Example #1
0
    def test_register_client(self):
        user = User(username='******')
        user.set_password('12345')
        user.save()

        scope1 = Scope(identifier='scope1')
        scope1.save()

        cl = register_client('client1_title', 'client1', 'http://client1url.com/client1/', user)
        self.assertEqual(cl.identifier, 'client1')
        self.assertEqual(cl.title, 'client1_title')
        self.assertEqual(cl.user, user)
        uris = cl.redirection_uris.all()
        self.assertEqual(len(uris), 1)
        self.assertEqual(uris[0].uri, 'http://client1url.com/client1/')

        self.assertRaises(OauthostException, register_client, 'client2_title', 'client2',
                          'http://client2url.com/client2/', user, scopes_list=[scope1, 'scope2'],
                          register_unknown_scopes=False)

        cl = register_client('client2_title', 'client2', 'http://client2url.com/client2/', user,
                             scopes_list=[scope1, 'scope2'], token_lifetime=300, public=False,
                             client_params={'description': 'client2_decr'})
        self.assertEqual(cl.identifier, 'client2')
        self.assertEqual(cl.title, 'client2_title')
        self.assertEqual(cl.token_lifetime, 300)
        self.assertEqual(cl.user, user)
        self.assertEqual(cl.description, 'client2_decr')
        self.assertNotEqual(cl.type, Client.TYPE_PUBLIC)
        self.assertEqual(len(cl.scopes.all()), 2)
        uris = cl.redirection_uris.all()
        self.assertEqual(len(uris), 1)
        self.assertEqual(uris[0].uri, 'http://client2url.com/client2/')
Example #2
0
    def handle(self, *args, **options):

        if not len(args):
            raise CommandError('This command accepts space delimited list of application names.')

        if not set(args).issubset(settings.INSTALLED_APPS):
            raise CommandError('One or more application names issued to the command are not in INSTALLED_APPS.')

        for app_name in args:

            decorated_views_count = 0

            self.stdout.write('Working on "%s" application ...\n' % app_name)
            try:
                app_views = __import__('%s.views' % app_name)
            except ImportError:
                raise CommandError('No views.py found in the application.')

            app_views_substr = path.join('oauthost', 'decorators.py')

            for func_name in dir(app_views.views):
                if '__' not in func_name:
                    func = getattr(app_views.views, func_name)
                    # That's how we find decorated views.
                    if func_name != 'oauth_required' and app_views_substr in getfile(func):
                        decorated_views_count += 1
                        # TODO That would be nice to have here a value of `scope` parameter of @oauth_required if it set.
                        # That is, of course, if only we can trace it up at a low cost.
                        scope_name = '%(app_name)s:%(view_name)s' % {'app_name': app_name, 'view_name': func_name}
                        self.stdout.write('    Found "%s" view. Syncing "%s" scope ... ' % (func_name, scope_name))
                        # A try to give our scope a pretty name.
                        scope_title = '%s %s' % (app_name.capitalize(), ' '.join([word.capitalize() for word in func_name.split('_')]))
                        scope = Scope(identifier=scope_name, title=scope_title)
                        try:
                            scope.save()
                        except IntegrityError:
                            self.stdout.write('WARNING: Scope skipped as already exists\n')
                        else:
                            self.stdout.write('Done\n')

            if not decorated_views_count:
                self.stdout.write('NOTE: No views decorated with "@oauth_required" are found in the application.\n')

            self.stdout.write('\n')
Example #3
0
    def test_register_client(self, user):
        scope1 = Scope(identifier='scope1')
        scope1.save()

        cl = register_client('client1_title', 'client1', 'http://client1url.com/client1/', user)
        assert cl.identifier == 'client1'
        assert cl.title == 'client1_title'
        assert cl.user == user

        uris = cl.redirection_uris.all()
        assert len(uris) == 1
        assert uris[0].uri == 'http://client1url.com/client1/'

        with pytest.raises(OauthostException):
            register_client(
                'client2_title', 'client2', 'http://client2url.com/client2/', user,
                scopes_list=[scope1, 'scope2'],
                register_unknown_scopes=False)

