def test_authorize_view(self): with self.app.test_client() as client: response = client.get('/oauth2authorize') location = response.headers['Location'] q = urlparse.parse_qs(location.split('?', 1)[1]) state = json.loads(q['state'][0]) self.assertIn(oauth2client.GOOGLE_AUTH_URI, location) self.assertNotIn(self.oauth2.client_secret, location) self.assertIn(self.oauth2.client_id, q['client_id']) self.assertEqual( flask.session['google_oauth2_csrf_token'], state['csrf_token']) self.assertEqual(state['return_url'], '/') with self.app.test_client() as client: response = client.get('/oauth2authorize?return_url=/test') location = response.headers['Location'] q = urlparse.parse_qs(location.split('?', 1)[1]) state = json.loads(q['state'][0]) self.assertEqual(state['return_url'], '/test') with self.app.test_client() as client: response = client.get('/oauth2authorize?extra_param=test') location = response.headers['Location'] self.assertIn('extra_param=test', location)
def test_required(self): @self.app.route('/protected') @self.oauth2.required def index(): return 'Hello' # No credentials, should redirect with self.app.test_client() as client: response = client.get('/protected') self.assertEqual(response.status_code, httplib.FOUND) self.assertIn('oauth2authorize', response.headers['Location']) self.assertIn('protected', response.headers['Location']) credentials = self._generate_credentials(scopes=self.oauth2.scopes) # With credentials, should allow with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_credentials'] = credentials.to_json() response = client.get('/protected') self.assertEqual(response.status_code, httplib.OK) self.assertIn('Hello', response.data.decode('utf-8')) # Expired credentials with refresh token, should allow. credentials.token_expiry = datetime.datetime(1990, 5, 28) with mock.patch('oauth2client.client._UTCNOW') as utcnow: utcnow.return_value = datetime.datetime(1990, 5, 29) with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_credentials'] = ( credentials.to_json()) response = client.get('/protected') self.assertEqual(response.status_code, httplib.OK) self.assertIn('Hello', response.data.decode('utf-8')) # Expired credentials without a refresh token, should redirect. credentials.refresh_token = None with mock.patch('oauth2client.client._UTCNOW') as utcnow: utcnow.return_value = datetime.datetime(1990, 5, 29) with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_credentials'] = ( credentials.to_json()) response = client.get('/protected') self.assertEqual(response.status_code, httplib.FOUND) self.assertIn('oauth2authorize', response.headers['Location']) self.assertIn('protected', response.headers['Location'])
def test_incremental_auth(self): self._create_incremental_auth_app() # No credentials, should redirect with self.app.test_client() as client: response = client.get('/one') self.assertIn('one', response.headers['Location']) self.assertEqual(response.status_code, httplib.FOUND) # Credentials for one. /one should allow, /two should redirect. credentials = self._generate_credentials(scopes=['email', 'one']) with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_credentials'] = credentials.to_json() response = client.get('/one') self.assertEqual(response.status_code, httplib.OK) response = client.get('/two') self.assertIn('two', response.headers['Location']) self.assertEqual(response.status_code, httplib.FOUND) # Starting the authorization flow should include the # include_granted_scopes parameter as well as the scopes. response = client.get(response.headers['Location'][17:]) q = urlparse.parse_qs( response.headers['Location'].split('?', 1)[1]) self.assertIn('include_granted_scopes', q) self.assertEqual( set(q['scope'][0].split(' ')), set(['one', 'email', 'two', 'three'])) # Actually call two() without a redirect. credentials2 = self._generate_credentials( scopes=['email', 'two', 'three']) with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_credentials'] = credentials2.to_json() response = client.get('/two') self.assertEqual(response.status_code, httplib.OK)
def test_callback_view(self): self.oauth2.storage = mock.Mock() with self.app.test_client() as client: with Http2Mock() as http: state = self._setup_callback_state(client) response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.FOUND) self.assertIn('/return_url', response.headers['Location']) self.assertIn(self.oauth2.client_secret, http.body) self.assertIn('codez', http.body) self.assertTrue(self.oauth2.storage.put.called)
def test_incremental_auth_exchange(self): self._create_incremental_auth_app() with Http2Mock(): with self.app.test_client() as client: state = self._setup_callback_state( client, return_url='/return_url', # Incremental auth scopes. scopes=['one', 'two']) response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.FOUND) credentials = self.oauth2.credentials self.assertTrue( credentials.has_scopes(['email', 'one', 'two']))
