def test_new_client_authorization_code_are_not_marked_as_used():
database.save_new_authorization_code(
'auth-code-1nmb21', 'client-id','my-state',
'http://example.com/return')
assert database.client_has_authorization_code('client-id', 'auth-code-1nmb21')
assert not database.is_client_authorization_code_used('client-id', 'auth-code-1nmb21')
def test_should_mark_client_authorization_code_as_used():
database.save_new_authorization_code(
'auth-code-1nmb21', 'client-id',
'http://example.com/return',
'http://example.com/return?code=auth-code-1nmb21')
database.mark_client_authorization_code_as_used('client-id', 'auth-code-1nmb21')
assert database.client_has_authorization_code('client-id', 'auth-code-1nmb21')
assert database.is_client_authorization_code_used('client-id', 'auth-code-1nmb21')
def validate_client_authorization(self):
client = database.find_client(self.client_id)
if not client:
self.raise_http_401({'error': 'invalid_client',
'error_description': 'Invalid client_id or code on Authorization header'})
if not database.client_has_authorization_code(self.client_id, self.code_from_header):
self.raise_http_401({'error': 'invalid_client',
'error_description': 'Invalid client_id or code on Authorization header'})
if not database.client_has_authorization_code(self.client_id, self.code):
self.raise_http_400({'error': 'invalid_grant',
'error_description': 'Invalid code for this client'})
if not database.client_has_redirect_uri_for_code(self.client_id, self.code, self.redirect_uri):
self.raise_http_400({'error': 'invalid_grant',
'error_description': 'redirect_uri does not match'})
if database.is_client_authorization_code_used(self.client_id, self.code):
self.raise_http_400({'error': 'invalid_grant',
'error_description': 'Authorization grant already used'})