        cl = register_client(
            'client2_title', 'client2', 'http://client2url.com/client2/', user,
             scopes_list=[scope1, 'scope2'], token_lifetime=300, public=False,
             client_params={'description': 'client2_decr'})

        assert cl.identifier == 'client2'
        assert cl.title == 'client2_title'
        assert cl.token_lifetime == 300
        assert cl.user == user
        assert cl.description == 'client2_decr'

        assert cl.type != Client.TYPE_PUBLIC

        assert len(cl.scopes.all()) == 2

        uris = cl.redirection_uris.all()
        assert len(uris) == 1
        assert uris[0].uri == 'http://client2url.com/client2/'
Example #4
0
    def test_scope(self, settings, client, user):

        settings.DEBUG = True
        
        username = user.username
        password = '******'

        client_1 = Client(user=user, title='OClient1', identifier='OClient', password='******')
        client_1.save()

        # Scope is missing.
        resp = client.post(
            URL_TOKEN, {'grant_type': 'password', 'username': username, 'password': password},
            Authorization='Basic T0NsaWVudDpjbDAxMjM0NQ==')

        assert resp.status_code == 400
        assert resp.content_json['error'] == 'invalid_scope'

        # No scope supported by server.
        resp = client.post(
            URL_TOKEN, {'grant_type': 'password', 'username': username, 'password': password, 'scope': 'my scope'},
            Authorization='Basic T0NsaWVudDpjbDAxMjM0NQ==')

        assert resp.status_code == 400
        assert resp.content_json['error'] == 'invalid_scope'

        scope1 = Scope(identifier='scope1')
        scope1.save()
        scope2 = Scope(identifier='scope2')
        scope2.save()
        scope3 = Scope(identifier='scope3', status=Scope.STATUS_DISABLED)
        scope3.save()

        client_2 = Client(user=user, title='OClien2', identifier='OClient2', password='******')
        client_2.save()
        client_2.scopes.add(scope2)

        # Unsupported (or disabled) client scope request.
        resp = client.post(
            URL_TOKEN, {'grant_type': 'password', 'username': username, 'password': password, 'scope': 'scope1 scope2'},
            Authorization='Basic T0NsaWVudDI6Y2wwMTIzNDU=')

        assert resp.status_code == 400
        assert resp.content_json['error'] == 'invalid_scope'

        # Unsupported (or disabled) server scope request.
        resp = client.post(
            URL_TOKEN, {'grant_type': 'password', 'username': username, 'password': password, 'scope': 'scope1 scope3'},
            Authorization='Basic T0NsaWVudDpjbDAxMjM0NQ==')

        assert resp.status_code == 400
        assert resp.content_json['error'] == 'invalid_scope'

        # Unsupported scope request.
        resp = client.post(
            URL_TOKEN, {'grant_type': 'password', 'username': username, 'password': password, 'scope': 'scope1'},
            Authorization='Basic T0NsaWVudDpjbDAxMjM0NQ==')

        assert resp.status_code == 200
        assert 'access_token' in resp.content_json
        assert 'refresh_token' in resp.content_json
        assert 'token_type' in resp.content_json
        assert resp.content_json['scope'] == 'scope1'
Example #5
0
    def handle(self, *args, **options):

        if not len(args):
            raise CommandError(
                'This command accepts space delimited list of application names.'
            )

        if not set(args).issubset(settings.INSTALLED_APPS):
            raise CommandError(
                'One or more application names issued to the command are not in INSTALLED_APPS.'
            )

        for app_name in args:

            decorated_views_count = 0

            self.stdout.write('Working on "%s" application ...\n' % app_name)
            try:
                app_views = __import__('%s.views' % app_name)
            except ImportError:
                raise CommandError('No views.py found in the application.')

