async def test_expired_token(
server: AuthorizationServer, storage: Dict[str, List], defaults: Defaults
):
settings = Settings()
token = Token(
client_id=defaults.client_id,
expires_in=settings.TOKEN_EXPIRES_IN,
access_token=generate_token(42),
refresh_token=generate_token(48),
issued_at=int(time.time() - settings.TOKEN_EXPIRES_IN),
scope=defaults.scope,
)
client_id = defaults.client_id
client_secret = defaults.client_secret
storage["tokens"].append(token)
post = Post(token=token.access_token)
request = Request(
post=post,
method=RequestMethod.POST,
headers=encode_auth_headers(client_id, client_secret),
)
response = await server.create_token_introspection_response(request)
assert response.status_code == HTTPStatus.OK
assert not response.content.active
async def test_expired_authorization_code(server: AuthorizationServer,
defaults: Defaults,
storage: Dict[str, List]):
request_url = "https://localhost"
settings = Settings()
authorization_code = storage["authorization_codes"][0]
storage["authorization_codes"][0] = set_values(
authorization_code,
{"auth_time": time.time() - settings.AUTHORIZATION_CODE_EXPIRES_IN},
)
post = Post(
grant_type=GrantType.TYPE_AUTHORIZATION_CODE,
redirect_uri=defaults.redirect_uri,
code=storage["authorization_codes"][0].code,
)
request = Request(
url=request_url,
post=post,
method=RequestMethod.POST,
headers=encode_auth_headers(defaults.client_id,
defaults.client_secret),
)
response = await server.create_token_response(request)
assert response.status_code == HTTPStatus.BAD_REQUEST
assert response.content.error == ErrorType.INVALID_GRANT
async def test_endpoint_availability(db_class: Type[BaseDB]):
server = AuthorizationServer(db=db_class())
request = Request(method=RequestMethod.POST,
settings=Settings(AVAILABLE=False))
response = await server.create_token_introspection_response(request)
assert response.status_code == HTTPStatus.BAD_REQUEST
assert response.content.error == ErrorType.TEMPORARILY_UNAVAILABLE
def get_aioauth_settings():
settings = get_settings()
return Settings(
TOKEN_EXPIRES_IN=settings.token_expires_in,
AUTHORIZATION_CODE_EXPIRES_IN=settings.authorization_code_expires_in,
INSECURE_TRANSPORT=settings.debug,
)
def test_base_error_uri():
ERROR_URI = "https://google.com"
request = Request(settings=Settings(ERROR_URI=ERROR_URI), method=RequestMethod.POST)
try:
raise InvalidClientError(request=request)
except InvalidClientError as exc:
assert urljoin(ERROR_URI, exc.error) == exc.error_uri
def test_is_secure_transport_insecure_transport_enabled():
request = Request(
method=RequestMethod.GET,
url="https://google.com",
settings=Settings(INSECURE_TRANSPORT=True),
)
is_secure = is_secure_transport(request=request)
assert is_secure
request = Request(
method=RequestMethod.GET,
url="https://google.com",
settings=Settings(INSECURE_TRANSPORT=True),
)
is_secure = is_secure_transport(request=request)
assert is_secure
def storage(defaults: Defaults) -> Dict:
settings = Settings()
client = Client(
client_id=defaults.client_id,
client_secret=defaults.client_secret,
grant_types=[
GrantType.TYPE_AUTHORIZATION_CODE,
GrantType.TYPE_CLIENT_CREDENTIALS,
GrantType.TYPE_REFRESH_TOKEN,
GrantType.TYPE_PASSWORD,
],
redirect_uris=[defaults.redirect_uri],
response_types=[ResponseType.TYPE_CODE, ResponseType.TYPE_TOKEN],
scope=defaults.scope,
)
authorization_code = AuthorizationCode(
code=defaults.code,
client_id=defaults.client_id,
response_type=ResponseType.TYPE_CODE,
auth_time=int(time.time()),
redirect_uri=defaults.redirect_uri,
scope=defaults.scope,
code_challenge_method=CodeChallengeMethod.PLAIN,
)
token = Token(
client_id=defaults.client_id,
expires_in=settings.TOKEN_EXPIRES_IN,
access_token=defaults.access_token,
refresh_token=defaults.refresh_token,
issued_at=int(time.time()),
scope=defaults.scope,
)
return {
"tokens": [token],
"authorization_codes": [authorization_code],
"clients": [client],
}
async def test_expired_refresh_token(server: AuthorizationServer,
defaults: Defaults, storage: Dict[str,
List]):
settings = Settings()
token = storage["tokens"][0]
refresh_token = token.refresh_token
storage["tokens"][0] = set_values(
token, {"issued_at": time.time() - (settings.TOKEN_EXPIRES_IN * 2)})
request_url = "https://localhost"
post = Post(
grant_type=GrantType.TYPE_REFRESH_TOKEN,
refresh_token=refresh_token,
)
request = Request(
url=request_url,
post=post,
method=RequestMethod.POST,
headers=encode_auth_headers(defaults.client_id,
defaults.client_secret),
)
response = await server.create_token_response(request)
assert response.status_code == HTTPStatus.BAD_REQUEST
assert response.content.error == ErrorType.INVALID_GRANT