def test_invalid_authorization_header(self):
"""Test invalid authorization header."""
with self.assertRaises(helpers.UnauthorizedException) as cm:
handler.get_email_and_access_token('ReceiverAccessToken')
self.assertEqual(401, cm.exception.status)
self.assertEqual(
'The Authorization header is invalid. It should have been started with'
" 'Bearer '.", str(cm.exception))
self.assertEqual(0, self.mock.get.call_count)
def test_invalid_json(self):
"""Test invalid json."""
self.mock.get.return_value = mock.Mock(status_code=200, text='test')
with self.assertRaises(helpers.EarlyExitException) as cm:
handler.get_email_and_access_token('Bearer AccessToken')
self.assertEqual(500, cm.exception.status)
self.assertEqual('Parsing the JSON response body failed: test',
str(cm.exception))
self._assert_requests_get_call()
def test_bad_status(self):
"""Test bad status."""
self.mock.get.return_value = mock.Mock(status_code=403)
with self.assertRaises(helpers.UnauthorizedException) as cm:
handler.get_email_and_access_token('Bearer AccessToken')
self.assertEqual(401, cm.exception.status)
self.assertEqual(
('Failed to authorize. The Authorization header (Bearer AccessToken)'
' might be invalid.'), str(cm.exception))
self._assert_requests_get_call()
def test_unverified_email(self):
"""Test unverified email."""
self.mock.get.return_value = mock.Mock(
status_code=200,
text=json.dumps({
'aud': 'ClientId',
'email': '*****@*****.**',
'email_verified': False
}))
with self.assertRaises(helpers.EarlyExitException) as cm:
handler.get_email_and_access_token('Bearer AccessToken')
self.assertEqual(401, cm.exception.status)
self.assertIn('The email ([email protected]) is not verified',
str(cm.exception))
self._assert_requests_get_call()
def test_unverified_email(self):
"""Test unverified email."""
self.mock.fetch.return_value = mock.Mock(
status_code=200,
content=json.dumps({
'aud': self.test_clusterfuzz_tools_oauth_client_id,
'email': '*****@*****.**',
'email_verified': False
}))
with self.assertRaises(helpers.EarlyExitException) as cm:
handler.get_email_and_access_token('Bearer AccessToken')
self.assertEqual(401, cm.exception.status)
self.assertIn('The email ([email protected]) is not verified',
cm.exception.message)
self._assert_fetch_call()
def test_invalid_client_id(self):
"""Test the invalid client id."""
self.mock.get.return_value = mock.Mock(
status_code=200,
text=json.dumps({
'aud': 'InvalidClientId',
'email': '*****@*****.**',
'email_verified': False
}))
with self.assertRaises(helpers.EarlyExitException) as cm:
handler.get_email_and_access_token('Bearer AccessToken')
self.assertEqual(401, cm.exception.status)
self.assertIn(
"The access token doesn't belong to one of the allowed OAuth clients",
str(cm.exception))
self._assert_requests_get_call()
def test_allowed_bearer(self):
"""Test allowing Bearer."""
for aud in self.test_whitelisted_oauth_client_ids:
self.mock.get.return_value = mock.Mock(
status_code=200,
text=json.dumps({
'aud': aud,
'email': '*****@*****.**',
'email_verified': True
}))
email, token = handler.get_email_and_access_token('Bearer AccessToken')
self.assertEqual('*****@*****.**', email)
self.assertEqual('Bearer AccessToken', token)
self._assert_requests_get_call()
def test_allow_whitelised_accounts(self):
"""Test allow compute engine service account."""
for email in self.test_whitelisted_oauth_emails:
self.mock.get.reset_mock()
self.mock.get.return_value = mock.Mock(
status_code=200,
text=json.dumps({
'email_verified': True,
'email': email
}))
returned_email, token = handler.get_email_and_access_token(
'Bearer AccessToken')
self.assertEqual(email, returned_email)
self.assertEqual('Bearer AccessToken', token)
self._assert_requests_get_call()
def test_allowed_verification_code(self):
"""Test allowing VerificationCode."""
self.mock.get.return_value = mock.Mock(
status_code=200,
text=json.dumps({
'aud': 'ClientId',
'email': '*****@*****.**',
'email_verified': True
}))
self.mock.get_access_token.return_value = 'AccessToken'
email, token = handler.get_email_and_access_token('VerificationCode Verify')
self.assertEqual('*****@*****.**', email)
self.assertEqual('Bearer AccessToken', token)
self.assertEqual(1, self.mock.get_access_token.call_count)
self.mock.get_access_token.assert_has_calls([mock.call('Verify')])
self._assert_requests_get_call()
def test_allowed_verification_code(self):
"""Test allowing VerificationCode."""
self.mock.fetch.return_value = mock.Mock(
status_code=200,
content=json.dumps({
'aud': self.test_clusterfuzz_tools_oauth_client_id,
'email': '*****@*****.**',
'email_verified': True
}))
self.mock.get_access_token.return_value = 'AccessToken'
email, auth = handler.get_email_and_access_token('VerificationCode Verify')
self.assertEqual('*****@*****.**', email)
self.assertEqual('Bearer AccessToken', auth)
self.assertEqual(1, self.mock.get_access_token.call_count)
self.mock.get_access_token.assert_has_calls(
[mock.call(verification_code='Verify')])
self._assert_fetch_call()
