def test_client_credentials(self):
"""
Validates the Client Credentials
"""
from oauth2.tokenview import OAuth2TokenView
data = {'grant_type': 'client_credentials'}
request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1')
response = OAuth2TokenView.as_view()(request)
# Fails because the HTTP_AUTHORIZATION header is missing
self.assertEqual(response.status_code, 400)
self.assertEqual(response.content, json.dumps({'error': 'missing_header'}))
header = 'Basic {0}'.format(base64.encodestring('{0}:{1}'.format('foo', 'bar')))
request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header)
response = OAuth2TokenView.as_view()(request)
# Fails because there is no such client
self.assertEqual(response.status_code, 400)
self.assertEqual(response.content, json.dumps({'error': 'invalid_client'}))
admin_na = UserList.get_user_by_username('admin_na')
admin_na_client = Client()
admin_na_client.ovs_type = 'USER'
admin_na_client.grant_type = 'PASSWORD'
admin_na_client.client_secret = OAuth2Toolbox.create_hash(64)
admin_na_client.user = admin_na
admin_na_client.save()
header = 'Basic {0}'.format(base64.encodestring('{0}:{1}'.format(admin_na_client.guid, admin_na_client.client_secret)))
request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header)
response = OAuth2TokenView.as_view()(request)
# Fails because the grant is of type Resource Owner Password Credentials
self.assertEqual(response.status_code, 400)
self.assertEqual(response.content, json.dumps({'error': 'invalid_grant'}))
admin_na_client.grant_type = 'CLIENT_CREDENTIALS'
admin_na_client.save()
request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header)
response = OAuth2TokenView.as_view()(request)
# Fails because the grant is of type Resource Owner Password Credentials
self.assertEqual(response.status_code, 400)
self.assertEqual(response.content, json.dumps({'error': 'inactive_user'}))
admin = UserList.get_user_by_username('admin')
admin_client = Client()
admin_client.ovs_type = 'USER'
admin_client.grant_type = 'CLIENT_CREDENTIALS'
admin_client.client_secret = OAuth2Toolbox.create_hash(64)
admin_client.user = admin
admin_client.save()
header = 'Basic {0}'.format(base64.encodestring('{0}:{1}'.format(admin_client.guid, admin_client.client_secret)))
request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header)
response = OAuth2TokenView.as_view()(request)
# Succeeds
self.assertEqual(response.status_code, 200)
response_content = json.loads(response.content)
self.assertIn('access_token', response_content)
result = {'access_token': response_content['access_token'],
'token_type': 'bearer',
'expires_in': 3600}
self.assertDictEqual(response_content, result)
def create(self, request, role_guids=None):
"""
Creates a Client
"""
if 'role_guids' in request.DATA:
del request.DATA['role_guids']
serializer = FullSerializer(Client, instance=Client(), data=request.DATA)
if serializer.is_valid():
client = serializer.object
if client.user is not None:
if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
client.grant_type = 'CLIENT_CREDENTIALS'
client.client_secret = OAuth2Toolbox.create_hash(64)
serializer.save()
if not role_guids:
roles = [junction.role for junction in client.user.group.roles]
else:
possible_role_guids = [junction.role_guid for junction in client.user.group.roles]
roles = [Role(guid) for guid in role_guids if guid in possible_role_guids]
for role in roles:
roleclient = RoleClient()
roleclient.client = client
roleclient.role = role
roleclient.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def create(self, request, role_guids=None):
"""
Creates a Client
"""
if 'role_guids' in request.DATA:
del request.DATA['role_guids']
serializer = FullSerializer(Client, instance=Client(), data=request.DATA)
if serializer.is_valid():
client = serializer.object
