def google_id_token(app, user, fake):
"""A google id token for an identity associated with the user fixture."""
client_id = app.config['GOOGLE_OAUTH2_ALLOWED_CLIENT_IDS'][0]
payload = dict(
iat=datetime.datetime.utcnow() - datetime.timedelta(minutes=1),
exp=datetime.datetime.utcnow() + datetime.timedelta(hours=1),
aud=client_id, iss='accounts.google.com',
sub=fake.numerify('################################'),
email=fake.safe_email(), email_verified=False,
)
key = list(app.config.get('TESTING_GOOGLE_OAUTH2_CERT_PRIV_KEYS').values())[0]
t = jwt.encode(payload, key, algorithm='RS256').decode('ascii')
associate_user_with_google_id(user, t)
return t
def test_google_user_multiple_association(db, valid_payload, no_user_google_token, user):
"""Repeatedly associating an id only affects one row."""
# pylint: disable=no-member
for _ in range(10):
associate_user_with_google_id(user, no_user_google_token)
db.session.commit()
u = user_for_google_id_token(no_user_google_token)
assert u.id == user.id
# Check identity is added only once
assert UserIdentity.query.filter(
UserIdentity.provider == 'google',
UserIdentity.provider_identity == valid_payload['sub']
).count() == 1
def test_google_user_association_requires_sub(app, user, valid_payload):
del valid_payload['sub']
t = _encode_valid_token(app, valid_payload)
with pytest.raises(BadRequest):
associate_user_with_google_id(user, t)
def test_google_user_association_requires_valid_token(user, valid_payload):
t = _encode_invalid_token(valid_payload)
with pytest.raises(BadRequest):
associate_user_with_google_id(user, t)
def test_google_user_association(no_user_google_token, user):
associate_user_with_google_id(user, no_user_google_token)
u = user_for_google_id_token(no_user_google_token)
assert u.id == user.id