def setUp(self): from invenio_accounts.models import User from invenio_oauth2server.registry import scopes from invenio_oauth2server.models import Token, Scope # Setup variables: self.called = dict() # Setup test scopes with self.app.app_context(): scopes.register(Scope("test:testscope", group="Test", help_text="Test scope")) # Setup API resources class Test1Resource(Resource): # NOTE: Method decorators are applied in reverse order method_decorators = [require_oauth_scopes("test:testscope"), require_api_auth()] def get(self): assert request.oauth.access_token return "success", 200 def post(self): assert request.oauth.access_token return "success", 200 @require_header("Content-Type", "application/json") def put(self): return "success", 200 class Test2Resource(Resource): @require_api_auth() @require_oauth_scopes("test:testscope") def get(self): assert request.oauth.access_token return "success", 200 @require_api_auth() @require_oauth_scopes("test:testscope") def post(self): assert request.oauth.access_token return "success", 200 @require_header("Content-Type", "text/html") def put(self): return "success", 200 # Register API resources api = self.app.extensions["restful"] api.add_resource(Test1Resource, "/api/test1/decoratorstestcase/") api.add_resource(Test2Resource, "/api/test2/decoratorstestcase/") # Create a user self.user = User(email="*****@*****.**", nickname="tester") self.user.password = "******" db.session.add(self.user) db.session.commit() # Create tokens self.token = Token.create_personal("test-", self.user.id, scopes=["test:testscope"], is_internal=True) self.token_noscope = Token.create_personal("test-", self.user.id, scopes=[], is_internal=True)
def user(): """Create circulation admin user.""" from werkzeug.local import LocalProxy from flask_security.utils import encrypt_password from invenio_db import db from invenio_oauth2server.models import Token _datastore = LocalProxy(lambda: app.extensions['security'].datastore) kwargs = dict( email='*****@*****.**', password='******', active=True ) kwargs['password'] = encrypt_password(kwargs['password']) user = _datastore.create_user(**kwargs) Token.create_personal( 'test-personal-{0}'.format(user.id), user.id, scopes=['webhooks:event'], is_internal=True, ).access_token db.session.commit()
def test_token_scopes(self): from invenio_oauth2server.models import Client, Token from invenio_oauth2server.errors import ScopeDoesNotExists c = Client( client_id='dev2', client_secret='dev2', name='dev2', description='', is_confidential=False, user=self.objects[0], _redirect_uris='', _default_scopes="" ) t = Token( client=c, user=self.objects[0], token_type='bearer', access_token='dev_access', refresh_token='dev_refresh', expires=None, is_personal=False, is_internal=False, _scopes='', ) t.scopes = ['test:scope1', 'test:scope2', 'test:scope2'] self.create_objects([c, t]) self.assertEqual(t.scopes, ['test:scope1', 'test:scope2']) self.assertRaises(ScopeDoesNotExists, t.__setattr__, 'scopes', ['invalid']) self.assertEqual(t.get_visible_scopes(), ['test:scope1']) self.delete_objects([c])
def _create_new_record_version(app): """Create a new version of a record existing before the upgrade.""" from invenio_accounts.models import User from flask_security import url_for_security from flask_security.utils import hash_password from flask import url_for from invenio_oauth2server.models import Token user = User.query.filter(User.email=='*****@*****.**').one() user.password = hash_password('123') token = Token.create_personal( 'other_token', user.id, scopes=[] ) headers = [ ('Authorization', 'Bearer {}'.format(token.access_token)), ('Content-type', 'application/json') ] db.session.commit() with app.test_request_context(): login_url = url_for_security('login') with app.test_client() as client: res = client.post(login_url, data={ 'email': '*****@*****.**', 'password': '******' }) assert res.status_code == 302 url = url_for('b2share_records_rest.b2rec_list', version_of='1033083fedf4408fb5611f23527a926d') res = client.post(url, headers=headers) assert res.status_code == 201
def init_account(self): """Setup a new GitHub account.""" ghuser = self.api.me() # Setup local access tokens to be used by the webhooks hook_token = ProviderToken.create_personal( 'github-webhook', self.user_id, scopes=['webhooks:event'], is_internal=True, ) # Initial structure of extra data self.account.extra_data = dict( id=ghuser.id, login=ghuser.login, name=ghuser.name, tokens=dict( webhook=hook_token.id, ), repos=dict(), last_sync=iso_utcnow(), ) db.session.add(self.account) # Sync data from GitHub, but don't check repository hooks yet. self.sync(hooks=False)
def setUp(self): """Set up some dummy data and a resource.""" from invenio_accounts.models import User from invenio_oauth2server.models import Token self.data = range(25) # setup test api resources class TestDataResource(Resource): method_decorators = [require_api_auth()] @require_header("Content-Type", "application/json") def get(self): import json from flask import make_response from invenio_ext.restful.errors import InvalidPageError from invenio_ext.restful import pagination # Test to see that the exceptions are raised correctly # In restful.py it is not needed because the error_hanler # takes care of exceptions response = None try: # test data testdata = range(25) endpoint = request.endpoint args = request.args page = int(args.get("page", 1)) per_page = int(args.get("per_page", 10)) p = pagination.RestfulPagination(page=page, per_page=per_page, total_count=len(testdata)) data_to_return = p.slice(testdata) kwargs = {} kwargs["endpoint"] = endpoint kwargs["args"] = request.args link_header = p.link_header(**kwargs) response = make_response(json.dumps(data_to_return)) response.headers[link_header[0]] = link_header[1] response.headers["Content-Type"] = request.headers["Content-Type"] except InvalidPageError as e: exception = {} exception["message"] = e.error_msg exception["type"] = "{0}".format(type(e)) response = make_response(json.dumps(exception)) return response # Register API resources api = self.app.extensions["restful"] api.add_resource(TestDataResource, "/api/testdata/") # Create a user self.user = User(email="*****@*****.**", nickname="tester") self.user.password = "******" db.session.add(self.user) db.session.commit() # create token self.token = Token.create_personal("test-", self.user.id, scopes=[], is_internal=True)
