def test_throws_when_token_request_if_geoaxis_is_unreachable(self):
self.create_mock(
'requests.post').side_effect = requests.ConnectionError()
with self.assertRaises(geoaxis.Unreachable):
geoaxis.OAuth2Client('test-scheme', 'test-host', 'test-client-id', 'test-secret-key') \
.request_token('test-redirect-uri', 'test-auth-code')
def test_throws_when_profile_request_if_geoaxis_is_unreachable(self):
self.create_mock(
'requests.get').side_effect = requests.ConnectionError()
with self.assertRaises(geoaxis.Unreachable):
geoaxis.OAuth2Client('test-scheme', 'test-host', 'test-client-id', 'test-secret-key') \
.get_profile('test-access-token')
def test_throws_when_token_request_is_denied(self):
self.mock_http.post('/ms_oauth/oauth2/endpoints/oauthservice/tokens',
text=RESPONSE_TOKEN_DENIED,
status_code=401)
with self.assertRaises(geoaxis.Unauthorized):
geoaxis.OAuth2Client('test-scheme', 'test-host', 'test-client-id', 'test-secret-key')\
.request_token('test-redirect-uri', 'test-auth-code')
def test_throws_when_profile_request_returns_error(self):
self.mock_http.get('/ms_oauth/resources/userprofile/me',
text='oh noes',
status_code=500)
with self.assertRaises(geoaxis.Error):
geoaxis.OAuth2Client('test-scheme', 'test-host', 'test-client-id', 'test-secret-key') \
.get_profile('test-access-token')
def test_throws_when_profile_request_is_denied(self):
self.mock_http.get('/ms_oauth/resources/userprofile/me',
text=RESPONSE_PROFILE_UNAUTHORIZED,
status_code=401)
with self.assertRaises(geoaxis.Unauthorized):
geoaxis.OAuth2Client('test-scheme', 'test-host', 'test-client-id', 'test-secret-key') \
.get_profile('test-access-token')
def test_throws_when_token_request_returns_error(self):
self.mock_http.post('/ms_oauth/oauth2/endpoints/oauthservice/tokens',
text='oh noes',
status_code=500)
with self.assertRaises(geoaxis.Error):
geoaxis.OAuth2Client('test-scheme', 'test-host', 'test-client-id', 'test-secret-key') \
.request_token('test-redirect-uri', 'test-auth-code')
def test_throws_when_profile_response_is_missing_distinguished_name(self):
mangled_profile = json.loads(RESPONSE_PROFILE)
del mangled_profile['DN']
self.mock_http.get('/ms_oauth/resources/userprofile/me',
json=mangled_profile)
with self.assertRaisesRegex(geoaxis.InvalidResponse, "missing 'DN'"):
geoaxis.OAuth2Client('test-scheme', 'test-host', 'test-client-id', 'test-secret-key') \
.get_profile('test-access-token')
def test_returns_access_tokens(self):
self.mock_http.post('/ms_oauth/oauth2/endpoints/oauthservice/tokens',
text=RESPONSE_TOKEN_ISSUED)
client = geoaxis.OAuth2Client('test-scheme', 'test-host',
'test-client-id', 'test-secret-key')
access_token = client.request_token('test-redirect-uri',
'test-auth-code')
self.assertEqual('test-access-token', access_token)
def test_calls_correct_url_for_profile_request(self):
self.mock_http.get('/ms_oauth/resources/userprofile/me',
text=RESPONSE_PROFILE)
client = geoaxis.OAuth2Client('test-scheme', 'test-host',
'test-client-id', 'test-secret-key')
client.get_profile('test-access-token')
self.assertEqual(
'test-scheme://test-host/ms_oauth/resources/userprofile/me',
self.mock_http.request_history[0].url)
def test_calls_correct_url_for_token_request(self):
self.mock_http.post('/ms_oauth/oauth2/endpoints/oauthservice/tokens',
text=RESPONSE_TOKEN_ISSUED)
client = geoaxis.OAuth2Client('test-scheme', 'test-host',
'test-client-id', 'test-secret-key')
client.request_token('test-redirect-uri', 'test-auth-code')
self.assertEqual(
'test-scheme://test-host/ms_oauth/oauth2/endpoints/oauthservice/tokens',
