def merge_users(db, user1, user2): # move all passwords of user2 to user1 db.passwords.update({'owner': user2['_id']}, { '$set': { 'owner': user1['_id'], }, }, multi=True) # move authorized_apps from user2 to user1 authorizator = Authorizator(db) for auth in authorizator.get_user_authorizations(user2): credentials = { 'client_id': auth['client_id'], 'user': user1, 'redirect_uri': auth['redirect_uri'], 'response_type': auth['response_type'], } scopes = auth['scope'].split(' ') authorizator.store_user_authorization(scopes, credentials) authorizator.remove_all_user_authorizations(user2) updates = {} # copy the providers for provider in get_available_providers(): key = provider + '_id' if key in user2 and key not in user1: sets = updates.setdefault('$set', {}) sets[key] = user2[key] db.users.update({'_id': user1['_id']}, updates) # remove user2 db.users.remove(user2['_id'])
class AuthorizatorTests(testing.TestCase): def setUp(self): super(AuthorizatorTests, self).setUp() self.authorizator = Authorizator(self.db) def test_is_app_authorized_no_authorized_apps(self): self.assertFalse(self.authorizator.is_app_authorized([ 'scope1', 'scope2', ], { 'client_id': 1, 'user': {'_id': 1}, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', })) def test_is_app_authorized_different_client_id(self): self.db.authorized_apps.insert({ 'client_id': 1, 'user': 1, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', 'scope': 'scope1 scope2', }) self.assertFalse(self.authorizator.is_app_authorized([ 'scope1', 'scope2', ], { 'client_id': 2, 'user': {'_id': 1}, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', })) def test_is_app_authorized_different_user(self): self.db.authorized_apps.insert({ 'client_id': 1, 'user': 1, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', 'scope': 'scope1 scope2', }) self.assertFalse(self.authorizator.is_app_authorized([ 'scope1', 'scope2', ], { 'client_id': 1, 'user': {'_id': 2}, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', })) def test_is_app_authorized_different_redirect_uri(self): self.db.authorized_apps.insert({ 'client_id': 1, 'user': 1, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', 'scope': 'scope1 scope2', }) self.assertFalse(self.authorizator.is_app_authorized([ 'scope1', 'scope2', ], { 'client_id': 1, 'user': {'_id': 1}, 'redirect_uri': 'http://example.com/callback-new', 'response_type': 'code', })) def test_is_app_authorized_different_response_type(self): self.db.authorized_apps.insert({ 'client_id': 1, 'user': 1, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', 'scope': 'scope1 scope2', }) self.assertFalse(self.authorizator.is_app_authorized([ 'scope1', 'scope2', ], { 'client_id': 1, 'user': {'_id': 1}, 'redirect_uri': 'http://example.com/callback', 'response_type': 'token', })) def test_is_app_authorized_different_scopes(self): self.db.authorized_apps.insert({ 'client_id': 1, 'user': 1, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', 'scope': 'scope1 scope2', }) self.assertFalse(self.authorizator.is_app_authorized([ 'scope1', 'scope2', 'scope3', ], { 'client_id': 1, 'user': {'_id': 1}, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', })) def test_is_app_authorized_everything_equal(self): self.db.authorized_apps.insert({ 'client_id': 1, 'user': 1, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', 'scope': 'scope1 scope2', }) self.assertTrue(self.authorizator.is_app_authorized([ 'scope1', 'scope2', ], { 'client_id': 1, 'user': {'_id': 1}, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', })) def test_store_user_authorization_no_previous_authorization(self): self.assertEqual(self.db.authorized_apps.count(), 0) self.authorizator.store_user_authorization([ 'scope1', 'scope2', ], { 'client_id': 1, 'user': {'_id': 1}, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', }) self.assertEqual(self.db.authorized_apps.count(), 