def test_payload_user_password(self):
self.request.forms["client_id"] = "foobar"
self.request.forms["client_secret"] = "barsecret"
_, _, forms, headers = oauth2.extract_params(self.request)
self.assertEqual(forms["client_id"], "foobar")
self.assertEqual(forms["client_secret"], "barsecret")
self.assertNotIn("Authorization", headers)
def test_bearer_html(self):
self.request.content_type = self.request.headers["Content-Type"] = "text/html"
self.request.headers["Authorization"] = "Bearer myfootoken"
self.request.body = "<html>"
_, _, body, headers = oauth2.extract_params(self.request)
self.assertEqual(headers["Authorization"], "Bearer myfootoken")
self.assertEqual(body, "<html>")
def test_payload_overload_auth(self):
self.request.auth = ("foobar", "barsecret")
self.request.forms["client_id"] = "bigger_foobar"
self.request.forms["client_secret"] = "bigger_barsecret"
_, _, forms, headers = oauth2.extract_params(self.request)
self.assertEqual(forms["client_id"], "bigger_foobar")
self.assertEqual(forms["client_secret"], "bigger_barsecret")
self.assertNotIn("Authorization", headers)
def test_bearer_form(self):
self.request.content_type = self.request.headers[
"Content-Type"] = "application/x-www-form-urlencoded"
self.request.headers["Authorization"] = "Bearer myfootoken"
self.request.forms = {"foo": "bar", "bar": 42}
_, _, body, headers = oauth2.extract_params(self.request)
self.assertEqual(headers["Authorization"], "Bearer myfootoken")
self.assertEqual(body, self.request.forms)
def test_noforms_auth_user_password_wait_until_609(self):
"""TODO: fix of unittest above, remove once 609 fixed.
"""
self.request.content_type = self.request.headers["Content-Type"] = "text/html"
self.request.body = "<html>"
self.request.auth = ("foobar", "barsecret")
_, _, body, headers = oauth2.extract_params(self.request)
self.assertEqual(body["client_id"], "foobar")
self.assertEqual(body["client_secret"], "barsecret")
def test_noforms_auth_user_password(self):
"""POSTed body is not a forms, so we need to decode authorization
ourselves.
"""
self.request.content_type = self.request.headers["Content-Type"] = "text/html"
self.request.body = "<html>"
self.request.auth = ("foobar", "barsecret")
_, _, body, headers = oauth2.extract_params(self.request)
self.assertEqual(body, "<html>")
self.assertIn("Authorization", headers)
import bottle
client_id, client_secret = bottle.parse_auth(headers["Authorization"])
self.assertEqual(client_id, "foobar")
self.assertEqual(client_secret, "barsecret")
def assertAuth(self, request):
_, _, forms, headers = oauth2.extract_params(request)
self.assertEqual(forms["client_id"], "foobar")
self.assertEqual(forms["client_secret"], "barsecret")
def test_auth_password(self):
self.request.auth = (None, "barsecret")
_, _, forms, headers = oauth2.extract_params(self.request)
self.assertNotIn("client_id", forms)
self.assertEqual(forms["client_secret"], "barsecret")
self.assertNotIn("Authorization", headers)
def test_auth_user_password_empty(self):
self.request.auth = ("foobar", "")
_, _, forms, headers = oauth2.extract_params(self.request)
self.assertEqual(forms["client_id"], "foobar")
self.assertEqual(forms["client_secret"], "")
self.assertNotIn("Authorization", headers)
def test_empty(self):
self.request.auth = (None, None)
_, _, forms, headers = oauth2.extract_params(self.request)
self.assertNotIn("client_id", forms)
self.assertNotIn("client_secret", forms)
self.assertNotIn("Authorization", headers)
