def test_client_credentials(self):
"""
Validates the Client Credentials
"""
from api.oauth2.tokenview import OAuth2TokenView
time.sleep(180)
data = {'grant_type': 'client_credentials'}
request = self.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1')
self._assert_failure(OAuth2TokenView.as_view(), request, 400, 'missing_header', HttpBadRequestException)
time.sleep(180)
header = 'Basic {0}'.format(base64.encodestring('{0}:{1}'.format('foo', 'bar')))
request = self.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.2', HTTP_AUTHORIZATION=header)
self._assert_failure(OAuth2TokenView.as_view(), request, 400, 'invalid_client', HttpBadRequestException)
time.sleep(180)
admin_na = UserList.get_user_by_username('admin_na')
admin_na_client = Client()
admin_na_client.ovs_type = 'USER'
admin_na_client.grant_type = 'PASSWORD'
admin_na_client.client_secret = OAuth2Toolbox.create_hash(64)
admin_na_client.user = admin_na
admin_na_client.save()
header = 'Basic {0}'.format(base64.encodestring('{0}:{1}'.format(admin_na_client.guid, admin_na_client.client_secret)))
request = self.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.3', HTTP_AUTHORIZATION=header)
self._assert_failure(OAuth2TokenView.as_view(), request, 400, 'invalid_grant', HttpBadRequestException)
time.sleep(180)
admin_na_client.grant_type = 'CLIENT_CREDENTIALS'
admin_na_client.save()
request = self.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.4', HTTP_AUTHORIZATION=header)
self._assert_failure(OAuth2TokenView.as_view(), request, 400, 'inactive_user', HttpBadRequestException)
time.sleep(180)
admin = UserList.get_user_by_username('admin')
admin_client = Client()
admin_client.ovs_type = 'USER'
admin_client.grant_type = 'CLIENT_CREDENTIALS'
admin_client.client_secret = OAuth2Toolbox.create_hash(64)
admin_client.user = admin
admin_client.save()
header = 'Basic {0}'.format(base64.encodestring('{0}:foobar'.format(admin_client.guid)))
request = self.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.5', HTTP_AUTHORIZATION=header)
self._assert_failure(OAuth2TokenView.as_view(), request, 400, 'invalid_client', HttpBadRequestException)
time.sleep(180)
header = 'Basic {0}'.format(base64.encodestring('{0}:{1}'.format(admin_client.guid, admin_client.client_secret)))
request = self.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.6', HTTP_AUTHORIZATION=header)
response = OAuth2TokenView.as_view()(request)
self.assertEqual(response.status_code, 200)
response_content = json.loads(response.content)
self.assertIn('access_token', response_content)
result = {'access_token': response_content['access_token'],
'token_type': 'bearer',
'expires_in': 3600}
self.assertDictEqual(response_content, result)
def create(self, request, role_guids=None):
"""
Creates a Client
:param request: Raw request
:type request: Request
:param role_guids: The GUIDs of the roles where the client should get access to
:type role_guids: str
"""
if 'role_guids' in request.DATA:
del request.DATA['role_guids']
serializer = FullSerializer(Client, instance=Client(), data=request.DATA)
client = serializer.deserialize()
if client.user is not None:
if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
client.grant_type = 'CLIENT_CREDENTIALS'
client.client_secret = OAuth2Toolbox.create_hash(64)
client.save()
if not role_guids:
roles = [junction.role for junction in client.user.group.roles]
else:
possible_role_guids = [junction.role_guid for junction in client.user.group.roles]
roles = [Role(guid) for guid in role_guids if guid in possible_role_guids]
for role in roles:
roleclient = RoleClient()
roleclient.client = client
roleclient.role = role
roleclient.save()
return client
raise HttpNotAcceptableException(error_description='A client must have a user',
error='invalid_data')
