def test_oauth1_authorize(self):
request = self.factory.get('/login')
request.session = self.factory.session
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
request_token_url='https://i.b/reqeust-token',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
)
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(
'oauth_token=foo&oauth_verifier=baz')
resp = client.authorize_redirect(request)
self.assertEqual(resp.status_code, 302)
url = resp.get('Location')
self.assertIn('oauth_token=foo', url)
request2 = self.factory.get(url)
request2.session = request.session
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(
'oauth_token=a&oauth_token_secret=b')
token = client.authorize_access_token(request2)
self.assertEqual(token['oauth_token'], 'a')
def test_oauth1_authorize(self):
app = Flask(__name__)
app.secret_key = '!'
oauth = OAuth(app, cache=SimpleCache())
client = oauth.register('dev',
client_id='dev',
client_secret='dev',
request_token_url='https://i.b/reqeust-token',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize')
with app.test_request_context():
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(
'oauth_token=foo&oauth_verifier=baz')
resp = client.authorize_redirect('https://b.com/bar')
self.assertEqual(resp.status_code, 302)
url = resp.headers.get('Location')
self.assertIn('oauth_token=foo', url)
self.assertIsNotNone(session.get('_dev_authlib_req_token_'))
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(
'oauth_token=a&oauth_token_secret=b')
token = client.authorize_access_token()
self.assertEqual(token['oauth_token'], 'a')
def test_oauth2_authorize_with_metadata(self):
app = Flask(__name__)
app.secret_key = '!'
oauth = OAuth(app)
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
)
self.assertRaises(RuntimeError, client.create_authorization_url)
client = oauth.register(
'dev2',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
server_metadata_url='https://i.b/.well-known/openid-configuration')
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(
{'authorization_endpoint': 'https://i.b/authorize'})
with app.test_request_context():
resp = client.authorize_redirect('https://b.com/bar')
self.assertEqual(resp.status_code, 302)
def test_oauth2_authorize(self):
app = Flask(__name__)
app.secret_key = '!'
oauth = OAuth(app)
client = oauth.register('dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize')
with app.test_request_context():
resp = client.authorize_redirect('https://b.com/bar')
self.assertEqual(resp.status_code, 302)
url = resp.headers.get('Location')
self.assertIn('state=', url)
state = session['_dev_authlib_state_']
self.assertIsNotNone(state)
with app.test_request_context(path='/?code=a&state={}'.format(state)):
# session is cleared in tests
session['_dev_authlib_state_'] = state
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(get_bearer_token())
token = client.authorize_access_token()
self.assertEqual(token['access_token'], 'a')
with app.test_request_context():
self.assertEqual(client.token, None)
def test_oauth2_authorize_code_verifier(self):
request = self.factory.get('/login')
request.session = self.factory.session
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={'code_challenge_method': 'S256'},
)
state = 'foo'
code_verifier = 'bar'
rv = client.authorize_redirect(request,
'https://a.b/c',
state=state,
code_verifier=code_verifier)
self.assertEqual(rv.status_code, 302)
url = rv.get('Location')
self.assertIn('state=', url)
self.assertIn('code_challenge=', url)
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(get_bearer_token())
request2 = self.factory.get('/authorize?state={}'.format(state))
request2.session = request.session
token = client.authorize_access_token(request2)
self.assertEqual(token['access_token'], 'a')
def test_oauth2_authorize(self):
request = self.factory.get('/login')
request.session = self.factory.session
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
)
rv = client.authorize_redirect(request, 'https://a.b/c')
self.assertEqual(rv.status_code, 302)
url = rv.get('Location')
self.assertIn('state=', url)
state = dict(url_decode(urlparse.urlparse(url).query))['state']
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(get_bearer_token())
request2 = self.factory.get('/authorize?state={}'.format(state))
request2.session = request.session
token = client.authorize_access_token(request2)
self.assertEqual(token['access_token'], 'a')
def test_request_without_token(self):
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value({'name': 'a'})
client = OAuthClient(client_id='foo')
try:
client.get('https://i.b/user')
except OAuthError as exc:
self.assertEqual('missing_token', exc.error)
def test_oauth2_fetch_access_token(self):
url = 'https://example.com/token'
token = get_bearer_token()
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(token)
client = OAuthClient(client_id='foo', access_token_url=url)
self.assertEqual(client.fetch_access_token(), token)
self.assertEqual(client.fetch_access_token(url), token)
def test_oauth1_fetch_access_token(self):
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value('oauth_token=foo')
client = OAuthClient('foo',
request_token_url='https://a.com/req',
access_token_url='https://example.com/token')
request_token = {'oauth_token': 'req'}
resp = client.fetch_access_token(request_token=request_token,
oauth_verifier='bar')
self.assertEqual(resp['oauth_token'], 'foo')
def test_oauth1_generate_authorize_redirect(self):
def save_request_token(token):
self.assertIn('oauth_token', token)
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value('oauth_token=foo')
client = OAuthClient('foo',
request_token_url='https://a.com/req',
authorize_url='https://a.com/auth')
uri, state = client.generate_authorize_redirect(
'https://b.com/bar', save_request_token)
self.assertIsNone(state)
self.assertIn('oauth_token=foo', uri)
def test_openid_authorize(self):
app = Flask(__name__)
app.secret_key = '!'
