def test_register_client(self):
user = User(username='******')
user.set_password('12345')
user.save()
scope1 = Scope(identifier='scope1')
scope1.save()
cl = register_client('client1_title', 'client1', 'http://client1url.com/client1/', user)
self.assertEqual(cl.identifier, 'client1')
self.assertEqual(cl.title, 'client1_title')
self.assertEqual(cl.user, user)
uris = cl.redirection_uris.all()
self.assertEqual(len(uris), 1)
self.assertEqual(uris[0].uri, 'http://client1url.com/client1/')
self.assertRaises(OauthostException, register_client, 'client2_title', 'client2',
'http://client2url.com/client2/', user, scopes_list=[scope1, 'scope2'],
register_unknown_scopes=False)
cl = register_client('client2_title', 'client2', 'http://client2url.com/client2/', user,
scopes_list=[scope1, 'scope2'], token_lifetime=300, public=False,
client_params={'description': 'client2_decr'})
self.assertEqual(cl.identifier, 'client2')
self.assertEqual(cl.title, 'client2_title')
self.assertEqual(cl.token_lifetime, 300)
self.assertEqual(cl.user, user)
self.assertEqual(cl.description, 'client2_decr')
self.assertNotEqual(cl.type, Client.TYPE_PUBLIC)
self.assertEqual(len(cl.scopes.all()), 2)
uris = cl.redirection_uris.all()
self.assertEqual(len(uris), 1)
self.assertEqual(uris[0].uri, 'http://client2url.com/client2/')
def handle(self, *args, **options):
if not len(args):
raise CommandError('This command accepts space delimited list of application names.')
if not set(args).issubset(settings.INSTALLED_APPS):
raise CommandError('One or more application names issued to the command are not in INSTALLED_APPS.')
for app_name in args:
decorated_views_count = 0
self.stdout.write('Working on "%s" application ...\n' % app_name)
try:
app_views = __import__('%s.views' % app_name)
except ImportError:
raise CommandError('No views.py found in the application.')
app_views_substr = path.join('oauthost', 'decorators.py')
for func_name in dir(app_views.views):
if '__' not in func_name:
func = getattr(app_views.views, func_name)
# That's how we find decorated views.
if func_name != 'oauth_required' and app_views_substr in getfile(func):
decorated_views_count += 1
# TODO That would be nice to have here a value of `scope` parameter of @oauth_required if it set.
# That is, of course, if only we can trace it up at a low cost.
scope_name = '%(app_name)s:%(view_name)s' % {'app_name': app_name, 'view_name': func_name}
self.stdout.write(' Found "%s" view. Syncing "%s" scope ... ' % (func_name, scope_name))
# A try to give our scope a pretty name.
scope_title = '%s %s' % (app_name.capitalize(), ' '.join([word.capitalize() for word in func_name.split('_')]))
scope = Scope(identifier=scope_name, title=scope_title)
try:
scope.save()
except IntegrityError:
self.stdout.write('WARNING: Scope skipped as already exists\n')
else:
self.stdout.write('Done\n')
if not decorated_views_count:
self.stdout.write('NOTE: No views decorated with "@oauth_required" are found in the application.\n')
self.stdout.write('\n')
def test_register_client(self, user):
scope1 = Scope(identifier='scope1')
scope1.save()
cl = register_client('client1_title', 'client1', 'http://client1url.com/client1/', user)
assert cl.identifier == 'client1'
assert cl.title == 'client1_title'
assert cl.user == user
uris = cl.redirection_uris.all()
assert len(uris) == 1
assert uris[0].uri == 'http://client1url.com/client1/'
with pytest.raises(OauthostException):
register_client(
'client2_title', 'client2', 'http://client2url.com/client2/', user,
scopes_list=[scope1, 'scope2'],
register_unknown_scopes=False)
cl = register_client(
'client2_title', 'client2', 'http://client2url.com/client2/', user,
scopes_list=[scope1, 'scope2'], token_lifetime=300, public=False,
client_params={'description': 'client2_decr'})
assert cl.identifier == 'client2'
assert cl.title == 'client2_title'
assert cl.token_lifetime == 300
assert cl.user == user
assert cl.description == 'client2_decr'
assert cl.type != Client.TYPE_PUBLIC
assert len(cl.scopes.all()) == 2
uris = cl.redirection_uris.all()
assert len(uris) == 1
assert uris[0].uri == 'http://client2url.com/client2/'
def test_scope(self, settings, client, user):
settings.DEBUG = True
username = user.username
password = '******'
client_1 = Client(user=user, title='OClient1', identifier='OClient', password='******')
client_1.save()
# Scope is missing.
resp = client.post(
URL_TOKEN, {'grant_type': 'password', 'username': username, 'password': password},
Authorization='Basic T0NsaWVudDpjbDAxMjM0NQ==')
assert resp.status_code == 400
assert resp.content_json['error'] == 'invalid_scope'
# No scope supported by server.
resp = client.post(
URL_TOKEN, {'grant_type': 'password', 'username': username, 'password': password, 'scope': 'my scope'},
Authorization='Basic T0NsaWVudDpjbDAxMjM0NQ==')
assert resp.status_code == 400
assert resp.content_json['error'] == 'invalid_scope'
scope1 = Scope(identifier='scope1')
scope1.save()
scope2 = Scope(identifier='scope2')
scope2.save()
scope3 = Scope(identifier='scope3', status=Scope.STATUS_DISABLED)
scope3.save()
client_2 = Client(user=user, title='OClien2', identifier='OClient2', password='******')
client_2.save()
client_2.scopes.add(scope2)