def create(self, request, role_guids=None):
"""
Creates a Client
:param request: Raw request
:type request: Request
:param role_guids: The GUIDs of the roles where the client should get access to
:type role_guids: str
"""
if 'role_guids' in request.DATA:
del request.DATA['role_guids']
serializer = FullSerializer(Client,
instance=Client(),
data=request.DATA)
client = serializer.deserialize()
if client.user is not None:
if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(
request.client, ['manage']):
client.grant_type = 'CLIENT_CREDENTIALS'
client.client_secret = OAuth2Toolbox.create_hash(64)
client.save()
if not role_guids:
roles = [
junction.role for junction in client.user.group.roles
]
else:
possible_role_guids = [
junction.role_guid
for junction in client.user.group.roles
]
roles = [
Role(guid) for guid in role_guids
if guid in possible_role_guids
]
for role in roles:
roleclient = RoleClient()
roleclient.client = client
roleclient.role = role
roleclient.save()
return client
raise HttpNotAcceptableException(
error_description='A client must have a user',
error='invalid_data')
def test_client_credentials(self):
"""
Validates the Client Credentials
"""
from api.oauth2.tokenview import OAuth2TokenView
time.sleep(180)
data = {'grant_type': 'client_credentials'}
request = self.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1')
self._assert_failure(OAuth2TokenView.as_view(), request, 400,
'missing_header', HttpBadRequestException)
time.sleep(180)
header = 'Basic {0}'.format(
base64.encodestring('{0}:{1}'.format('foo', 'bar')))
request = self.factory.post('/',
data=data,
HTTP_X_REAL_IP='127.0.0.2',
HTTP_AUTHORIZATION=header)
self._assert_failure(OAuth2TokenView.as_view(), request, 400,
'invalid_client', HttpBadRequestException)
time.sleep(180)
admin_na = UserList.get_user_by_username('admin_na')
admin_na_client = Client()
admin_na_client.ovs_type = 'USER'
admin_na_client.grant_type = 'PASSWORD'
admin_na_client.client_secret = OAuth2Toolbox.create_hash(64)
admin_na_client.user = admin_na
admin_na_client.save()
header = 'Basic {0}'.format(
base64.encodestring('{0}:{1}'.format(
admin_na_client.guid, admin_na_client.client_secret)))
request = self.factory.post('/',
data=data,
HTTP_X_REAL_IP='127.0.0.3',
HTTP_AUTHORIZATION=header)
self._assert_failure(OAuth2TokenView.as_view(), request, 400,
'invalid_grant', HttpBadRequestException)
time.sleep(180)
admin_na_client.grant_type = 'CLIENT_CREDENTIALS'
admin_na_client.save()
request = self.factory.post('/',
data=data,
HTTP_X_REAL_IP='127.0.0.4',
HTTP_AUTHORIZATION=header)
self._assert_failure(OAuth2TokenView.as_view(), request, 400,
'inactive_user', HttpBadRequestException)
time.sleep(180)
admin = UserList.get_user_by_username('admin')
admin_client = Client()
admin_client.ovs_type = 'USER'
admin_client.grant_type = 'CLIENT_CREDENTIALS'
admin_client.client_secret = OAuth2Toolbox.create_hash(64)
admin_client.user = admin
admin_client.save()
header = 'Basic {0}'.format(
base64.encodestring('{0}:foobar'.format(admin_client.guid)))
request = self.factory.post('/',
data=data,
HTTP_X_REAL_IP='127.0.0.5',
HTTP_AUTHORIZATION=header)
self._assert_failure(OAuth2TokenView.as_view(), request, 400,
'invalid_client', HttpBadRequestException)
time.sleep(180)
header = 'Basic {0}'.format(
base64.encodestring('{0}:{1}'.format(admin_client.guid,
admin_client.client_secret)))
request = self.factory.post('/',
data=data,
HTTP_X_REAL_IP='127.0.0.6',
HTTP_AUTHORIZATION=header)
response = OAuth2TokenView.as_view()(request)
self.assertEqual(response.status_code, 200)
response_content = json.loads(response.content)
self.assertIn('access_token', response_content)
result = {
'access_token': response_content['access_token'],
'token_type': 'bearer',
'expires_in': 3600
}
self.assertDictEqual(response_content, result)
