def test_callback_handles_bad_flow_exchange(self, pickle):
request = self.factory.get('oauth2/oauth2callback',
data={
"state": json.dumps(self.fake_state),
"code": 123
})
self.session['google_oauth2_csrf_token'] = self.CSRF_TOKEN
flow = OAuth2WebServerFlow(
client_id='clientid',
client_secret='clientsecret',
scope=['email'],
state=json.dumps(self.fake_state),
redirect_uri=request.build_absolute_uri("oauth2/oauth2callback"))
self.session['google_oauth2_flow_{0}'.format(self.CSRF_TOKEN)]\
= pickle.dumps(flow)
def local_throws(code):
raise FlowExchangeError("test")
flow.step2_exchange = local_throws
pickle.loads.return_value = flow
request.session = self.session
response = views.oauth2_callback(request)
self.assertTrue(isinstance(response, http.HttpResponseBadRequest))
def test_error_returns_bad_request(self):
request = self.factory.get('oauth2/oauth2callback', data={
'error': 'There was an error in your authorization.',
})
response = views.oauth2_callback(request)
self.assertIsInstance(response, http.HttpResponseBadRequest)
self.assertIn(b'Authorization failed', response.content)
def test_callback_works(self, pickle):
request = self.factory.get('oauth2/oauth2callback', data={
"state": json.dumps(self.fake_state),
"code": 123
})
self.session['google_oauth2_csrf_token'] = self.CSRF_TOKEN
flow = OAuth2WebServerFlow(
client_id='clientid',
client_secret='clientsecret',
scope=['email'],
state=json.dumps(self.fake_state),
redirect_uri=request.build_absolute_uri("oauth2/oauth2callback"))
self.session['google_oauth2_flow_{0}'.format(self.CSRF_TOKEN)] \
= pickle.dumps(flow)
flow.step2_exchange = mock.Mock()
pickle.loads.return_value = flow
request.session = self.session
response = views.oauth2_callback(request)
self.assertTrue(isinstance(response, http.HttpResponseRedirect))
self.assertEquals(response.status_code, 302)
self.assertEquals(response['Location'], self.RETURN_URL)
def test_callback_handles_bad_flow_exchange(self, pickle):
request = self.factory.get('oauth2/oauth2callback', data={
"state": json.dumps(self.fake_state),
"code": 123
})
self.session['google_oauth2_csrf_token'] = self.CSRF_TOKEN
flow = OAuth2WebServerFlow(
client_id='clientid',
client_secret='clientsecret',
scope=['email'],
state=json.dumps(self.fake_state),
redirect_uri=request.build_absolute_uri("oauth2/oauth2callback"))
self.session['google_oauth2_flow_{0}'.format(self.CSRF_TOKEN)]\
= pickle.dumps(flow)
def local_throws(code):
raise FlowExchangeError("test")
flow.step2_exchange = local_throws
pickle.loads.return_value = flow
request.session = self.session
response = views.oauth2_callback(request)
self.assertTrue(isinstance(response, http.HttpResponseBadRequest))
def test_callback_works(self, jsonpickle_mock):
request = self.factory.get('oauth2/oauth2callback', data={
'state': json.dumps(self.fake_state),
'code': 123
})
self.session['google_oauth2_csrf_token'] = self.CSRF_TOKEN
flow = client.OAuth2WebServerFlow(
client_id='clientid',
client_secret='clientsecret',
scope=['email'],
state=json.dumps(self.fake_state),
redirect_uri=request.build_absolute_uri("oauth2/oauth2callback"))
name = 'google_oauth2_flow_{0}'.format(self.CSRF_TOKEN)
pickled_flow = object()
self.session[name] = pickled_flow
flow.step2_exchange = mock.Mock()
jsonpickle_mock.decode.return_value = flow
request.session = self.session
request.user = self.user
response = views.oauth2_callback(request)
self.assertIsInstance(response, http.HttpResponseRedirect)
self.assertEqual(
response.status_code, django.http.HttpResponseRedirect.status_code)
self.assertEqual(response['Location'], self.RETURN_URL)
jsonpickle_mock.decode.assert_called_once_with(pickled_flow)
def test_callback_handles_bad_flow_exchange(self, jsonpickle_mock):
request = self.factory.get('oauth2/oauth2callback', data={
"state": json.dumps(self.fake_state),
