def test_should_save_and_retrieve_client_authorization_code(): assert not database.find_client('client-id') database.save_new_authorization_code( 'auth-code-1nmb21', 'client-id','my-state', 'http://example.com/return') assert database.find_client('client-id') assert 1 == database.client_authorization_codes_count('client-id') assert database.client_has_authorization_code('client-id', 'auth-code-1nmb21')
def validate_client_authorization(self): client = database.find_client(self.client_id) if not client: self.raise_http_401({'error': 'invalid_client', 'error_description': 'Invalid client_id or code on Authorization header'}) if not database.client_has_authorization_code(self.client_id, self.code_from_header): self.raise_http_401({'error': 'invalid_client', 'error_description': 'Invalid client_id or code on Authorization header'}) if not database.client_has_authorization_code(self.client_id, self.code): self.raise_http_400({'error': 'invalid_grant', 'error_description': 'Invalid code for this client'}) if not database.client_has_redirect_uri_for_code(self.client_id, self.code, self.redirect_uri): self.raise_http_400({'error': 'invalid_grant', 'error_description': 'redirect_uri does not match'}) if database.is_client_authorization_code_used(self.client_id, self.code): self.raise_http_400({'error': 'invalid_grant', 'error_description': 'Authorization grant already used'})
def validate_user_credentials(handler): ''' This plugin will execute in the authorization request handler, but on POST method. Different from GET method, no code is executed in the default handler. So why we use ``client_id`` (stored on cookie by ``ask_user_credentials() above``) to query tokens from database (saved on GET handler) ''' client_id = handler.get_secure_cookie('client_id') credentials = (handler.get_argument('username',''), handler.get_argument('password','')) if credentials == ('admin', 'admin'): client = database.find_client(client_id) handler.redirect(client['redirect_uri_with_code']) else: handler.write('<p>Invalid username and/or password</p>' '<p><em>hint: try "admin" and "admin"</em></p>' '<p><a href="{0}">Try again</a></p>'.format(handler.request.uri))
def test_find_client_return_None_if_no_client_id_found(): assert database.find_client('no-client-id') is None