1) def test_store_user_authorization_previous_authorization(self): self.assertEqual(self.db.authorized_apps.count(), 0) self.authorizator.store_user_authorization([ 'scope1', 'scope2', ], { 'client_id': 1, 'user': {'_id': 1}, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', }) self.assertEqual(self.db.authorized_apps.count(), 1) # Store the same authorization again self.authorizator.store_user_authorization([ 'scope1', 'scope2', ], { 'client_id': 1, 'user': {'_id': 1}, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', }) # still only one record self.assertEqual(self.db.authorized_apps.count(), 1) def test_get_user_authorizations_empty(self): auths = self.authorizator.get_user_authorizations({'_id': 1}) self.assertEqual(auths.count(), 0) def test_get_user_authorizations_one_authorization(self): self.authorizator.store_user_authorization([ 'scope1', 'scope2', ], { 'client_id': 1, 'user': {'_id': 1}, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', }) auths = self.authorizator.get_user_authorizations({'_id': 1}) self.assertEqual(auths.count(), 1) self.assertEqual(auths[0]['client_id'], 1) self.assertEqual(auths[0]['redirect_uri'], 'http://example.com/callback') self.assertEqual(auths[0]['response_type'], 'code') self.assertEqual(auths[0]['scope'], 'scope1 scope2') def test_get_user_authorizations_two_authorization(self): self.authorizator.store_user_authorization([ 'scope1', 'scope2', ], { 'client_id': 1, 'user': {'_id': 1}, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', }) self.authorizator.store_user_authorization([ 'scope1', 'scope2', ], { 'client_id': 2, 'user': {'_id': 1}, 'redirect_uri': 'http://example.com/callback2', 'response_type': 'code', }) self.authorizator.store_user_authorization([ 'scope1', 'scope2', ], { 'client_id': 2, 'user': {'_id': 2}, 'redirect_uri': 'http://example.com/callback2', 'response_type': 'code', }) auths = self.authorizator.get_user_authorizations({'_id': 1}) self.assertEqual(auths.count(), 2) self.assertEqual(auths[0]['client_id'], 1) self.assertEqual(auths[0]['redirect_uri'], 'http://example.com/callback') self.assertEqual(auths[0]['response_type'], 'code') self.assertEqual(auths[0]['scope'], 'scope1 scope2') self.assertEqual(auths[1]['client_id'], 2) self.assertEqual(auths[1]['redirect_uri'], 'http://example.com/callback2') self.assertEqual(auths[1]['response_type'], 'code') self.assertEqual(auths[1]['scope'], 'scope1 scope2') def test_remove_user_authorization(self): auths = self.authorizator.get_user_authorizations({'_id': 1}) self.assertEqual(auths.count(), 0) self.authorizator.store_user_authorization([ 'scope1', 'scope2', ], { 'client_id': 1, 'user': {'_id': 1}, 'redirect_uri': 'http://example.com/callback', 'response_type': 'code', }) auths = self.authorizator.get_user_authorizations({'_id': 1}) self.assertEqual(auths.count(), 1) self.authorizator.remove_user_authorization({'_id': 1}, 1) auths = self.authorizator.get_user_authorizations({'_id': 1}) self.assertEqual(auths.count(), 0) def test_remove_all_user_authorizations(self): auths = self.authorizator.get_user_authorizations({'_id': 1}) self.assertEqual(auths.count(), 0) self.authorizator.store_user_authorization([ 'scope1', 'scope2', ], { 'client_id': 1, 'user': {'_id': 1}, 'redirect_uri': 'http://example.com/callback/1', 'response_type': 'code', }) self.authorizator.store_user_authorization([ 'scope1', 'scope2', ], { 'client_id': 2, 'user': {'_id': 1}, 'redirect_uri': 'http://example.com/callback/2', 'response_type': 'code', }) auths = self.authorizator.get_user_authorizations({'_id': 1}) self.assertEqual(auths.count(), 2) self.authorizator.remove_all_user_authorizations({'_id': 1}) auths = self.authorizator.get_user_authorizations({'_id': 1}) self.assertEqual(auths.count(), 0)