def test_get_create_remote_token(models_fixture):
"""Test create remote token."""
app = models_fixture
existing_email = "*****@*****.**"
datastore = app.extensions['invenio-accounts'].datastore
user = datastore.find_user(email=existing_email)
t = RemoteToken.create(user.id, "dev", "mytoken", "mysecret")
assert t
assert t.token() == ('mytoken', 'mysecret')
acc = RemoteAccount.get(user.id, "dev")
assert acc
assert t.remote_account.id == acc.id
assert t.token_type == ''
t2 = RemoteToken.create(
user.id, "dev", "mytoken2", "mysecret2",
token_type='t2'
)
assert t2.remote_account.id == acc.id
assert t2.token_type == 't2'
t3 = RemoteToken.get(user.id, "dev")
t4 = RemoteToken.get(user.id, "dev", token_type="t2")
assert t4.token() != t3.token()
assert RemoteToken.query.count() == 2
acc.delete()
assert RemoteToken.query.count() == 0
def test_get_create(self):
from invenio_oauthclient.models import RemoteAccount, RemoteToken
t = RemoteToken.create(self.u1, "dev", "mytoken", "mysecret")
assert t
assert t.token() == ('mytoken', 'mysecret')
acc = RemoteAccount.get(self.u1, "dev")
assert acc
assert t.remote_account.id == acc.id
assert t.token_type == ''
t2 = RemoteToken.create(self.u1,
"dev",
"mytoken2",
"mysecret2",
token_type='t2')
assert t2.remote_account.id == acc.id
assert t2.token_type == 't2'
t3 = RemoteToken.get(self.u1, "dev")
t4 = RemoteToken.get(self.u1, "dev", token_type="t2")
assert t4.token() != t3.token()
assert RemoteToken.query.count() == 2
acc.delete()
assert RemoteToken.query.count() == 0
def test_get_create(self):
from invenio_oauthclient.models import RemoteAccount, RemoteToken
t = RemoteToken.create(self.u1, "dev", "mytoken", "mysecret")
assert t
assert t.token() == ('mytoken', 'mysecret')
acc = RemoteAccount.get(self.u1, "dev")
assert acc
assert t.remote_account.id == acc.id
assert t.token_type == ''
t2 = RemoteToken.create(
self.u1, "dev", "mytoken2", "mysecret2",
token_type='t2'
)
assert t2.remote_account.id == acc.id
assert t2.token_type == 't2'
t3 = RemoteToken.get(self.u1, "dev")
t4 = RemoteToken.get(self.u1, "dev", token_type="t2")
assert t4.token() != t3.token()
assert RemoteToken.query.count() == 2
acc.delete()
assert RemoteToken.query.count() == 0
def test_get_create_remote_token(models_fixture, example):
"""Test create remote token."""
app = models_fixture
existing_email = "*****@*****.**"
datastore = app.extensions['invenio-accounts'].datastore
user = datastore.find_user(email=existing_email)
t = RemoteToken.create(user.id, "dev", "mytoken", "mysecret")
assert t
assert t.token() == ('mytoken', 'mysecret')
acc = RemoteAccount.get(user.id, "dev")
assert acc
assert t.remote_account.id == acc.id
assert t.token_type == ''
t2 = RemoteToken.create(user.id,
"dev",
"mytoken2",
"mysecret2",
token_type='t2')
assert t2.remote_account.id == acc.id
assert t2.token_type == 't2'
t3 = RemoteToken.get(user.id, "dev")
t4 = RemoteToken.get(user.id, "dev", token_type="t2")
assert t4.token() != t3.token()
assert RemoteToken.query.count() == 2
acc.delete()
assert RemoteToken.query.count() == 0
def test_get_create_remote_token(app, example):
"""Test create remote token."""
existing_email = "*****@*****.**"
datastore = app.extensions["invenio-accounts"].datastore
user = datastore.find_user(email=existing_email)
t = RemoteToken.create(user.id, "dev", "mytoken", "mysecret")
assert t
assert t.token() == ("mytoken", "mysecret")
acc = RemoteAccount.get(user.id, "dev")
assert acc
assert t.remote_account.id == acc.id
assert t.token_type == ""
t2 = RemoteToken.create(user.id, "dev", "mytoken2", "mysecret2", token_type="t2")
assert t2.remote_account.id == acc.id
assert t2.token_type == "t2"
t3 = RemoteToken.get(user.id, "dev")
t4 = RemoteToken.get(user.id, "dev", token_type="t2")
assert t4.token() != t3.token()
assert RemoteToken.query.count() == 2
acc.delete()
assert RemoteToken.query.count() == 0
def test_get_create_remote_token(app, models_fixture):
"""Test create remote token."""
