def merge_users(db, user1, user2):
# move all passwords of user2 to user1
db.passwords.update({'owner': user2['_id']}, {
'$set': {
'owner': user1['_id'],
},
}, multi=True)
# move authorized_apps from user2 to user1
authorizator = Authorizator(db)
for auth in authorizator.get_user_authorizations(user2):
credentials = {
'client_id': auth['client_id'],
'user': user1,
'redirect_uri': auth['redirect_uri'],
'response_type': auth['response_type'],
}
scopes = auth['scope'].split(' ')
authorizator.store_user_authorization(scopes, credentials)
authorizator.remove_all_user_authorizations(user2)
updates = {}
# copy the providers
for provider in get_available_providers():
key = provider + '_id'
if key in user2 and key not in user1:
sets = updates.setdefault('$set', {})
sets[key] = user2[key]
db.users.update({'_id': user1['_id']}, updates)
# remove user2
db.users.remove(user2['_id'])
class AuthorizatorTests(testing.TestCase):
def setUp(self):
super(AuthorizatorTests, self).setUp()
self.authorizator = Authorizator(self.db)
def test_is_app_authorized_no_authorized_apps(self):
self.assertFalse(self.authorizator.is_app_authorized([
'scope1', 'scope2',
], {
'client_id': 1,
'user': {'_id': 1},
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
}))
def test_is_app_authorized_different_client_id(self):
self.db.authorized_apps.insert({
'client_id': 1,
'user': 1,
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
'scope': 'scope1 scope2',
})
self.assertFalse(self.authorizator.is_app_authorized([
'scope1', 'scope2',
], {
'client_id': 2,
'user': {'_id': 1},
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
}))
def test_is_app_authorized_different_user(self):
self.db.authorized_apps.insert({
'client_id': 1,
'user': 1,
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
'scope': 'scope1 scope2',
})
self.assertFalse(self.authorizator.is_app_authorized([
'scope1', 'scope2',
], {
'client_id': 1,
'user': {'_id': 2},
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
}))
def test_is_app_authorized_different_redirect_uri(self):
self.db.authorized_apps.insert({
'client_id': 1,
'user': 1,
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
'scope': 'scope1 scope2',
})
self.assertFalse(self.authorizator.is_app_authorized([
'scope1', 'scope2',
], {
'client_id': 1,
'user': {'_id': 1},
'redirect_uri': 'http://example.com/callback-new',
'response_type': 'code',
}))
def test_is_app_authorized_different_response_type(self):
self.db.authorized_apps.insert({
'client_id': 1,
'user': 1,
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
'scope': 'scope1 scope2',
})
self.assertFalse(self.authorizator.is_app_authorized([
'scope1', 'scope2',
], {
'client_id': 1,
'user': {'_id': 1},
'redirect_uri': 'http://example.com/callback',
'response_type': 'token',
}))
def test_is_app_authorized_different_scopes(self):
self.db.authorized_apps.insert({
'client_id': 1,
'user': 1,
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
'scope': 'scope1 scope2',
})
self.assertFalse(self.authorizator.is_app_authorized([
'scope1', 'scope2', 'scope3',
], {
'client_id': 1,
'user': {'_id': 1},
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
}))
def test_is_app_authorized_everything_equal(self):
self.db.authorized_apps.insert({
'client_id': 1,
'user': 1,
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
'scope': 'scope1 scope2',
})
self.assertTrue(self.authorizator.is_app_authorized([
'scope1', 'scope2',
], {
'client_id': 1,
'user': {'_id': 1},
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
}))
def test_store_user_authorization_no_previous_authorization(self):
self.assertEqual(self.db.authorized_apps.count(), 0)
self.authorizator.store_user_authorization([
'scope1', 'scope2',
], {
'client_id': 1,
'user': {'_id': 1},
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
})