# Unsupported (or disabled) client scope request.
resp = client.post(
URL_TOKEN, {'grant_type': 'password', 'username': username, 'password': password, 'scope': 'scope1 scope2'},
Authorization='Basic T0NsaWVudDI6Y2wwMTIzNDU=')
assert resp.status_code == 400
assert resp.content_json['error'] == 'invalid_scope'
# Unsupported (or disabled) server scope request.
resp = client.post(
URL_TOKEN, {'grant_type': 'password', 'username': username, 'password': password, 'scope': 'scope1 scope3'},
Authorization='Basic T0NsaWVudDpjbDAxMjM0NQ==')
assert resp.status_code == 400
assert resp.content_json['error'] == 'invalid_scope'
# Unsupported scope request.
resp = client.post(
URL_TOKEN, {'grant_type': 'password', 'username': username, 'password': password, 'scope': 'scope1'},
Authorization='Basic T0NsaWVudDpjbDAxMjM0NQ==')
assert resp.status_code == 200
assert 'access_token' in resp.content_json
assert 'refresh_token' in resp.content_json
assert 'token_type' in resp.content_json
assert resp.content_json['scope'] == 'scope1'
def handle(self, *args, **options):
if not len(args):
raise CommandError(
'This command accepts space delimited list of application names.'
)
if not set(args).issubset(settings.INSTALLED_APPS):
raise CommandError(
'One or more application names issued to the command are not in INSTALLED_APPS.'
)
for app_name in args:
decorated_views_count = 0
self.stdout.write('Working on "%s" application ...\n' % app_name)
try:
app_views = __import__('%s.views' % app_name)
except ImportError:
raise CommandError('No views.py found in the application.')
app_views_substr = path.join('oauthost', 'decorators.py')
for func_name in dir(app_views.views):
if '__' not in func_name:
func = getattr(app_views.views, func_name)
# That's how we find decorated views.
if func_name != 'oauth_required' and app_views_substr in getfile(
func):
decorated_views_count += 1
# TODO That would be nice to have here a value of `scope` parameter of @oauth_required if it set.
# That is, of course, if only we can trace it up at a low cost.
scope_name = '%(app_name)s:%(view_name)s' % {
'app_name': app_name,
'view_name': func_name
}
self.stdout.write(
' Found "%s" view. Syncing "%s" scope ... ' %
(func_name, scope_name))
# A try to give our scope a pretty name.
scope_title = '%s %s' % (
app_name.capitalize(), ' '.join([
word.capitalize()
for word in func_name.split('_')
]))
scope = Scope(identifier=scope_name, title=scope_title)
try:
scope.save()
except IntegrityError:
self.stdout.write(
'WARNING: Scope skipped as already exists\n')
else:
self.stdout.write('Done\n')
if not decorated_views_count:
self.stdout.write(
'NOTE: No views decorated with "@oauth_required" are found in the application.\n'
)
self.stdout.write('\n')
def test_scope(self):
settings.DEBUG = True
user_1 = User(username='******')
user_1.set_password('12345')
user_1.save()
client_1 = Client(user=user_1, title='OClient1', identifier='OClient', password='******')
client_1.save()
# Scope is missing.
resp = self.client.post(URL_TOKEN, {'grant_type': 'password', 'username': '******', 'password': '******'},
Authorization='Basic T0NsaWVudDpjbDAxMjM0NQ==')
self.assertEqual(resp.status_code, 400)
self.assertEqual(resp.content_json['error'], 'invalid_scope')
# No scope supported by server.
resp = self.client.post(
URL_TOKEN, {'grant_type': 'password', 'username': '******', 'password': '******', 'scope': 'my scope'},
Authorization='Basic T0NsaWVudDpjbDAxMjM0NQ==')
self.assertEqual(resp.status_code, 400)
self.assertEqual(resp.content_json['error'], 'invalid_scope')
scope1 = Scope(identifier='scope1')
scope1.save()
scope2 = Scope(identifier='scope2')
scope2.save()
scope3 = Scope(identifier='scope3', status=Scope.STATUS_DISABLED)
scope3.save()
client_2 = Client(user=user_1, title='OClien2', identifier='OClient2', password='******')
client_2.save()
client_2.scopes.add(scope2)
# Unsupported (or disabled) client scope request.
resp = self.client.post(
URL_TOKEN, {'grant_type': 'password', 'username': '******', 'password': '******', 'scope': 'scope1 scope2'},
Authorization='Basic T0NsaWVudDI6Y2wwMTIzNDU=')
self.assertEqual(resp.status_code, 400)
self.assertEqual(resp.content_json['error'], 'invalid_scope')
# Unsupported (or disabled) server scope request.
resp = self.client.post(
URL_TOKEN, {'grant_type': 'password', 'username': '******', 'password': '******', 'scope': 'scope1 scope3'},
Authorization='Basic T0NsaWVudDpjbDAxMjM0NQ==')
self.assertEqual(resp.status_code, 400)
self.assertEqual(resp.content_json['error'], 'invalid_scope')
# Unsupported scope request.
resp = self.client.post(
URL_TOKEN, {'grant_type': 'password', 'username': '******', 'password': '******', 'scope': 'scope1'},
Authorization='Basic T0NsaWVudDpjbDAxMjM0NQ==')
# print('****' * 20)
# print(resp.content_json['error_description'])
# print('****' * 20)
self.assertEqual(resp.status_code, 200)
self.assertTrue('access_token' in resp.content_json)
self.assertTrue('refresh_token' in resp.content_json)
self.assertTrue('token_type' in resp.content_json)
self.assertEqual(resp.content_json['scope'], 'scope1')