existing_email = '*****@*****.**'
datastore = app.extensions['invenio-accounts'].datastore
user = datastore.find_user(email=existing_email)
t = RemoteToken.create(user.id, 'dev', 'mytoken', 'mysecret')
assert t
assert t.token() == ('mytoken', 'mysecret')
acc = RemoteAccount.get(user.id, 'dev')
assert acc
assert t.remote_account.id == acc.id
assert t.token_type == ''
t2 = RemoteToken.create(
user.id, 'dev', 'mytoken2', 'mysecret2',
token_type='t2'
)
assert t2.remote_account.id == acc.id
assert t2.token_type == 't2'
t3 = RemoteToken.get(user.id, 'dev')
t4 = RemoteToken.get(user.id, 'dev', token_type='t2')
assert t4.token() != t3.token()
assert RemoteToken.query.count() == 2
acc.delete()
assert RemoteToken.query.count() == 0
def test_get_regression(self):
from invenio_oauthclient.models import RemoteToken
t3 = RemoteToken.create(self.u2, "dev", "mytoken", "mysecret")
t4 = RemoteToken.create(self.u3, "dev", "mytoken", "mysecret")
assert RemoteToken.get(self.u2, "dev").remote_account.user_id == t3.remote_account.user_id
assert RemoteToken.get(self.u3, "dev").remote_account.user_id == t4.remote_account.user_id
def test_get_regression(self):
from invenio_oauthclient.models import RemoteToken
t3 = RemoteToken.create(self.u2, "dev", "mytoken", "mysecret")
t4 = RemoteToken.create(self.u3, "dev", "mytoken", "mysecret")
assert RemoteToken.get(self.u2, "dev").remote_account.user_id == \
t3.remote_account.user_id
assert RemoteToken.get(self.u3, "dev").remote_account.user_id == \
t4.remote_account.user_id
def test_get_regression(app, example):
"""Test regression."""
datastore = app.extensions["invenio-accounts"].datastore
email2 = "*****@*****.**"
email3 = "*****@*****.**"
user2 = datastore.find_user(email=email2)
user3 = datastore.find_user(email=email3)
t3 = RemoteToken.create(user2.id, "dev", "mytoken", "mysecret")
t4 = RemoteToken.create(user3.id, "dev", "mytoken", "mysecret")
assert RemoteToken.get(user2.id, "dev").remote_account.user_id == t3.remote_account.user_id
assert RemoteToken.get(user3.id, "dev").remote_account.user_id == t4.remote_account.user_id
def get_api(user_id=None):
"""Get an authenticated GitHub API interface."""
if user_id:
access_token = RemoteToken.get(user_id, get_client_id()).access_token
else:
access_token = get_remote().get_request_token()[0]
return init_api(access_token)
def token_getter(remote, token=''):
"""Retrieve OAuth access token.
Used by flask-oauthlib to get the access token when making requests.
:param remote: The remote application.
:param token: Type of token to get. Data passed from ``oauth.request()`` to
identify which token to retrieve. (Default: ``''``)
:returns: The token.
"""
session_key = token_session_key(remote.name)
if session_key not in session and current_user.is_authenticated:
# Fetch key from token store if user is authenticated, and the key
# isn't already cached in the session.
remote_token = RemoteToken.get(
current_user.get_id(),
remote.consumer_key,
token_type=token,
)
if remote_token is None:
return None
# Store token and secret in session
session[session_key] = remote_token.token()
return session.get(session_key, None)
def token_setter(remote, token, secret='', token_type='', extra_data=None,
user=None):
"""Set token for user.
:param remote: The remote application.
:param token: The token to set.
:param token_type: The token type. (Default: ``''``)
:param extra_data: Extra information. (Default: ``None``)
:param user: The user owner of the remote token. If it's not defined,
the current user is used automatically. (Default: ``None``)
:returns: A :class:`invenio_oauthclient.models.RemoteToken` instance or
``None``.
