def test_state_token(self, session): from invenio.modules.oauthclient.views.client import serializer # Mock session id session.sid = '1234' with self.app.test_client() as c: # Ensure remote apps have been loaded (due to before first # request) c.get(url_for("oauthclient.login", remote_app='test')) self.mock_response(app='test') # Good state token state = serializer.dumps( {'app': 'test', 'sid': '1234', 'next': None, } ) resp = c.get( url_for("oauthclient.authorized", remote_app='test', code='test', state=state) ) self.assert200(resp) outdated_serializer = TimedJSONWebSignatureSerializer( cfg['SECRET_KEY'], expires_in=0, ) # Bad state - timeout state1 = outdated_serializer.dumps( {'app': 'test', 'sid': '1234', 'next': None, } ) # Bad state - app state2 = serializer.dumps( # State for another existing app (test_invalid exists) {'app': 'test_invalid', 'sid': '1234', 'next': None, } ) # Bad state - sid state3 = serializer.dumps( # State for another existing app (test_invalid exists) {'app': 'test', 'sid': 'bad', 'next': None, } ) time.sleep(1) for s in [state1, state2, state3]: resp = c.get( url_for("oauthclient.authorized", remote_app='test', code='test', state=s) ) self.assert403(resp)
def test_invalid_authorized_response(self): from simplejson import JSONDecodeError from invenio.modules.oauthclient.client import oauth # Fake an authorized request with self.app.test_client() as c: # Ensure remote apps have been loaded (due to before first # request) c.get(url_for("oauthclient.login", remote_app='test')) oauth.remote_apps['test'].handle_oauth2_response = MagicMock( side_effect=JSONDecodeError('Expecting value', '', 0) ) from invenio.modules.oauthclient.views.client import serializer state = serializer.dumps({ 'app': 'test', 'sid': session.sid, 'next': None, }) self.assertRaises( JSONDecodeError, c.get, url_for( "oauthclient.authorized", remote_app='test', code='test', state=state ) )
def test_authorized(self): # Fake an authorized request with self.app.test_client() as c: # Ensure remote apps have been loaded (due to before first # request) c.get(url_for("oauthclient.login", remote_app='test')) self.mock_response(app='test') self.mock_response(app='test_invalid') from invenio.modules.oauthclient.views.client import serializer state = serializer.dumps({ 'app': 'test', 'sid': session.sid, 'next': None, }) resp = c.get( url_for( "oauthclient.authorized", remote_app='test', code='test', state=state ) ) assert resp.data == "TEST" assert self.handled_remote.name == 'test' assert not self.handled_args assert not self.handled_kwargs assert self.handled_resp['access_token'] == 'test_access_token' state = serializer.dumps({ 'app': 'test_invalid', 'sid': session.sid, 'next': None, }) self.assertRaises( TypeError, c.get, url_for( "oauthclient.authorized", remote_app='test_invalid', code='test', state=state, ) )
def test_rejected(self, session, save_session): from invenio.modules.oauthclient.client import oauth # Mock user id user = MagicMock() user.get_id = MagicMock(return_value=1) user.is_authenticated = MagicMock(return_value=True) # Mock session id session.sid = '1234' with patch('flask.ext.login._get_user', return_value=user): with self.app.test_client() as c: # First call login to be redirected res = c.get(url_for("oauthclient.login", remote_app='full')) assert res.status_code == 302 assert res.location.startswith( oauth.remote_apps['full'].authorize_url ) # Mock response to imitate an invalid response. Here, an # example from GitHub when the code is expired. self.mock_response(app='full', data=dict( error_uri='http://developer.github.com/v3/oauth/' '#bad-verification-code', error_description='The code passed is ' 'incorrect or expired.', error='bad_verification_code', )) # Imitate that the user authorized our request in the remote # application (however, the remote app will son reply with an # error) from invenio.modules.oauthclient.views.client import serializer state = serializer.dumps({ 'app': 'full', 'sid': '1234', 'next': None, }) res = c.get(url_for( "oauthclient.authorized", remote_app='full', code='test', state=state )) assert res.status_code == 302
def test_rejected(self, session, save_session): from invenio.modules.oauthclient.client import oauth # Mock user id user = MagicMock() user.get_id = MagicMock(return_value=1) user.is_authenticated = MagicMock(return_value=True) # Mock session id session.sid = '1234' with patch('flask_login._get_user', return_value=user): with self.app.test_client() as c: # First call login to be redirected res = c.get(url_for("oauthclient.login", remote_app='full')) assert res.status_code == 302 assert res.location.startswith( oauth.remote_apps['full'].authorize_url ) # Mock response to imitate an invalid response. Here, an # example from GitHub when the code is expired. self.mock_response(app='full', data=dict( error_uri='http://developer.github.com/v3/oauth/' '#bad-verification-code', error_description='The code passed is ' 'incorrect or expired.', error='bad_verification_code', )) # Imitate that the user authorized our request in the remote # application (however, the remote app will son reply with an # error) from invenio.modules.oauthclient.views.client import serializer state = serializer.dumps({ 'app': 'full', 'sid': '1234', 'next': None, }) res = c.get(url_for( "oauthclient.authorized", remote_app='full', code='test', state=state )) assert res.status_code == 302
def _get_state(self): from invenio.modules.oauthclient.views.client import serializer return serializer.dumps({'app': 'orcid', 'sid': session.sid, 'next': None, })
def _get_state(self): from invenio.modules.oauthclient.views.client import serializer return serializer.dumps({"app": "orcid", "sid": session.sid, "next": None})