def testAuthorizationCodeGrantDeny(self): """ Test the authorization code grant flow when the user denies. """ state = b'state' request = AbstractAuthResourceTest.createAuthRequest( arguments={ 'response_type': 'code', 'client_id': self._VALID_CLIENT.id, 'redirect_uri': self._VALID_CLIENT.redirectUris[0], 'scope': ' '.join(self._VALID_SCOPE), 'state': state }) self._SERVER.makeSynchronousRequest(request) self.assertIn( request.responseCode, (None, 200), msg='Expected the auth resource to accept a valid request.') response = request.getResponse() self.assertSubstring( b'<!DOCTYPE html>', response, msg= 'Expected the auth resource to send the content returned by onAuthenticate.' ) dataKey = re.search(b"<input.*name=\"data_key\".*value=\"(?P<dataKey>.*)\">", response) \ .group('dataKey') request = MockRequest('POST', 'oauth2', arguments={ 'confirm': 'no', 'data_key': dataKey }) self._SERVER.makeSynchronousRequest(request) self.assertEquals( request.responseCode, 302, msg='Expected the auth resource to redirect the request.') redirectUrl = request.getResponseHeader(b'location') self.assertIsNotNone( redirectUrl, msg='Expected the auth resource to redirect the request.') parameter = AbstractAuthResourceTest.getParameterFromRedirectUrl( redirectUrl, False) self.assertIn('error', parameter, msg='Missing error parameter in response.') self.assertEquals(parameter['error'], UserDeniesAuthorization().message, msg='Result contained an unexpected error.') self.assertIn('state', parameter, msg='Missing state parameter in response.') self.assertEquals(parameter['state'], state if isinstance(state, str) else state.decode( 'utf-8', errors='replace'), msg='Result contained an unexpected state.')
def testAuthorizationCodeGrant(self): """ Test the authorization code grant flow. """ state = b'state' dataKey = self._doAuthorizationRequest(state) request = MockRequest('POST', 'oauth2', arguments={ 'confirm': 'yes', 'data_key': dataKey }) self._makeExampleRequest(request) self.assertEqual(302, request.responseCode, msg='Expected the auth resource to redirect the request.') redirectUrl = request.getResponseHeader(b'location') self.assertIsNotNone(redirectUrl, msg='Expected the auth resource to redirect the request.') parameter = OAuth2Abstract.AuthResourceTest.getParameterFromRedirectUrl(redirectUrl, False) self.assertIn('code', parameter, msg='Missing code parameter in response.') self.assertIn('state', parameter, msg='Missing state parameter in response.') self.assertEqual( state if isinstance(state, str) else state.decode('utf-8', errors='replace'), parameter['state'], msg='Result contained an unexpected state.') code = parameter['code'] request = Abstract.TokenResourceTest.generateValidTokenRequest(arguments={ 'grant_type': 'authorization_code', 'code': code, 'redirect_uri': self._VALID_CLIENT.redirectUris[0], }, url='oauth2/token', authentication=self._VALID_CLIENT) self._makeExampleRequest(request) self.assertEqual(200, request.responseCode, msg='Expected the token resource to accept the request.') jsonResult = json.loads(request.getResponse().decode('utf-8')) self.assertIn('access_token', jsonResult, msg='Expected the result from the token resource ' 'to contain an access_token parameter.') self.assertIn('refresh_token', jsonResult, msg='Expected the result from the token resource ' 'to contain a refresh_token parameter.') self.assertIn('scope', jsonResult, msg='Expected the result from the token resource ' 'to contain a scope parameter.') self.assertListEqual(jsonResult['scope'].split(), self._VALID_SCOPE, msg='The token resource returned a different ' 'scope than expected.') accessToken = jsonResult['access_token'] self._testValidAccessRequest(token=accessToken) refreshToken = jsonResult['refresh_token'] self._testTokenRefresh(refreshToken)
def testWithAccessTokenInQuery(self): """ Test a request to a protected resource with a valid token in the request query. See https://tools.ietf.org/html/rfc6750#section-2.3 """ request = MockRequest( 'GET', 'protectedResource?access_token=' + self.VALID_TOKEN) self.assertTrue(isAuthorized(request, self.VALID_TOKEN_SCOPE[0]), msg='Expected isAuthorized to accept a request ' 'with a valid token as a query parameter.') self.assertFalse( request.finished, msg='isAuthorized should not finish the request if it\'s valid.') self.assertIn( 'private', request.getResponseHeader('Cache-Control'), msg= 'The response to a request with the access token as a query parameter ' 'should contain a Cache-Control header with the "private" option.')