self.assertEqual(self.db.authorized_apps.count(), 1)
def test_store_user_authorization_previous_authorization(self):
self.assertEqual(self.db.authorized_apps.count(), 0)
self.authorizator.store_user_authorization([
'scope1', 'scope2',
], {
'client_id': 1,
'user': {'_id': 1},
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
})
self.assertEqual(self.db.authorized_apps.count(), 1)
# Store the same authorization again
self.authorizator.store_user_authorization([
'scope1', 'scope2',
], {
'client_id': 1,
'user': {'_id': 1},
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
})
# still only one record
self.assertEqual(self.db.authorized_apps.count(), 1)
def test_get_user_authorizations_empty(self):
auths = self.authorizator.get_user_authorizations({'_id': 1})
self.assertEqual(auths.count(), 0)
def test_get_user_authorizations_one_authorization(self):
self.authorizator.store_user_authorization([
'scope1', 'scope2',
], {
'client_id': 1,
'user': {'_id': 1},
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
})
auths = self.authorizator.get_user_authorizations({'_id': 1})
self.assertEqual(auths.count(), 1)
self.assertEqual(auths[0]['client_id'], 1)
self.assertEqual(auths[0]['redirect_uri'], 'http://example.com/callback')
self.assertEqual(auths[0]['response_type'], 'code')
self.assertEqual(auths[0]['scope'], 'scope1 scope2')
def test_get_user_authorizations_two_authorization(self):
self.authorizator.store_user_authorization([
'scope1', 'scope2',
], {
'client_id': 1,
'user': {'_id': 1},
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
})
self.authorizator.store_user_authorization([
'scope1', 'scope2',
], {
'client_id': 2,
'user': {'_id': 1},
'redirect_uri': 'http://example.com/callback2',
'response_type': 'code',
})
self.authorizator.store_user_authorization([
'scope1', 'scope2',
], {
'client_id': 2,
'user': {'_id': 2},
'redirect_uri': 'http://example.com/callback2',
'response_type': 'code',
})
auths = self.authorizator.get_user_authorizations({'_id': 1})
self.assertEqual(auths.count(), 2)
self.assertEqual(auths[0]['client_id'], 1)
self.assertEqual(auths[0]['redirect_uri'], 'http://example.com/callback')
self.assertEqual(auths[0]['response_type'], 'code')
self.assertEqual(auths[0]['scope'], 'scope1 scope2')
self.assertEqual(auths[1]['client_id'], 2)
self.assertEqual(auths[1]['redirect_uri'], 'http://example.com/callback2')
self.assertEqual(auths[1]['response_type'], 'code')
self.assertEqual(auths[1]['scope'], 'scope1 scope2')
def test_remove_user_authorization(self):
auths = self.authorizator.get_user_authorizations({'_id': 1})
self.assertEqual(auths.count(), 0)
self.authorizator.store_user_authorization([
'scope1', 'scope2',
], {
'client_id': 1,
'user': {'_id': 1},
'redirect_uri': 'http://example.com/callback',
'response_type': 'code',
})
auths = self.authorizator.get_user_authorizations({'_id': 1})
self.assertEqual(auths.count(), 1)
self.authorizator.remove_user_authorization({'_id': 1}, 1)
auths = self.authorizator.get_user_authorizations({'_id': 1})
self.assertEqual(auths.count(), 0)
def test_remove_all_user_authorizations(self):
auths = self.authorizator.get_user_authorizations({'_id': 1})
self.assertEqual(auths.count(), 0)
self.authorizator.store_user_authorization([
'scope1', 'scope2',
], {
'client_id': 1,
'user': {'_id': 1},
'redirect_uri': 'http://example.com/callback/1',
'response_type': 'code',
})
self.authorizator.store_user_authorization([
'scope1', 'scope2',
], {
'client_id': 2,
'user': {'_id': 1},
'redirect_uri': 'http://example.com/callback/2',
'response_type': 'code',
})
auths = self.authorizator.get_user_authorizations({'_id': 1})
self.assertEqual(auths.count(), 2)
self.authorizator.remove_all_user_authorizations({'_id': 1})
auths = self.authorizator.get_user_authorizations({'_id': 1})
self.assertEqual(auths.count(), 0)
