def setUp(self): """ Makes a refresh_token grant to get new tokens for teseting Sets up an AuthClient and a RefreshTokenAuthorizer with a mock on_refresh function for testing their interactions """ super(RefreshTokenAuthorizerIntegrationTests, self).setUp() client_id = get_client_data()["native_app_client1"]["id"] form_data = {'refresh_token': SDKTESTER1A_NATIVE1_TRANSFER_RT, 'grant_type': 'refresh_token', 'client_id': client_id} token_res = globus_sdk.AuthClient().oauth2_token(form_data) token_res = token_res.by_resource_server self.access_token = token_res[ 'transfer.api.globus.org']['access_token'] self.expires_at = token_res[ 'transfer.api.globus.org']['expires_at_seconds'] self.on_refresh = mock.Mock() self.nac = globus_sdk.NativeAppAuthClient( client_id=get_client_data()["native_app_client1"]["id"]) self.authorizer = globus_sdk.RefreshTokenAuthorizer( SDKTESTER1A_NATIVE1_TRANSFER_RT, self.nac, access_token=self.access_token, expires_at=self.expires_at, on_refresh=self.on_refresh) self.tc = globus_sdk.TransferClient(authorizer=self.authorizer)
def setUp(self): """ Makes a client_credentials grant to get new tokens for testing Sets up an ConfidentialClient and a ClientCredentialsAuthorizer with a mock on_refresh function for testing their interactions """ super(ClientCredentialsAuthorizerIntegrationTests, self).setUp() self.scopes = "urn:globus:auth:scope:transfer.api.globus.org:all" client_id = get_client_data()["confidential_app_client1"]["id"] client_secret = get_client_data()["confidential_app_client1"]["secret"] self.internal_client = globus_sdk.ConfidentialAppAuthClient( client_id, client_secret) token_res = self.internal_client.oauth2_client_credentials_tokens( requested_scopes=self.scopes) token_data = token_res.by_resource_server["transfer.api.globus.org"] self.access_token = token_data["access_token"] self.expires_at = token_data["expires_at_seconds"] self.on_refresh = mock.Mock() self.authorizer = globus_sdk.ClientCredentialsAuthorizer( self.internal_client, scopes=self.scopes, access_token=self.access_token, expires_at=self.expires_at, on_refresh=self.on_refresh) self.tc = globus_sdk.TransferClient(authorizer=self.authorizer)
def setUpClass(self): """ Instantiates an ConfidentialAppAuthClient for confidential_app_client1 and for resource_server_client """ client_data = get_client_data()["confidential_app_client1"] self.cac = globus_sdk.ConfidentialAppAuthClient( client_id=client_data["id"], client_secret=client_data["secret"]) client_data = get_client_data()["resource_server_client"] self.rsc = globus_sdk.ConfidentialAppAuthClient( client_id=client_data["id"], client_secret=client_data["secret"])
def test_oauth2_client_credentials_tokens(self): """ Get client credentials tokens, validate results Confirm tokens allow use of userinfo for the client Returns access_token for testing """ with mock.patch.object(self.cac, 'oauth2_token', side_effect=self.cac.oauth2_token) as m: token_res = self.cac.oauth2_client_credentials_tokens( requested_scopes="openid profile") m.assert_called_once_with( {"grant_type": "client_credentials", "scope": "openid profile"}) # validate results self.assertIn("access_token", token_res) self.assertIn("expires_in", token_res) self.assertIn("scope", token_res) self.assertEqual(token_res["resource_server"], "auth.globus.org") self.assertEqual(token_res["token_type"], "Bearer") # confirm usage of userinfo for client access_token = token_res["access_token"] ac = globus_sdk.AuthClient( authorizer=globus_sdk.AccessTokenAuthorizer(access_token)) userinfo_res = ac.oauth2_userinfo() self.assertEqual( userinfo_res["sub"], get_client_data()["confidential_app_client1"]["id"])
def setUp(self): """ Creates a NativeAppAuthClient for testing """ super(NativeAppAuthClientIntegrationTests, self).setUp() self.nac = globus_sdk.NativeAppAuthClient( client_id=get_client_data()["native_app_client1"]["id"])
def test_oauth2_token_introspect(self): """ Introspects a client access_token, validates results Confirms invalid and revoked tokens are not seen as active """ # get access_token and introspect it tokens = self.cac.oauth2_client_credentials_tokens() access_token = tokens["access_token"] intro_res = self.cac.oauth2_token_introspect(access_token) # validate results self.assertEqual(intro_res["sub"], self.cac.client_id) self.assertEqual(intro_res["client_id"], self.cac.client_id) self.assertEqual( intro_res["username"], get_client_data()["confidential_app_client1"]["username"]) self.assertEqual(intro_res["name"], "Python SDK Test Suite Confidential Client 1") self.assertEqual(intro_res["token_type"], "Bearer") self.assertIn("openid", intro_res["scope"]) self.assertIn("email", intro_res["scope"]) self.assertIn("profile", intro_res["scope"]) self.assertIn("exp", intro_res) self.assertTrue(intro_res["active"]) # revoked tokens are not active self.cac.oauth2_revoke_token(access_token) revoked_res = self.cac.oauth2_token_introspect(access_token) self.assertFalse(revoked_res["active"]) # invalid tokens are not active invalid_res = self.cac.oauth2_token_introspect("invalid token") self.assertFalse(invalid_res["active"])
