def test_twitter_login_registration(self, verify_credentials): twitter_data = TWITTER_DATA.copy() twitter_data["id"] = uuid.uuid4().hex verify_credentials.return_value = type("U", (object,), {"AsDict": lambda s: twitter_data})() with self.app.test_client() as client: token_key, token_secret = "kkkkkkkk", "sssssss" for registered in True, False: r = client.post( "/ws/login/external/", headers=[get_client_auth_header()], data=dict(external_system="twitter", external_token=token_key + ":" + token_secret), ) self.assertEquals(200, r.status_code) creds = json.loads(r.data) self.assertEquals(creds["registered"], registered) r = client.get( creds["resource_url"], headers=[("Authorization", creds["token_type"] + " " + creds["access_token"])] ) data = json.loads(r.data) self.assertEquals(data["username"], TWITTER_DATA["screen_name"]) self.assertEquals(data["display_name"], TWITTER_DATA["name"]) self.assertTrue(data["avatar_thumbnail_url"]) token = ExternalToken.query.filter_by(user=creds["user_id"]).one() self.assertEquals(token.external_uid, twitter_data["id"]) self.assertIn("read", token.permissions)
def test_facebook_login_registration(self, _get_external_data, get_new_token): """ Registration and login is handled in the same view. If a facebook token validates on their end, and we don't have a record for it on our end, we register the user and return an access token. If the user already exists on our system, we return and access token.""" data = FACEBOOK_GRAPH_DATA.copy() data["id"] = uuid.uuid4().hex _get_external_data.return_value = data from rockpack.mainsite.services.oauth.api import FacebookUser long_lived_fb_token = "fdsuioncf3w8ryl38yb7yfsfsdfsd4eius" get_new_token.return_value = FacebookUser("facebook", long_lived_fb_token, 3600) with self.app.test_client() as client: self.app.test_request_context().push() initial_fb_token = uuid.uuid4().hex r = client.post( "/ws/login/external/", headers=[get_client_auth_header()], data=dict( external_system="facebook", external_token=initial_fb_token, token_expires=datetime.now().isoformat(), ), ) creds = json.loads(r.data) self.assertEquals(200, r.status_code) self.assertNotEquals(None, creds["refresh_token"]) et = ExternalToken.query.filter_by(external_system="facebook", external_token=long_lived_fb_token) self.assertEquals(1, et.count(), "should only be one token for user") uid = et.one().user self.assertEquals(User.query.get(uid).gender, "m") # We pretend that the new token represents the same user, # so we should still get a valid login new_facebook_token = uuid.uuid4().hex r = client.post( "/ws/login/external/", headers=[get_client_auth_header()], data=dict( external_system="facebook", external_token=new_facebook_token, token_expires=datetime.now().isoformat(), ), ) self.assertEquals(200, r.status_code) self.assertNotEquals(None, creds["refresh_token"]) et = ExternalToken.query.filter_by(user=uid) self.assertEquals(1, et.count(), "should only be one token for user") et = et.one() self.assertEquals(long_lived_fb_token, et.external_token, "token should be updated")
def test_email_addresses(self): with self.app.test_client() as client: for email, status in [ (None, 400), ("", 400), ("foo", 400), ("foo@com", 400), ("*****@*****.**", 400), ("*****@*****.**", 400), ("[email protected].", 400), ("*****@*****.**", 200), ]: username = uuid.uuid4().hex r = client.post( "/ws/register/", headers=[get_client_auth_header()], data=dict( username=username, password="******", first_name="foo", last_name="bar", date_of_birth="1980-01-01", locale="en-us", email=email, ), ) self.assertEquals(r.status_code, status, "%s: %d, %s" % (email, r.status_code, r.data))
def test_username_availability(self): with self.app.test_client() as client: self.app.test_request_context().push() r = client.post( "/ws/register/availability/", headers=[get_client_auth_header()], data=dict(username=UserData.test_user_a.username), ) self.assertEquals(r.status_code, 200) self.assertEquals(json.loads(r.data)["available"], False) r = client.post( "/ws/register/availability/", headers=[get_client_auth_header()], data=dict(username="******"), ) self.assertEquals(r.status_code, 200) self.assertEquals(json.loads(r.data)["available"], True)
def test_succesful_login(self, get_resource_url): with self.app.test_client() as client: r = client.post( "/ws/login/", headers=[get_client_auth_header()], data=dict(grant_type="password", username="******", password="******"), ) self.assertEquals(200, r.status_code) get_resource_url.assert_called_with(own=True)
def test_invalid_external_system(self, _get_external_data): _get_external_data.return_value = FACEBOOK_GRAPH_DATA with self.app.test_client() as client: facebook_token = uuid.uuid4().hex r = client.post( "/ws/login/external/", headers=[get_client_auth_header()], data=dict(external_system="PantsBake", external_token=facebook_token), ) self.assertEquals(400, r.status_code)
def test_unauthorized_facebook_registration(self, _get_external_data): _get_external_data.return_value = {} with self.app.test_client() as client: facebook_token = uuid.uuid4().hex r = client.post( "/ws/login/external/", headers=[get_client_auth_header()], data=dict(external_system="facebook", external_token=facebook_token), ) error = json.loads(r.data) self.assertEquals(400, r.status_code) self.assertEquals("unauthorized_client", error["error"])
def test_naughty_username(self): with self.app.test_client() as client: for username, status in [("Scunthorpe", 200), ("HorIsACunt", 400)]: r = client.post( "/ws/register/", headers=[get_client_auth_header()], data=dict( username=username, password="******", first_name="foo", last_name="bar", date_of_birth="2000-01-01", locale="en-us", email="*****@*****.**" % username, ), ) self.assertEquals(status, r.status_code, r.data)
def test_failed_registration(self): with self.app.test_client() as client: r = client.post( "/ws/register/", headers=[get_client_auth_header()], data=dict( username="", password="******", first_name="foo", last_name="bar", date_of_birth="2000-01-01", locale="en-us", email="foo{}@bar.com".format(uuid.uuid4().hex), ), ) response = json.loads(r.data) self.assertEquals(response["form_errors"]["username"][0], "This field is required.")