def test_deposit(app, test_communities, login_user, authentication): """Test record submission with classic login and access token.""" with app.app_context(): allowed_user = create_user('allowed') scopes = current_oauth2server.scope_choices() allowed_token = Token.create_personal( 'allowed_token', allowed_user.id, scopes=[s[0] for s in scopes] ) # application authentication token header allowed_headers = [('Authorization', 'Bearer {}'.format(allowed_token.access_token))] other_user = create_user('other') other_token = Token.create_personal( 'other_token', other_user.id, scopes=[s[0] for s in scopes] ) # application authentication token header other_headers = [('Authorization', 'Bearer {}'.format(other_token.access_token))] community_name = 'MyTestCommunity1' community = Community.get(name=community_name) com_admin = create_user('com_admin', roles=[community.admin_role]) com_admin_token = Token.create_personal( 'com_admin_token', com_admin.id, scopes=[s[0] for s in scopes] ) # application authentication token header com_admin_headers = [('Authorization', 'Bearer {}'.format(com_admin_token.access_token))] test_records_data = [generate_record_data(community=community_name) for idx in range(1,3)] db.session.commit() if authentication == 'user/password': subtest_deposit(app, test_communities, allowed_user, other_user, com_admin, [], [], [], login_user, test_records_data) else: subtest_deposit(app, test_communities, allowed_user, other_user, com_admin, allowed_headers, other_headers, com_admin_headers, lambda u, c: 42, test_records_data)
def create_oauth_token(self, user_id, scopes, is_internal=True): """Create an OAuth personal access_token.""" # Create a personal access token as well. from invenio_oauth2server.models import Token self.accesstoken[user_id] = Token.create_personal( 'test-personal-%s' % user_id, user_id, scopes=scopes, is_internal=is_internal ).access_token
def access_token_no_scope(app, tester_id): """Fixture that create an access token without scope.""" token = Token.create_personal( 'test-personal-{0}'.format(tester_id), tester_id, scopes=[''], is_internal=True, ).access_token db.session.commit() return token
def access_token(app, db, tester_id): """Fixture that create an access token.""" token = Token.create_personal( 'test-personal-{0}'.format(tester_id), tester_id, scopes=['webhooks:event'], is_internal=True, ).access_token db.session.commit() return token
def deposit_token(app, db, tester_id): """Fixture that create an access token.""" token = Token.create_personal( 'deposit-personal-{0}'.format(tester_id), tester_id, scopes=['deposit:write', 'deposit:actions'], is_internal=True, ).access_token db.session.commit() return token
def provider_fixture(app): """Fixture that contains test data for provider tests.""" from invenio_oauth2server.proxies import current_oauth2server # Mock the oauth client calls to prevent them from going online. oauth_client = create_oauth_client(app, 'oauth2test') oauth_client.http_request = MagicMock( side_effect=patch_request(app) ) datastore = app.extensions['security'].datastore with app.test_request_context(): with db.session.begin_nested(): current_oauth2server.register_scope(Scope('test:scope')) user1 = datastore.create_user( email='*****@*****.**', password='******', active=True, ) datastore.create_user( email='*****@*****.**', password='******', active=True ) c1 = Client(client_id='dev', client_secret='dev', name='dev', description='', is_confidential=False, user=user1, _redirect_uris=url_for( 'oauth2test.authorized', _external=True ), _default_scopes='test:scope' ) c2 = Client(client_id='confidential', client_secret='confidential', name='confidential', description='', is_confidential=True, user=user1, _redirect_uris=url_for( 'oauth2test.authorized', _external=True ), _default_scopes='test:scope' ) db.session.add(c1) db.session.add(c2) personal_token = Token.create_personal('test-personal', user1.id, scopes=[], is_internal=True) db.session.commit() app.user1_id = user1.id app.personal_token = personal_token.access_token return app
def post(self, **kwargs): token_name = request.get_json().get('token_name') if not token_name: abort(400) scopes = current_oauth2server.scope_choices() token = Token.create_personal( token_name, current_user.get_id(), scopes=[s[0] for s in scopes] ) db.session.commit() return token_to_json_serializer(token, show_access_token=True, code=201)
def _create(cls, model_class, *args, **kwargs): if "role" in kwargs: user = UserFactory(role=kwargs["role"]) else: user = UserFactory() user = User.query.filter(User.email == user.email).one_or_none() token = Token.create_personal(fake.name(), user.id, scopes={}, is_internal=True) return token
def access_token(app, tester_id): """Fixture that create an access token.""" with app.app_context(): token = Token.create_personal( 'test-personal-{0}'.format(tester_id), tester_id, scopes=['webhooks:event'], is_internal=True, ).access_token db.session.commit() return token
def provider_fixture(app): """Fixture that contains test data for provider tests.""" from invenio_oauth2server.proxies import current_oauth2server # Mock the oauth client calls to prevent them from going online. oauth_client = create_oauth_client(app, 'oauth2test') oauth_client.http_request = MagicMock( side_effect=patch_request(app) ) datastore = app.extensions['security'].datastore with app.test_request_context(): with db.session.begin_nested(): current_oauth2server.register_scope(Scope('test:scope')) app.user1 = datastore.create_user( email='*****@*****.**', password='******', active=True, ) app.user2 = datastore.create_user( email='*****@*****.**', password='******', active=True ) app.c1 = Client(client_id='dev', client_secret='dev', name='dev', description='', is_confidential=False, user=app.user1, _redirect_uris=url_for( 'oauth2test.authorized', _external=True ), _default_scopes='test:scope' ) app.c2 = Client(client_id='confidential', client_secret='confidential', name='confidential', description='', is_confidential=True, user=app.user1, _redirect_uris=url_for( 'oauth2test.authorized', _external=True ), _default_scopes='test:scope' ) db.session.add(app.c1) db.session.add(app.c2) app.personal_token = Token.create_personal('test-personal', app.user1.id, scopes=[], is_internal=True) return app
def access_token(api_app, db, users): """Fixture that create an access token.""" with db.session.begin_nested(): tester_id = User.query.get(users[0]).id token = Token.create_personal( 'test-personal-{0}'.format(tester_id), tester_id, scopes=['webhooks:event'], is_internal=True, ).access_token db.session.commit() return token
def init_provider_tokens(user_id): """Create local access token. It is used to authenticate GitHub webhook as well as the upload using the API. """ webhook_token = ProviderToken.create_personal( 'github-webhook', user_id, scopes=['webhooks:event'], is_internal=True, ) internal_token = ProviderToken.create_personal( 'github-upload', user_id, scopes=['deposit:write', 'deposit:actions'], is_internal=True, ) return webhook_token, internal_token
