Ejemplo n.º 1
0
    def setUp(self):
        self.client = Client(identifier="abc",
                             secret="xyz",
                             authorized_grants=["authorization_code"],
                             authorized_response_types=["code"],
                             redirect_uris=["http://callback"])
        self.client_store_mock = Mock(spec=ClientStore)

        self.source_mock = Mock()

        self.authenticator = ClientAuthenticator(
            client_store=self.client_store_mock, source=self.source_mock)
    def setUp(self):
        self.client = Client(identifier="abc", secret="xyz",
                             authorized_grants=["authorization_code"],
                             authorized_response_types=["code"],
                             redirect_uris=["http://callback"])
        self.client_store_mock = Mock(spec=ClientStore)

        self.source_mock = Mock()

        self.authenticator = ClientAuthenticator(
            client_store=self.client_store_mock,
            source=self.source_mock)
Ejemplo n.º 3
0
    def __init__(self, access_token_store, auth_code_store, client_store,
                 token_generator, client_authentication_source=request_body,
                 response_class=Response):
        self.grant_types = []
        self._input_handler = None

        self.access_token_store = access_token_store
        self.auth_code_store = auth_code_store
        self.client_authenticator = ClientAuthenticator(
            client_store=client_store,
            source=client_authentication_source)
        self.response_class = response_class
        self.token_generator = token_generator
Ejemplo n.º 4
0
    def __init__(self, request, site_adapter):
        self.request = Request(request)
        self.site_adapter = site_adapter
        self.token_generator = Uuid4()

        self.client_store = self._get_client_store()
        self.access_token_store = self._get_token_store()

        self.client_authenticator = ClientAuthenticator(
                                        client_store=self.client_store,
                                        source=request_body
                                    )

        self.grant_types = [];
Ejemplo n.º 5
0
    def __init__(self,
                 access_token_store,
                 auth_code_store,
                 client_store,
                 site_adapter,
                 token_generator,
                 client_authentication_source=request_body,
                 response_class=Response):
        """
        Endpoint of requests to the OAuth 2.0 provider.

        :param access_token_store: An object that implements methods defined
                                   by :class:`oauth2.store.AccessTokenStore`.
        :param auth_code_store: An object that implements methods defined by
                                :class:`oauth2.store.AuthTokenStore`.
        :param client_store: An object that implements methods defined by
                             :class:`oauth2.store.ClientStore`.
        :param site_adapter: An object that implements methods defined by
                             :class:`oauth2.web.SiteAdapter`.
        :param token_generator: Object to generate unique tokens.
        :param client_authentication_source: A callable which when executed,
                                             authenticates a client.
                                             See :module:`oauth2.client_authenticator`.
        :param response_class: Class of the response object.
                               Defaults to :class:`oauth2.web.Response`.

        """
        self.grant_types = []
        self._input_handler = None

        self.access_token_store = access_token_store
        self.auth_code_store = auth_code_store
        self.client_authenticator = ClientAuthenticator(
            client_store=client_store, source=client_authentication_source)
        self.response_class = response_class
        self.site_adapter = site_adapter
        self.token_generator = token_generator
class ClientAuthenticatorTestCase(unittest.TestCase):
    def setUp(self):
        self.client = Client(identifier="abc", secret="xyz",
                             authorized_grants=["authorization_code"],
                             authorized_response_types=["code"],
                             redirect_uris=["http://callback"])
        self.client_store_mock = Mock(spec=ClientStore)

        self.source_mock = Mock()

        self.authenticator = ClientAuthenticator(
            client_store=self.client_store_mock,
            source=self.source_mock)

    def test_by_identifier(self):
        redirect_uri = "http://callback"

        self.client_store_mock.fetch_by_client_id.return_value = self.client

        request_mock = Mock(spec=Request)
        request_mock.get_param.side_effect = [self.client.identifier,
                                              redirect_uri]

        client = self.authenticator.by_identifier(request=request_mock)