def testAuthorizationCodeGrantDeny(self): """ Test the authorization code grant flow when the user denies. """ state = b'state' dataKey = self._doAuthorizationRequest(state) request = MockRequest('POST', 'oauth2', arguments={ 'confirm': 'no', 'data_key': dataKey }) self._makeExampleRequest(request) self.assertEqual(302, request.responseCode, msg='Expected the auth resource to redirect the request.') redirectUrl = request.getResponseHeader(b'location') self.assertIsNotNone(redirectUrl, msg='Expected the auth resource to redirect the request.') parameter = OAuth2Abstract.AuthResourceTest.getParameterFromRedirectUrl(redirectUrl, False) self.assertIn('error', parameter, msg='Missing error parameter in response.') self.assertEqual( UserDeniesAuthorization().name, parameter['error'], msg='Result contained an unexpected error.') self.assertIn('state', parameter, msg='Missing state parameter in response.') self.assertEqual( state if isinstance(state, str) else state.decode('utf-8', errors='replace'), parameter['state'], msg='Result contained an unexpected state.')
def testAuthorizationCodeGrant(self): """ Test the authorization code grant flow. """ state = b'state' request = AbstractAuthResourceTest.createAuthRequest( arguments={ 'response_type': 'code', 'client_id': self._VALID_CLIENT.id, 'redirect_uri': self._VALID_CLIENT.redirectUris[0], 'scope': ' '.join(self._VALID_SCOPE), 'state': state }) self._SERVER.makeSynchronousRequest(request) self.assertIn( request.responseCode, (None, 200), msg='Expected the auth resource to accept a valid request.') response = request.getResponse() self.assertSubstring( b'<!DOCTYPE html>', response, msg= 'Expected the auth resource to send the content returned by onAuthenticate.' ) dataKey = re.search(b"<input.*name=\"data_key\".*value=\"(?P<dataKey>.*)\">", response)\ .group('dataKey') request = MockRequest('POST', 'oauth2', arguments={ 'confirm': 'yes', 'data_key': dataKey }) self._SERVER.makeSynchronousRequest(request) self.assertEquals( request.responseCode, 302, msg='Expected the auth resource to redirect the request.') redirectUrl = request.getResponseHeader(b'location') self.assertIsNotNone( redirectUrl, msg='Expected the auth resource to redirect the request.') parameter = AbstractAuthResourceTest.getParameterFromRedirectUrl( redirectUrl, False) self.assertIn('code', parameter, msg='Missing code parameter in response.') self.assertIn('state', parameter, msg='Missing state parameter in response.') self.assertEquals(parameter['state'], state if isinstance(state, str) else state.decode( 'utf-8', errors='replace'), msg='Result contained an unexpected state.') code = parameter['code'] request = AbstractTokenResourceTest.generateValidTokenRequest( arguments={ 'grant_type': 'authorization_code', 'code': code, 'redirect_uri': self._VALID_CLIENT.redirectUris[0], }, url='oauth2/token', authentication=self._VALID_CLIENT) self._SERVER.makeSynchronousRequest(request) self.assertEquals( request.responseCode, 200, msg='Expected the token resource to accept the request.') jsonResult = json.loads(request.getResponse().decode('utf-8'), encoding='utf-8') self.assertIn('access_token', jsonResult, msg='Expected the result from the token resource ' 'to contain an access_token parameter.') self.assertIn('refresh_token', jsonResult, msg='Expected the result from the token resource ' 'to contain a refresh_token parameter.') self.assertIn('scope', jsonResult, msg='Expected the result from the token resource ' 'to contain a scope parameter.') self.assertListEqual(jsonResult['scope'].split(), self._VALID_SCOPE, msg='The token resource returned a different ' 'scope than expected.') accessToken = jsonResult['access_token'] self._testValidAccessRequest(token=accessToken) refreshToken = jsonResult['refresh_token'] self._testTokenRefresh(refreshToken)