def test_callback_view(self): self.oauth2.storage = mock.Mock() with self.app.test_client() as client: with mock.patch( 'oauth2client.transport.get_http_object') as new_http: # Set-up mock. http = http_mock.HttpMock(data=DEFAULT_RESP) new_http.return_value = http # Run tests. state = self._setup_callback_state(client) response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.FOUND) self.assertIn('/return_url', response.headers['Location']) self.assertIn(self.oauth2.client_secret, http.body) self.assertIn('codez', http.body) self.assertTrue(self.oauth2.storage.put.called) # Check the mocks were called. new_http.assert_called_once_with()
def test_incremental_auth_exchange(self): self._create_incremental_auth_app() with mock.patch('oauth2client.transport.get_http_object') as new_http: # Set-up mock. new_http.return_value = http_mock.HttpMock(data=DEFAULT_RESP) # Run tests. with self.app.test_client() as client: state = self._setup_callback_state( client, return_url='/return_url', # Incremental auth scopes. scopes=['one', 'two']) response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.FOUND) credentials = self.oauth2.credentials self.assertTrue( credentials.has_scopes(['email', 'one', 'two'])) # Check the mocks were called. new_http.assert_called_once_with()
def test_callback_view_errors(self): # Error supplied to callback with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_csrf_token'] = 'tokenz' response = client.get('/oauth2callback?state={}&error=something') self.assertEqual(response.status_code, httplib.BAD_REQUEST) self.assertIn('something', response.data.decode('utf-8')) # CSRF mismatch with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_csrf_token'] = 'goodstate' state = json.dumps({ 'csrf_token': 'badstate', 'return_url': '/return_url' }) response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.BAD_REQUEST) # KeyError, no CSRF state. with self.app.test_client() as client: response = client.get('/oauth2callback?state={}&code=codez') self.assertEqual(response.status_code, httplib.BAD_REQUEST) # Code exchange error with self.app.test_client() as client: state = self._setup_callback_state(client) with mock.patch( 'oauth2client.transport.get_http_object') as new_http: # Set-up mock. new_http.return_value = http_mock.HttpMock( headers={'status': httplib.INTERNAL_SERVER_ERROR}, data=DEFAULT_RESP) # Run tests. response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.BAD_REQUEST) # Check the mocks were called. new_http.assert_called_once_with() # Invalid state json with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_csrf_token'] = 'tokenz' state = '[{' response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.BAD_REQUEST) # Missing flow. with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_csrf_token'] = 'tokenz' state = json.dumps({ 'csrf_token': 'tokenz', 'return_url': '/return_url' }) response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.BAD_REQUEST)
def test_callback_view_errors(self): # Error supplied to callback with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_csrf_token'] = 'tokenz' response = client.get('/oauth2callback?state={}&error=something') self.assertEqual(response.status_code, httplib.BAD_REQUEST) self.assertIn('something', response.data.decode('utf-8')) # CSRF mismatch with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_csrf_token'] = 'goodstate' state = json.dumps({ 'csrf_token': 'badstate', 'return_url': '/return_url' }) response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.BAD_REQUEST) # KeyError, no CSRF state. with self.app.test_client() as client: response = client.get('/oauth2callback?state={}&code=codez') self.assertEqual(response.status_code, httplib.BAD_REQUEST) # Code exchange error with self.app.test_client() as client: state = self._setup_callback_state(client) with Http2Mock(status=httplib.INTERNAL_SERVER_ERROR): response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.BAD_REQUEST) # Invalid state json with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_csrf_token'] = 'tokenz' state = '[{' response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.BAD_REQUEST) # Missing flow. with self.app.test_client() as client: with client.session_transaction() as session: session['google_oauth2_csrf_token'] = 'tokenz' state = json.dumps({ 'csrf_token': 'tokenz', 'return_url': '/return_url' }) response = client.get( '/oauth2callback?state={0}&code=codez'.format(state)) self.assertEqual(response.status_code, httplib.BAD_REQUEST)