        self.client_store_mock.fetch_by_client_id.\
            assert_called_with(self.client.identifier)
        self.assertEqual(client.redirect_uri, redirect_uri)

    def test_by_identifier_client_id_not_set(self):
        request_mock = Mock(spec=Request)
        request_mock.get_param.return_value = None

        with self.assertRaises(OAuthInvalidNoRedirectError) as expected:
            self.authenticator.by_identifier(request=request_mock)

        self.assertEqual(expected.exception.error, "missing_client_id")

    def test_by_identifier_unknown_client(self):
        request_mock = Mock(spec=Request)
        request_mock.get_param.return_value = "def"

        self.client_store_mock.fetch_by_client_id.\
            side_effect = ClientNotFoundError

        with self.assertRaises(OAuthInvalidNoRedirectError) as expected:
            self.authenticator.by_identifier(request=request_mock)

        self.assertEqual(expected.exception.error, "unknown_client")

    def test_by_identifier_unknown_redirect_uri(self):
        response_type = "code"
        unknown_redirect_uri = "http://unknown.com"

        request_mock = Mock(spec=Request)
        request_mock.get_param.side_effect = [self.client.identifier,
                                              response_type,
                                              unknown_redirect_uri]

        self.client_store_mock.fetch_by_client_id.return_value = self.client

        with self.assertRaises(OAuthInvalidNoRedirectError) as expected:
            self.authenticator.by_identifier(request=request_mock)

        self.assertEqual(expected.exception.error, "invalid_redirect_uri")

    def test_by_identifier_secret(self):
        client_id = "abc"
        client_secret = "xyz"
        grant_type = "authorization_code"

        request_mock = Mock(spec=Request)
        request_mock.post_param.return_value = grant_type

        self.source_mock.return_value = (client_id, client_secret)

        self.client_store_mock.fetch_by_client_id.return_value = self.client

        self.authenticator.by_identifier_secret(request=request_mock)
        self.client_store_mock.fetch_by_client_id.\
            assert_called_with(client_id)

    def test_by_identifier_secret_unknown_client(self):
        client_id = "def"
        client_secret = "uvw"

        self.source_mock.return_value = (client_id, client_secret)

        request_mock = Mock(spec=Request)

        self.client_store_mock.fetch_by_client_id.\
            side_effect = ClientNotFoundError

        with self.assertRaises(OAuthInvalidError) as expected:
            self.authenticator.by_identifier_secret(request_mock)

        self.assertEqual(expected.exception.error, "invalid_client")

    def test_by_identifier_secret_client_not_authorized(self):
        client_id = "abc"
        client_secret = "xyz"
        grant_type = "client_credentials"

        self.source_mock.return_value = (client_id, client_secret)

        request_mock = Mock(spec=Request)
        request_mock.post_param.return_value = grant_type

        self.client_store_mock.fetch_by_client_id.return_value = self.client

        with self.assertRaises(OAuthInvalidError) as expected:
            self.authenticator.by_identifier_secret(request_mock)

        self.assertEqual(expected.exception.error, "unauthorized_client")

    def test_by_identifier_secret_wrong_secret(self):
        client_id = "abc"
        client_secret = "uvw"
        grant_type = "authorization_code"

        self.source_mock.return_value = (client_id, client_secret)

        request_mock = Mock(spec=Request)
        request_mock.post_param.return_value = grant_type

        self.client_store_mock.fetch_by_client_id.return_value = self.client

        with self.assertRaises(OAuthInvalidError) as expected:
            self.authenticator.by_identifier_secret(request_mock)

        self.assertEqual(expected.exception.error, "invalid_client")
Ejemplo n.º 7
0
class ClientAuthenticatorTestCase(unittest.TestCase):
    def setUp(self):
        self.client = Client(identifier="abc",
                             secret="xyz",
                             authorized_grants=["authorization_code"],
                             authorized_response_types=["code"],
                             redirect_uris=["http://callback"])
        self.client_store_mock = Mock(spec=ClientStore)

        self.source_mock = Mock()

