def get_access_token(self, user_id, expires=600):
"""
Returns an access token for with the current user.
Note: uses a hardcoded URL when determining where to send the request.
"""
url = self.server_url + "/api/swingers/v1/{0}/request_token"
nonce = make_nonce()
r = requests.get(url.format(self.server_name),
params={
"user_id":
user_id,
"nonce":
nonce,
"client_secret":
self.get_client_secret(user_id, nonce),
"client_id":
self.client_name,
"expires":
expires
})
if r.ok:
return r.content
else:
r.raise_for_status()
def test_delete_token(self):
"""
Test deleting access tokens from a particular application link for a
particular user.
"""
url = reverse('delete_access_token')
user = User.objects.get(pk=1)
link = ApplicationLink.objects.get(pk=1)
# test a request with a missing token secret
nonce = make_nonce()
data = {
'user_id': user.username,
'client_id': 'test',
'client_secret': link.get_client_secret(user, nonce),
'nonce': nonce,
}
response = self.client.get(url, data)
self.assertEqual(response.status_code, 403)
self.assertEqual(response.content, "Missing access_token")
# test a request with a non-existant token secret
data['nonce'] = make_nonce()
data['client_secret'] = link.get_client_secret(user, data['nonce'])
data['access_token'] = 'non-existant-token'
response = self.client.get(url, data)
self.assertEqual(response.status_code, 403)
self.assertEqual(response.content, 'Token does not exist')
# create a token to delete, and make a valid request to delete it
Token.objects.create(secret="abc123", user=user, link=link)
data['nonce'] = make_nonce()
data['client_secret'] = link.get_client_secret(user, data['nonce'])
data['access_token'] = 'abc123'
response = self. client.get(url, data)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.content, "Token abc123 deleted")
self.assertEqual(Token.objects.count(), 0)
def test_list_tokens(self):
"""
Tests to that `list_tokens` returns a blank list if no tokens for an
application link and user exist, and returns the list of secrets if
tokens do exist.
"""
url = reverse('list_access_tokens')
user = User.objects.get(pk=1)
link = ApplicationLink.objects.get(pk=1)
nonce = make_nonce()
data = {
'user_id': user.username,
'client_id': 'test',
'client_secret': link.get_client_secret(user, nonce),
'nonce': nonce,
}
response = self.client.get(url, data)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.content, "[]")
# create some tokens for this application link and user and test that
# a new request correctly returns these two tokens.
Token.objects.create(secret="abc123", user=user, link=link)
Token.objects.create(secret="abc321", user=user, link=link)
# create a token that doesn't belong to our user to ensure that this
# token is not returned in the list of tokens.
test = User.objects.get(username='******')
Token.objects.create(secret="testing", user=test, link=link)
data['nonce'] = make_nonce()
data['client_secret'] = link.get_client_secret(user, data['nonce'])
response = self.client.get(url, data)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.content, "[u'abc123', u'abc321']")
def get_access_token(self, user_id, expires=600):
"""
Returns an access token for with the current user.
Note: uses a hardcoded URL when determining where to send the request.
"""
url = self.server_url + "/api/swingers/v1/{0}/request_token"
nonce = make_nonce()
r = requests.get(url.format(self.server_name), params={
"user_id": user_id,
"nonce": nonce,
"client_secret": self.get_client_secret(user_id, nonce),
"client_id": self.client_name,
"expires": expires
})
if r.ok:
return r.content
else:
r.raise_for_status()
def test_request_access_token(self):
"""
Test requesting a token.
"""
link = ApplicationLink.objects.get(pk=1)
user = '******'
nonce = make_nonce()
url = reverse('request_access_token')
data = {
'user_id': user,
'client_id': 'test',
'client_secret': link.get_client_secret(user, nonce),
'nonce': nonce
}
response = self.client.get(url, data)
self.assertEqual(response.status_code, 200)
# ensure that a token is created with the returned secret
self.assertEqual(Token.objects.count(), 1)
self.assertEqual(Token.objects.all()[0].secret, response.content)
# test reusing the same nonce
response = self.client.get(url, data)
self.assertEqual(response.status_code, 403)
self.assertEqual(response.content, "No you can't reuse nonce's!")
self.assertEqual(Token.objects.count(), 1)
# test omitting required data
requests = [
# missing client_secret
{
'user_id': 'admin',
'client_id': 'test',
'nonce': 'nonce'
},
# missing user_id
{
'client_id': 'test',
'client_secret': 'secret',
'nonce': 'nonce'
},
# missing client_id
{
'user_id': 'admin',
'client_secret': 'secret',
'nonce': 'nonce'
}
]
for data in requests:
response = self.client.get(url, data)
self.assertEqual(response.status_code, 403)
self.assertEqual(response.content, "Missing Input")
# test missing nonce
data = {
'user_id': user,
'client_id': 'test',
'client_secret': 'missing-nonce',
}
response = self.client.get(url, data)
self.assertEqual(response.status_code, 403)
self.assertEqual(response.content, "Missing nonce")
# test invalid secret
data = {
'user_id': user,
'client_id': 'test',
'client_secret': 'invalid-secret',
'nonce': make_nonce()
}
response = self.client.get(url, data)
self.assertEqual(response.status_code, 403)
self.assertEqual(response.content, "Invalid client_secret")
# test applicationlink not existing
nonce = make_nonce()
data = {
'user_id': user,
'client_id': 'invalid-client-id',
'client_secret': link.get_client_secret(user, nonce),
'nonce': nonce
}
response = self.client.get(url, data)
self.assertEqual(response.status_code, 403)
self.assertEqual(response.content, "Application link does not exist")
# test expiry data
nonce = make_nonce()
data = {
'user_id': user,
'client_id': 'test',
'client_secret': link.get_client_secret(user, nonce),
'nonce': nonce,
'expires': 100
}
response = self.client.get(url, data)
self.assertEqual(response.status_code, 200)
token = Token.objects.get(secret=response.content)
self.assertEqual(token.timeout, 100)
# Make sure there are only 2 tokens created.
self.assertEqual(Token.objects.count(), 2)
user = '******'
nonce = make_nonce()
data = {
'user_id': user,
'client_id': 'test',
'client_secret': link.get_client_secret(user, nonce),
'nonce': nonce,
}
def create_user(*args, **kwargs):
return User.objects.create(username=user,
password='******',
email='*****@*****.**',
first_name='test', last_name='test')
self.ldap.side_effect = create_user
response = self.client.get(url, data)
self.ldap.assert_called_with(user)
self.assertEqual(User.objects.get(username=user).first_name, 'test')
self.assertEqual(response.status_code, 200)
user = '******'
self.ldap.side_effect = None
self.ldap.return_value = None
data['user_id'] = user
data['nonce'] = make_nonce()
data['client_secret'] = link.get_client_secret(user, data['nonce'])
response = self.client.get(url, data)
self.assertEqual(response.status_code, 403)
self.assertEqual(response.content, "Invalid user_id")
