def test_should_not_refresh_without_refresh_token(self):
authn = self.init_app()
with self.app.test_request_context('/foo'):
session = UserSession(flask.session, self.PROVIDER_NAME)
session.update(expires_in=-10)
assert authn.valid_access_token() is None
def test_initialising_session_with_new_provider_name_should_reset_session(
self):
storage = {}
session1 = UserSession(storage, 'provider1')
session1.update()
assert session1.is_authenticated() is True
session2 = UserSession(storage, 'provider2')
assert session2.is_authenticated() is False
def test_should_not_refresh_access_token_without_expiry(self):
authn = self.init_app()
access_token = 'access_token'
with self.app.test_request_context('/foo'):
session = UserSession(flask.session, self.PROVIDER_NAME)
session.update(access_token=access_token,
refresh_token='refresh-token')
assert authn.valid_access_token() == access_token
def test_initialising_session_with_existing_user_session_should_preserve_state(
self):
storage = {}
session1 = UserSession(storage, self.PROVIDER_NAME)
session1.update()
assert session1.is_authenticated() is True
assert session1.current_provider == self.PROVIDER_NAME
session2 = UserSession(storage, self.PROVIDER_NAME)
assert session2.is_authenticated() is True
assert session2.current_provider == self.PROVIDER_NAME
session3 = UserSession(storage)
assert session3.is_authenticated() is True
assert session3.current_provider == self.PROVIDER_NAME
def test_should_return_None_if_token_refresh_request_fails(self):
token_endpoint = self.PROVIDER_BASEURL + '/token'
authn = self.init_app(
provider_metadata_extras={'token_endpoint': token_endpoint})
token_response = {
'error': 'invalid_grant',
'error_description': 'The refresh token is invalid'
}
responses.add(responses.POST, token_endpoint, json=token_response)
access_token = 'access_token'
with self.app.test_request_context('/foo'):
session = UserSession(flask.session, self.PROVIDER_NAME)
session.update(access_token=access_token,
expires_in=-10,
refresh_token='refresh-token')
assert authn.valid_access_token(force_refresh=True) is None
assert session.access_token == access_token
def test_should_refresh_expired_access_token(self):
token_endpoint = self.PROVIDER_BASEURL + '/token'
authn = self.init_app(
provider_metadata_extras={'token_endpoint': token_endpoint})
token_response = {
'access_token': 'new-access-token',
'expires_in': 3600,
'token_type': 'Bearer',
'refresh_token': 'new-refresh-token'
}
responses.add(responses.POST, token_endpoint, json=token_response)
with self.app.test_request_context('/foo'):
session = UserSession(flask.session, self.PROVIDER_NAME)
session.update(expires_in=-10, refresh_token='refresh-token')
assert authn.valid_access_token() == token_response['access_token']
assert session.access_token == token_response['access_token']
assert session.refresh_token == token_response['refresh_token']
def login():
user_session = UserSession(session)
user_session.update(access_token=user_session.access_token,
id_token=user_session.id_token,
userinfo=user_session.userinfo)
return redirect(url_for('main.profile'))