"code": 123
})
self.session['google_oauth2_csrf_token'] = self.CSRF_TOKEN
flow = client.OAuth2WebServerFlow(
client_id='clientid',
client_secret='clientsecret',
scope=['email'],
state=json.dumps(self.fake_state),
redirect_uri=request.build_absolute_uri('oauth2/oauth2callback'))
session_key = 'google_oauth2_flow_{0}'.format(self.CSRF_TOKEN)
pickled_flow = object()
self.session[session_key] = pickled_flow
def local_throws(code):
raise client.FlowExchangeError('test')
flow.step2_exchange = local_throws
jsonpickle_mock.decode.return_value = flow
request.session = self.session
response = views.oauth2_callback(request)
self.assertIsInstance(response, http.HttpResponseBadRequest)
jsonpickle_mock.decode.assert_called_once_with(pickled_flow)
def test_bad_csrf(self):
request = self.factory.get("oauth2/oauth2callback", data={"state": json.dumps(self.fake_state), "code": 123})
self.session["google_oauth2_csrf_token"] = "WRONG TOKEN"
request.session = self.session
response = views.oauth2_callback(request)
self.assertIsInstance(response, http.HttpResponseBadRequest)
self.assertEqual(response.content, b"Invalid CSRF token.")
def test_bad_state(self):
request = self.factory.get("oauth2/oauth2callback", data={"code": 123, "state": json.dumps({"wrong": "state"})})
self.session["google_oauth2_csrf_token"] = "token"
request.session = self.session
response = views.oauth2_callback(request)
self.assertIsInstance(response, http.HttpResponseBadRequest)
self.assertEqual(response.content, b"Invalid state parameter.")
def test_no_session(self):
request = self.factory.get("oauth2/oauth2callback", data={"code": 123, "state": json.dumps(self.fake_state)})
request.session = self.session
response = views.oauth2_callback(request)
self.assertIsInstance(response, http.HttpResponseBadRequest)
self.assertEqual(response.content, b"No existing session for this flow.")
def test_error_returns_bad_request(self):
request = self.factory.get('oauth2/oauth2callback', data={
"error": "There was an error in your authorization.",
})
response = views.oauth2_callback(request)
self.assertTrue(isinstance(response, http.HttpResponseBadRequest))
self.assertTrue(b"Authorization failed" in response.content)
def test_callback_works(self, pickle):
request = self.factory.get('oauth2/oauth2callback',
data={
"state": json.dumps(self.fake_state),
"code": 123
})
self.session['google_oauth2_csrf_token'] = self.CSRF_TOKEN
flow = OAuth2WebServerFlow(
client_id='clientid',
client_secret='clientsecret',
scope=['email'],
state=json.dumps(self.fake_state),
redirect_uri=request.build_absolute_uri("oauth2/oauth2callback"))
self.session['google_oauth2_flow_{0}'.format(self.CSRF_TOKEN)] \
= pickle.dumps(flow)
flow.step2_exchange = mock.Mock()
pickle.loads.return_value = flow
request.session = self.session
response = views.oauth2_callback(request)
self.assertTrue(isinstance(response, http.HttpResponseRedirect))
self.assertEquals(response.status_code, 302)
self.assertEquals(response['Location'], self.RETURN_URL)
def test_error_escapes_html(self):
request = self.factory.get('oauth2/oauth2callback', data={
'error': '<script>bad</script>',
})
response = views.oauth2_callback(request)
self.assertIsInstance(response, http.HttpResponseBadRequest)
self.assertNotIn(b'<script>', response.content)
self.assertIn(b'<script>', response.content)
def test_no_saved_flow(self):
request = self.factory.get("oauth2/oauth2callback", data={"state": json.dumps(self.fake_state), "code": 123})
self.session["google_oauth2_csrf_token"] = self.CSRF_TOKEN
self.session["google_oauth2_flow_{0}".format(self.CSRF_TOKEN)] = None
request.session = self.session
response = views.oauth2_callback(request)
self.assertIsInstance(response, http.HttpResponseBadRequest)
self.assertEqual(response.content, b"Missing Oauth2 flow.")