oauth = OAuth(app)
key = jwk.dumps('secret', 'oct', kid='f')
client = oauth.register(
'dev',
client_id='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={'scope': 'openid profile'},
jwks={'keys': [key]},
)
with app.test_request_context():
resp = client.authorize_redirect('https://b.com/bar')
self.assertEqual(resp.status_code, 302)
url = resp.headers['Location']
query_data = dict(url_decode(urlparse.urlparse(url).query))
state = query_data['state']
self.assertIsNotNone(state)
session_data = session[f'_state_dev_{state}']
nonce = session_data['data']['nonce']
self.assertIsNotNone(nonce)
self.assertEqual(nonce, query_data['nonce'])
token = get_bearer_token()
token['id_token'] = generate_id_token(
token,
{'sub': '123'},
key,
alg='HS256',
iss='https://i.b',
aud='dev',
exp=3600,
nonce=query_data['nonce'],
)
path = '/?code=a&state={}'.format(state)
with app.test_request_context(path=path):
session[f'_state_dev_{state}'] = session_data
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(token)
token = client.authorize_access_token()
self.assertEqual(token['access_token'], 'a')
self.assertIn('userinfo', token)
def test_oauth2_access_token_with_post(self):
app = Flask(__name__)
app.secret_key = '!'
oauth = OAuth(app)
client = oauth.register('dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize')
payload = {'code': 'a', 'state': 'b'}
with app.test_request_context(data=payload, method='POST'):
session['_dev_authlib_state_'] = 'b'
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(get_bearer_token())
token = client.authorize_access_token()
self.assertEqual(token['access_token'], 'a')
def test_openid_authorize(self):
request = self.factory.get('/login')
request.session = self.factory.session
key = jwk.dumps('secret', 'oct', kid='f')
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
jwks={'keys': [key]},
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={'scope': 'openid profile'},
)
resp = client.authorize_redirect(request, 'https://b.com/bar')
self.assertEqual(resp.status_code, 302)
url = resp.get('Location')
self.assertIn('nonce=', url)
query_data = dict(url_decode(urlparse.urlparse(url).query))
token = get_bearer_token()
token['id_token'] = generate_id_token(
token,
{'sub': '123'},
key,
alg='HS256',
iss='https://i.b',
aud='dev',
exp=3600,
nonce=query_data['nonce'],
)
state = query_data['state']
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(token)
request2 = self.factory.get(
'/authorize?state={}&code=foo'.format(state))
request2.session = request.session
token = client.authorize_access_token(request2)
self.assertEqual(token['access_token'], 'a')
self.assertIn('userinfo', token)
self.assertEqual(token['userinfo']['sub'], '123')
def test_oauth2_access_token_with_post(self):
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
)
payload = {'code': 'a', 'state': 'b'}
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value(get_bearer_token())
request = self.factory.post('/token', data=payload)
request.session = self.factory.session
request.session['_state_dev_b'] = {'data': {}}
token = client.authorize_access_token(request)
self.assertEqual(token['access_token'], 'a')
def test_request_with_token(self):
with mock.patch('requests.sessions.Session.send') as send:
send.return_value = mock_send_value({'name': 'a'})
client = OAuthClient(client_id='foo')
token = get_bearer_token()
resp = client.get('https://i.b/user', token=token)
self.assertEqual(resp.json()['name'], 'a')
resp = client.post('https://i.b/user', token=token)
self.assertEqual(resp.json()['name'], 'a')
resp = client.put('https://i.b/user', token=token)
self.assertEqual(resp.json()['name'], 'a')
resp = client.delete('https://i.b/user', token=token)
self.assertEqual(resp.json()['name'], 'a')
client.api_base_url = 'https://i.b'
resp = client.get('user', token=token)
self.assertEqual(resp.json()['name'], 'a')
def fake_send(sess, req, **kwargs):
self.assertEqual(sess.token['access_token'], 'dev')
return mock_send_value(get_bearer_token())
def fake_send(sess, req, **kwargs):
self.assertIn(f'code_verifier={verifier}', req.body)
return mock_send_value(get_bearer_token())
def fake_send(sess, req, **kwargs):
self.assertIn('code_verifier={}'.format(verifier), req.body)
return mock_send_value(get_bearer_token())
