def testUnauthorizedClient(self): """ Test the rejection of a request with a client that is not authorized to use the authorization code grant type. """ client = getTestPasswordClient('unauthorizedCodeGrantClient', authorizedGrantTypes=[]) code = 'unauthorizedClientCode' self._addAuthorizationToStorage(code, client, ['scope'], client.redirectUris[0]) request = self.generateValidTokenRequest(arguments={ 'grant_type': 'authorization_code', 'code': code, 'redirect_uri': client.redirectUris[0], }, authentication=client) self._CLIENT_STORAGE.addClient(client) result = self._TOKEN_RESOURCE.render_POST(request) self.assertFailedTokenRequest( request, result, UnauthorizedClientError('authorization_code'), msg= 'Expected the resource token to reject an authorization_code request ' 'with a client that is not authorized to use that grant type.')
def testCustomResponseTypeUnauthorizedClient(self): """ Test that a request with a custom response type is rejected if the client is not authorized to use that response type. """ responseType = 'myCustomResponseType' state = b'state\xFF\xFF' client = PasswordClient('customResponseTypeClientUnauthorized', ['https://redirect.noexistent'], [], 'clientSecret') redirectUri = client.redirectUris[0] parameters = { 'response_type': responseType, 'client_id': client.id, 'redirect_uri': redirectUri, 'scope': 'All', 'state': state } request = self.createAuthRequest(arguments=parameters) self._CLIENT_STORAGE.addClient(client) authResource = self.TestOAuth2Resource( self._TOKEN_FACTORY, self._PERSISTENT_STORAGE, self._CLIENT_STORAGE, authTokenStorage=self._TOKEN_STORAGE, grantTypes=[responseType]) result = authResource.render_GET(request) self.assertFailedRequest( request, result, UnauthorizedClientError(responseType, state), redirectUri=redirectUri, msg= 'Expected the authorization token resource to reject a request with a ' 'custom response type that the client is not allowed to use.')
def testWithUnauthorizedClient(self): """ Test the rejection of a request with a client that is not allowed to use the response type. """ state = b'state\xFF\xFF' client = getTestPasswordClient(authorizedGrantTypes=[]) redirectUri = client.redirectUris[0] request = self.createAuthRequest( arguments={ 'response_type': self._RESPONSE_TYPE, 'client_id': client.id, 'redirect_uri': redirectUri, 'scope': 'All', 'state': state }) self._CLIENT_STORAGE.addClient(client) result = self._AUTH_RESOURCE.render_GET(request) self.assertFailedRequest( request, result, UnauthorizedClientError(self._RESPONSE_TYPE, state=state), msg= 'Expected the auth resource to reject a request for a client that is not ' 'authorized to request an authorization using the ' '{type} method.'.format(type=self._RESPONSE_TYPE), redirectUri=redirectUri)
def testUnauthorizedClient(self): """ Test the rejection of a client that is not authorized to use the Resource Owner Password Credentials Grant. """ client = getTestPasswordClient( 'unauthorizedResourceOwnerPasswordCredentialsGrantClient', authorizedGrantTypes=[]) request = self.generateValidTokenRequest(arguments={ 'grant_type': 'password', 'scope': ' '.join(self._VALID_SCOPE), 'username': b'someUser', 'password': b'somePassword', }, authentication=client) self._CLIENT_STORAGE.addClient(client) result = self._TOKEN_RESOURCE.render_POST(request) self.assertFailedTokenRequest( request, result, UnauthorizedClientError('password'), msg='Expected the resource token to reject a password request ' 'with a client that is not authorized to use that grant type.')
def testUnauthorizedGrantTypeClient(self): """ Test the rejection of a valid request for an unauthorized client. """ client = getTestPasswordClient(clientId='unauthorizedClient', authorizedGrantTypes=[]) request = self.generateValidTokenRequest(arguments={ 'grant_type': 'refresh_token', 'client_id': client.id, 'client_secret': client.secret, 'refresh_token': self._VALID_REFRESH_TOKEN, }) self._CLIENT_STORAGE.addClient(client) result = self._TOKEN_RESOURCE.render_POST(request) self.assertFailedTokenRequest( request, result, UnauthorizedClientError('refresh_token'), msg='Expected the token resource to reject a refresh_token request ' 'for the client that is not authorized to use that grant type.')
def testPublicClient(self): """ Test the rejection of a request with a public client. """ client = PublicClient('unauthorizedClientCredentialsGrantClient', ['https://return.nonexistent'], ['client_credentials']) request = self.generateValidTokenRequest( arguments={ 'grant_type': 'client_credentials', 'scope': ' '.join(self._VALID_SCOPE), 'client_id': client.id }) self._CLIENT_STORAGE.addClient(client) result = self._TOKEN_RESOURCE.render_POST(request) self.assertFailedTokenRequest( request, result, UnauthorizedClientError('client_credentials'), msg='Expected the resource token to reject a ' 'client_credentials request with a public client.')