def test_token_flow_repeat(self): self.handler.token(self.args) # creates record self.oauth2_authorize() # user authorization self.handler.token(self.args) # should tradein auth code # check status records = self.handler.get_records(self.args['client_id']) assert_equal(1, len(records)) record = records[0] # has all the tokens assert_equal(None, record.auth_code) assert_not_equal(None, record.refresh_token) assert_not_equal(None, record.access_token) # access token works access_token_data = handler.access_token(record, self.args['client_secret']) access_token = access_token_data['access_token'] assert_true(self.validate_access(access_token)) # get it again self.handler.token(self.args) # should tradein auth code # check status records = self.handler.get_records(self.args['client_id']) assert_equal(1, len(records)) record = records[0] # has all the tokens assert_equal(None, record.auth_code) assert_not_equal(None, record.refresh_token) assert_not_equal(None, record.access_token) # access token works access_token_data2 = handler.access_token(record, self.args['client_secret']) access_token2 = access_token_data2['access_token'] assert_equal(access_token, access_token2) assert_true(self.validate_access(access_token2))
def test_token_force_refresh(self): self.handler.token(self.args) # creates record self.oauth2_authorize() # user authorization self.handler.token(self.args) # should tradein auth code # check status records = self.handler.get_records(self.args['client_id']) assert_equal(1, len(records)) record = records[0] # has all the tokens assert_equal(None, record.auth_code) assert_not_equal(None, record.refresh_token) assert_not_equal(None, record.access_token) # access token works access_token_data = handler.access_token(record, self.args['client_secret']) access_token = access_token_data['access_token'] assert_true(self.validate_access(access_token)) # try getting access token again self.handler.token(self.args) # should get previous access access_token_data = handler.access_token(record, self.args['client_secret']) assert_equal(access_token, access_token_data['access_token']) # try getting access token again self.args['force_new_access'] = 'True' self.handler.token(self.args) # should get previous access access_token_data = handler.access_token(record, self.args['client_secret']) assert_not_equal(access_token, access_token_data['access_token']) # try getting access token again without refresh requests.delete('http://127.0.0.1:9873/refreshtoken', data={'client_id':self.args['client_id']}) self.handler.token(self.args) # should await user input assert_equal(None, record.auth_code) assert_equal(None, record.refresh_token) assert_equal(None, record.access_token)
def test_refresh_code(self): self.load_authcode() # trade in auth code records = self.handler.get_records(self.args['client_id']) record = records[0] self.handler.tradein_auth_code(record, self.args['client_secret']) access_token_data = handler.access_token(record, self.args['client_secret']) access_token = access_token_data['access_token'] assert_true(self.validate_access(access_token)) # clear out the tokens and try refresh record.auth_code = None record.access_token = None self.handler.refresh_access(record, self.args['client_secret']) # try to validate assert_equal(None, records[0].auth_code, "Didn't fetch a new auth_code") assert_not_equal(None, records[0].refresh_token, "Has refresh token") assert_not_equal(None, records[0].access_token, "Has access token") access_token_data = handler.access_token(records[0], self.args['client_secret']) assert_in('access_token', access_token_data) access_token = access_token_data['access_token'] assert_true(len(access_token) > 10) # check access_token assert_true(self.validate_access(access_token))
def test_create_realcode(self): self.load_authcode() # trade in auth code records = self.handler.get_records(self.args['client_id']) record = records[0] self.handler.tradein_auth_code(record, self.args['client_secret']) assert_equal(None, record.auth_code, "Cleared auth_code") assert_not_equal(None, record.refresh_token, "Has refresh token") assert_not_equal(None, record.access_token, "Has access token") access_token_data = handler.access_token(record, self.args['client_secret']) assert_in('access_token', access_token_data) access_token = access_token_data['access_token'] assert_true(len(access_token) > 10) # check access_token assert_true(self.validate_access(access_token))
def test_token_missing_expiration(self): self.handler.token(self.args) # creates record self.oauth2_authorize() # user authorization self.handler.token(self.args) # should tradein auth code record = self.handler.get_records(self.args['client_id'])[0] record.access_exp = None # pretend we never got one self.handler.token(self.args) # should use the same one # check status records = self.handler.get_records(self.args['client_id']) assert_equal(1, len(records)) record = records[0] # has all the tokens assert_equal(None, record.auth_code) assert_not_equal(None, record.refresh_token) assert_not_equal(None, record.access_token) # access token works access_token_data = handler.access_token(record, self.args['client_secret']) access_token = access_token_data['access_token'] assert_true(self.validate_access(access_token))
def test_token_flow_missing_refresh(self): self.handler.token(self.args) # creates record self.oauth2_authorize() # user authorization self.handler.token(self.args) # gets refresh and access tokens requests.delete('http://127.0.0.1:9873/refreshtoken', data={'client_id':self.args['client_id']}) record = self.handler.get_records(self.args['client_id'])[0] record.access_token = None # auth code has already been deleted, make a new one self.oauth2_authorize() # user authorization self.handler.token(self.args) # should try refresh code, fail and use auth # check status records = self.handler.get_records(self.args['client_id']) assert_equal(1, len(records)) record = records[0] # has all the tokens assert_equal(None, record.auth_code) assert_not_equal(None, record.refresh_token) assert_not_equal(None, record.access_token) access_token_data = handler.access_token(record, self.args['client_secret']) access_token = access_token_data['access_token'] assert_true(self.validate_access(access_token))
def test_invalid_client_refresh(self): self.load_authcode() # trade in auth code records = self.handler.get_records(self.args['client_id']) record = records[0] self.handler.tradein_auth_code(record, self.args['client_secret']) access_token_data = handler.access_token(record, self.args['client_secret']) access_token = access_token_data['access_token'] assert_true(self.validate_access(access_token)) # invalidate client testserver_store.client_refresh[self.args['client_id']] = "INVALID!!!" # clear out the tokens and try refresh record.auth_code = None record.access_token = None self.handler.refresh_access(record, self.args['client_secret']) # Make sure we didn't get a token assert_equal(None, record.auth_code, "No auth code") assert_equal(None, record.refresh_token, "No refresh token") assert_equal(None, record.access_token, "No access token")
def test_missing_client_refresh(self): self.load_authcode() # trade in auth code records = self.handler.get_records(self.args['client_id']) record = records[0] self.handler.tradein_auth_code(record, self.args['client_secret']) access_token_data = handler.access_token(record, self.args['client_secret']) access_token = access_token_data['access_token'] assert_true(self.validate_access(access_token)) # invalidate client requests.delete('http://127.0.0.1:9873/refreshtoken', data={'client_id':self.args['client_id']}) # clear out the tokens and try refresh record.auth_code = None record.access_token = None self.handler.refresh_access(record, self.args['client_secret']) # Make sure we didn't get a token assert_equal(None, record.auth_code, "No auth code") assert_equal(None, record.refresh_token, "No refresh token") assert_equal(None, record.access_token, "No access token")