        self.authenticator = ClientAuthenticator(
            client_store=self.client_store_mock, source=self.source_mock)

    def test_by_identifier(self):
        redirect_uri = "http://callback"

        self.client_store_mock.fetch_by_client_id.return_value = self.client

        request_mock = Mock(spec=Request)
        request_mock.get_param.side_effect = [
            self.client.identifier, redirect_uri
        ]

        client = self.authenticator.by_identifier(request=request_mock)

        self.client_store_mock.fetch_by_client_id.\
            assert_called_with(self.client.identifier)
        self.assertEqual(client.redirect_uri, redirect_uri)

    def test_by_identifier_client_id_not_set(self):
        request_mock = Mock(spec=Request)
        request_mock.get_param.return_value = None

        with self.assertRaises(OAuthInvalidNoRedirectError) as expected:
            self.authenticator.by_identifier(request=request_mock)

        self.assertEqual(expected.exception.error, "missing_client_id")

    def test_by_identifier_unknown_client(self):
        request_mock = Mock(spec=Request)
        request_mock.get_param.return_value = "def"

        self.client_store_mock.fetch_by_client_id.\
            side_effect = ClientNotFoundError

        with self.assertRaises(OAuthInvalidNoRedirectError) as expected:
            self.authenticator.by_identifier(request=request_mock)

        self.assertEqual(expected.exception.error, "unknown_client")

    def test_by_identifier_unknown_redirect_uri(self):
        response_type = "code"
        unknown_redirect_uri = "http://unknown.com"

        request_mock = Mock(spec=Request)
        request_mock.get_param.side_effect = [
            self.client.identifier, response_type, unknown_redirect_uri
        ]

        self.client_store_mock.fetch_by_client_id.return_value = self.client

        with self.assertRaises(OAuthInvalidNoRedirectError) as expected:
            self.authenticator.by_identifier(request=request_mock)

        self.assertEqual(expected.exception.error, "invalid_redirect_uri")

    def test_by_identifier_secret(self):
        client_id = "abc"
        client_secret = "xyz"
        grant_type = "authorization_code"

        request_mock = Mock(spec=Request)
        request_mock.post_param.return_value = grant_type

        self.source_mock.return_value = (client_id, client_secret)

        self.client_store_mock.fetch_by_client_id.return_value = self.client

        self.authenticator.by_identifier_secret(request=request_mock)
        self.client_store_mock.fetch_by_client_id.\
            assert_called_with(client_id)

    def test_by_identifier_secret_unknown_client(self):
        client_id = "def"
        client_secret = "uvw"

        self.source_mock.return_value = (client_id, client_secret)

        request_mock = Mock(spec=Request)

        self.client_store_mock.fetch_by_client_id.\
            side_effect = ClientNotFoundError

        with self.assertRaises(OAuthInvalidError) as expected:
            self.authenticator.by_identifier_secret(request_mock)

        self.assertEqual(expected.exception.error, "invalid_client")

    def test_by_identifier_secret_client_not_authorized(self):
        client_id = "abc"
        client_secret = "xyz"
        grant_type = "client_credentials"

        self.source_mock.return_value = (client_id, client_secret)

        request_mock = Mock(spec=Request)
        request_mock.post_param.return_value = grant_type

        self.client_store_mock.fetch_by_client_id.return_value = self.client

        with self.assertRaises(OAuthInvalidError) as expected:
            self.authenticator.by_identifier_secret(request_mock)

        self.assertEqual(expected.exception.error, "unauthorized_client")

    def test_by_identifier_secret_wrong_secret(self):
        client_id = "abc"
        client_secret = "uvw"
        grant_type = "authorization_code"

        self.source_mock.return_value = (client_id, client_secret)

        request_mock = Mock(spec=Request)
        request_mock.post_param.return_value = grant_type

        self.client_store_mock.fetch_by_client_id.return_value = self.client

        with self.assertRaises(OAuthInvalidError) as expected:
            self.authenticator.by_identifier_secret(request_mock)

        self.assertEqual(expected.exception.error, "invalid_client")