def testProviderHandling(self):
self.mox.StubOutWithMock(time, 'time')
time.time().AndReturn(self._SAMPLE_TIME_NOW)
self.mox.StubOutWithMock(users_id_token, '_get_token')
users_id_token._get_token(
request=None, allowed_auth_schemes=('Bearer',), allowed_query_keys=()).AndReturn(self._SAMPLE_TOKEN)
providers = [{
'issuer': self._SAMPLE_ISSUERS[0][::-1],
'cert_uri': self._SAMPLE_CERT_URI[0][::-1],
}, {
'issuer': self._SAMPLE_ISSUERS[0],
'cert_uri': self._SAMPLE_CERT_URI[0],
}]
self.mox.StubOutWithMock(users_id_token, '_parse_and_verify_jwt')
users_id_token._parse_and_verify_jwt(
self._SAMPLE_TOKEN, self._SAMPLE_TIME_NOW,
(providers[0]['issuer'],), self._SAMPLE_AUDIENCES,
providers[0]['cert_uri'], self.cache).AndReturn(None)
users_id_token._parse_and_verify_jwt(
self._SAMPLE_TOKEN, self._SAMPLE_TIME_NOW,
(providers[1]['issuer'],), self._SAMPLE_AUDIENCES,
providers[1]['cert_uri'], self.cache).AndReturn(self._SAMPLE_TOKEN_INFO)
self.mox.ReplayAll()
parsed_token = users_id_token.get_verified_jwt(
providers, self._SAMPLE_AUDIENCES, cache=self.cache)
self.mox.VerifyAll()
self.assertEqual(parsed_token, self._SAMPLE_TOKEN_INFO)
def get_user_id():
"""
Get the Google+ User ID from the environment.
Attempts to get the user ID if the token in the environment is either
an ID token or a bearer token. If there is no token in the environment
or there the current token is invalid (no current endpoints user), will
not attempt either.
:rtype: unicode
:return: The Google+ User ID of the user whose token is in the
environment if it can be retrieved, else None.
"""
# Assumes endpoints.get_current_user has already returned a
# non-null value, hence the needed environment variables
# should already be set and this won't make the RPC/url fetch
# a second time.
if endpoints.get_current_user() is None:
return
# noinspection PyProtectedMember
token = users_id_token._get_token(None)
if token is None:
return
user_id = _get_user_id_from_id_token(token)
if user_id is None:
user_id = _get_user_id_from_bearer_token(token)
return user_id
def testGetTokenQueryParamBearer(self):
request = mock.MagicMock(messages.Message)
request.get_unrecognized_field_info.return_value = (self._SAMPLE_TOKEN, messages.Variant.STRING)
token = users_id_token._get_token(request)
request.get_unrecognized_field_info.assert_called_once_with('bearer_token')
self.assertEqual(token, self._SAMPLE_TOKEN)
def testGetTokenQueryParamBearer(self):
request = mock.MagicMock(messages.Message)
request.get_unrecognized_field_info.return_value = (self._SAMPLE_TOKEN, messages.Variant.STRING)
token = users_id_token._get_token(request)
request.get_unrecognized_field_info.assert_called_once_with('bearer_token')
self.assertEqual(token, self._SAMPLE_TOKEN)
def testGetTokenNone(self):
request = self.mox.CreateMock(messages.Message)
request.get_unrecognized_field_info('bearer_token').AndReturn((None, None))
request.get_unrecognized_field_info('access_token').AndReturn((None, None))
self.mox.ReplayAll()
token = users_id_token._get_token(request)
self.mox.VerifyAll()
self.assertIsNone(token)
def testGetTokenQueryParamBearer(self):
request = self.mox.CreateMock(messages.Message)
request.get_unrecognized_field_info('bearer_token').AndReturn(
(self._SAMPLE_TOKEN, messages.Variant.STRING))
self.mox.ReplayAll()
token = users_id_token._get_token(request)
self.mox.VerifyAll()
self.assertEqual(token, self._SAMPLE_TOKEN)
def testGetTokenNone(self):
request = mock.MagicMock(messages.Message)
request.get_unrecognized_field_info.side_effect = [
(None, None), # bearer_token
(None, None), # access_token
]
token = users_id_token._get_token(request)
assert token is None
request.get_unrecognized_field_info.assert_has_calls(
[mock.call('bearer_token'), mock.call('access_token')])
def testGetTokenQueryParamAccess(self):
request = mock.MagicMock(messages.Message)
request.get_unrecognized_field_info.side_effect = [
(None, None), # bearer_token
(self._SAMPLE_TOKEN, messages.Variant.STRING), # access_token
]
token = users_id_token._get_token(request)
self.assertEqual(token, self._SAMPLE_TOKEN)
request.get_unrecognized_field_info.assert_has_calls(
[mock.call('bearer_token'), mock.call('access_token')])
def testGetTokenNone(self):
request = mock.MagicMock(messages.Message)
request.get_unrecognized_field_info.side_effect = [
(None, None), # bearer_token
(None, None), # access_token
]
token = users_id_token._get_token(request)
assert token is None
request.get_unrecognized_field_info.assert_has_calls(
[mock.call('bearer_token'), mock.call('access_token')])
def testGetTokenQueryParamAccess(self):
request = mock.MagicMock(messages.Message)
request.get_unrecognized_field_info.side_effect = [
(None, None), # bearer_token
(self._SAMPLE_TOKEN, messages.Variant.STRING), # access_token
]
token = users_id_token._get_token(request)
self.assertEqual(token, self._SAMPLE_TOKEN)
request.get_unrecognized_field_info.assert_has_calls(
[mock.call('bearer_token'), mock.call('access_token')])
def testGetTokenQueryParamInvalidHeader(self): os.environ['HTTP_AUTHORIZATION'] = 'Invalid ' + self._SAMPLE_TOKEN token = users_id_token._get_token(None) self.assertIsNone(token)
def testGetTokenQueryParamInvalidBearerHeader(self): # Capitalization matters. This should fail. os.environ['HTTP_AUTHORIZATION'] = 'BEARER ' + self._SAMPLE_TOKEN token = users_id_token._get_token(None) self.assertIsNone(token)
def testGetTokenQueryParamBearerHeader(self): os.environ['HTTP_AUTHORIZATION'] = 'Bearer ' + self._SAMPLE_TOKEN token = users_id_token._get_token(None) self.assertEqual(token, self._SAMPLE_TOKEN)
