def test_token_flow_repeat(self): self.handler.token(self.args) # creates record self.oauth2_authorize() # user authorization self.handler.token(self.args) # should tradein auth code # check status records = self.handler.get_records(self.args['client_id']) assert_equal(1, len(records)) record = records[0] # has all the tokens assert_equal(None, record.auth_code) assert_not_equal(None, record.refresh_token) assert_not_equal(None, record.access_token) # access token works access_token_data = handler.access_token(record, self.args['client_secret']) access_token = access_token_data['access_token'] assert_true(self.validate_access(access_token)) # get it again self.handler.token(self.args) # should tradein auth code # check status records = self.handler.get_records(self.args['client_id']) assert_equal(1, len(records)) record = records[0] # has all the tokens assert_equal(None, record.auth_code) assert_not_equal(None, record.refresh_token) assert_not_equal(None, record.access_token) # access token works access_token_data2 = handler.access_token(record, self.args['client_secret']) access_token2 = access_token_data2['access_token'] assert_equal(access_token, access_token2) assert_true(self.validate_access(access_token2))
def test_token_force_refresh(self):
self.handler.token(self.args) # creates record
self.oauth2_authorize() # user authorization
self.handler.token(self.args) # should tradein auth code
# check status
records = self.handler.get_records(self.args['client_id'])
assert_equal(1, len(records))
record = records[0]
# has all the tokens
assert_equal(None, record.auth_code)
assert_not_equal(None, record.refresh_token)
assert_not_equal(None, record.access_token)
# access token works
access_token_data = handler.access_token(record, self.args['client_secret'])
access_token = access_token_data['access_token']
assert_true(self.validate_access(access_token))
# try getting access token again
self.handler.token(self.args) # should get previous access
access_token_data = handler.access_token(record, self.args['client_secret'])
assert_equal(access_token, access_token_data['access_token'])
# try getting access token again
self.args['force_new_access'] = 'True'
self.handler.token(self.args) # should get previous access
access_token_data = handler.access_token(record, self.args['client_secret'])
assert_not_equal(access_token, access_token_data['access_token'])
# try getting access token again without refresh
requests.delete('http://127.0.0.1:9873/refreshtoken', data={'client_id':self.args['client_id']})
self.handler.token(self.args) # should await user input
assert_equal(None, record.auth_code)
assert_equal(None, record.refresh_token)
assert_equal(None, record.access_token)
def test_refresh_code(self):
self.load_authcode()
# trade in auth code
records = self.handler.get_records(self.args['client_id'])
record = records[0]
self.handler.tradein_auth_code(record, self.args['client_secret'])
access_token_data = handler.access_token(record, self.args['client_secret'])
access_token = access_token_data['access_token']
assert_true(self.validate_access(access_token))
# clear out the tokens and try refresh
record.auth_code = None
record.access_token = None
self.handler.refresh_access(record, self.args['client_secret'])
# try to validate
assert_equal(None, records[0].auth_code, "Didn't fetch a new auth_code")
assert_not_equal(None, records[0].refresh_token, "Has refresh token")
assert_not_equal(None, records[0].access_token, "Has access token")
access_token_data = handler.access_token(records[0], self.args['client_secret'])
assert_in('access_token', access_token_data)
access_token = access_token_data['access_token']
assert_true(len(access_token) > 10)
# check access_token
assert_true(self.validate_access(access_token))
def test_create_realcode(self):
self.load_authcode()
# trade in auth code
records = self.handler.get_records(self.args['client_id'])
record = records[0]
self.handler.tradein_auth_code(record, self.args['client_secret'])
assert_equal(None, record.auth_code, "Cleared auth_code")
assert_not_equal(None, record.refresh_token, "Has refresh token")
assert_not_equal(None, record.access_token, "Has access token")
access_token_data = handler.access_token(record, self.args['client_secret'])
assert_in('access_token', access_token_data)
access_token = access_token_data['access_token']
assert_true(len(access_token) > 10)
# check access_token
assert_true(self.validate_access(access_token))
def test_token_missing_expiration(self): self.handler.token(self.args) # creates record self.oauth2_authorize() # user authorization self.handler.token(self.args) # should tradein auth code record = self.handler.get_records(self.args['client_id'])[0] record.access_exp = None # pretend we never got one self.handler.token(self.args) # should use the same one # check status records = self.handler.get_records(self.args['client_id']) assert_equal(1, len(records)) record = records[0] # has all the tokens assert_equal(None, record.auth_code) assert_not_equal(None, record.refresh_token) assert_not_equal(None, record.access_token) # access token works access_token_data = handler.access_token(record, self.args['client_secret']) access_token = access_token_data['access_token'] assert_true(self.validate_access(access_token))
def test_token_flow_missing_refresh(self):
self.handler.token(self.args) # creates record
self.oauth2_authorize() # user authorization
self.handler.token(self.args) # gets refresh and access tokens
requests.delete('http://127.0.0.1:9873/refreshtoken', data={'client_id':self.args['client_id']})
record = self.handler.get_records(self.args['client_id'])[0]
record.access_token = None
# auth code has already been deleted, make a new one
self.oauth2_authorize() # user authorization
self.handler.token(self.args) # should try refresh code, fail and use auth
# check status
records = self.handler.get_records(self.args['client_id'])
assert_equal(1, len(records))
record = records[0]
# has all the tokens
assert_equal(None, record.auth_code)
assert_not_equal(None, record.refresh_token)
assert_not_equal(None, record.access_token)
access_token_data = handler.access_token(record, self.args['client_secret'])
access_token = access_token_data['access_token']
assert_true(self.validate_access(access_token))
def test_invalid_client_refresh(self): self.load_authcode() # trade in auth code records = self.handler.get_records(self.args['client_id']) record = records[0] self.handler.tradein_auth_code(record, self.args['client_secret']) access_token_data = handler.access_token(record, self.args['client_secret']) access_token = access_token_data['access_token'] assert_true(self.validate_access(access_token)) # invalidate client testserver_store.client_refresh[self.args['client_id']] = "INVALID!!!" # clear out the tokens and try refresh record.auth_code = None record.access_token = None self.handler.refresh_access(record, self.args['client_secret']) # Make sure we didn't get a token assert_equal(None, record.auth_code, "No auth code") assert_equal(None, record.refresh_token, "No refresh token") assert_equal(None, record.access_token, "No access token")
def test_missing_client_refresh(self):
self.load_authcode()
# trade in auth code
records = self.handler.get_records(self.args['client_id'])
record = records[0]
self.handler.tradein_auth_code(record, self.args['client_secret'])
access_token_data = handler.access_token(record, self.args['client_secret'])
access_token = access_token_data['access_token']
assert_true(self.validate_access(access_token))
# invalidate client
requests.delete('http://127.0.0.1:9873/refreshtoken', data={'client_id':self.args['client_id']})
# clear out the tokens and try refresh
record.auth_code = None
record.access_token = None
self.handler.refresh_access(record, self.args['client_secret'])
# Make sure we didn't get a token
assert_equal(None, record.auth_code, "No auth code")
assert_equal(None, record.refresh_token, "No refresh token")
assert_equal(None, record.access_token, "No access token")