"""
session[token_session_key(remote.name)] = (token, secret)
user = user or current_user
# Save token if user is not anonymous (user exists but can be not active at
# this moment)
if not user.is_anonymous:
uid = user.id
cid = remote.consumer_key
# Check for already existing token
t = RemoteToken.get(uid, cid, token_type=token_type)
if t:
t.update_token(token, secret)
else:
t = RemoteToken.create(
uid, cid, token, secret,
token_type=token_type, extra_data=extra_data
)
return t
return None
def access_token(self):
"""Return OAuth access token."""
if self.user_id:
return RemoteToken.get(
self.user_id, self.remote.consumer_key
).access_token
return self.remote.get_request_token()[0]
def build_fs(self, current_user, credentials, root=None,
callback_url=None, request=None, session=None):
"""Build google drive filesystem."""
url = url_for('oauthclient.login', remote_app='google_drive')
client_id = oauth.remote_apps['google_drive'].consumer_key
client_secret = oauth.remote_apps['google_drive'].consumer_secret
user_id = current_user.get_id()
token = RemoteToken.get(user_id, client_id)
if token is not None:
credentials = {
'access_token': token.access_token,
'client_id': client_id,
'client_secret': client_secret,
'refresh_token':
token.remote_account.extra_data.get('refresh_token'),
'token_expiry': None,
'token_uri':
'https://accounts.google.com/o/oauth2/token'
}
try:
filesystem = GoogleDriveFS(root, credentials)
filesystem.about()
return filesystem
except Exception:
raise CloudRedirectUrl(url, __name__)
else:
raise CloudRedirectUrl(url, __name__)
def token_getter(remote, token=''):
"""Retrieve OAuth access token.
Used by flask-oauthlib to get the access token when making requests.
:param remote: The remote application.
:param token: Type of token to get. Data passed from ``oauth.request()`` to
identify which token to retrieve. (Default: ``''``)
:returns: The token.
"""
session_key = token_session_key(remote.name)
if session_key not in session and current_user.is_authenticated:
# Fetch key from token store if user is authenticated, and the key
# isn't already cached in the session.
remote_token = RemoteToken.get(
current_user.get_id(),
remote.consumer_key,
token_type=token,
)
if remote_token is None:
return None
# Store token and secret in session
session[session_key] = remote_token.token()
return session.get(session_key, None)
def test_get_regression(app, example):
"""Test regression."""
datastore = app.extensions['invenio-accounts'].datastore
email2 = "*****@*****.**"
email3 = "*****@*****.**"
user2 = datastore.find_user(email=email2)
user3 = datastore.find_user(email=email3)
t3 = RemoteToken.create(user2.id, "dev", "mytoken", "mysecret")
t4 = RemoteToken.create(user3.id, "dev", "mytoken", "mysecret")
assert RemoteToken.get(user2.id, "dev").remote_account.user_id == \
t3.remote_account.user_id
assert RemoteToken.get(user3.id, "dev").remote_account.user_id == \
t4.remote_account.user_id
def test_get_regression(app, models_fixture):
"""Test regression."""
datastore = app.extensions['invenio-accounts'].datastore
email2 = '*****@*****.**'
email3 = '*****@*****.**'
user2 = datastore.find_user(email=email2)
user3 = datastore.find_user(email=email3)
t3 = RemoteToken.create(user2.id, 'dev', 'mytoken', 'mysecret')
t4 = RemoteToken.create(user3.id, 'dev', 'mytoken', 'mysecret')
assert RemoteToken.get(user2.id, 'dev').remote_account.user_id == \
t3.remote_account.user_id
assert RemoteToken.get(user3.id, 'dev').remote_account.user_id == \
t4.remote_account.user_id
def test_get_regression(models_fixture):
"""Test regression."""
app = models_fixture
datastore = app.extensions['invenio-accounts'].datastore
email2 = '*****@*****.**'
email3 = '*****@*****.**'
user2 = datastore.find_user(email=email2)
user3 = datastore.find_user(email=email3)
t3 = RemoteToken.create(user2.id, 'dev', 'mytoken', 'mysecret')
t4 = RemoteToken.create(user3.id, 'dev', 'mytoken', 'mysecret')
assert RemoteToken.get(user2.id, 'dev').remote_account.user_id == \
t3.remote_account.user_id
assert RemoteToken.get(user3.id, 'dev').remote_account.user_id == \
t4.remote_account.user_id
def session_token(self):
"""Return OAuth session token."""
