users.get(user["email"]) is not None
 
 

tests/e2e/conftest.py

@@ -4,6 +4,7 @@
 import sys
 from typing import Any, Generator
 
+import inject
 import pytest
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.asymmetric import rsa
@@ -54,6 +55,7 @@ def app_fixture(oidc_server: LiveServer) -> Generator[Flask, Any, Any]:
         )
     )
     yield app
+    inject.clear()
     oidc_client.clear_clients()
 
 

tests/integration/conftest.py

@@ -1,5 +1,6 @@
-from typing import Any, Mapping
+from typing import Any, Generator, Mapping
 
+import inject
 import pytest
 from flask import Flask
 from flask.testing import FlaskClient
@@ -22,8 +23,9 @@ def config_fixture() -> Mapping[str, Any]:
 
 
 @pytest.fixture(name="app")
-def app_fixture(config: Mapping[str, Any]) -> Flask:
-    return create_app(config)
+def app_fixture(config: Mapping[str, Any]) -> Generator[Flask, Any, Any]:
+    yield create_app(config)
+    inject.clear()
 
 
 @pytest.fixture(name="client")

tests/integration/test_api.py

@@ -1,26 +1,31 @@
 from typing import Any, Mapping
 
+import inject
 import pytest
-from flask import current_app
 from flask.testing import FlaskClient
 
-from schemes.users import User
+from schemes.users import User, UserRepository
 
 
-def test_add_user(client: FlaskClient) -> None:
+@pytest.fixture(name="users")
+def users_fixture() -> UserRepository:
+    return inject.instance(UserRepository)
+
+
+def test_add_user(users: UserRepository, client: FlaskClient) -> None:
     response = client.post("/api/users", json={"email": "boardman@example.com"})
 
     assert response.status_code == 201
-    assert current_app.extensions["users"].get("boardman@example.com")
+    assert users.get("boardman@example.com")
 
 
-def test_clear_users(client: FlaskClient) -> None:
-    current_app.extensions["users"].add(User("boardman@example.com"))
+def test_clear_users(users: UserRepository, client: FlaskClient) -> None:
+    users.add(User("boardman@example.com"))
 
     response = client.delete("/api/users")
 
     assert response.status_code == 204
-    assert not current_app.extensions["users"].get_all()
+    assert not users.get_all()
 
 
 class TestProduction:

tests/integration/test_auth.py

@@ -1,13 +1,14 @@
 from typing import Any, Mapping
 from unittest.mock import Mock
 
+import inject
 import pytest
 from authlib.integrations.flask_client import OAuth
 from authlib.oidc.core import UserInfo
 from flask import current_app, session
 from flask.testing import FlaskClient
 
-from schemes.users import User
+from schemes.users import User, UserRepository
 from tests.integration.pages import UnauthorizedPage
 
 
@@ -16,8 +17,13 @@ def config_fixture(config: Mapping[str, Any]) -> Mapping[str, Any]:
     return config | {"GOVUK_END_SESSION_ENDPOINT": "https://example.com/logout"}
 
 
-def test_callback_logs_in(client: FlaskClient) -> None:
-    current_app.extensions["users"].add(User("boardman@example.com"))
+@pytest.fixture(name="users")
+def users_fixture() -> UserRepository:
+    return inject.instance(UserRepository)
+
+
+def test_callback_logs_in(users: UserRepository, client: FlaskClient) -> None:
+    users.add(User("boardman@example.com"))
     _given_oidc_returns_token_response({"id_token": "jwt"})
     _given_oidc_returns_user_info(UserInfo({"email": "boardman@example.com"}))
 
@@ -27,8 +33,8 @@ def test_callback_logs_in(client: FlaskClient) -> None:
         assert session["user"] == UserInfo({"email": "boardman@example.com"}) and session["id_token"] == "jwt"
 
 
-def test_callback_redirects_to_home(client: FlaskClient) -> None:
-    current_app.extensions["users"].add(User("boardman@example.com"))
+def test_callback_redirects_to_home(users: UserRepository, client: FlaskClient) -> None:
+    users.add(User("boardman@example.com"))
     _given_oidc_returns_token_response({"id_token": "jwt"})
     _given_oidc_returns_user_info(UserInfo({"email": "boardman@example.com"}))
 
@@ -37,8 +43,8 @@ def test_callback_redirects_to_home(client: FlaskClient) -> None:
     assert response.status_code == 302 and response.location == "/home"
 
 
-def test_callback_when_unauthorized_redirects_to_unauthorized(client: FlaskClient) -> None:
-    current_app.extensions["users"].add(User("boardman@example.com"))
+def test_callback_when_unauthorized_redirects_to_unauthorized(users: UserRepository, client: FlaskClient) -> None:
+    users.add(User("boardman@example.com"))
     _given_oidc_returns_token_response({"id_token": "jwt"})
     _given_oidc_returns_user_info(UserInfo({"email": "obree@example.com"}))