def test_missing_state_returns_bad_request(self):
request = self.factory.get('oauth2/oauth2callback', data={
'code': 123
})
self.session['google_oauth2_csrf_token'] = "token"
request.session = self.session
response = views.oauth2_callback(request)
self.assertIsInstance(response, http.HttpResponseBadRequest)
def test_missing_state_returns_bad_request(self):
request = self.factory.get('oauth2/oauth2callback', data={
"code": 123
})
self.session['google_oauth2_csrf_token'] = "token"
request.session = self.session
response = views.oauth2_callback(request)
self.assertTrue(isinstance(response, http.HttpResponseBadRequest))
def test_error_escapes_html(self):
request = self.factory.get('oauth2/oauth2callback',
data={
'error': '<script>bad</script>',
})
response = views.oauth2_callback(request)
self.assertIsInstance(response, http.HttpResponseBadRequest)
self.assertNotIn(b'<script>', response.content)
self.assertIn(b'<script>', response.content)
def test_error_returns_bad_request(self):
request = self.factory.get(
'oauth2/oauth2callback',
data={
"error": "There was an error in your authorization.",
})
response = views.oauth2_callback(request)
self.assertTrue(isinstance(response, http.HttpResponseBadRequest))
self.assertTrue(b"Authorization failed" in response.content)
def test_bad_state(self):
request = self.factory.get('oauth2/oauth2callback', data={
'code': 123,
'state': json.dumps({'wrong': 'state'})
})
self.session['google_oauth2_csrf_token'] = 'token'
request.session = self.session
response = views.oauth2_callback(request)
self.assertIsInstance(response, http.HttpResponseBadRequest)
self.assertEqual(response.content, b'Invalid state parameter.')
def test_bad_csrf(self):
request = self.factory.get('oauth2/oauth2callback', data={
"state": json.dumps(self.fake_state),
"code": 123
})
self.session['google_oauth2_csrf_token'] = 'WRONG TOKEN'
request.session = self.session
response = views.oauth2_callback(request)
self.assertIsInstance(response, http.HttpResponseBadRequest)
self.assertEqual(response.content, b'Invalid CSRF token.')
def test_no_session(self):
request = self.factory.get('oauth2/oauth2callback', data={
'code': 123,
'state': json.dumps(self.fake_state)
})
request.session = self.session
response = views.oauth2_callback(request)
self.assertIsInstance(response, http.HttpResponseBadRequest)
self.assertEqual(
response.content, b'No existing session for this flow.')
def test_bad_state(self):
request = self.factory.get('oauth2/oauth2callback',
data={
"code": 123,
"state": json.dumps({"wrong": "state"})
})
self.session['google_oauth2_csrf_token'] = "token"
request.session = self.session
response = views.oauth2_callback(request)
self.assertTrue(isinstance(response, http.HttpResponseBadRequest))
self.assertEquals(response.content, b'Invalid state parameter.')
def test_no_saved_flow(self):
request = self.factory.get('oauth2/oauth2callback', data={
'state': json.dumps(self.fake_state),
'code': 123
})
self.session['google_oauth2_csrf_token'] = self.CSRF_TOKEN
self.session['google_oauth2_flow_{0}'.format(self.CSRF_TOKEN)] = None
request.session = self.session
response = views.oauth2_callback(request)
self.assertIsInstance(response, http.HttpResponseBadRequest)
self.assertEqual(response.content, b'Missing Oauth2 flow.')
def test_callback_works(self, pickle):
request = self.factory.get("oauth2/oauth2callback", data={"state": json.dumps(self.fake_state), "code": 123})
self.session["google_oauth2_csrf_token"] = self.CSRF_TOKEN
flow = OAuth2WebServerFlow(
client_id="clientid",
client_secret="clientsecret",
scope=["email"],
state=json.dumps(self.fake_state),
redirect_uri=request.build_absolute_uri("oauth2/oauth2callback"),
)
name = "google_oauth2_flow_{0}".format(self.CSRF_TOKEN)
self.session[name] = pickle.dumps(flow)
flow.step2_exchange = mock.Mock()
pickle.loads.return_value = flow
request.session = self.session
request.user = self.user
response = views.oauth2_callback(request)
self.assertIsInstance(response, http.HttpResponseRedirect)
self.assertEqual(response.status_code, django.http.HttpResponseRedirect.status_code)
self.assertEqual(response["Location"], self.RETURN_URL)
