def testAuthorizationForPublicClient(self): """ Test that a request for a public client gets accepted without authentication. """ client = PublicClient('publicClient', ['https://return.nonexistent'], ['refresh_token']) refreshToken = 'publicClientRefreshToken' request = self.generateValidTokenRequest( arguments={ 'grant_type': 'refresh_token', 'client_id': client.id, 'refresh_token': refreshToken }) self._REFRESH_TOKEN_STORAGE.store(refreshToken, client, self._VALID_SCOPE) newAuthToken = 'tokenForPublicClient' self._CLIENT_STORAGE.addClient(client) self._TOKEN_FACTORY.expectTokenRequest( newAuthToken, self._TOKEN_RESOURCE.authTokenLifeTime, client, self._VALID_SCOPE) result = self._TOKEN_RESOURCE.render_POST(request) self._TOKEN_FACTORY.assertAllTokensRequested() self.assertValidTokenResponse(request, result, newAuthToken, self._TOKEN_RESOURCE.authTokenLifeTime, expectedScope=self._VALID_SCOPE)
def testWithoutRedirectUriButClientHasOne(self): """ Test that a request without a redirect uri is accepted if the client has ony one predefined redirect uri. """ client = PublicClient('clientWithOneRedirectUri', self._VALID_CLIENT.redirectUris[:1], [ GrantTypes.AUTHORIZATION_CODE.value, GrantTypes.IMPLICIT.value ]) parameter = { 'response_type': self._RESPONSE_TYPE, 'client_id': client.id, 'scope': 'All', 'state': b'state\xFF\xFF' } self._CLIENT_STORAGE.addClient(client) request = self.createAuthRequest(arguments=parameter) result = self._AUTH_RESOURCE.render_GET(request) parameter['redirect_uri'] = client.redirectUris[0] self.assertValidAuthRequest( request, result, parameter, msg='Expected the auth resource to accept a request ' 'without a redirect uri if the client has one.')
def testWithoutRedirectUriButClientHasMultiple(self): """ Test the rejection of a request without a redirect uri if the client has more than one predefined redirect uri. """ client = PublicClient('clientWithMultipleRedirectUris', ['https://return.nonexistent'] * 2, ['authorization_code']) request = self.createAuthRequest(arguments={ 'response_type': self._RESPONSE_TYPE, 'client_id': client.id, 'scope': 'All', 'state': b'state\xFF\xFF' }) self._CLIENT_STORAGE.addClient(client) result = self._AUTH_RESOURCE.render_GET(request) self.assertFailedRequest( request, result, MissingParameterError('redirect_uri'), msg='Expected the auth resource to reject a request without a redirect uri.')
def testPublicClient(self): """ Test the rejection of a request with a public client. """ client = PublicClient('unauthorizedClientCredentialsGrantClient', ['https://return.nonexistent'], ['client_credentials']) request = self.generateValidTokenRequest( arguments={ 'grant_type': 'client_credentials', 'scope': ' '.join(self._VALID_SCOPE), 'client_id': client.id }) self._CLIENT_STORAGE.addClient(client) result = self._TOKEN_RESOURCE.render_POST(request) self.assertFailedTokenRequest( request, result, UnauthorizedClientError('client_credentials'), msg='Expected the resource token to reject a ' 'client_credentials request with a public client.')
def testAddClient(self): """ Test if a client can be added to the client storage. """ client = PublicClient( 'newPublicClientId', ['https://return.nonexistent', 'https://return2.nonexistent'], [GrantTypes.REFRESH_TOKEN]) self._CLIENT_STORAGE.addClient(client) self.assertListEqual( self._CLIENT_STORAGE.getClient(client.id).authorizedGrantTypes, client.authorizedGrantTypes, msg= 'Expected the client storage to contain a client after adding him.' ) client = PasswordClient( 'newPasswordClientId', ['https://return.nonexistent', 'https://return2.nonexistent'], ['client_credentials'], 'newClientSecret') self._CLIENT_STORAGE.addClient(client) self.assertEqual( client.secret, self._CLIENT_STORAGE.getClient(client.id).secret, msg= 'Expected the client storage to contain a client after adding him.' )
class ClientStorageTest(TwistedTestCase): """ An abstract test case for ClientStorage implementations. A subclass must call setupClientStorage with an instance of the client storage to test. """ _CLIENT_STORAGE = None _VALID_CLIENTS = [ getTestPasswordClient(), PublicClient('publicClient', ['https://return.nonexistent'], []) ] @classmethod def setupClientStorage(cls, clientStorage): """ Set the client storage implementation to use for the tests. The client storage must contain all _VALID_CLIENTS. :param clientStorage: The client storage implementation to test. """ cls._CLIENT_STORAGE = clientStorage def testGetClient(self): """ Test the retrieval of clients from the client storage. """ for validClient in self._VALID_CLIENTS: client = self._CLIENT_STORAGE.getClient(validClient.id) self.assertIsInstance( client, Client, message= 'Expected the client storage to return a client object.') self.assertIsInstance( client, validClient.__class__, message='Expected the client storage to return a client ' 'object of the same subclass as the original client.') self.assertIsInstance( client.id, str, message='Expected the client id of the client returned ' 'by the client storage to be a string.') self.assertIsInstance( client.redirectUris, list, message='Expected the redirect uris of the client returned ' 'by the client storage to be a list.') for uri in client.redirectUris: self.assertIsInstance( uri, str, message='Expected all redirect uris of the client ' 'returned by the client storage to be a string.') self.assertIsInstance( client.authorizedGrantTypes, list, message='Expected the authorized grant types of the client ' 'returned by the client storage to be a list.') for grantType in client.authorizedGrantTypes: self.assertIsInstance( grantType, str, message= 'Expected all grant types of the client returned ' 'by the client storage to be a string.') assertClientEquals( self, client, validClient, message= 'Expected the attributes of the client returned by the client storage ' 'to have the same values as the attributes of the original client.' ) def testGetNonExistentClient(self): """ Test handling of requests for clients that do net exist in the client storage. """ self.assertRaises(KeyError, self._CLIENT_STORAGE.getClient, 'nonExistentClientId')