def test_token_scopes(models_fixture): app = models_fixture with app.app_context(): client = Client( client_id='dev2', client_secret='dev2', name='dev2', description='', is_confidential=False, user=app.test_user, _redirect_uris='', _default_scopes="" ) token = Token( client=client, user=app.test_user, token_type='bearer', access_token='dev_access', refresh_token='dev_refresh', expires=None, is_personal=False, is_internal=False, _scopes='', ) token.scopes = ['test:scope1', 'test:scope2', 'test:scope2'] with db.session.begin_nested(): db.session.add(client) db.session.add(token) assert set(token.scopes) == set( ['test:scope1', 'test:scope2']) with pytest.raises(ScopeDoesNotExists): token.scopes = ['invalid'] assert token.get_visible_scopes() == ['test:scope1'] with db.session.begin_nested(): db.session.delete(client)
def test_token_scopes(models_fixture): app = models_fixture with app.app_context(): client = Client( client_id='dev2', client_secret='dev2', name='dev2', description='', is_confidential=False, user=app.test_user(), _redirect_uris='', _default_scopes="" ) token = Token( client=client, user=app.test_user(), token_type='bearer', access_token='dev_access', refresh_token='dev_refresh', expires=None, is_personal=False, is_internal=False, _scopes='', ) token.scopes = ['test:scope1', 'test:scope2', 'test:scope2'] with db.session.begin_nested(): db.session.add(client) db.session.add(token) assert set(token.scopes) == set( ['test:scope1', 'test:scope2']) with pytest.raises(ScopeDoesNotExists): token.scopes = ['invalid'] assert token.get_visible_scopes() == ['test:scope1'] with db.session.begin_nested(): db.session.delete(client)
def rat_generate_token(app, db, oauth2_client, users): """Create token.""" with db.session.begin_nested(): token_ = Token( client_id=oauth2_client, user_id=users[0]['id'], access_token='rat_token', expires=datetime.utcnow() + timedelta(hours=10), is_personal=False, is_internal=True, _scopes=tokens_generate_scope.id, ) db.session.add(token_) db.session.commit() return token_
def write_token_user_2(app, client, users): """Create token.""" with db.session.begin_nested(): token_ = Token( client=client, user_id=users[1]["id"], access_token="dev_access_2", refresh_token="dev_refresh_2", expires=datetime.datetime.now() + datetime.timedelta(hours=10), is_personal=False, is_internal=True, _scopes=write_scope.id, ) db.session.add(token_) db.session.commit() return token_
def access_token(app, db): _datastore = LocalProxy(lambda: app.extensions['security'].datastore) kwargs = dict(email='*****@*****.**', password='******', active=True) kwargs['password'] = encrypt_password(kwargs['password']) user = _datastore.create_user(**kwargs) db.session.commit() token = Token.create_personal( 'test-personal-{0}'.format(user.id), user.id, scopes=['webhooks:event'], is_internal=True, ).access_token db.session.commit() yield token
def token_new(): """Create new token.""" data, errors = TokenSchema().load(request.get_json()) if errors: return jsonify({"errors": errors}), 400 t = Token.create_personal(data.get("name"), current_user.get_id(), scopes=data.get("scopes")) db.session.commit() return jsonify({ "t_id": t.id, "name": t.client.name, "scopes": t.scopes, "access_token": t.access_token }), 200
def user(db, app): """File system location.""" user = User(email='*****@*****.**', active=True) db.session.add(user) role = Role(name='*****@*****.**') role.users.append(user) db.session.add(role) db.session.commit() token = Token.create_personal('test', user.id) db.session.commit() app.config['API_TOKEN'] = token.access_token yield user
def create_personal(name, user_id, scopes=None, is_internal=False, access_token=None): """Create a personal access token. A token that is bound to a specific user and which doesn't expire, i.e. similar to the concept of an API key. :param name: Client name. :param user_id: User ID. :param scopes: The list of permitted scopes. (Default: ``None``) :param is_internal: If ``True`` it's a internal access token. (Default: ``False``) :param access_token: personalized access_token. :returns: A new access token. """ with db.session.begin_nested(): scopes = " ".join(scopes) if scopes else "" client = Client(name=name, user_id=user_id, is_internal=True, is_confidential=False, _default_scopes=scopes) client.gen_salt() if not access_token: access_token = gen_salt( current_app.config.get('OAUTH2SERVER_TOKEN_PERSONAL_SALT_LEN')) token = Token( client_id=client.client_id, user_id=user_id, access_token=access_token, expires=None, _scopes=scopes, is_personal=True, is_internal=is_internal, ) db.session.add(client) db.session.add(token) return token
def users(app, db, roles_data, users_data, create_roles): """Create test users.""" ds = app.extensions['invenio-accounts'].datastore result = {} with app.app_context(): with db.session.begin_nested(): for user_key, user_data in iteritems(users_data): user_data['password'] = hash_password(user_data['password']) user = ds.create_user(**user_data) result[user_key] = user roles = Role.query.filter( Role.id.in_(role['id'] for role in create_roles[:5])).all() result['user1'].roles.extend(roles) db.session.add( ActionUsers.allow( superuser_access, user=result['admin'], )) for user in result.values(): scopes = current_oauth2server.scope_choices() db.session.add(user) user.allowed_token = Token.create_personal( name='allowed_token', user_id=user.id, scopes=[s[0] for s in scopes]).access_token user_ref = namedtuple('UserRef', 'id, allowed_token, data') result_user = { name: user_ref( id=user.id, data=users_data[name], allowed_token=user.allowed_token, ) for name, user in six.iteritems(result) } db.session.commit() return result_user
def extra_token(app, db, oauth2_client, users): """Create token.""" with db.session.begin_nested(): token_ = Token(client_id=oauth2_client, user_id=users[0]['id'], access_token='dev_access_2', refresh_token='dev_refresh_2', expires=datetime.utcnow() + timedelta(hours=10), is_personal=False, is_internal=True, _scopes=' '.join( [extra_formats_scope.id, write_scope.id])) db.session.add(token_) db.session.commit() return dict(token=token_, auth_header=[ ('Authorization', 'Bearer {0}'.format(token_.access_token)), ])
def _write_token(user): """Return json headers with write oauth token for given user.""" client_ = Client.query.filter_by( user_id=user.id ).first() if not client_: client_ = Client( client_id=user.id, client_secret='client_secret_{}'.format(user.id), name='client_test_{}'.format(user.id), description='', is_confidential=False, user_id=user.id, _redirect_uris='', _default_scopes='', ) db.session.add(client_) token_ = Token.query.filter_by( user_id=user.id ).first() if not token_: token_ = Token( client_id=client_.client_id, user_id=user.id, access_token='dev_access_{}'.format(user.id), refresh_token='dev_refresh_{}'.format(user.id), expires=datetime.utcnow() + timedelta(hours=10), is_personal=False, is_internal=True, _scopes=write_scope.id, ) db.session.add(token_) db.session.commit() return bearer_auth(dict( token=token_, auth_header=[ ('Authorization', 'Bearer {0}'.format(token_.access_token)), ] ))