session_token = None
if self.user_id is not None:
session_token = token_getter(self.remote)
if session_token:
token = RemoteToken.get(self.user_id,
self.remote.consumer_key,
access_token=session_token[0])
return token
return None
def session_token(self):
"""Return OAuth session token."""
session_token = None
if self.user_id is not None:
session_token = token_getter(self.remote)
if session_token:
token = RemoteToken.get(
self.user_id, self.remote.consumer_key,
access_token=session_token[0]
)
return token
return None
def get_token(user_id=None):
"""Retrieve token for linked GitHub account."""
session_token = None
if user_id is None:
session_token = token_getter(get_remote())
if session_token:
token = RemoteToken.get(
current_user.get_id(), get_client_id(),
access_token=session_token[0]
)
return token
return None
def test_utilities(models_fixture):
"""Test utilities."""
app = models_fixture
datastore = app.extensions['invenio-accounts'].datastore
assert obj_or_import_string('invenio_oauthclient.errors')
# User
existing_email = '*****@*****.**'
user = datastore.find_user(email=existing_email)
# Authenticate
assert not _get_external_id({})
assert not oauth_authenticate('dev', user, require_existing_link=True)
_security.confirmable = True
_security.login_without_confirmation = False
user.confirmed_at = None
assert not oauth_authenticate('dev', user)
# Tokens
t = RemoteToken.create(user.id, 'dev', 'mytoken', 'mysecret')
assert \
RemoteToken.get(user.id, 'dev', access_token='mytoken') == \
RemoteToken.get_by_token('dev', 'mytoken')
assert oauth_get_user('dev', access_token=t.access_token) == user
assert \
oauth_get_user('dev', account_info={
'user': {
'email': existing_email
}
}) == user
# Link user to external id
external_id = {'id': '123', 'method': 'test_method'}
oauth_link_external_id(user, external_id)
with pytest.raises(AlreadyLinkedError):
oauth_link_external_id(user, external_id)
assert oauth_get_user('dev',
account_info={
'external_id': external_id['id'],
'external_method': external_id['method']
}) == user
# Cleanup
oauth_unlink_external_id(external_id)
acc = RemoteAccount.get(user.id, 'dev')
acc.delete()
def test_utilities(models_fixture):
"""Test utilities."""
app = models_fixture
datastore = app.extensions['invenio-accounts'].datastore
assert obj_or_import_string('invenio_oauthclient.errors')
# User
existing_email = '*****@*****.**'
user = datastore.find_user(email=existing_email)
# Authenticate
assert not _get_external_id({})
assert not oauth_authenticate('dev', user, require_existing_link=True)
_security.confirmable = True
_security.login_without_confirmation = False
user.confirmed_at = None
assert not oauth_authenticate('dev', user)
# Tokens
t = RemoteToken.create(user.id, 'dev', 'mytoken', 'mysecret')
assert \
RemoteToken.get(user.id, 'dev', access_token='mytoken') == \
RemoteToken.get_by_token('dev', 'mytoken')
assert oauth_get_user('dev', access_token=t.access_token) == user
assert \
oauth_get_user('dev', account_info={'user': {'email': existing_email}}) == user
# Link user to external id
external_id = {'id': '123', 'method': 'test_method'}
oauth_link_external_id(user, external_id)
with pytest.raises(AlreadyLinkedError):
oauth_link_external_id(user, external_id)
assert oauth_get_user('dev',
account_info={
'external_id': external_id['id'],
'external_method': external_id['method']
}) == user
# Cleanup
oauth_unlink_external_id(external_id)
acc = RemoteAccount.get(user.id, 'dev')
acc.delete()
def disconnect(remote):
"""Disconnect callback handler for GitHub.
This is a test!
"""
# User must be authenticated
if not current_user.is_authenticated():
return current_app.login_manager.unauthorized()
token = RemoteToken.get(current_user.get_id(), remote.consumer_key)
if token:
disconnect_github.delay(remote.name, token.access_token,
token.remote_account.extra_data)
token.remote_account.delete()
return redirect(url_for('oauthclient_settings.index'))
def disconnect(remote):
"""Disconnect callback handler for GitHub.
This is a test!
"""
# User must be authenticated
if not current_user.is_authenticated():
return current_app.login_manager.unauthorized()
token = RemoteToken.get(current_user.get_id(), remote.consumer_key)
if token:
disconnect_github.delay(
remote.name, token.access_token, token.remote_account.extra_data
)
token.remote_account.delete()
return redirect(url_for('oauthclient_settings.index'))
def disconnect(remote):
"""Disconnect callback handler for GitHub."""