def setUp(self): """ Instantiates an NativeAppAuthClient """ super(NativeAppAuthClientTests, self).setUp() self.nac = globus_sdk.NativeAppAuthClient( client_id=get_client_data()["native_app_client1"]["id"])
def test_init(self): """ Confirms value error when trying to init with an authorizer """ with self.assertRaises(ValueError): globus_sdk.NativeAppAuthClient( client_id=get_client_data()["native_app_client1"]["id"], authorizer=globus_sdk.AccessTokenAuthorizer(""))
def setUpClass(self): """ Sets up transfer client for creating Data objects """ ac = globus_sdk.NativeAppAuthClient( client_id=get_client_data()["native_app_client1"]["id"]) authorizer = globus_sdk.RefreshTokenAuthorizer( SDKTESTER1A_NATIVE1_TRANSFER_RT, ac) self.tc = globus_sdk.TransferClient(authorizer=authorizer)
def setUp(self): """ Creates a ConfidentialAppAuthClient for testing """ super(ConfidentialAppAuthClientIntegrationTests, self).setUp() client_data = get_client_data()["confidential_app_client1"] self.cac = globus_sdk.ConfidentialAppAuthClient( client_id=client_data["id"], client_secret=client_data["secret"])
def setUp(self): """ Creates a OAuthTokenResponse object with known data for testing Sets up mock AuthClient for decoding id_tokens """ super(OAuthTokenResponseTests, self).setUp() # known token data for testing expected values self.top_token = { # valid id_token and access_token "resource_server": "server1", "expires_in": 10, "scope": "scope1", "refresh_token": "RT1", "other_tokens": [], "token_type": "1", "id_token": SDKTESTER1A_NATIVE1_ID_TOKEN, "access_token": SDKTESTER1A_ID_ACCESS_TOKEN } self.other_token1 = { # invalid id_token with valid access_token "resource_server": "server2", "expires_in": 20, "scope": "scope2", "refresh_token": "RT2", "other_tokens": [], "token_type": "2", "id_token": "invalid_id_token", "access_token": SDKTESTER1A_ID_ACCESS_TOKEN } self.other_token2 = { # valid id_token with invalid access_token "resource_server": "server3", "expires_in": 30, "scope": "scope3 scope4", "refresh_token": "RT3", "other_tokens": [], "token_type": "3", "id_token": SDKTESTER1A_NATIVE1_ID_TOKEN, "access_token": "invalid_access_token" } self.top_token["other_tokens"] = [self.other_token1, self.other_token2] # mock AuthClient self.ac = mock.Mock() self.ac.client_id = get_client_data()["native_app_client1"]["id"] self.ac._verify = True self.ac.get = mock.Mock( return_value={ "jwks_uri": "https://auth.globus.org/jwk.json", "id_token_signing_alg_values_supported": ["RS512"] }) # create the response http_response = requests.Response() http_response._content = six.b(json.dumps(self.top_token)) http_response.headers["Content-Type"] = "application/json" self.response = OAuthTokenResponse(http_response, client=self.ac)
def setUpClass(self): """ Creates a BaseClient object for testing """ ac = globus_sdk.NativeAppAuthClient( client_id=get_client_data()["native_app_client1"]["id"]) authorizer = globus_sdk.RefreshTokenAuthorizer( SDKTESTER1A_NATIVE1_TRANSFER_RT, ac) self.bc = BaseClient("transfer", base_path="/v0.10/", authorizer=authorizer)
def test_oauth2_exchange_code_for_tokens_native(self): """ Starts a NativeAppFlowManager, Confirms invalid code raises 401 Further testing cannot be done without user login credentials """ ac = globus_sdk.AuthClient( client_id=get_client_data()["native_app_client1"]["id"]) flow_manager = globus_sdk.auth.GlobusNativeAppFlowManager(ac) ac.current_oauth2_flow_manager = flow_manager with self.assertRaises(AuthAPIError) as apiErr: ac.oauth2_exchange_code_for_tokens("invalid_code") self.assertEqual(apiErr.exception.http_status, 401) self.assertEqual(apiErr.exception.code, "Error")
def test_oauth2_token(self): """ Gets an access_token using oauth2/token directly, validates results. """ client_id = get_client_data()["native_app_client1"]["id"] form_data = { 'refresh_token': SDKTESTER1A_NATIVE1_AUTH_RT, 'grant_type': 'refresh_token', 'client_id': client_id } # valid client token_res = globus_sdk.AuthClient().oauth2_token(form_data) self.assertIn("access_token", token_res) self.assertIn("expires_in", token_res) self.assertIn("scope", token_res)