def account_search(user, expected_code): headers = [('Content-Type', 'application/json'), ('Accept', 'application/json')] with app.app_context(): url = url_for('invenio_accounts_rest.users_list') if user: scopes = current_oauth2server.scope_choices() allowed_token = Token.create_personal( 'allowed_token', user.id, scopes=[s[0] for s in scopes]) # application authentication token header headers.append( ('Authorization', 'Bearer {}'.format(allowed_token.access_token))) with app.test_client() as client: if user is not None: login_user(user, client) res = client.get(url, headers=headers) assert res.status_code == expected_code
def account_search(user, expected_code): headers = [('Content-Type', 'application/json'), ('Accept', 'application/json')] with app.app_context(): url = url_for('invenio_accounts_rest.users_list') if user: scopes = current_oauth2server.scope_choices() allowed_token = Token.create_personal( 'allowed_token', user.id, scopes=[s[0] for s in scopes] ) # application authentication token header headers.append(('Authorization', 'Bearer {}'.format(allowed_token.access_token))) with app.test_client() as client: if user is not None: login_user(user, client) res = client.get(url, headers=headers) assert res.status_code == expected_code
def create_user_token(client_name, user, access_token): """Create a token for the given user.""" # Create token for user with db.session.begin_nested(): client = Client(name=client_name, user_id=user.id, is_internal=True, is_confidential=False, _default_scopes='') client.gen_salt() token = Token(client_id=client.client_id, user_id=user.id, access_token=access_token, expires=None, is_personal=True, is_internal=True, _scopes='') db.session.add(client) db.session.add(token) return token
def token_new(): """Create new token.""" data, errors = TokenSchema().load(request.get_json()) if errors: return jsonify({"errors": errors}), 400 t = Token.create_personal( data.get("name"), current_user.get_id(), scopes=data.get("scopes") ) db.session.commit() return jsonify( { "t_id": t.id, "name": t.client.name, "scopes": t.scopes, "access_token": t.access_token }), 200
def init_authentication_token(): with db.session.begin_nested(): client = Client(name='admin', user_id=1, is_internal=True, is_confidential=False, _default_scopes="") client.gen_salt() token = Token( client_id=client.client_id, user_id=1, access_token=current_app.config["AUTHENTICATION_TOKEN"], expires=None, _scopes="", is_personal=True, is_internal=True, ) db.session.add(client) db.session.add(token) db.session.commit()
def init_account(self): """Setup a new GitHub account.""" ghuser = self.api.me() # Setup local access tokens to be used by the webhooks hook_token = ProviderToken.create_personal( 'github-webhook', self.user_id, scopes=['webhooks:event'], is_internal=True, ) # Initial structure of extra data self.account.extra_data = dict( id=ghuser.id, login=ghuser.login, name=ghuser.name, tokens=dict(webhook=hook_token.id, ), repos=dict(), last_sync=iso_utcnow(), ) db.session.add(self.account) # Sync data from GitHub, but don't check repository hooks yet. self.sync(hooks=False)
def setUp(self): """Set up some dummy data and a resource.""" from invenio_accounts.models import User from invenio_oauth2server.models import Token self.data = range(25) # setup test api resources class TestDataResource(Resource): method_decorators = [require_api_auth()] @require_header('Content-Type', 'application/json') def get(self): import json from flask import make_response from invenio_ext.restful.errors import (InvalidPageError) from invenio_ext.restful import pagination # Test to see that the exceptions are raised correctly # In restful.py it is not needed because the error_hanler # takes care of exceptions response = None try: # test data testdata = range(25) endpoint = request.endpoint args = request.args page = int(args.get('page', 1)) per_page = int(args.get('per_page', 10)) p = pagination.RestfulPagination(page=page, per_page=per_page, total_count=len(testdata)) data_to_return = p.slice(testdata) kwargs = {} kwargs['endpoint'] = endpoint kwargs['args'] = request.args link_header = p.link_header(**kwargs) response = make_response(json.dumps(data_to_return)) response.headers[link_header[0]] = link_header[1] response.headers['Content-Type'] = request.headers[ 'Content-Type'] except InvalidPageError as e: exception = {} exception['message'] = e.error_msg exception['type'] = "{0}".format(type(e)) response = make_response(json.dumps(exception)) return response # Register API resources api = self.app.extensions['restful'] api.add_resource(TestDataResource, '/api/testdata/') # Create a user self.user = User(email='*****@*****.**', nickname='tester') self.user.password = "******" db.session.add(self.user) db.session.commit() # create token self.token = Token.create_personal('test-', self.user.id, scopes=[], is_internal=True)
def test_patron_info(app, client, patron_martigny, librarian_martigny): """Test patron info.""" # All scopes scopes = [ 'fullname', 'birthdate', 'institution', 'expiration_date', 'patron_type', 'patron_types' ] # create a oauth client liked to the librarian account oauth_client = Client(client_id='dev', client_secret='dev', name='Test name', description='Test description', is_confidential=False, user=librarian_martigny.user, website='http://foo.org', _redirect_uris='') # token with all scopes token = Token(client=oauth_client, user=patron_martigny.user, token_type='bearer', access_token='test_access_1', expires=None, is_personal=False, is_internal=False, _scopes=' '.join(scopes)) # token without scope no_scope_token = Token(client=oauth_client, user=patron_martigny.user, token_type='bearer', access_token='test_access_2', expires=None, is_personal=False, is_internal=False) db.session.add(oauth_client) db.session.add(token) db.session.commit() # denied with a wrong token res = client.get(url_for('api_patrons.info', access_token='wrong')) assert res.status_code == 401 # denied without token res = client.get(url_for('api_patrons.info')) assert res.status_code == 401 # minimal information without scope res = client.get( url_for('api_patrons.info', access_token=no_scope_token.access_token)) assert res.status_code == 200 assert res.json == {'barcode': patron_martigny['patron']['barcode'].pop()} # full information with all scopes res = client.get( url_for('api_patrons.info', access_token=token.access_token)) assert res.status_code == 200 assert res.json == { 'barcode': '4098124352', 'birthdate': '1947-06-07', 'fullname': 'Roduit, Louis', 'patron_types': [{ 'expiration_date': '2023-10-07T00:00:00', 'institution': 'org1', 'patron_type': 'patron-code' }] }