def test_registration_gender(self, _get_external_data): data = FACEBOOK_GRAPH_DATA.copy() data["id"] = uuid.uuid4().hex data["gender"] = "m" _get_external_data.return_value = data with self.app.test_client() as client: facebook_token = uuid.uuid4().hex r = client.post( "/ws/login/external/", headers=[get_client_auth_header()], data=dict( external_system="facebook", external_token=facebook_token, token_expires="2020-01-01T00:00:00" ), ) creds = json.loads(r.data) self.assertEquals(200, r.status_code) self.assertIsNotNone(creds["refresh_token"]) user_gender = User.query.filter_by(id=creds["user_id"]).value("gender") self.assertEquals(user_gender, data["gender"])
def test_birthdates(self): with self.app.test_client() as client: for dob, status in [ ("1980-01-01", 200), ("1980-31-01", 400), ("1800-01-01", 400), ("2010-01-01", 400), ("2100-01-01", 400), ]: username = uuid.uuid4().hex r = client.post( "/ws/register/", headers=[get_client_auth_header()], data=dict( username=username, password="******", first_name="foo", last_name="bar", date_of_birth=dob, locale="en-us", email="*****@*****.**" % username, ), ) self.assertEquals(r.status_code, status, "%s: %d, %s" % (dob, r.status_code, r.data))
def test_successful_registration(self): viewing_user = self.create_test_user().id with self.app.test_request_context(): with self.app.test_client() as client: r = client.post( "/ws/register/", headers=[get_client_auth_header()], data=dict( username="******", password="******", first_name="foo", last_name="bar", date_of_birth="2000-01-01", locale="en-us", email="foo{}@bar.com".format(uuid.uuid4().hex), ), ) creds = json.loads(r.data) self.assertEquals(200, r.status_code) self.assertNotEquals(None, creds["refresh_token"]) self.assertGreaterEqual( Channel.query.filter_by(owner=creds["user_id"]).count(), 1, "default user channel should be created" ) self.wait_for_es() with self.app.test_client() as client: r = client.get("/ws/{}/".format(creds["user_id"]), headers=[get_auth_header(viewing_user)]) self.assertGreaterEqual(json.loads(r.data)["channels"]["total"], 1) creds = json.loads(r.data) r = client.post( "/ws/login/", headers=[get_client_auth_header()], data=dict(grant_type="password", username="******", password="******"), ) creds = json.loads(r.data) self.assertNotEquals(None, creds["refresh_token"]) r = client.post( "/ws/token/", headers=[get_client_auth_header()], data=dict(refresh_token=creds["refresh_token"], grant_type="refresh_token"), ) new_creds = json.loads(r.data) self.assertEquals("Bearer", new_creds["token_type"], "token type should be Bearer") self.assertEquals(new_creds["refresh_token"], creds["refresh_token"], "refresh tokens should be the same") self.assertNotEquals( new_creds["access_token"], creds["access_token"], "old access token should not be the same at the new one", ) # Try and get a refresh token with an invalid token r = client.post( "/ws/token/", headers=[get_client_auth_header()], data=dict(refresh_token="7348957nev9o3874nqlvcfh47lmqa"), ) self.assertEquals(400, r.status_code)
def test_fb(): from flask import render_template from test.test_helpers import get_client_auth_header return render_template('fb_test.html', client_auth_headers=[get_client_auth_header()])