def get_access_token(self, user_id, expires=600): """ Returns an access token for with the current user. Note: uses a hardcoded URL when determining where to send the request. """ url = self.server_url + "/api/swingers/v1/{0}/request_token" nonce = make_nonce() r = requests.get(url.format(self.server_name), params={ "user_id": user_id, "nonce": nonce, "client_secret": self.get_client_secret(user_id, nonce), "client_id": self.client_name, "expires": expires }) if r.ok: return r.content else: r.raise_for_status()
def test_delete_token(self): """ Test deleting access tokens from a particular application link for a particular user. """ url = reverse('delete_access_token') user = User.objects.get(pk=1) link = ApplicationLink.objects.get(pk=1) # test a request with a missing token secret nonce = make_nonce() data = { 'user_id': user.username, 'client_id': 'test', 'client_secret': link.get_client_secret(user, nonce), 'nonce': nonce, } response = self.client.get(url, data) self.assertEqual(response.status_code, 403) self.assertEqual(response.content, "Missing access_token") # test a request with a non-existant token secret data['nonce'] = make_nonce() data['client_secret'] = link.get_client_secret(user, data['nonce']) data['access_token'] = 'non-existant-token' response = self.client.get(url, data) self.assertEqual(response.status_code, 403) self.assertEqual(response.content, 'Token does not exist') # create a token to delete, and make a valid request to delete it Token.objects.create(secret="abc123", user=user, link=link) data['nonce'] = make_nonce() data['client_secret'] = link.get_client_secret(user, data['nonce']) data['access_token'] = 'abc123' response = self. client.get(url, data) self.assertEqual(response.status_code, 200) self.assertEqual(response.content, "Token abc123 deleted") self.assertEqual(Token.objects.count(), 0)
def test_list_tokens(self): """ Tests to that `list_tokens` returns a blank list if no tokens for an application link and user exist, and returns the list of secrets if tokens do exist. """ url = reverse('list_access_tokens') user = User.objects.get(pk=1) link = ApplicationLink.objects.get(pk=1) nonce = make_nonce() data = { 'user_id': user.username, 'client_id': 'test', 'client_secret': link.get_client_secret(user, nonce), 'nonce': nonce, } response = self.client.get(url, data) self.assertEqual(response.status_code, 200) self.assertEqual(response.content, "[]") # create some tokens for this application link and user and test that # a new request correctly returns these two tokens. Token.objects.create(secret="abc123", user=user, link=link) Token.objects.create(secret="abc321", user=user, link=link) # create a token that doesn't belong to our user to ensure that this # token is not returned in the list of tokens. test = User.objects.get(username='******') Token.objects.create(secret="testing", user=test, link=link) data['nonce'] = make_nonce() data['client_secret'] = link.get_client_secret(user, data['nonce']) response = self.client.get(url, data) self.assertEqual(response.status_code, 200) self.assertEqual(response.content, "[u'abc123', u'abc321']")
def test_request_access_token(self): """ Test requesting a token. """ link = ApplicationLink.objects.get(pk=1) user = '******' nonce = make_nonce() url = reverse('request_access_token') data = { 'user_id': user, 'client_id': 'test', 'client_secret': link.get_client_secret(user, nonce), 'nonce': nonce } response = self.client.get(url, data) self.assertEqual(response.status_code, 200) # ensure that a token is created with the returned secret self.assertEqual(Token.objects.count(), 1) self.assertEqual(Token.objects.all()[0].secret, response.content) # test reusing the same nonce response = self.client.get(url, data) self.assertEqual(response.status_code, 403) self.assertEqual(response.content, "No you can't reuse nonce's!") self.assertEqual(Token.objects.count(), 1) # test omitting required data requests = [ # missing client_secret { 'user_id': 'admin', 'client_id': 'test', 'nonce': 'nonce' }, # missing user_id { 'client_id': 'test', 'client_secret': 'secret', 'nonce': 'nonce' }, # missing client_id { 'user_id': 'admin', 'client_secret': 'secret', 'nonce': 'nonce' } ] for data in requests: response = self.client.get(url, data) self.assertEqual(response.status_code, 403) self.assertEqual(response.content, "Missing Input") # test missing nonce data = { 'user_id': user, 'client_id': 'test', 'client_secret': 'missing-nonce', } response = self.client.get(url, data) self.assertEqual(response.status_code, 403) self.assertEqual(response.content, "Missing nonce") # test invalid secret data = { 'user_id': user, 'client_id': 'test', 'client_secret': 'invalid-secret', 'nonce': make_nonce() } response = self.client.get(url, data) self.assertEqual(response.status_code, 403) self.assertEqual(response.content, "Invalid client_secret") # test applicationlink not existing nonce = make_nonce() data = { 'user_id': user, 'client_id': 'invalid-client-id', 'client_secret': link.get_client_secret(user, nonce), 'nonce': nonce } response = self.client.get(url, data) self.assertEqual(response.status_code, 403) self.assertEqual(response.content, "Application link does not exist") # test expiry data nonce = make_nonce() data = { 'user_id': user, 'client_id': 'test', 'client_secret': link.get_client_secret(user, nonce), 'nonce': nonce, 'expires': 100 } response = self.client.get(url, data) self.assertEqual(response.status_code, 200) token = Token.objects.get(secret=response.content) self.assertEqual(token.timeout, 100) # Make sure there are only 2 tokens created. self.assertEqual(Token.objects.count(), 2) user = '******' nonce = make_nonce() data = { 'user_id': user, 'client_id': 'test', 'client_secret': link.get_client_secret(user, nonce), 'nonce': nonce, } def create_user(*args, **kwargs): return User.objects.create(username=user, password='******', email='*****@*****.**', first_name='test', last_name='test') self.ldap.side_effect = create_user response = self.client.get(url, data) self.ldap.assert_called_with(user) self.assertEqual(User.objects.get(username=user).first_name, 'test') self.assertEqual(response.status_code, 200) user = '******' self.ldap.side_effect = None self.ldap.return_value = None data['user_id'] = user data['nonce'] = make_nonce() data['client_secret'] = link.get_client_secret(user, data['nonce']) response = self.client.get(url, data) self.assertEqual(response.status_code, 403) self.assertEqual(response.content, "Invalid user_id")