self.mock_http.request_history[0].url)
def test_sends_correct_access_token_to_profile_request(self):
self.mock_http.get('/ms_oauth/resources/userprofile/me',
text=RESPONSE_PROFILE)
client = geoaxis.OAuth2Client('test-scheme', 'test-host',
'test-client-id', 'test-secret-key')
client.get_profile('test-access-token')
self.assertEqual(
'Bearer test-access-token',
self.mock_http.request_history[0].headers.get('Authorization'))
def test_sends_correct_payload_to_token_request(self):
self.mock_http.post('/ms_oauth/oauth2/endpoints/oauthservice/tokens',
text=RESPONSE_TOKEN_ISSUED)
client = geoaxis.OAuth2Client('test-scheme', 'test-host',
'test-client-id', 'test-secret-key')
client.request_token('test-redirect-uri', 'test-auth-code')
self.assertSetEqual(
{
'redirect_uri=test-redirect-uri',
'code=test-auth-code',
'grant_type=authorization_code',
}, set(self.mock_http.request_history[0].body.split('&')))
def test_creates_authorization_urls(self):
client = geoaxis.OAuth2Client('test-scheme', 'test-host',
'test-client-id', 'test-secret-key')
auth_url = client.authorize('test-redirect-uri', 'test-state')
self.assertEqual(
'test-scheme://test-host/ms_oauth/oauth2/endpoints/oauthservice/authorize?',
auth_url[:73])
self.assertSetEqual(
{
'client_id=test-client-id',
'redirect_uri=test-redirect-uri',
'response_type=code',
'state=test-state',
}, set(auth_url[73:].split('&')))
def test_logs_failure_when_geoaxis_throws_during_token_request(self):
self.mock_http.post('/ms_oauth/oauth2/endpoints/oauthservice/tokens',
text='oh noes',
status_code=500)
with self.assertRaises(geoaxis.Error):
geoaxis.OAuth2Client('test-scheme', 'test-host', 'test-client-id', 'test-secret-key') \
.request_token('test-redirect-uri', 'test-auth-code')
self.assertEqual([
'ERROR - GeoAxis returned HTTP 500:',
'---',
'',
'Response: oh noes',
'',
'---',
], self.logger.lines)
def test_logs_failure_when_geoaxis_throws_during_profile_request(self):
self.mock_http.get('/ms_oauth/resources/userprofile/me',
text='oh noes',
status_code=500)
with self.assertRaises(geoaxis.Error):
geoaxis.OAuth2Client('test-scheme', 'test-host', 'test-client-id', 'test-secret-key') \
.get_profile('test-access-token')
self.assertEqual([
'ERROR - GeoAxis returned HTTP 500:',
'---',
'',
'Response: oh noes',
'',
'---',
], self.logger.lines)
def test_logs_failure_when_geoaxis_denies_profile_request(self):
self.mock_http.get('/ms_oauth/resources/userprofile/me',
text=RESPONSE_PROFILE_UNAUTHORIZED,
status_code=401)
with self.assertRaises(geoaxis.Unauthorized):
geoaxis.OAuth2Client('test-scheme', 'test-host', 'test-client-id', 'test-secret-key') \
.get_profile('test-access-token')
self.assertEqual([
'ERROR - GeoAxis returned HTTP 401:',
'---',
'',
'Response: {',
' "message": "Failed in authorization",',
' "oicErrorCode": "IDAAS-12345"',
'}',
'',
'---',
], self.logger.lines)
def test_logs_failure_when_geoaxis_denies_token_request(self):
self.mock_http.post('/ms_oauth/oauth2/endpoints/oauthservice/tokens',
text=RESPONSE_TOKEN_DENIED,
status_code=401)
with self.assertRaises(geoaxis.Unauthorized):
geoaxis.OAuth2Client('test-scheme', 'test-host', 'test-client-id', 'test-secret-key') \
.request_token('test-redirect-uri', 'test-auth-code')
self.assertEqual([
'ERROR - GeoAxis returned HTTP 401:',
'---',
'',
'Response: {',
' "error": "invalid_grant",',
' "error_description": "Invalid Grant: grant has been revoked; grant_type=azc "',
'}',
'',
'---',
], self.logger.lines)
def test_can_instantiate(self):
geoaxis.OAuth2Client('test-scheme', 'test-host', 'test-client-id',
'test-secret-key')