            app_views_substr = path.join('oauthost', 'decorators.py')

            for func_name in dir(app_views.views):
                if '__' not in func_name:
                    func = getattr(app_views.views, func_name)
                    # That's how we find decorated views.
                    if func_name != 'oauth_required' and app_views_substr in getfile(
                            func):
                        decorated_views_count += 1
                        # TODO That would be nice to have here a value of `scope` parameter of @oauth_required if it set.
                        # That is, of course, if only we can trace it up at a low cost.
                        scope_name = '%(app_name)s:%(view_name)s' % {
                            'app_name': app_name,
                            'view_name': func_name
                        }
                        self.stdout.write(
                            '    Found "%s" view. Syncing "%s" scope ... ' %
                            (func_name, scope_name))
                        # A try to give our scope a pretty name.
                        scope_title = '%s %s' % (
                            app_name.capitalize(), ' '.join([
                                word.capitalize()
                                for word in func_name.split('_')
                            ]))
                        scope = Scope(identifier=scope_name, title=scope_title)
                        try:
                            scope.save()
                        except IntegrityError:
                            self.stdout.write(
                                'WARNING: Scope skipped as already exists\n')
                        else:
                            self.stdout.write('Done\n')

            if not decorated_views_count:
                self.stdout.write(
                    'NOTE: No views decorated with "@oauth_required" are found in the application.\n'
                )

            self.stdout.write('\n')
Example #6
0
    def test_scope(self):

        settings.DEBUG = True

        user_1 = User(username='******')
        user_1.set_password('12345')
        user_1.save()

        client_1 = Client(user=user_1, title='OClient1', identifier='OClient', password='******')
        client_1.save()

        # Scope is missing.
        resp = self.client.post(URL_TOKEN, {'grant_type': 'password', 'username': '******', 'password': '******'},
                                Authorization='Basic T0NsaWVudDpjbDAxMjM0NQ==')
        self.assertEqual(resp.status_code, 400)
        self.assertEqual(resp.content_json['error'], 'invalid_scope')

        # No scope supported by server.
        resp = self.client.post(
            URL_TOKEN, {'grant_type': 'password', 'username': '******', 'password': '******', 'scope': 'my scope'},
            Authorization='Basic T0NsaWVudDpjbDAxMjM0NQ==')
        self.assertEqual(resp.status_code, 400)
        self.assertEqual(resp.content_json['error'], 'invalid_scope')

        scope1 = Scope(identifier='scope1')
        scope1.save()
        scope2 = Scope(identifier='scope2')
        scope2.save()
        scope3 = Scope(identifier='scope3', status=Scope.STATUS_DISABLED)
        scope3.save()

        client_2 = Client(user=user_1, title='OClien2', identifier='OClient2', password='******')
        client_2.save()
        client_2.scopes.add(scope2)

        # Unsupported (or disabled) client scope request.
        resp = self.client.post(
            URL_TOKEN, {'grant_type': 'password', 'username': '******', 'password': '******', 'scope': 'scope1 scope2'},
            Authorization='Basic T0NsaWVudDI6Y2wwMTIzNDU=')
        self.assertEqual(resp.status_code, 400)
        self.assertEqual(resp.content_json['error'], 'invalid_scope')

        # Unsupported (or disabled) server scope request.
        resp = self.client.post(
            URL_TOKEN, {'grant_type': 'password', 'username': '******', 'password': '******', 'scope': 'scope1 scope3'},
            Authorization='Basic T0NsaWVudDpjbDAxMjM0NQ==')
        self.assertEqual(resp.status_code, 400)
        self.assertEqual(resp.content_json['error'], 'invalid_scope')

        # Unsupported scope request.
        resp = self.client.post(
            URL_TOKEN, {'grant_type': 'password', 'username': '******', 'password': '******', 'scope': 'scope1'},
            Authorization='Basic T0NsaWVudDpjbDAxMjM0NQ==')
        # print('****' * 20)
        # print(resp.content_json['error_description'])
        # print('****' * 20)
        self.assertEqual(resp.status_code, 200)
        self.assertTrue('access_token' in resp.content_json)
        self.assertTrue('refresh_token' in resp.content_json)
        self.assertTrue('token_type' in resp.content_json)
        self.assertEqual(resp.content_json['scope'], 'scope1')