# User must be authenticated
if not current_user.is_authenticated:
return current_app.login_manager.unauthorized()
external_method = 'github'
external_ids = [i.id for i in current_user.external_identifiers
if i.method == external_method]
if external_ids:
oauth_unlink_external_id(dict(id=external_ids[0],
method=external_method))
user_id = current_user.get_id()
token = RemoteToken.get(user_id, remote.consumer_key)
if token:
extra_data = token.remote_account.extra_data
# Delete the token that we issued for GitHub to deliver webhooks
webhook_token_id = extra_data.get('tokens', {}).get('webhook')
ProviderToken.query.filter_by(id=webhook_token_id).delete()
# Disable GitHub webhooks from our side
db_repos = Repository.query.filter_by(user_id=user_id).all()
# Keep repositories with hooks to pass to the celery task later on
repos_with_hooks = [(r.github_id, r.hook) for r in db_repos if r.hook]
for repo in db_repos:
try:
Repository.disable(user_id=user_id,
github_id=repo.github_id,
name=repo.name)
except NoResultFound:
# If the repository doesn't exist, no action is necessary
pass
db.session.commit()
# Send Celery task for webhooks removal and token revocation
disconnect_github.delay(token.access_token, repos_with_hooks)
# Delete the RemoteAccount (along with the associated RemoteToken)
token.remote_account.delete()
return redirect(url_for('invenio_oauthclient_settings.index'))
def disconnect(remote):
"""Disconnect callback handler for GitHub."""
# User must be authenticated
if not current_user.is_authenticated:
return current_app.login_manager.unauthorized()
external_method = 'github'
external_ids = [i.id for i in current_user.external_identifiers
if i.method == external_method]
if external_ids:
oauth_unlink_external_id(dict(id=external_ids[0],
method=external_method))
user_id = int(current_user.get_id())
token = RemoteToken.get(user_id, remote.consumer_key)
if token:
extra_data = token.remote_account.extra_data
# Delete the token that we issued for GitHub to deliver webhooks
webhook_token_id = extra_data.get('tokens', {}).get('webhook')
ProviderToken.query.filter_by(id=webhook_token_id).delete()
# Disable GitHub webhooks from our side
db_repos = Repository.query.filter_by(user_id=user_id).all()
# Keep repositories with hooks to pass to the celery task later on
repos_with_hooks = [(r.github_id, r.hook) for r in db_repos if r.hook]
for repo in db_repos:
try:
Repository.disable(user_id=user_id,
github_id=repo.github_id,
name=repo.name)
except NoResultFound:
# If the repository doesn't exist, no action is necessary
pass
db.session.commit()
# Send Celery task for webhooks removal and token revocation
disconnect_github.delay(token.access_token, repos_with_hooks)
# Delete the RemoteAccount (along with the associated RemoteToken)
token.remote_account.delete()
return redirect(url_for('invenio_oauthclient_settings.index'))
def test_utilities(models_fixture):
"""Test utilities."""
app = models_fixture
datastore = app.extensions["invenio-accounts"].datastore
assert obj_or_import_string("invenio_oauthclient.errors")
# User
existing_email = "*****@*****.**"
user = datastore.find_user(email=existing_email)
# Authenticate
assert not _get_external_id({})
assert not oauth_authenticate("dev", user, require_existing_link=True)
_security.confirmable = True
_security.login_without_confirmation = False
user.confirmed_at = None
assert not oauth_authenticate("dev", user)
# Tokens
t = RemoteToken.create(user.id, "dev", "mytoken", "mysecret")
assert RemoteToken.get(user.id, "dev", access_token="mytoken") == RemoteToken.get_by_token("dev", "mytoken")
assert oauth_get_user("dev", access_token=t.access_token) == user
assert oauth_get_user("dev", account_info={"user": {"email": existing_email}}) == user
# Link user to external id
external_id = {"id": "123", "method": "test_method"}
oauth_link_external_id(user, external_id)
with pytest.raises(AlreadyLinkedError):
oauth_link_external_id(user, external_id)
assert (
oauth_get_user("dev", account_info={"external_id": external_id["id"], "external_method": external_id["method"]})
== user
)
# Cleanup
oauth_unlink_external_id(external_id)
acc = RemoteAccount.get(user.id, "dev")
acc.delete()
def token_setter(remote,
token,
secret='',
token_type='',
extra_data=None,
user=None):
"""Set token for user.
