Beispiel #1
0
    def get_access_token(self, user_id, expires=600):
        """
        Returns an access token for with the current user.

        Note: uses a hardcoded URL when determining where to send the request.
        """
        url = self.server_url + "/api/swingers/v1/{0}/request_token"
        nonce = make_nonce()
        r = requests.get(url.format(self.server_name),
                         params={
                             "user_id":
                             user_id,
                             "nonce":
                             nonce,
                             "client_secret":
                             self.get_client_secret(user_id, nonce),
                             "client_id":
                             self.client_name,
                             "expires":
                             expires
                         })
        if r.ok:
            return r.content
        else:
            r.raise_for_status()
Beispiel #2
0
    def test_delete_token(self):
        """
        Test deleting access tokens from a particular application link for a
        particular user.
        """
        url = reverse('delete_access_token')
        user = User.objects.get(pk=1)
        link = ApplicationLink.objects.get(pk=1)

        # test a request with a missing token secret
        nonce = make_nonce()
        data = {
            'user_id': user.username,
            'client_id': 'test',
            'client_secret': link.get_client_secret(user, nonce),
            'nonce': nonce,
        }

        response = self.client.get(url, data)
        self.assertEqual(response.status_code, 403)
        self.assertEqual(response.content, "Missing access_token")

        # test a request with a non-existant token secret
        data['nonce'] = make_nonce()
        data['client_secret'] = link.get_client_secret(user, data['nonce'])
        data['access_token'] = 'non-existant-token'

        response = self.client.get(url, data)
        self.assertEqual(response.status_code, 403)
        self.assertEqual(response.content, 'Token does not exist')

        # create a token to delete, and make a valid request to delete it
        Token.objects.create(secret="abc123", user=user, link=link)

        data['nonce'] = make_nonce()
        data['client_secret'] = link.get_client_secret(user, data['nonce'])
        data['access_token'] = 'abc123'

        response = self. client.get(url, data)
        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.content, "Token abc123 deleted")

        self.assertEqual(Token.objects.count(), 0)
Beispiel #3
0
    def test_list_tokens(self):
        """
        Tests to that `list_tokens` returns a blank list if no tokens for an
        application link and user exist, and returns the list of secrets if
        tokens do exist.
        """
        url = reverse('list_access_tokens')
        user = User.objects.get(pk=1)
        link = ApplicationLink.objects.get(pk=1)

        nonce = make_nonce()
        data = {
            'user_id': user.username,
            'client_id': 'test',
            'client_secret': link.get_client_secret(user, nonce),
            'nonce': nonce,
        }

        response = self.client.get(url, data)
        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.content, "[]")

        # create some tokens for this application link and user and test that
        # a new request correctly returns these two tokens.
        Token.objects.create(secret="abc123", user=user, link=link)
        Token.objects.create(secret="abc321", user=user, link=link)

        # create a token that doesn't belong to our user to ensure that this
        # token is not returned in the list of tokens.
        test = User.objects.get(username='******')
        Token.objects.create(secret="testing", user=test, link=link)

        data['nonce'] = make_nonce()
        data['client_secret'] = link.get_client_secret(user, data['nonce'])

        response = self.client.get(url, data)
        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.content, "[u'abc123', u'abc321']")
Beispiel #4
0
    def get_access_token(self, user_id, expires=600):
        """
        Returns an access token for with the current user.