def resource_fixture(app): """Fixture that contains the test data for models tests.""" from flask import request from invenio_oauth2server.proxies import current_oauth2server # Setup API resources class Test1Resource(MethodView): # NOTE: Method decorators are applied in reverse order decorators = [ require_oauth_scopes('test:testscope'), require_api_auth(), ] def get(self): assert request.oauth.access_token return "success", 200 def post(self): assert request.oauth.access_token return "success", 200 class Test2Resource(MethodView): @require_api_auth() @require_oauth_scopes('test:testscope') def get(self): assert request.oauth.access_token return "success", 200 @require_api_auth() @require_oauth_scopes('test:testscope') def post(self): assert request.oauth.access_token return "success", 200 # Register API resources app.add_url_rule( '/api/test1/decoratorstestcase/', view_func=Test1Resource.as_view('test1resource'), ) app.add_url_rule( '/api/test2/decoratorstestcase/', view_func=Test2Resource.as_view('test2resource'), ) datastore = app.extensions['security'].datastore with app.app_context(): # Register a test scope current_oauth2server.register_scope(Scope( 'test:testscope', group='Test', help_text='Test scope' )) with db.session.begin_nested(): app.user = datastore.create_user( email='*****@*****.**', password='******', active=True, ) # Create tokens app.token = Token.create_personal( 'test-', app.user.id, scopes=['test:testscope'], is_internal=True) app.token_noscope = Token.create_personal( 'test-', app.user.id, scopes=[], is_internal=True) with app.test_request_context(): app.url_for_test1resource = url_for('test1resource') app.url_for_test2resource = url_for('test2resource') app.url_for_test1resource_token = url_for( 'test1resource', access_token=app.token.access_token ) app.url_for_test2resource_token = url_for( 'test2resource', access_token=app.token.access_token ) app.url_for_test1resource_token_noscope = url_for( 'test1resource', access_token=app.token_noscope.access_token ) app.url_for_test2resource_token_noscope = url_for( 'test2resource', access_token=app.token_noscope.access_token ) return app
def provider_fixture(app): """Fixture that contains test data for provider tests.""" from invenio_oauth2server.proxies import current_oauth2server # Mock the oauth client calls to prevent them from going online. oauth_client = create_oauth_client(app, 'oauth2test') oauth_client.http_request = MagicMock(side_effect=patch_request(app)) datastore = app.extensions['security'].datastore with app.test_request_context(): with db.session.begin_nested(): current_oauth2server.register_scope(Scope('test:scope')) user1 = datastore.create_user( email='*****@*****.**', password='******', active=True, ) datastore.create_user(email='*****@*****.**', password='******', active=True) user3 = datastore.create_user(email='*****@*****.**', password='******', active=False) c1 = Client(client_id='dev', client_secret='dev', name='dev', description='', is_confidential=False, user=user1, _redirect_uris=url_for('oauth2test.authorized', _external=True), _default_scopes='test:scope') c2 = Client(client_id='confidential', client_secret='confidential', name='confidential', description='', is_confidential=True, user=user1, _redirect_uris=url_for('oauth2test.authorized', _external=True), _default_scopes='test:scope') # Same as 'c2' but user belonging to a user that's inactive c3 = Client(client_id='confidential-user-inactive', client_secret='confidential-user-inactive', name='confidential-user-inactive', description='', is_confidential=True, user=user3, _redirect_uris=url_for('oauth2test.authorized', _external=True), _default_scopes='test:scope') c4 = Client(client_id='confidential-email', client_secret='confidential-email', name='confidential-email', description='', is_confidential=True, user=user1, _redirect_uris=url_for('oauth2test.authorized', _external=True), _default_scopes='email') db.session.add(c1) db.session.add(c2) db.session.add(c3) db.session.add(c4) personal_token = Token.create_personal('test-personal', user1.id, scopes=[], is_internal=True) personal_token3 = Token.create_personal('test-personal', user3.id, scopes=[], is_internal=True) db.session.commit() app.user1_id = user1.id app.user3_id = user3.id app.personal_token = personal_token.access_token app.personal_token3 = personal_token3.access_token return app
def setUp(self): super(ProviderTestCase, self).setUp() # Set environment variable DEBUG to true, to allow testing without # SSL in oauthlib. if self.app.config.get('CFG_SITE_SECURE_URL').startswith('http://'): self.os_debug = os.environ.get('OAUTHLIB_INSECURE_TRANSPORT', '') os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = 'true' from invenio_accounts.models import User from invenio_oauth2server.models import Client, Scope from invenio_oauth2server.registry import scopes as scopes_registry self.assets_patcher = patch( 'webassets.ext.jinja2.AssetsExtension._render_assets') _render_assets = self.assets_patcher.start() _render_assets.return_value = '/ping' # Register a test scope scopes_registry.register(Scope('test:scope')) self.base_url = self.app.config.get('CFG_SITE_SECURE_URL') # Create needed objects u = User(email='*****@*****.**', nickname='tester') u.password = "******" u2 = User(email='*****@*****.**', nickname='tester2') u2.password = "******" db.session.add(u) db.session.add(u2) c1 = Client(client_id='dev', client_secret='dev', name='dev', description='', is_confidential=False, user=u, _redirect_uris='%s/oauth2test/authorized' % self.base_url, _default_scopes="test:scope") c2 = Client(client_id='confidential', client_secret='confidential', name='confidential', description='', is_confidential=True, user=u, _redirect_uris='%s/oauth2test/authorized' % self.base_url, _default_scopes="test:scope") db.session.add(c1) db.session.add(c2) db.session.commit() self.objects = [u, u2, c1, c2] # Create a personal access token as well. from invenio_oauth2server.models import Token self.personal_token = Token.create_personal('test-personal', 1, scopes=[], is_internal=True)