:param remote: The remote application.
:param token: The token to set.
:param token_type: The token type. (Default: ``''``)
:param extra_data: Extra information. (Default: ``None``)
:param user: The user owner of the remote token. If it's not defined,
the current user is used automatically. (Default: ``None``)
:returns: A :class:`invenio_oauthclient.models.RemoteToken` instance or
``None``.
"""
session[token_session_key(remote.name)] = (token, secret)
user = user or current_user
# Save token if user is not anonymous (user exists but can be not active at
# this moment)
if not user.is_anonymous:
uid = user.id
cid = remote.consumer_key
# Check for already existing token
t = RemoteToken.get(uid, cid, token_type=token_type)
if t:
t.update_token(token, secret)
else:
t = RemoteToken.create(uid,
cid,
token,
secret,
token_type=token_type,
extra_data=extra_data)
return t
return None
def build_fs(self, current_user, credentials, root=None,
callback_url=None, request=None, session=None):
"""Build dropbox filesystem."""
url = url_for('oauthclient.login', remote_app='dropbox')
client_id = oauth.remote_apps['dropbox'].consumer_key
user_id = current_user.get_id()
token = RemoteToken.get(user_id, client_id)
if token is not None:
credentials = {'access_token': token.access_token}
try:
filesystem = DropboxFS(root, credentials)
filesystem.about()
return filesystem
except ResourceNotFoundError:
if(root != "/"):
filesystem = DropboxFS("/", credentials)
filesystem.makedir(root, recursive=True)
filesystem = DropboxFS(root, credentials)
return filesystem
except Exception:
raise CloudRedirectUrl(url, __name__)
else:
raise CloudRedirectUrl(url, __name__)
def test_token_getter_setter(views_fixture, monkeypatch):
"""Test token getter setter."""
# Mock session id
monkeypatch.setattr('flask_login._create_identifier', lambda: '1234')
monkeypatch.setattr('invenio_oauthclient.views.client._create_identifier',
lambda: '1234')
app = views_fixture
oauth = app.extensions['oauthlib.client']
# Mock user
user = MagicMock()
user.id = 1
user.get_id = MagicMock(return_value=1)
user.is_anonymous = False
with patch('flask_login._get_user', return_value=user):
with app.test_client() as c:
# First call login to be redirected
res = c.get(url_for("invenio_oauthclient.login",
remote_app='full'))
assert res.status_code == 302
assert res.location.startswith(
oauth.remote_apps['full'].authorize_url)
state = parse_qs(urlparse(res.location).query)['state'][0]
# Mock resposen class
mock_response(app.extensions['oauthlib.client'], 'full')
# Imitate that the user authorized our request in the remote
# application.
c.get(
url_for(
"invenio_oauthclient.authorized",
remote_app='full',
code='test',
state=state,
))
# Assert if everything is as it should be.
from flask import session as flask_session
assert flask_session['oauth_token_full'] == \
('test_access_token', '')
t = RemoteToken.get(1, "fullid")
assert t.remote_account.client_id == 'fullid'
assert t.access_token == 'test_access_token'
assert RemoteToken.query.count() == 1
# Mock a new authorized request
mock_response(app.extensions['oauthlib.client'],
'full',
data={
"access_token": "new_access_token",
"scope": "",
"token_type": "bearer"
})
c.get(
url_for("invenio_oauthclient.authorized",
remote_app='full',
code='test',
state=state))
t = RemoteToken.get(1, "fullid")
assert t.access_token == 'new_access_token'
assert RemoteToken.query.count() == 1
val = token_getter(
app.extensions['oauthlib.client'].remote_apps['full'])
assert val == ('new_access_token', '')
# Disconnect account
res = c.get(
url_for(
"invenio_oauthclient.disconnect",
remote_app='full',
))
assert res.status_code == 302
assert res.location.endswith(
url_for('invenio_oauthclient_settings.index'))
# Assert that remote account have been removed.
t = RemoteToken.get(1, "fullid")
assert t is None
# TODO: Figure out what is leaving session open & blocked
db.session.close()
def test_token_getter_setter(app_rest, monkeypatch):
"""Test token getter setter."""
