Ejemplo n.º 1
0
 def testInfiniteTokenLifetime(self):
     """ Test that the token lifetime of the new auth token can be infinite. """
     tokenLifetime = None
     newAuthToken = 'newAuthTokenWithoutChangedLifetime'
     tokenResource = TokenResource(self._TOKEN_FACTORY,
                                   self._PERSISTENT_STORAGE,
                                   self._REFRESH_TOKEN_STORAGE,
                                   self._AUTH_TOKEN_STORAGE,
                                   self._CLIENT_STORAGE,
                                   authTokenLifeTime=tokenLifetime,
                                   passwordManager=self._PASSWORD_MANAGER)
     request = self.generateValidTokenRequest(
         arguments={
             'grant_type': 'refresh_token',
             'refresh_token': self._VALID_REFRESH_TOKEN
         },
         authentication=self._VALID_CLIENT)
     self._TOKEN_FACTORY.expectTokenRequest(newAuthToken, tokenLifetime,
                                            self._VALID_CLIENT,
                                            self._VALID_SCOPE)
     result = tokenResource.render_POST(request)
     self._TOKEN_FACTORY.assertAllTokensRequested()
     self.assertValidTokenResponse(request,
                                   result,
                                   newAuthToken,
                                   tokenLifetime,
                                   expectedScope=self._VALID_SCOPE)
Ejemplo n.º 2
0
 def testAuthorizedClientWithoutScope(self):
     """
     Test that of a request without a scope is accepted
     if the token resource has a default scope.
     """
     defaultScope = ['default', 'scope']
     accessToken = 'clientCredentialsAccessTokenWithoutScope'
     tokenResource = TokenResource(self._TOKEN_FACTORY,
                                   self._PERSISTENT_STORAGE,
                                   self._REFRESH_TOKEN_STORAGE,
                                   self._AUTH_TOKEN_STORAGE,
                                   self._CLIENT_STORAGE,
                                   defaultScope=defaultScope,
                                   passwordManager=self._PASSWORD_MANAGER)
     request = self.generateValidTokenRequest(
         arguments={
             'grant_type': 'client_credentials',
         },
         authentication=self._VALID_CLIENT)
     self._TOKEN_FACTORY.expectTokenRequest(accessToken,
                                            tokenResource.authTokenLifeTime,
                                            self._VALID_CLIENT,
                                            defaultScope)
     result = tokenResource.render_POST(request)
     self._TOKEN_FACTORY.assertAllTokensRequested()
     self.assertValidTokenResponse(request,
                                   result,
                                   accessToken,
                                   tokenResource.authTokenLifeTime,
                                   expectedScope=defaultScope)
Ejemplo n.º 3
0
 def testRefreshTokenRenewal(self):
     """ Test that the refresh token is refreshed when expected. """
     oldRefreshToken = 'oldRefreshToken'
     additionalData = 'someAdditionalData'
     newAuthToken = 'newAuthToken'
     newRefreshToken = 'newRefreshToken'
     self._REFRESH_TOKEN_STORAGE.store(
         oldRefreshToken, self._VALID_CLIENT, self._VALID_SCOPE, additionalData)
     tokenResource = TokenResource(
         self._TOKEN_FACTORY, self._PERSISTENT_STORAGE, self._REFRESH_TOKEN_STORAGE,
         self._AUTH_TOKEN_STORAGE, self._CLIENT_STORAGE, minRefreshTokenLifeTime=0,
         passwordManager=self._PASSWORD_MANAGER)
     request = self.generateValidTokenRequest(arguments={
         'grant_type': 'refresh_token',
         'refresh_token': oldRefreshToken
     }, authentication=self._VALID_CLIENT)
     self._TOKEN_FACTORY.expectTokenRequest(
         newAuthToken, tokenResource.authTokenLifeTime,
         self._VALID_CLIENT, self._VALID_SCOPE, additionalData)
     self._TOKEN_FACTORY.expectTokenRequest(
         newRefreshToken, None, self._VALID_CLIENT, self._VALID_SCOPE, additionalData)
     result = tokenResource.render_POST(request)
     self._TOKEN_FACTORY.assertAllTokensRequested()
     self.assertFalse(
         self._REFRESH_TOKEN_STORAGE.contains(oldRefreshToken),
         msg='Expected the token resource to remove an old refresh token from the token storage.'
     )
     self.assertValidTokenResponse(
         request, result, newAuthToken, tokenResource.authTokenLifeTime,
         expectedRefreshToken=newRefreshToken, expectedScope=self._VALID_SCOPE,
         expectedAdditionalData=additionalData)
Ejemplo n.º 4
0
 def testInsecureConnection(self):
     """
     Test the rejection of a request via an insecure transport,
     except if allowInsecureRequestDebug is set to true.