def setUp(self): from flask_restful import Resource, fields, marshal from invenio_accounts.models import User from invenio_oauth2server.models import Token class TagRepresenation(object): """A representation of a tag. This class will be only used to return a tag as JSON. """ marshaling_fields = dict( id=fields.Integer, name=fields.String, id_user=fields.Integer ) def __init__(self, retrieved_tag): """Initialization. Declared the attributes to marshal with a tag. :param retrieved_tag: a tag from the database """ # get fields from the given tag self.id = retrieved_tag.id self.name = retrieved_tag.name self.id_user = retrieved_tag.id_user def marshal(self): """Marshal the Tag.""" return marshal(self, self.marshaling_fields) class TestTagsResource(Resource): method_decorators = [ require_api_auth() ] @require_header('Content-Type', 'application/json') def get(self): import json from flask import make_response from invenio_ext.restful.errors import( RestfulError, InvalidPageError ) from invenio_ext.restful import pagination response = None try: endpoint = request.endpoint args = request.args page = int(args.get('page', 1)) per_page = int(args.get('per_page', 2)) # check values arguments and raise exceptions if any errors if per_page < 0: raise RestfulError( error_msg="Invalid per_page: {}".format(per_page), status_code=400 ) if page < 0: raise InvalidPageError( error_msg="Invalid page: {}".format(page), status_code=400 ) # need to sort by id # also assuming only one user so no need to filter # user's id tags_q = WtgTAGPaginationMokup() p = pagination.RestfulSQLAlchemyPagination( query=tags_q, page=page, per_page=per_page ) if page > p.pages: raise InvalidPageError( error_msg="Invalid page: {}".format(page), status_code=400 ) tags_to_return = map( lambda x: TagRepresenation(x).marshal(), p.items ) kwargs = {} kwargs['endpoint'] = endpoint kwargs['args'] = request.args link_header = p.link_header(**kwargs) response = make_response(json.dumps(tags_to_return)) response.headers[link_header[0]] = link_header[1] response.headers[ 'Content-Type'] = request.headers['Content-Type'] except (RestfulError, InvalidPageError) as e: exception = {} exception['message'] = e.error_msg exception['type'] = "{0}".format(type(e)) response = make_response(json.dumps(exception)) return response # Register API resources api = self.app.extensions['restful'] api.add_resource( TestTagsResource, '/api/testtags/' ) # Create a user self.user = User( email='*****@*****.**', nickname='tester' ) self.user.password = "******" db.session.add(self.user) db.session.commit() # create token self.token = Token.create_personal( 'test-', self.user.id, scopes=[], is_internal=True)
def test_file_download_statistics(app, test_community, test_users, test_records, login_user): """Test checking a record's DOI using CLI commands.""" with app.app_context(): def url_for(*args, **kwargs): """Generate url using flask.url_for and the current app ctx.""" with app.app_context(): return flask_url_for(*args, **kwargs) # create user that will create the record and the files scopes = current_oauth2server.scope_choices() allowed_user = create_user('allowed') scopes = current_oauth2server.scope_choices() allowed_token = Token.create_personal('allowed_token', allowed_user.id, scopes=[s[0] for s in scopes]) # application authentication token header allowed_headers = [('Authorization', 'Bearer {}'.format(allowed_token.access_token))] community_name = 'MyTestCommunity1' community = Community.get(name=community_name) com_admin = create_user('com_admin2', roles=[community.admin_role]) com_admin_token = Token.create_personal('com_admin_token', com_admin.id, scopes=[s[0] for s in scopes]) # application authentication token header com_admin_headers = [ ('Authorization', 'Bearer {}'.format(com_admin_token.access_token)), ('User-Agent', 'Mozilla/5.0 (Windows NT 6.1; WOW64) ' 'AppleWebKit/537.36 (KHTML, like Gecko)' 'Chrome/45.0.2454.101 Safari/537.36') ] publish_headers = [('Content-Type', 'application/json-patch+json'), ('Accept', 'application/json')] + com_admin_headers submit_headers = [('Content-Type', 'application/json-patch+json'), ('Accept', 'application/json')] + allowed_headers stats_headers = [('Content-Type', 'application/json')] test_records_data = [ generate_record_data(community=test_community.name) for idx in range(1, 3) ] for record_data in test_records_data: with app.test_client() as client: login_user(allowed_user, client) record_list_url = (lambda **kwargs: url_for( 'b2share_records_rest.b2rec_list', **kwargs)) headers = [('Content-Type', 'application/json'), ('Accept', 'application/json')] + allowed_headers draft_create_res = client.post(record_list_url(), data=json.dumps(record_data), headers=headers) assert draft_create_res.status_code == 201 draft_create_data = json.loads( draft_create_res.get_data(as_text=True)) uploaded_files = { 'myfile1.html': b'contents1', 'myfile2.html': b'contents2' } for file_key, file_content in uploaded_files.items(): # Test file upload headers = [('Accept', '*/*'), ('Content-Type', 'text/html; charset=utf-8') ] + allowed_headers object_url = '{0}/{1}'.format( draft_create_data['links']['files'], file_key) file_put_res = client.put( object_url, input_stream=BytesIO(file_content), headers=headers) assert file_put_res.status_code == 200 file_put_data = json.loads( file_put_res.get_data(as_text=True)) assert 'created' in file_put_data bucket_id = draft_create_data['links']['files'].split( '/')[-1] # make sure that downloads from deposits are skipped client.get( url_for('invenio_files_rest.object_api', bucket_id=bucket_id, key=file_key)) assert process_events(['file-download']) == \ [('file-download', (0, 0))] # test draft submit draft_submit_res = client.patch( url_for('b2share_deposit_rest.b2dep_item', pid_value=draft_create_data['id']), data=json.dumps([{ "op": "replace", "path": "/publication_state", "value": PublicationStates.submitted.name }]), headers=submit_headers) assert draft_submit_res.status_code == 200 with app.test_client() as client: login_user(com_admin, client) # test draft publish draft_publish_res = client.patch( url_for('b2share_deposit_rest.b2dep_item', pid_value=draft_create_data['id']), data=json.dumps([{ "op": "replace", "path": "/publication_state", "value": PublicationStates.published.name }]), headers=publish_headers) assert draft_publish_res.status_code == 200 draft_publish_data = json.loads( draft_publish_res.get_data(as_text=True)) # Test record GET record_get_res = client.get(url_for( 'b2share_records_rest.b2rec_item', pid_value=draft_publish_data['id']), headers=headers) assert record_get_res.status_code == 200 record_get_data = json.loads( record_get_res.get_data(as_text=True)) # make sure that templates are in the ES list(current_search.put_templates()) # test that a record is accessible through the rest api file1 = record_get_data['files'][0] # download once client.get(url_for('invenio_files_rest.object_api', bucket_id=file1['bucket'], key=file1['key']), headers=com_admin_headers) # make sure that the queue contains the event assert list( current_queues.queues['stats-file-download'].consume()) # download again client.get(url_for('invenio_files_rest.object_api', bucket_id=file1['bucket'], key=file1['key']), headers=com_admin_headers) process_events(['file-download']) current_search_client.indices.refresh('*') # make sure that new index for events is created in ES current_search_client.indices.exists( index='events-stats-file-download') aggregate_events(['file-download-agg']) current_search_client.indices.refresh('*') # make sure that new aggregation index is created in ES current_search_client.indices.exists( index='stats-file-download') stats_ret = client.post(url_for('invenio_stats.stat_query'), data=json.dumps({ 'mystat': { 'stat': 'bucket-file-download-total', 'params': { 'start_date': '2017-01-01', 'bucket_id': file1['bucket'], } } }), headers=stats_headers) stats_ret_data = json.loads(stats_ret.get_data(as_text=True)) assert stats_ret_data['mystat']['buckets'][0]['value'] == 1.0