# Mock session id
monkeypatch.setattr('invenio_oauthclient._compat._create_identifier',
lambda: '1234')
monkeypatch.setattr(
'invenio_oauthclient.views.client._create_identifier', lambda: '1234')
oauth = app_rest.extensions['oauthlib.client']
# Mock user
user = MagicMock()
user.id = 1
user.get_id = MagicMock(return_value=1)
user.is_anonymous = False
with app_rest.test_client() as c:
login_user_via_session(c, user)
# First call login to be redirected
res = c.get(url_for('invenio_oauthclient.rest_login',
remote_app='full'))
assert res.status_code == 302
assert res.location.startswith(
oauth.remote_apps['full'].authorize_url
)
state = parse_qs(urlparse(res.location).query)['state'][0]
# Mock resposen class
mock_response(app_rest.extensions['oauthlib.client'], 'full')
# Imitate that the user authorized our request in the remote
# application.
c.get(url_for(
'invenio_oauthclient.rest_authorized', remote_app='full',
code='test', state=state,
))
# Assert if everything is as it should be.
from flask import session as flask_session
assert flask_session['oauth_token_full'] == \
('test_access_token', '')
t = RemoteToken.get(1, 'fullid')
assert t.remote_account.client_id == 'fullid'
assert t.access_token == 'test_access_token'
assert RemoteToken.query.count() == 1
# Mock a new authorized request
mock_response(app_rest.extensions['oauthlib.client'], 'full', data={
'access_token': 'new_access_token',
'scope': "",
'token_type': 'bearer'
})
c.get(url_for(
'invenio_oauthclient.rest_authorized', remote_app='full',
code='test', state=state
))
t = RemoteToken.get(1, 'fullid')
assert t.access_token == 'new_access_token'
assert RemoteToken.query.count() == 1
val = token_getter(
app_rest.extensions['oauthlib.client'].remote_apps['full'])
assert val == ('new_access_token', '')
# Disconnect account
res = c.get(url_for(
'invenio_oauthclient.rest_disconnect', remote_app='full',
))
assert res.status_code == 302
expected_url_args = {
"message": "Successfully disconnected.",
"code": 200
}
check_response_redirect_url_args(res, expected_url_args)
# Assert that remote account have been removed.
t = RemoteToken.get(1, 'fullid')
assert t is None
# TODO: Figure out what is leaving session open & blocked
db.session.close()
def test_token_getter_setter(self, session, save_session):
from invenio_oauthclient.models import RemoteToken
from invenio_oauthclient.handlers import token_getter
from invenio_oauthclient.client import oauth
# Mock user
user = MagicMock()
user.get_id = MagicMock(return_value=1)
user.is_authenticated = MagicMock(return_value=True)
# Mock session id
session.sid = '1234'
with patch('flask_login._get_user', return_value=user):
with self.app.test_client() as c:
# First call login to be redirected
res = c.get(url_for("oauthclient.login", remote_app='full'))
assert res.status_code == 302
assert res.location.startswith(
oauth.remote_apps['full'].authorize_url)
state = parse_qs(urlparse(res.location).query)['state'][0]
# Mock resposen class
self.mock_response(app='full')
# Imitate that the user authorized our request in the remote
# application.
c.get(
url_for(
"oauthclient.authorized",
remote_app='full',
code='test',
state=state,
))
# Assert if everything is as it should be.
from flask import session as flask_session
assert flask_session['oauth_token_full'] == \
('test_access_token', '')
t = RemoteToken.get(1, "fullid")
assert t.remote_account.client_id == 'fullid'
assert t.access_token == 'test_access_token'
assert RemoteToken.query.count() == 1
# Mock a new authorized request
self.mock_response(app='full',
data={
"access_token": "new_access_token",
"scope": "",
"token_type": "bearer"
})
c.get(
url_for("oauthclient.authorized",
remote_app='full',
code='test',
state=state))
t = RemoteToken.get(1, "fullid")
assert t.access_token == 'new_access_token'
assert RemoteToken.query.count() == 1
val = token_getter(oauth.remote_apps['full'])
assert val == ('new_access_token', '')
# Disconnect account
res = c.get(
url_for(
"oauthclient.disconnect",
remote_app='full',
))
assert res.status_code == 302
assert res.location.endswith(
url_for('oauthclient_settings.index'))
# Assert that remote account have been removed.
t = RemoteToken.get(1, "fullid")
assert t is None
def access_token(self):
"""Return OAuth access token."""
if self.user_id:
return RemoteToken.get(self.user_id,
self.remote.consumer_key).access_token
return self.remote.get_request_token()[0]
def test_token_getter_setter(monkeypatch):
"""Test token getter setter."""
