def test_invalid_token_during_connect(db, patch_access_token_getter,
account_with_single_auth_creds):
account_id = account_with_single_auth_creds.id
patch_access_token_getter.revoke_refresh_token(
account_with_single_auth_creds.auth_credentials[0].refresh_token)
account_with_single_auth_creds.verify_all_credentials()
assert len(account_with_single_auth_creds.valid_auth_credentials) == 0
g_token_manager.clear_cache(account_with_single_auth_creds)
# connect_account() takes an /expunged/ account object
# that has the necessary relationships eager-loaded
object_session(account_with_single_auth_creds).expunge(
account_with_single_auth_creds)
assert not object_session(account_with_single_auth_creds)
account = db.session.query(GmailAccount).options(
joinedload(GmailAccount.auth_credentials)).get(
account_id)
db.session.expunge(account)
assert not object_session(account)
g = GmailAuthHandler('gmail')
with pytest.raises(OAuthError):
g.connect_account(account)
invalid_account = db.session.query(GmailAccount).get(account_id)
for auth_creds in invalid_account.auth_credentials:
assert not auth_creds.is_valid
def test_invalid_token_during_connect(db, patch_access_token_getter,
account_with_single_auth_creds):
account_id = account_with_single_auth_creds.id
patch_access_token_getter.revoke_refresh_token(
account_with_single_auth_creds.auth_credentials[0].refresh_token)
account_with_single_auth_creds.verify_all_credentials()
assert len(account_with_single_auth_creds.valid_auth_credentials) == 0
g_token_manager.clear_cache(account_with_single_auth_creds)
# connect_account() takes an /expunged/ account object
# that has the necessary relationships eager-loaded
object_session(account_with_single_auth_creds).expunge(
account_with_single_auth_creds)
assert not object_session(account_with_single_auth_creds)
account = db.session.query(GmailAccount).options(
joinedload(GmailAccount.auth_credentials)).get(
account_id)
db.session.expunge(account)
assert not object_session(account)
g = GmailAuthHandler('gmail')
with pytest.raises(OAuthError):
g.connect_account(account)
invalid_account = db.session.query(GmailAccount).get(account_id)
for auth_creds in invalid_account.auth_credentials:
assert not auth_creds.is_valid
def test_new_token_with_non_oauth_error(
db, patch_access_token_getter, account_with_multiple_auth_creds):
account = account_with_multiple_auth_creds
refresh_token1 = account.auth_credentials[0].refresh_token
refresh_token2 = account.auth_credentials[1].refresh_token
g_token_manager.clear_cache(account)
assert account.new_token(GOOGLE_EMAIL_SCOPE).value == ACCESS_TOKEN
patch_access_token_getter.revoke_refresh_token(refresh_token1)
patch_access_token_getter.force_connection_errors(refresh_token2)
with pytest.raises(ConnectionError):
g_token_manager.get_token(account, GOOGLE_EMAIL_SCOPE)
db.session.refresh(account)
assert len(account.valid_auth_credentials) == 1
def test_new_token_with_non_oauth_error(
db, patch_access_token_getter, account_with_multiple_auth_creds):
account = account_with_multiple_auth_creds
refresh_token1 = account.auth_credentials[0].refresh_token
refresh_token2 = account.auth_credentials[1].refresh_token
g_token_manager.clear_cache(account)
assert account.new_token(GOOGLE_EMAIL_SCOPE).value == ACCESS_TOKEN
patch_access_token_getter.revoke_refresh_token(refresh_token1)
patch_access_token_getter.force_connection_errors(refresh_token2)
with pytest.raises(ConnectionError):
g_token_manager.get_token(account, GOOGLE_EMAIL_SCOPE)
db.session.refresh(account)
assert len(account.valid_auth_credentials) == 1
def test_g_token_manager(
db, patch_access_token_getter,
account_with_multiple_auth_creds,
account_with_single_auth_creds):
account = account_with_multiple_auth_creds
refresh_token1 = account.auth_credentials[0].refresh_token