def setUp(self): from invenio_oauth2server.models import Scope from invenio_accounts.models import User from invenio_oauth2server.models import Client, Token from invenio_oauth2server.registry import scopes as scopes_registry # Register a test scope scopes_registry.register(Scope('test:scope1')) scopes_registry.register(Scope('test:scope2', internal=True)) self.base_url = self.app.config.get('CFG_SITE_SECURE_URL') # Create needed objects u = User(email='*****@*****.**', nickname='tester') u.password = "******" self.create_objects([u]) # environment # # resource_owner -- client1 -- token_1 # | # -------- token_2 # | # consumer ---------------- # create resource_owner and consumer self.resource_owner = User(email='*****@*****.**', nickname='resource_owner', password='******') self.consumer = User(email='*****@*****.**', nickname='consumer', password='******') self.create_objects([self.resource_owner, self.consumer]) # create resource_owner -> client_1 self.u1c1 = Client(client_id='client_test_u1c1', client_secret='client_test_u1c1', name='client_test_u1c1', description='', is_confidential=False, user=self.resource_owner, _redirect_uris='', _default_scopes="") self.create_objects([self.u1c1]) # create resource_owner -> client_1 / resource_owner -> token_1 self.u1c1u1t1 = Token( client=self.u1c1, user=self.resource_owner, token_type='u', access_token='dev_access_1', refresh_token='dev_refresh_1', expires=None, is_personal=False, is_internal=False, _scopes='', ) # create consumer -> client_1 / resource_owner -> token_2 self.u1c1u2t2 = Token( client=self.u1c1, user=self.consumer, token_type='u', access_token='dev_access_2', refresh_token='dev_refresh_2', expires=None, is_personal=False, is_internal=False, _scopes='', ) # create objects self.create_objects([self.u1c1u1t1, self.u1c1u2t2]) self.objects = [ u, self.resource_owner, self.consumer, self.u1c1u1t1, self.u1c1u2t2 ]
def setUp(self): from flask_restful import Resource, fields, marshal from invenio_accounts.models import User from invenio_oauth2server.models import Token class TagRepresenation(object): """A representation of a tag. This class will be only used to return a tag as JSON. """ marshaling_fields = dict(id=fields.Integer, name=fields.String, id_user=fields.Integer) def __init__(self, retrieved_tag): """Initialization. Declared the attributes to marshal with a tag. :param retrieved_tag: a tag from the database """ # get fields from the given tag self.id = retrieved_tag.id self.name = retrieved_tag.name self.id_user = retrieved_tag.id_user def marshal(self): """Marshal the Tag.""" return marshal(self, self.marshaling_fields) class TestTagsResource(Resource): method_decorators = [require_api_auth()] @require_header('Content-Type', 'application/json') def get(self): import json from flask import make_response from invenio_ext.restful.errors import (RestfulError, InvalidPageError) from invenio_ext.restful import pagination response = None try: endpoint = request.endpoint args = request.args page = int(args.get('page', 1)) per_page = int(args.get('per_page', 2)) # check values arguments and raise exceptions if any errors if per_page < 0: raise RestfulError( error_msg="Invalid per_page: {}".format(per_page), status_code=400) if page < 0: raise InvalidPageError( error_msg="Invalid page: {}".format(page), status_code=400) # need to sort by id # also assuming only one user so no need to filter # user's id tags_q = WtgTAGPaginationMokup() p = pagination.RestfulSQLAlchemyPagination( query=tags_q, page=page, per_page=per_page) if page > p.pages: raise InvalidPageError( error_msg="Invalid page: {}".format(page), status_code=400) tags_to_return = map( lambda x: TagRepresenation(x).marshal(), p.items) kwargs = {} kwargs['endpoint'] = endpoint kwargs['args'] = request.args link_header = p.link_header(**kwargs) response = make_response(json.dumps(tags_to_return)) response.headers[link_header[0]] = link_header[1] response.headers['Content-Type'] = request.headers[ 'Content-Type'] except (RestfulError, InvalidPageError) as e: exception = {} exception['message'] = e.error_msg exception['type'] = "{0}".format(type(e)) response = make_response(json.dumps(exception)) return response # Register API resources api = self.app.extensions['restful'] api.add_resource(TestTagsResource, '/api/testtags/') # Create a user self.user = User(email='*****@*****.**', nickname='tester') self.user.password = "******" db.session.add(self.user) db.session.commit() # create token self.token = Token.create_personal('test-', self.user.id, scopes=[], is_internal=True)
def models_fixture(app): """Fixture that contains the test data for models tests.""" from invenio_oauth2server.proxies import current_oauth2server with app.app_context(): # Register a test scope current_oauth2server.register_scope(Scope('test:scope1')) current_oauth2server.register_scope(Scope('test:scope2', internal=True)) datastore = app.extensions['security'].datastore with db.session.begin_nested(): test_user = datastore.create_user( email='*****@*****.**', password='******', ) resource_owner = datastore.create_user( email='*****@*****.**', password='******') consumer = datastore.create_user( email='*****@*****.**', password='******') # create resource_owner -> client_1 u1c1 = Client(client_id='client_test_u1c1', client_secret='client_test_u1c1', name='client_test_u1c1', description='', is_confidential=False, user=resource_owner, _redirect_uris='', _default_scopes="") # create resource_owner -> client_1 / resource_owner -> token_1 u1c1u1t1 = Token( client=u1c1, user=resource_owner, token_type='u', access_token='dev_access_1', refresh_token='dev_refresh_1', expires=None, is_personal=False, is_internal=False, _scopes='', ) # create consumer -> client_1 / resource_owner -> token_2 u1c1u2t2 = Token( client=u1c1, user=consumer, token_type='u', access_token='dev_access_2', refresh_token='dev_refresh_2', expires=None, is_personal=False, is_internal=False, _scopes='', ) db.session.add(u1c1) db.session.add(u1c1u1t1) db.session.add(u1c1u2t2) db.session.commit() test_user_id = test_user.get_id() app.test_user = lambda: User.query.get(test_user_id) app.resource_owner_id = resource_owner.get_id() app.consumer_id = consumer.get_id() app.u1c1_id = u1c1.client_id app.u1c1u1t1_id = u1c1u1t1.id app.u1c1u2t2_id = u1c1u2t2.id return app
