def test_client_credentials(self): """ Validates the Client Credentials """ from oauth2.tokenview import OAuth2TokenView data = {'grant_type': 'client_credentials'} request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1') response = OAuth2TokenView.as_view()(request) # Fails because the HTTP_AUTHORIZATION header is missing self.assertEqual(response.status_code, 400) self.assertEqual(response.content, json.dumps({'error': 'missing_header'})) header = 'Basic {0}'.format(base64.encodestring('{0}:{1}'.format('foo', 'bar'))) request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = OAuth2TokenView.as_view()(request) # Fails because there is no such client self.assertEqual(response.status_code, 400) self.assertEqual(response.content, json.dumps({'error': 'invalid_client'})) admin_na = UserList.get_user_by_username('admin_na') admin_na_client = Client() admin_na_client.ovs_type = 'USER' admin_na_client.grant_type = 'PASSWORD' admin_na_client.client_secret = OAuth2Toolbox.create_hash(64) admin_na_client.user = admin_na admin_na_client.save() header = 'Basic {0}'.format(base64.encodestring('{0}:{1}'.format(admin_na_client.guid, admin_na_client.client_secret))) request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = OAuth2TokenView.as_view()(request) # Fails because the grant is of type Resource Owner Password Credentials self.assertEqual(response.status_code, 400) self.assertEqual(response.content, json.dumps({'error': 'invalid_grant'})) admin_na_client.grant_type = 'CLIENT_CREDENTIALS' admin_na_client.save() request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = OAuth2TokenView.as_view()(request) # Fails because the grant is of type Resource Owner Password Credentials self.assertEqual(response.status_code, 400) self.assertEqual(response.content, json.dumps({'error': 'inactive_user'})) admin = UserList.get_user_by_username('admin') admin_client = Client() admin_client.ovs_type = 'USER' admin_client.grant_type = 'CLIENT_CREDENTIALS' admin_client.client_secret = OAuth2Toolbox.create_hash(64) admin_client.user = admin admin_client.save() header = 'Basic {0}'.format(base64.encodestring('{0}:{1}'.format(admin_client.guid, admin_client.client_secret))) request = Authentication.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1', HTTP_AUTHORIZATION=header) response = OAuth2TokenView.as_view()(request) # Succeeds self.assertEqual(response.status_code, 200) response_content = json.loads(response.content) self.assertIn('access_token', response_content) result = {'access_token': response_content['access_token'], 'token_type': 'bearer', 'expires_in': 3600} self.assertDictEqual(response_content, result)
def create(self, request, role_guids=None): """ Creates a Client """ if 'role_guids' in request.DATA: del request.DATA['role_guids'] serializer = FullSerializer(Client, instance=Client(), data=request.DATA) if serializer.is_valid(): client = serializer.object if client.user is not None: if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']): client.grant_type = 'CLIENT_CREDENTIALS' client.client_secret = OAuth2Toolbox.create_hash(64) serializer.save() if not role_guids: roles = [junction.role for junction in client.user.group.roles] else: possible_role_guids = [junction.role_guid for junction in client.user.group.roles] roles = [Role(guid) for guid in role_guids if guid in possible_role_guids] for role in roles: roleclient = RoleClient() roleclient.client = client roleclient.role = role roleclient.save() return Response(serializer.data, status=status.HTTP_201_CREATED) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def test_client_credentials(self): """ Validates the Client Credentials """ from oauth2.tokenview import OAuth2TokenView data = {'grant_type': 'client_credentials'} request = self.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.1') response = OAuth2TokenView.as_view()(request) # Fails because the HTTP_AUTHORIZATION header is missing self.assertEqual(response.status_code, 400) self.assertEqual(response.content, json.dumps({'error': 'missing_header'})) header = 'Basic {0}'.format( base64.encodestring('{0}:{1}'.format('foo', 'bar'))) request = self.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.2', HTTP_AUTHORIZATION=header) response = OAuth2TokenView.as_view()(request) # Fails because there is no such client self.assertEqual(response.status_code, 400) self.assertEqual(response.content, json.dumps({'error': 'invalid_client'})) admin_na = UserList.get_user_by_username('admin_na') admin_na_client = Client() admin_na_client.ovs_type = 'USER' admin_na_client.grant_type = 'PASSWORD' admin_na_client.client_secret = OAuth2Toolbox.create_hash(64) admin_na_client.user = admin_na admin_na_client.save() header = 'Basic {0}'.format( base64.encodestring('{0}:{1}'.format( admin_na_client.guid, admin_na_client.client_secret))) request = self.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.3', HTTP_AUTHORIZATION=header) response = OAuth2TokenView.as_view()(request) # Fails because the grant is of type Resource Owner Password Credentials self.assertEqual(response.status_code, 400) self.assertEqual(response.content, json.dumps({'error': 'invalid_grant'})) admin_na_client.grant_type = 'CLIENT_CREDENTIALS' admin_na_client.save() request = self.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.4', HTTP_AUTHORIZATION=header) response = OAuth2TokenView.as_view()(request) # Fails because the grant is of type Resource Owner Password Credentials self.assertEqual(response.status_code, 400) self.assertEqual(response.content, json.dumps({'error': 'inactive_user'})) admin = UserList.get_user_by_username('admin') admin_client = Client() admin_client.ovs_type = 'USER' admin_client.grant_type = 'CLIENT_CREDENTIALS' admin_client.client_secret = OAuth2Toolbox.create_hash(64) admin_client.user = admin admin_client.save() header = 'Basic {0}'.format( base64.encodestring('{0}:foobar'.format(admin_client.guid))) request = self.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.5', HTTP_AUTHORIZATION=header) response = OAuth2TokenView.as_view()(request) # Fails because it's an invalid secret self.assertEqual(response.status_code, 400) self.assertEqual(response.content, json.dumps({'error': 'invalid_client'})) header = 'Basic {0}'.format( base64.encodestring('{0}:{1}'.format(admin_client.guid, admin_client.client_secret))) request = self.factory.post('/', data=data, HTTP_X_REAL_IP='127.0.0.6', HTTP_AUTHORIZATION=header) response = OAuth2TokenView.as_view()(request) # Succeeds self.assertEqual(response.status_code, 200) response_content = json.loads(response.content) self.assertIn('access_token', response_content) result = { 'access_token': response_content['access_token'], 'token_type': 'bearer', 'expires_in': 3600 } self.assertDictEqual(response_content, result)