     """
     request = self.generateValidTokenRequest(
         arguments={
             'grant_type': 'refresh_token',
             'refresh_token': self._VALID_REFRESH_TOKEN
         },
         authentication=self._VALID_CLIENT,
         isSecure=False)
     result = self._TOKEN_RESOURCE.render_POST(request)
     self.assertFailedTokenRequest(
         request,
         result,
         InsecureConnectionError(),
         msg=
         'Expected the token resource to reject a request made via an insecure transport'
     )
     debugTokenResource = TokenResource(
         self._TOKEN_FACTORY,
         self._PERSISTENT_STORAGE,
         self._REFRESH_TOKEN_STORAGE,
         self._AUTH_TOKEN_STORAGE,
         self._CLIENT_STORAGE,
         allowInsecureRequestDebug=True,
         passwordManager=self._PASSWORD_MANAGER)
     request = self.generateValidTokenRequest(
         arguments={
             'grant_type': 'refresh_token',
             'refresh_token': self._VALID_REFRESH_TOKEN
         },
         authentication=self._VALID_CLIENT,
         isSecure=False)
     newAuthToken = 'tokenViaInsecureConnection'
     self._TOKEN_FACTORY.expectTokenRequest(
         newAuthToken, debugTokenResource.authTokenLifeTime,
         self._VALID_CLIENT, self._VALID_SCOPE)
     result = debugTokenResource.render_POST(request)
     self._TOKEN_FACTORY.assertAllTokensRequested()
     self.assertValidTokenResponse(
         request,
         result,
         newAuthToken,
         expectedExpireTime=debugTokenResource.authTokenLifeTime,
         expectedScope=self._VALID_SCOPE)
 def testAuthorizedWithoutScope(self):
     """
     Test that a request without a scope is accepted,
     if the token resource has a default scope.
     """
     userName = b'validUserWithoutScope'
     password = b'validPasswordWithoutScope'
     defaultScope = ['default', 'scope']
     authToken = 'resourceOwnerPasswordCredentialsTokenWithoutScope'
     refreshToken = 'resourceOwnerPasswordCredentialsRefreshTokenWithoutScope'
     tokenResource = TokenResource(self._TOKEN_FACTORY,
                                   self._PERSISTENT_STORAGE,
                                   self._REFRESH_TOKEN_STORAGE,
                                   self._AUTH_TOKEN_STORAGE,
                                   self._CLIENT_STORAGE,
                                   defaultScope=defaultScope,
                                   passwordManager=self._PASSWORD_MANAGER)
     request = self.generateValidTokenRequest(
         arguments={
             'grant_type': 'password',
             'username': userName,
             'password': password,
         },
         authentication=self._VALID_CLIENT)
     self._PASSWORD_MANAGER.expectAuthenticateRequest(userName, password)
     self._TOKEN_FACTORY.expectTokenRequest(authToken,
                                            tokenResource.authTokenLifeTime,
                                            self._VALID_CLIENT,
                                            defaultScope)
     self._TOKEN_FACTORY.expectTokenRequest(refreshToken, None,
                                            self._VALID_CLIENT,
                                            defaultScope)
     result = tokenResource.render_POST(request)
     self.assertTrue(
         self._PASSWORD_MANAGER.allPasswordsChecked(),
         msg='Expected the token resource to check if the given '
         'user name and password combination is valid.')
     self._TOKEN_FACTORY.assertAllTokensRequested()
     self.assertValidTokenResponse(request,
                                   result,
                                   authToken,
                                   tokenResource.authTokenLifeTime,
                                   expectedScope=defaultScope,
                                   expectedRefreshToken=refreshToken)
 def testWhenDisabled(self):
     """ Test the rejection of a password request when the grant type is disabled. """
     tokenResource = TokenResource(self._TOKEN_FACTORY,
                                   self._PERSISTENT_STORAGE,
                                   self._REFRESH_TOKEN_STORAGE,
                                   self._AUTH_TOKEN_STORAGE,
                                   self._CLIENT_STORAGE,
                                   grantTypes=[])
     request = self.generateValidTokenRequest(
         arguments={
             'grant_type': 'password',
             'username': b'someUserName',
             'password': b'somePassword',
         },
         authentication=self._VALID_CLIENT)
     result = tokenResource.render_POST(request)
     self.assertFailedTokenRequest(
         request,
         result,
         UnsupportedGrantTypeError('password'),
         msg='Expected the token resource to reject a password '
         'request, if the grant type is disabled')
Ejemplo n.º 7
0
    def _testTokenLifetime(self, token, lifetime):
        """
        Test that a request made to a token resource with the given default auth token lifetime
        is valid and generates a token with the lifetime.

        :param token: The token that should get generated.
        :param lifetime: The default and expected lifetime of the token.
        """
        tokenResource = TokenResource(
            self._TOKEN_FACTORY, self._PERSISTENT_STORAGE, self._REFRESH_TOKEN_STORAGE,
            self._AUTH_TOKEN_STORAGE, self._CLIENT_STORAGE, authTokenLifeTime=lifetime,
            passwordManager=self._PASSWORD_MANAGER)
        request = self.generateValidTokenRequest(arguments={
            'grant_type': 'refresh_token',
            'refresh_token': self._VALID_REFRESH_TOKEN
        }, authentication=self._VALID_CLIENT)
        self._TOKEN_FACTORY.expectTokenRequest(
            token, lifetime, self._VALID_CLIENT, self._VALID_SCOPE)
        result = tokenResource.render_POST(request)
        self._TOKEN_FACTORY.assertAllTokensRequested()
        self.assertValidTokenResponse(request, result, token, lifetime,
                                      expectedScope=self._VALID_SCOPE)