# Mock session id
monkeypatch.setattr('flask_login._create_identifier', lambda: '1234')
monkeypatch.setattr(
'invenio_oauthclient.views.client._create_identifier', lambda: '1234')
app = setup_app()
oauth = app.extensions['oauthlib.client']
# Mock user
user = MagicMock()
user.id = 1
user.get_id = MagicMock(return_value=1)
user.is_anonymous = False
with patch('flask_login._get_user', return_value=user):
with app.test_client() as c:
# First call login to be redirected
res = c.get(url_for("invenio_oauthclient.login",
remote_app='full'))
assert res.status_code == 302
assert res.location.startswith(
oauth.remote_apps['full'].authorize_url
)
state = parse_qs(urlparse(res.location).query)['state'][0]
# Mock resposen class
mock_response(app.extensions['oauthlib.client'], 'full')
# Imitate that the user authorized our request in the remote
# application.
c.get(url_for(
"invenio_oauthclient.authorized", remote_app='full',
code='test', state=state,
))
# Assert if everything is as it should be.
from flask import session as flask_session
assert flask_session['oauth_token_full'] == \
('test_access_token', '')
t = RemoteToken.get(1, "fullid")
assert t.remote_account.client_id == 'fullid'
assert t.access_token == 'test_access_token'
assert RemoteToken.query.count() == 1
# Mock a new authorized request
mock_response(app.extensions['oauthlib.client'], 'full', data={
"access_token": "new_access_token",
"scope": "",
"token_type": "bearer"
})
c.get(url_for(
"invenio_oauthclient.authorized", remote_app='full',
code='test', state=state
))
t = RemoteToken.get(1, "fullid")
assert t.access_token == 'new_access_token'
assert RemoteToken.query.count() == 1
val = token_getter(
app.extensions['oauthlib.client'].remote_apps['full'])
assert val == ('new_access_token', '')
# Disconnect account
res = c.get(url_for(
"invenio_oauthclient.disconnect", remote_app='full',
))
assert res.status_code == 302
assert res.location.endswith(
url_for('invenio_oauthclient_settings.index')
)
# Assert that remote account have been removed.
t = RemoteToken.get(1, "fullid")
assert t is None
def test_token_getter_setter(self, session, save_session):
from invenio_oauthclient.models import RemoteToken
from invenio_oauthclient.handlers import token_getter
from invenio_oauthclient.client import oauth
# Mock user
user = MagicMock()
user.get_id = MagicMock(return_value=1)
user.is_authenticated = MagicMock(return_value=True)
# Mock session id
session.sid = '1234'
with patch('flask_login._get_user', return_value=user):
with self.app.test_client() as c:
# First call login to be redirected
res = c.get(url_for("oauthclient.login", remote_app='full'))
assert res.status_code == 302
assert res.location.startswith(
oauth.remote_apps['full'].authorize_url
)
state = parse_qs(urlparse(res.location).query)['state'][0]
# Mock resposen class
self.mock_response(app='full')
# Imitate that the user authorized our request in the remote
# application.
c.get(url_for(
"oauthclient.authorized", remote_app='full', code='test',
state=state,
))
# Assert if everything is as it should be.
from flask import session as flask_session
assert flask_session['oauth_token_full'] == \
('test_access_token', '')
t = RemoteToken.get(1, "fullid")
assert t.remote_account.client_id == 'fullid'
assert t.access_token == 'test_access_token'
assert RemoteToken.query.count() == 1
# Mock a new authorized request
self.mock_response(app='full', data={
"access_token": "new_access_token",
"scope": "",
"token_type": "bearer"
})
c.get(url_for(
"oauthclient.authorized", remote_app='full', code='test',
state=state
))
t = RemoteToken.get(1, "fullid")
assert t.access_token == 'new_access_token'
assert RemoteToken.query.count() == 1
val = token_getter(oauth.remote_apps['full'])
assert val == ('new_access_token', '')
# Disconnect account
res = c.get(url_for(
"oauthclient.disconnect", remote_app='full',
))
assert res.status_code == 302
assert res.location.endswith(
url_for('oauthclient_settings.index')
)
# Assert that remote account have been removed.
t = RemoteToken.get(1, "fullid")
assert t is None
