def test_required(self): @self.app.route('/protected') @self.oauth2.required def index(): return 'Hello' # No credentials, should redirect with self.app.test_client() as client: response = client.get('/protected') self.assertEqual(response.status_code, httplib.FOUND) self.assertIn('oauth2authorize', response.headers['Location']) self.assertIn('protected', response.headers['Location']) credentials = self._generate_credentials(scopes=self.oauth2.scopes) # With credentials, should allow with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_credentials'] = credentials.to_json() response = client.get('/protected') self.assertEqual(response.status_code, httplib.OK) self.assertIn('Hello', response.data.decode('utf-8')) # Expired credentials with refresh token, should allow. credentials.token_expiry = datetime.datetime(1990, 5, 28) with mock.patch('oauth2client.client._UTCNOW') as utcnow: utcnow.return_value = datetime.datetime(1990, 5, 29) with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_credentials'] = ( credentials.to_json()) response = client.get('/protected') self.assertEqual(response.status_code, httplib.OK) self.assertIn('Hello', response.data.decode('utf-8')) # Expired credentials without a refresh token, should redirect. credentials.refresh_token = None with mock.patch('oauth2client.client._UTCNOW') as utcnow: utcnow.return_value = datetime.datetime(1990, 5, 29) with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_credentials'] = ( credentials.to_json()) response = client.get('/protected') self.assertEqual(response.status_code, httplib.FOUND) self.assertIn('oauth2authorize', response.headers['Location']) self.assertIn('protected', response.headers['Location'])
def test_incremental_auth(self): self._create_incremental_auth_app() # No credentials, should redirect with self.app.test_client() as client: response = client.get('/one') self.assertIn('one', response.headers['Location']) self.assertEqual(response.status_code, httplib.FOUND) # Credentials for one. /one should allow, /two should redirect. credentials = self._generate_credentials(scopes=['email', 'one']) with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_credentials'] = credentials.to_json() response = client.get('/one') self.assertEqual(response.status_code, httplib.OK) response = client.get('/two') self.assertIn('two', response.headers['Location']) self.assertEqual(response.status_code, httplib.FOUND) # Starting the authorization flow should include the # include_granted_scopes parameter as well as the scopes. response = client.get(response.headers['Location'][17:]) q = urlparse.parse_qs( response.headers['Location'].split('?', 1)[1]) self.assertIn('include_granted_scopes', q) self.assertEqual( set(q['scope'][0].split(' ')), set(['one', 'email', 'two', 'three'])) # Actually call two() without a redirect. credentials2 = self._generate_credentials( scopes=['email', 'two', 'three']) with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_credentials'] = credentials2.to_json() response = client.get('/two') self.assertEqual(response.status_code, httplib.OK)
def _setup_callback_state(self, client, **kwargs): with self.app.test_request_context(): # Flask doesn't create a request context with a session # transaction for some reason, so, set up the flow here, # then apply it to the session in the transaction. if not kwargs: self.oauth2._make_flow(return_url='/return_url') else: self.oauth2._make_flow(**kwargs) with client.session_transaction() as session: session.update(flask.session) csrf_token = session['google_oauth2_csrf_token'] flow = flask_util._get_flow_for_token(csrf_token) state = flow.params['state'] return state
def test_callback_view_errors(self): # Error supplied to callback with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_csrf_token'] = 'tokenz' response = client.get('/oauth2callback?state={}&error=something') self.assertEqual(response.status_code, httplib.BAD_REQUEST) self.assertIn('something', response.data.decode('utf-8')) # CSRF mismatch with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_csrf_token'] = 'goodstate' state = json.dumps({ 'csrf_token': 'badstate', 'return_url': '/return_url' }) response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.BAD_REQUEST) # KeyError, no CSRF state. with self.app.test_client() as client: response = client.get('/oauth2callback?state={}&code=codez') self.assertEqual(response.status_code, httplib.BAD_REQUEST) # Code exchange error with self.app.test_client() as client: state = self._setup_callback_state(client) with mock.patch( 'oauth2client.transport.get_http_object') as new_http: # Set-up mock. new_http.return_value = http_mock.HttpMock( headers={'status': httplib.INTERNAL_SERVER_ERROR}, data=DEFAULT_RESP) # Run tests. response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.BAD_REQUEST) # Check the mocks were called. new_http.assert_called_once_with() # Invalid state json with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_csrf_token'] = 'tokenz' state = '[{' response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.BAD_REQUEST) # Missing flow. with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_csrf_token'] = 'tokenz' state = json.dumps({ 'csrf_token': 'tokenz', 'return_url': '/return_url' }) response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.BAD_REQUEST)
def test_callback_view_errors(self): # Error supplied to callback with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_csrf_token'] = 'tokenz' response = client.get('/oauth2callback?state={}&error=something') self.assertEqual(response.status_code, httplib.BAD_REQUEST) self.assertIn('something', response.data.decode('utf-8')) # CSRF mismatch with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_csrf_token'] = 'goodstate' state = json.dumps({ 'csrf_token': 'badstate', 'return_url': '/return_url' }) response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.BAD_REQUEST) # KeyError, no CSRF state. with self.app.test_client() as client: response = client.get('/oauth2callback?state={}&code=codez') self.assertEqual(response.status_code, httplib.BAD_REQUEST) # Code exchange error with self.app.test_client() as client: state = self._setup_callback_state(client) with Http2Mock(status=httplib.INTERNAL_SERVER_ERROR): response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.BAD_REQUEST) # Invalid state json with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_csrf_token'] = 'tokenz' state = '[{' response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.BAD_REQUEST) # Missing flow. with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_csrf_token'] = 'tokenz' state = json.dumps({ 'csrf_token': 'tokenz', 'return_url': '/return_url' }) response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.BAD_REQUEST)