def test_oauth2_get_authorize_url_native(self): """ Starts an auth flow with a NativeAppFlowManager, gets the authorize url validates expected results with both default and specified parameters. """ ac = globus_sdk.AuthClient( client_id=get_client_data()["native_app_client1"]["id"]) # default parameters for starting auth flow flow_manager = globus_sdk.auth.GlobusNativeAppFlowManager(ac) ac.current_oauth2_flow_manager = flow_manager # get url_and validate results url_res = ac.oauth2_get_authorize_url() expected_vals = [ ac.base_url + "v2/oauth2/authorize?", "client_id=" + ac.client_id, "redirect_uri=" + quote_plus(ac.base_url + "v2/web/auth-code"), "scope=" + quote_plus(" ".join(DEFAULT_REQUESTED_SCOPES)), "state=" + "_default", "response_type=" + "code", "code_challenge=" + quote_plus(flow_manager.challenge), "code_challenge_method=" + "S256", "access_type=" + "online" ] for val in expected_vals: self.assertIn(val, url_res) # starting flow with specified paramaters flow_manager = globus_sdk.auth.GlobusNativeAppFlowManager( ac, requested_scopes="scopes", redirect_uri="uri", state="state", verifier=("a" * 43), refresh_tokens=True) ac.current_oauth2_flow_manager = flow_manager # get url_and validate results url_res = ac.oauth2_get_authorize_url() verifier, remade_challenge = make_native_app_challenge("a" * 43) expected_vals = [ ac.base_url + "v2/oauth2/authorize?", "client_id=" + ac.client_id, "redirect_uri=" + "uri", "scope=" + "scopes", "state=" + "state", "response_type=" + "code", "code_challenge=" + quote_plus(remade_challenge), "code_challenge_method=" + "S256", "access_type=" + "offline" ] for val in expected_vals: self.assertIn(val, url_res)
def setUp(self): """ Instantiates an AuthClient with an access_token authorizer """ super(AuthClientTests, self).setUp() # get access token client_id = get_client_data()["native_app_client1"]["id"] form_data = { 'refresh_token': SDKTESTER1A_NATIVE1_AUTH_RT, 'grant_type': 'refresh_token', 'client_id': client_id } token_res = globus_sdk.AuthClient().oauth2_token(form_data) self.access_token = token_res["access_token"] # make auth client self.ac = globus_sdk.AuthClient( authorizer=globus_sdk.AccessTokenAuthorizer(self.access_token), client_id=client_id)
def test_oauth2_revoke_token(self): """ Gets an access_token from test_oauth2_refresh_token, then revokes it Confirms that the base AuthClient logic for handling Null Authorizers passes the client id correctly, and the token can no longer be used """ # get and then revoke the token access_token = self.test_oauth2_refresh_token() rev_res = self.nac.oauth2_revoke_token(access_token) # validate results self.assertFalse(rev_res["active"]) # confirm token is no longer usable with self.assertRaises(AuthAPIError) as apiErr: ac = globus_sdk.AuthClient( authorizer=globus_sdk.AccessTokenAuthorizer(access_token), client_id=get_client_data()["native_app_client1"]["id"]) ac.oauth2_userinfo() self.assertEqual(apiErr.exception.http_status, 403) self.assertEqual(apiErr.exception.code, "FORBIDDEN")
def setUp(self): """ Do a refresh_token grant token call to get token responses, test with those results that. """ super(RefreshTokenResponsePickleTests, self).setUp() client_id = get_client_data()["native_app_client1"]["id"] form_data = { 'refresh_token': SDKTESTER1A_NATIVE1_TRANSFER_RT, 'grant_type': 'refresh_token', 'client_id': client_id } self.ac = globus_sdk.AuthClient() # add a logger with an open file handle to ensure that the client # cannot be pickled -- this is the common way that pickleability is # broken # also, this looks odd -- logger.logger -- but it's correct, "logger" # is what we named our LoggerAdapter, and "logger" is the name of the # underlying logger object on a LoggerAdapter tmplog_handle, self.tmplog = tempfile.mkstemp() self.ac.logger.logger.addHandler(logging.FileHandler(self.tmplog)) self.token_response = self.ac.oauth2_token(form_data)
def test_oauth2_refresh_token(self): """ Sends a refresh_token grant, validates results Confirms received access_token can be used to authorize userinfo Returns the access token for use in test_oauth2_revoke_token """ ref_res = self.nac.oauth2_refresh_token(SDKTESTER1A_NATIVE1_AUTH_RT) self.assertIn("access_token", ref_res) self.assertIn("expires_in", ref_res) self.assertIn("scope", ref_res) self.assertEqual(ref_res["resource_server"], "auth.globus.org") self.assertEqual(ref_res["token_type"], "Bearer") # confirm token can be used access_token = ref_res["access_token"] ac = globus_sdk.AuthClient( authorizer=globus_sdk.AccessTokenAuthorizer(access_token), client_id=get_client_data()["native_app_client1"]["id"]) userinfo_res = ac.oauth2_userinfo() self.assertEqual(userinfo_res["sub"], get_user_data()["sdktester1a"]["id"]) # return access_token return access_token