refresh_token2 = account.auth_credentials[1].refresh_token
g_token_manager.clear_cache(account)
# existing account w/ multiple credentials, all valid
assert (g_token_manager.get_token(account, GOOGLE_EMAIL_SCOPE) ==
ACCESS_TOKEN)
assert (g_token_manager.get_token(account, GOOGLE_CONTACTS_SCOPE) ==
ACCESS_TOKEN)
assert (g_token_manager.get_token(account, GOOGLE_CALENDAR_SCOPE) ==
ACCESS_TOKEN)
for auth_creds in account.auth_credentials:
assert auth_creds.is_valid
# existing account w/ multiple credentials: some valid
patch_access_token_getter.revoke_refresh_token(refresh_token1)
g_token_manager.clear_cache(account)
with pytest.raises(OAuthError):
g_token_manager.get_token(account, GOOGLE_CONTACTS_SCOPE)
assert (g_token_manager.get_token(account, GOOGLE_EMAIL_SCOPE) ==
ACCESS_TOKEN)
with pytest.raises(OAuthError):
g_token_manager.get_token(account, GOOGLE_CALENDAR_SCOPE)
# existing account w/ multiple credentials: all invalid
patch_access_token_getter.revoke_refresh_token(refresh_token2)
g_token_manager.clear_cache(account)
with pytest.raises(OAuthError):
g_token_manager.get_token(account, GOOGLE_EMAIL_SCOPE)
with pytest.raises(OAuthError):
g_token_manager.get_token(account, GOOGLE_CALENDAR_SCOPE)
with pytest.raises(OAuthError):
g_token_manager.get_token(account, GOOGLE_CONTACTS_SCOPE)
db.session.refresh(account)
for auth_creds in account.auth_credentials:
assert not auth_creds.is_valid
# existing account w/ one credential
account = account_with_single_auth_creds
g_token_manager.clear_cache(account)
assert (g_token_manager.get_token(account, GOOGLE_EMAIL_SCOPE) ==
ACCESS_TOKEN)
assert (g_token_manager.get_token(account, GOOGLE_CALENDAR_SCOPE) ==
ACCESS_TOKEN)
with pytest.raises(OAuthError):
g_token_manager.get_token(account, GOOGLE_CONTACTS_SCOPE)
def test_g_token_manager(
db, patch_access_token_getter,
account_with_multiple_auth_creds,
account_with_single_auth_creds):
account = account_with_multiple_auth_creds
refresh_token1 = account.auth_credentials[0].refresh_token
refresh_token2 = account.auth_credentials[1].refresh_token
g_token_manager.clear_cache(account)
# existing account w/ multiple credentials, all valid
assert (g_token_manager.get_token(account, GOOGLE_EMAIL_SCOPE) ==
ACCESS_TOKEN)
assert (g_token_manager.get_token(account, GOOGLE_CONTACTS_SCOPE) ==
ACCESS_TOKEN)
assert (g_token_manager.get_token(account, GOOGLE_CALENDAR_SCOPE) ==
ACCESS_TOKEN)
for auth_creds in account.auth_credentials:
assert auth_creds.is_valid
# existing account w/ multiple credentials: some valid
patch_access_token_getter.revoke_refresh_token(refresh_token1)
g_token_manager.clear_cache(account)
with pytest.raises(OAuthError):
g_token_manager.get_token(account, GOOGLE_CONTACTS_SCOPE)
assert (g_token_manager.get_token(account, GOOGLE_EMAIL_SCOPE) ==
ACCESS_TOKEN)
with pytest.raises(OAuthError):
g_token_manager.get_token(account, GOOGLE_CALENDAR_SCOPE)
# existing account w/ multiple credentials: all invalid
patch_access_token_getter.revoke_refresh_token(refresh_token2)
g_token_manager.clear_cache(account)
with pytest.raises(OAuthError):
g_token_manager.get_token(account, GOOGLE_EMAIL_SCOPE)
with pytest.raises(OAuthError):
g_token_manager.get_token(account, GOOGLE_CALENDAR_SCOPE)
with pytest.raises(OAuthError):
g_token_manager.get_token(account, GOOGLE_CONTACTS_SCOPE)
db.session.refresh(account)
for auth_creds in account.auth_credentials:
assert not auth_creds.is_valid
# existing account w/ one credential
account = account_with_single_auth_creds
g_token_manager.clear_cache(account)
assert (g_token_manager.get_token(account, GOOGLE_EMAIL_SCOPE) ==
ACCESS_TOKEN)
assert (g_token_manager.get_token(account, GOOGLE_CALENDAR_SCOPE) ==
ACCESS_TOKEN)
with pytest.raises(OAuthError):
g_token_manager.get_token(account, GOOGLE_CONTACTS_SCOPE)
