def test_get_scopes(self):
# Test fetching scopes of a valid token
oauth_token = db_oauth_token.create(
client_id=self.oauth_client["client_id"],
access_token="Test Access Token",
refresh_token="Test Refresh Token",
expires=datetime.now() + timedelta(seconds=200),
user_id=self.user.id,
scopes="Test Scopes",
)
self.assertIn("Test", db_oauth_token.get_scopes(oauth_token["id"]))
# Test fetching scopes of a token that does not exist
db_oauth_token.delete(client_id=self.oauth_client["client_id"],
refresh_token="Test Refresh Token")
with self.assertRaises(db_exceptions.NoDataFoundException):
db_oauth_token.get_scopes(oauth_token["id"])
# Test fetching scopes of token with no scopes
oauth_token = db_oauth_token.create(
client_id=self.oauth_client["client_id"],
access_token="Test Access Token",
refresh_token="Test Refresh Token",
expires=datetime.now() + timedelta(seconds=200),
user_id=self.user.id,
scopes=None,
)
self.assertEqual([], db_oauth_token.get_scopes(oauth_token["id"]))
def test_get_scopes(self):
# Test fetching scopes of a valid token
oauth_token = db_oauth_token.create(
client_id=self.oauth_client["client_id"],
access_token="Test Access Token",
refresh_token="Test Refresh Token",
expires=datetime.now() + timedelta(seconds=200),
user_id=self.user.id,
scopes="Test Scopes",
)
self.assertIn("Test", db_oauth_token.get_scopes(oauth_token["id"]))
# Test fetching scopes of a token that does not exist
db_oauth_token.delete(client_id=self.oauth_client["client_id"], refresh_token="Test Refresh Token")
with self.assertRaises(db_exceptions.NoDataFoundException):
db_oauth_token.get_scopes(oauth_token["id"])
# Test fetching scopes of token with no scopes
oauth_token = db_oauth_token.create(
client_id=self.oauth_client["client_id"],
access_token="Test Access Token",
refresh_token="Test Refresh Token",
expires=datetime.now() + timedelta(seconds=200),
user_id=self.user.id,
scopes=None,
)
self.assertEqual([], db_oauth_token.get_scopes(oauth_token["id"]))
def get_authorized_user(self, scopes):
authorization = request.headers.get('Authorization')
if self.validate_authorization_header(authorization) is False:
raise NotAuthorized
access_token = authorization.split()[1]
token = self.fetch_access_token(access_token)
if token is None:
raise exceptions.InvalidToken
if token["expires"] < datetime.now():
raise exceptions.InvalidToken
for scope in scopes:
if scope not in db_oauth_token.get_scopes(token["id"]):
raise exceptions.InvalidToken
user = User(db_users.get_by_id(token["user_id"]))
return user
def validate_token_scope(self, client_id, refresh_token, scope):
token = self.fetch_token(client_id, refresh_token)
return self.validate_scope(scope, db_oauth_token.get_scopes(token["id"]))