        Note: uses a hardcoded URL when determining where to send the request.
        """
        url = self.server_url + "/api/swingers/v1/{0}/request_token"
        nonce = make_nonce()
        r = requests.get(url.format(self.server_name), params={
            "user_id": user_id,
            "nonce": nonce,
            "client_secret": self.get_client_secret(user_id, nonce),
            "client_id": self.client_name,
            "expires": expires
        })
        if r.ok:
            return r.content
        else:
            r.raise_for_status()
Beispiel #5
0
    def test_request_access_token(self):
        """
        Test requesting a token.
        """
        link = ApplicationLink.objects.get(pk=1)
        user = '******'
        nonce = make_nonce()
        url = reverse('request_access_token')
        data = {
            'user_id': user,
            'client_id': 'test',
            'client_secret': link.get_client_secret(user, nonce),
            'nonce': nonce
        }
        response = self.client.get(url, data)
        self.assertEqual(response.status_code, 200)
        # ensure that a token is created with the returned secret
        self.assertEqual(Token.objects.count(), 1)
        self.assertEqual(Token.objects.all()[0].secret, response.content)

        # test reusing the same nonce
        response = self.client.get(url, data)
        self.assertEqual(response.status_code, 403)
        self.assertEqual(response.content, "No you can't reuse nonce's!")
        self.assertEqual(Token.objects.count(), 1)

        # test omitting required data
        requests = [
            # missing client_secret
            {
                'user_id': 'admin',
                'client_id': 'test',
                'nonce': 'nonce'
            },
            # missing user_id
            {
                'client_id': 'test',
                'client_secret': 'secret',
                'nonce': 'nonce'
            },
            # missing client_id
            {
                'user_id': 'admin',
                'client_secret': 'secret',
                'nonce': 'nonce'
            }
        ]
        for data in requests:
            response = self.client.get(url, data)
            self.assertEqual(response.status_code, 403)
            self.assertEqual(response.content, "Missing Input")

        # test missing nonce
        data = {
            'user_id': user,
            'client_id': 'test',
            'client_secret': 'missing-nonce',
        }

        response = self.client.get(url, data)
        self.assertEqual(response.status_code, 403)
        self.assertEqual(response.content, "Missing nonce")

        # test invalid secret
        data = {
            'user_id': user,
            'client_id': 'test',
            'client_secret': 'invalid-secret',
            'nonce': make_nonce()
        }

        response = self.client.get(url, data)
        self.assertEqual(response.status_code, 403)
        self.assertEqual(response.content, "Invalid client_secret")

        # test applicationlink not existing
        nonce = make_nonce()
        data = {
            'user_id': user,
            'client_id': 'invalid-client-id',
            'client_secret': link.get_client_secret(user, nonce),
            'nonce': nonce
        }

        response = self.client.get(url, data)
        self.assertEqual(response.status_code, 403)
        self.assertEqual(response.content, "Application link does not exist")

        # test expiry data
        nonce = make_nonce()
        data = {
            'user_id': user,
            'client_id': 'test',
            'client_secret': link.get_client_secret(user, nonce),
            'nonce': nonce,
            'expires': 100
        }

        response = self.client.get(url, data)
        self.assertEqual(response.status_code, 200)
        token = Token.objects.get(secret=response.content)
        self.assertEqual(token.timeout, 100)

        # Make sure there are only 2 tokens created.
        self.assertEqual(Token.objects.count(), 2)

        user = '******'
        nonce = make_nonce()
        data = {
            'user_id': user,
            'client_id': 'test',
            'client_secret': link.get_client_secret(user, nonce),
            'nonce': nonce,
        }

        def create_user(*args, **kwargs):
            return User.objects.create(username=user,
                                       password='******',
                                       email='*****@*****.**',
                                       first_name='test', last_name='test')

        self.ldap.side_effect = create_user

        response = self.client.get(url, data)

        self.ldap.assert_called_with(user)
        self.assertEqual(User.objects.get(username=user).first_name, 'test')
        self.assertEqual(response.status_code, 200)

        user = '******'
        self.ldap.side_effect = None
        self.ldap.return_value = None
        data['user_id'] = user
        data['nonce'] = make_nonce()
        data['client_secret'] = link.get_client_secret(user, data['nonce'])

        response = self.client.get(url, data)
        self.assertEqual(response.status_code, 403)
        self.assertEqual(response.content, "Invalid user_id")