if client.user is not None:
if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
client.grant_type = 'CLIENT_CREDENTIALS'
client.client_secret = OAuth2Toolbox.create_hash(64)
serializer.save()
if not role_guids:
roles = [junction.role for junction in client.user.group.roles]
else:
possible_role_guids = [junction.role_guid for junction in client.user.group.roles]
roles = [Role(guid) for guid in role_guids if guid in possible_role_guids]
for role in roles:
roleclient = RoleClient()
roleclient.client = client
roleclient.role = role
roleclient.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def test_client_credentials(self):
"""
Validates the Client Credentials
"""
from oauth2.tokenview import OAuth2TokenView
data = {'grant_type': 'client_credentials'}
request = self.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1')
response = OAuth2TokenView.as_view()(request)
# Fails because the HTTP_AUTHORIZATION header is missing
self.assertEqual(response.status_code, 400)
self.assertEqual(response.content,
json.dumps({'error': 'missing_header'}))
header = 'Basic {0}'.format(
base64.encodestring('{0}:{1}'.format('foo', 'bar')))
request = self.factory.post('/',
data=data,
HTTP_X_REAL_IP='127.0.0.2',
HTTP_AUTHORIZATION=header)
response = OAuth2TokenView.as_view()(request)
# Fails because there is no such client
self.assertEqual(response.status_code, 400)
self.assertEqual(response.content,
json.dumps({'error': 'invalid_client'}))
admin_na = UserList.get_user_by_username('admin_na')
admin_na_client = Client()
admin_na_client.ovs_type = 'USER'
admin_na_client.grant_type = 'PASSWORD'
admin_na_client.client_secret = OAuth2Toolbox.create_hash(64)
admin_na_client.user = admin_na
admin_na_client.save()
header = 'Basic {0}'.format(
base64.encodestring('{0}:{1}'.format(
admin_na_client.guid, admin_na_client.client_secret)))
request = self.factory.post('/',
data=data,
HTTP_X_REAL_IP='127.0.0.3',
HTTP_AUTHORIZATION=header)
response = OAuth2TokenView.as_view()(request)
# Fails because the grant is of type Resource Owner Password Credentials
self.assertEqual(response.status_code, 400)
self.assertEqual(response.content,
json.dumps({'error': 'invalid_grant'}))
admin_na_client.grant_type = 'CLIENT_CREDENTIALS'
admin_na_client.save()
request = self.factory.post('/',
data=data,
HTTP_X_REAL_IP='127.0.0.4',
HTTP_AUTHORIZATION=header)
response = OAuth2TokenView.as_view()(request)
# Fails because the grant is of type Resource Owner Password Credentials
self.assertEqual(response.status_code, 400)
self.assertEqual(response.content,
json.dumps({'error': 'inactive_user'}))
admin = UserList.get_user_by_username('admin')
admin_client = Client()
admin_client.ovs_type = 'USER'
admin_client.grant_type = 'CLIENT_CREDENTIALS'
admin_client.client_secret = OAuth2Toolbox.create_hash(64)
admin_client.user = admin
admin_client.save()
header = 'Basic {0}'.format(
base64.encodestring('{0}:foobar'.format(admin_client.guid)))
request = self.factory.post('/',
data=data,
HTTP_X_REAL_IP='127.0.0.5',
HTTP_AUTHORIZATION=header)
response = OAuth2TokenView.as_view()(request)
# Fails because it's an invalid secret
self.assertEqual(response.status_code, 400)
self.assertEqual(response.content,
json.dumps({'error': 'invalid_client'}))
header = 'Basic {0}'.format(
base64.encodestring('{0}:{1}'.format(admin_client.guid,
admin_client.client_secret)))
request = self.factory.post('/',
data=data,
HTTP_X_REAL_IP='127.0.0.6',
HTTP_AUTHORIZATION=header)
response = OAuth2TokenView.as_view()(request)
# Succeeds
self.assertEqual(response.status_code, 200)
response_content = json.loads(response.content)
self.assertIn('access_token', response_content)
result = {
'access_token': response_content['access_token'],
'token_type': 'bearer',
'expires_in': 3600
}
self.assertDictEqual(response_content, result)
