def test_validate_request_token_from_headers(self):
"""
Bearer token get retrieved from headers.
"""
with mock.patch('oauthlib.common.Request', autospec=True) as RequestMock, \
mock.patch('oauthlib.oauth2.rfc6749.request_validator.RequestValidator',
autospec=True) as RequestValidatorMock:
request_validator_mock = RequestValidatorMock()
token = JWTToken(request_validator=request_validator_mock)
request = RequestMock('/uri')
# Scopes is retrieved using the __call__ method which is not picked up correctly by mock.patch
# with autospec=True
request.scopes = mock.MagicMock()
request.headers = {
'Authorization': 'Bearer some-token-from-header'
}
token.validate_request(request=request)
request_validator_mock.validate_jwt_bearer_token.assert_called_once_with('some-token-from-header',
request.scopes,
request)
def test_validate_request_token_from_headers_basic(self):
"""
Wrong kind of token (Basic) retrieved from headers. Confirm token is not parsed.
"""
with mock.patch('oauthlib.common.Request', autospec=True) as RequestMock, \
mock.patch('oauthlib.openid.RequestValidator',
autospec=True) as RequestValidatorMock:
request_validator_mock = RequestValidatorMock()
token = JWTToken(request_validator=request_validator_mock)
request = RequestMock('/uri')
# Scopes is retrieved using the __call__ method which is not picked up correctly by mock.patch
# with autospec=True
request.scopes = mock.MagicMock()
request.headers = {
'Authorization': 'Basic some-token-from-header'
}
token.validate_request(request=request)
request_validator_mock.validate_jwt_bearer_token.assert_called_once_with(None,
request.scopes,
request)
def test_create_token_callable_expires_in(self):
"""
Test retrieval of the expires in value by calling the callable expires_in property
"""
expires_in_mock = mock.MagicMock()
request_mock = mock.MagicMock()
token = JWTToken(expires_in=expires_in_mock, request_validator=mock.MagicMock())
token.create_token(request=request_mock)
expires_in_mock.assert_called_once_with(request_mock)
def test_create_token_non_callable_expires_in(self):
"""
When a non callable expires in is set this should just be set to the request
"""
expires_in_mock = mock.NonCallableMagicMock()
request_mock = mock.MagicMock()
token = JWTToken(expires_in=expires_in_mock, request_validator=mock.MagicMock())
token.create_token(request=request_mock)
self.assertFalse(expires_in_mock.called)
self.assertEqual(request_mock.expires_in, expires_in_mock)
def test_token(token, expected_result):
with mock.patch('oauthlib.common.Request',
autospec=True) as RequestMock:
jwt_token = JWTToken()
request = RequestMock('/uri')
# Scopes is retrieved using the __call__ method which is not picked up correctly by mock.patch
# with autospec=True
request.headers = {'Authorization': 'Bearer {}'.format(token)}
result = jwt_token.estimate_type(request=request)
self.assertEqual(result, expected_result)
def test_create_token_calls_get_id_token(self):
"""
When create_token is called the call should be forwarded to the get_id_token on the token validator
"""
request_mock = mock.MagicMock()
with mock.patch('oauthlib.oauth2.rfc6749.request_validator.RequestValidator',
autospec=True) as RequestValidatorMock:
request_validator = RequestValidatorMock()
token = JWTToken(expires_in=mock.MagicMock(), request_validator=request_validator)
token.create_token(request=request_mock)
request_validator.get_jwt_bearer_token.assert_called_once_with(None, None, request_mock)
def test_validate_token_from_request(self):
"""
Token get retrieved from request object.
"""
with mock.patch('oauthlib.common.Request', autospec=True) as RequestMock, \
mock.patch('oauthlib.openid.RequestValidator',
autospec=True) as RequestValidatorMock:
request_validator_mock = RequestValidatorMock()
token = JWTToken(request_validator=request_validator_mock)
request = RequestMock('/uri')
# Scopes is retrieved using the __call__ method which is not picked up correctly by mock.patch
# with autospec=True
request.scopes = mock.MagicMock()
request.access_token = 'some-token-from-request-object'
request.headers = {}
token.validate_request(request=request)
request_validator_mock.validate_jwt_bearer_token.assert_called_once_with(
'some-token-from-request-object', request.scopes, request)
def __init__(self, request_validator, token_expires_in=None,
token_generator=None, refresh_token_generator=None,
*args, **kwargs):
"""Construct a new all-grants-in-one server.
:param request_validator: An implementation of
oauthlib.oauth2.RequestValidator.
:param token_expires_in: An int or a function to generate a token
expiration offset (in seconds) given a
oauthlib.common.Request object.
:param token_generator: A function to generate a token from a request.
:param refresh_token_generator: A function to generate a token from a
request for the refresh token.
:param kwargs: Extra parameters to pass to authorization-,
token-, resource-, and revocation-endpoint constructors.
"""
auth_grant = OAuth2AuthorizationCodeGrant(request_validator)
implicit_grant = OAuth2ImplicitGrant(request_validator)
password_grant = ResourceOwnerPasswordCredentialsGrant(
request_validator)
credentials_grant = ClientCredentialsGrant(request_validator)
refresh_grant = RefreshTokenGrant(request_validator)
openid_connect_auth = AuthorizationCodeGrant(request_validator)
openid_connect_implicit = ImplicitGrant(request_validator)
openid_connect_hybrid = HybridGrant(request_validator)
bearer = BearerToken(request_validator, token_generator,
token_expires_in, refresh_token_generator)
jwt = JWTToken(request_validator, token_generator,
token_expires_in, refresh_token_generator)
auth_grant_choice = AuthorizationCodeGrantDispatcher(default_auth_grant=auth_grant, oidc_auth_grant=openid_connect_auth)
implicit_grant_choice = ImplicitTokenGrantDispatcher(default_implicit_grant=implicit_grant, oidc_implicit_grant=openid_connect_implicit)
# See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Combinations for valid combinations
# internally our AuthorizationEndpoint will ensure they can appear in any order for any valid combination
AuthorizationEndpoint.__init__(self, default_response_type='code',
response_types={
'code': auth_grant_choice,
'token': implicit_grant_choice,
'id_token': openid_connect_implicit,
'id_token token': openid_connect_implicit,
'code token': openid_connect_hybrid,
'code id_token': openid_connect_hybrid,
'code id_token token': openid_connect_hybrid,
'none': auth_grant
},
default_token_type=bearer)
token_grant_choice = AuthorizationTokenGrantDispatcher(request_validator, default_token_grant=auth_grant, oidc_token_grant=openid_connect_auth)
TokenEndpoint.__init__(self, default_grant_type='authorization_code',
grant_types={
'authorization_code': token_grant_choice,
'password': password_grant,
'client_credentials': credentials_grant,
'refresh_token': refresh_grant,
},
default_token_type=bearer)
ResourceEndpoint.__init__(self, default_token='Bearer',
token_types={'Bearer': bearer, 'JWT': jwt})
RevocationEndpoint.__init__(self, request_validator)