def setUp(self): from invenio_accounts.models import User from invenio_oauth2server.registry import scopes from invenio_oauth2server.models import Token, Scope # Setup variables: self.called = dict() # Setup test scopes with self.app.app_context(): scopes.register( Scope( 'test:testscope', group='Test', help_text='Test scope', )) # Setup API resources class Test1Resource(Resource): # NOTE: Method decorators are applied in reverse order method_decorators = [ require_oauth_scopes('test:testscope'), require_api_auth(), ] def get(self): assert request.oauth.access_token return "success", 200 def post(self): assert request.oauth.access_token return "success", 200 @require_header('Content-Type', 'application/json') def put(self): return "success", 200 class Test2Resource(Resource): @require_api_auth() @require_oauth_scopes('test:testscope') def get(self): assert request.oauth.access_token return "success", 200 @require_api_auth() @require_oauth_scopes('test:testscope') def post(self): assert request.oauth.access_token return "success", 200 @require_header('Content-Type', 'text/html') def put(self): return "success", 200 # Register API resources api = self.app.extensions['restful'] api.add_resource(Test1Resource, '/api/test1/decoratorstestcase/') api.add_resource(Test2Resource, '/api/test2/decoratorstestcase/') # Create a user self.user = User(email='*****@*****.**', nickname='tester') self.user.password = "******" db.session.add(self.user) db.session.commit() # Create tokens self.token = Token.create_personal('test-', self.user.id, scopes=['test:testscope'], is_internal=True) self.token_noscope = Token.create_personal('test-', self.user.id, scopes=[], is_internal=True)
def resource_fixture(app, api_app): """Fixture that contains the test data for models tests.""" from flask import g, request from invenio_oauth2server.proxies import current_oauth2server # Setup API resources class Test0Resource(MethodView): def get(self): app.identity = g.identity return "success", 200 class Test1Resource(MethodView): # NOTE: Method decorators are applied in reverse order decorators = [ require_oauth_scopes('test:testscope'), require_api_auth(), ] def get(self): assert request.oauth.access_token app.identity = g.identity return "success", 200 def post(self): assert request.oauth.access_token return "success", 200 class Test2Resource(MethodView): @require_api_auth() @require_oauth_scopes('test:testscope') def get(self): assert request.oauth.access_token return "success", 200 @require_api_auth() @require_oauth_scopes('test:testscope') def post(self): assert request.oauth.access_token return "success", 200 class Test3Resource(MethodView): @require_api_auth() def post(self): return "success", 200 class Test4Resource(MethodView): @require_api_auth(allow_anonymous=True) def get(self): from flask_login import current_user return str(current_user.get_id()), 200 def post(self): from flask_login import current_user return str(current_user.get_id()), 200 # Register API resources api_app.add_url_rule( '/test0/identitytestcase/', view_func=Test0Resource.as_view('test0resource'), ) api_app.add_url_rule( '/test1/decoratorstestcase/', view_func=Test1Resource.as_view('test1resource'), ) api_app.add_url_rule( '/test2/decoratorstestcase/', view_func=Test2Resource.as_view('test2resource'), ) # This one is a UI resource using login_required api_app.add_url_rule( '/test3/loginrequiredstestcase/', view_func=Test3Resource.as_view('test3resource'), ) api_app.add_url_rule( '/test4/allowanonymous/', view_func=Test4Resource.as_view('test4resource'), ) datastore = app.extensions['security'].datastore with app.app_context(): # Register a test scope current_oauth2server.register_scope( Scope('test:testscope', group='Test', help_text='Test scope')) with db.session.begin_nested(): app.user = datastore.create_user( email='*****@*****.**', password='******', active=True, ) # Create tokens app.user_id = app.user.id app.token = Token.create_personal('test-', app.user.id, scopes=['test:testscope'], is_internal=True).access_token app.token_noscope = Token.create_personal( 'test-', app.user.id, scopes=[], is_internal=True).access_token db.session.commit() with api_app.test_request_context(): app.url_for_test3resource = url_for('test3resource') with api_app.test_request_context(): app.url_for_test0resource = url_for('test0resource') app.url_for_test1resource = url_for('test1resource') app.url_for_test2resource = url_for('test2resource') app.url_for_test4resource = url_for('test4resource') app.url_for_test0resource_token = url_for('test0resource', access_token=app.token) app.url_for_test1resource_token = url_for('test1resource', access_token=app.token) app.url_for_test2resource_token = url_for('test2resource', access_token=app.token) app.url_for_test1resource_token_noscope = url_for( 'test1resource', access_token=app.token_noscope) app.url_for_test2resource_token_noscope = url_for( 'test2resource', access_token=app.token_noscope) app.url_for_test4resource_token = url_for('test4resource', access_token=app.token) return app
def setUp(self): super(ProviderTestCase, self).setUp() # Set environment variable DEBUG to true, to allow testing without # SSL in oauthlib. if self.app.config.get('CFG_SITE_SECURE_URL').startswith('http://'): self.os_debug = os.environ.get('OAUTHLIB_INSECURE_TRANSPORT', '') os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = 'true' from invenio_accounts.models import User from invenio_oauth2server.models import Client, Scope from invenio_oauth2server.registry import scopes as scopes_registry # Register a test scope scopes_registry.register(Scope('test:scope')) self.base_url = self.app.config.get('CFG_SITE_SECURE_URL') # Create needed objects u = User( email='*****@*****.**', nickname='tester' ) u.password = "******" u2 = User( email='*****@*****.**', nickname='tester2' ) u2.password = "******" db.session.add(u) db.session.add(u2) c1 = Client( client_id='dev', client_secret='dev', name='dev', description='', is_confidential=False, user=u, _redirect_uris='%s/oauth2test/authorized' % self.base_url, _default_scopes="test:scope" ) c2 = Client( client_id='confidential', client_secret='confidential', name='confidential', description='', is_confidential=True, user=u, _redirect_uris='%s/oauth2test/authorized' % self.base_url, _default_scopes="test:scope" ) db.session.add(c1) db.session.add(c2) db.session.commit() self.objects = [u, u2, c1, c2] # Create a personal access token as well. from invenio_oauth2server.models import Token self.personal_token = Token.create_personal( 'test-personal', 1, scopes=[], is_internal=True )