def models_fixture(app):
"""Fixture that contains the test data for models tests."""
from invenio_oauth2server.proxies import current_oauth2server
with app.app_context():
# Register a test scope
current_oauth2server.register_scope(Scope('test:scope1'))
current_oauth2server.register_scope(Scope('test:scope2',
internal=True))
datastore = app.extensions['security'].datastore
with db.session.begin_nested():
app.test_user = datastore.create_user(
email='*****@*****.**', password='******',
)
app.resource_owner = datastore.create_user(
email='*****@*****.**', password='******'
)
app.consumer = datastore.create_user(
email='*****@*****.**', password='******'
)
# create resource_owner -> client_1
app.u1c1 = Client(client_id='client_test_u1c1',
client_secret='client_test_u1c1',
name='client_test_u1c1',
description='',
is_confidential=False,
user=app.resource_owner,
_redirect_uris='',
_default_scopes=""
)
# create resource_owner -> client_1 / resource_owner -> token_1
app.u1c1u1t1 = Token(client=app.u1c1,
user=app.resource_owner,
token_type='u',
access_token='dev_access_1',
refresh_token='dev_refresh_1',
expires=None,
is_personal=False,
is_internal=False,
_scopes='',
)
# create consumer -> client_1 / resource_owner -> token_2
app.u1c1u2t2 = Token(client=app.u1c1,
user=app.consumer,
token_type='u',
access_token='dev_access_2',
refresh_token='dev_refresh_2',
expires=None,
is_personal=False,
is_internal=False,
_scopes='',
)
db.session.add(app.u1c1)
db.session.add(app.u1c1u1t1)
db.session.add(app.u1c1u2t2)
return app
def developer_app_fixture(settings_fixture):
"""Fixture for testing developer application use cases."""
settings_app = settings_fixture
with settings_app.app_context():
with db.session.begin_nested():
datastore = settings_app.extensions['security'].datastore
dev_user = datastore.create_user(email='*****@*****.**',
password='******',
active=True)
dev_client = Client(client_id='dev',
client_secret='dev',
name='Test name',
description='Test description',
is_confidential=False,
user=dev_user,
website='http://inveniosoftware.org',
_redirect_uris='',
_default_scopes='test:scope')
user = datastore.get_user('*****@*****.**')
user_token = Token(client=dev_client,
user=user,
token_type='bearer',
access_token='dev_access_1',
refresh_token='dev_refresh_1',
expires=None,
is_personal=False,
is_internal=False,
_scopes='test:scope')
db.session.add(dev_client)
db.session.add(user_token)
db.session.commit()
return settings_app
def init_oauth_token():
ds = current_app.extensions["invenio-accounts"].datastore
user = ds.user_model.query.filter_by(email="*****@*****.**").one()
with db.session.begin_nested():
client = Client(
name="admin",
user_id=user.id,
is_internal=True,
is_confidential=False,
_default_scopes="",
)
client.gen_salt()
token = Token(
client_id=client.client_id,
user_id=user.id,
access_token=current_app.config["AUTHENTICATION_TOKEN"],
expires=None,
_scopes="",
is_personal=True,
is_internal=True,
)
db.session.add(client)
db.session.add(token)
db.session.commit()
click.secho("Authentication token generated successfully", fg="green")
def test_token_scopes(self):
from invenio_oauth2server.models import Client, Token
from invenio_oauth2server.errors import ScopeDoesNotExists
c = Client(client_id='dev2',
client_secret='dev2',
name='dev2',
description='',
is_confidential=False,
user=self.objects[0],
_redirect_uris='',
_default_scopes="")
t = Token(
client=c,
user=self.objects[0],
token_type='bearer',
access_token='dev_access',
refresh_token='dev_refresh',
expires=None,
is_personal=False,
is_internal=False,
_scopes='',
)
t.scopes = ['test:scope1', 'test:scope2', 'test:scope2']
self.create_objects([c, t])
self.assertEqual(t.scopes, ['test:scope1', 'test:scope2'])
self.assertRaises(ScopeDoesNotExists, t.__setattr__, 'scopes',
['invalid'])
self.assertEqual(t.get_visible_scopes(), ['test:scope1'])
self.delete_objects([c])
def test_token_scopes(models_fixture):
app = models_fixture
with app.app_context():
client = Client(client_id='dev2',
client_secret='dev2',
name='dev2',
description='',
is_confidential=False,
user=app.test_user,
_redirect_uris='',
_default_scopes="")
token = Token(
client=client,
user=app.test_user,
token_type='bearer',
access_token='dev_access',
refresh_token='dev_refresh',
expires=None,
is_personal=False,
is_internal=False,
_scopes='',
)
token.scopes = ['test:scope1', 'test:scope2', 'test:scope2']
with db.session.begin_nested():
db.session.add(client)
db.session.add(token)
assert set(token.scopes) == set(['test:scope1', 'test:scope2'])
with pytest.raises(ScopeDoesNotExists):
token.scopes = ['invalid']
assert token.get_visible_scopes() == ['test:scope1']
with db.session.begin_nested():
db.session.delete(client)
def rat_generate_token(app, db, oauth2_client, users):
"""Create token."""
with db.session.begin_nested():
token_ = Token(
client_id=oauth2_client,
user_id=users[0]['id'],
access_token='rat_token',
expires=datetime.utcnow() + timedelta(hours=10),
is_personal=False,
is_internal=True,
_scopes=tokens_generate_scope.id,
)
db.session.add(token_)
db.session.commit()
return token_
def write_token_user_2(app, client, users):
"""Create token."""
with db.session.begin_nested():
token_ = Token(
client=client,
user_id=users[1]["id"],
access_token="dev_access_2",
refresh_token="dev_refresh_2",
expires=datetime.datetime.now() + datetime.timedelta(hours=10),
is_personal=False,
is_internal=True,
_scopes=write_scope.id,
)
db.session.add(token_)
db.session.commit()
return token_
def create_personal(name,
user_id,
scopes=None,
is_internal=False,
access_token=None):
"""Create a personal access token.
A token that is bound to a specific user and which doesn't expire, i.e.
similar to the concept of an API key.
:param name: Client name.
:param user_id: User ID.
:param scopes: The list of permitted scopes. (Default: ``None``)
:param is_internal: If ``True`` it's a internal access token.
(Default: ``False``)
:param access_token: personalized access_token.
:returns: A new access token.
"""
with db.session.begin_nested():
scopes = " ".join(scopes) if scopes else ""
client = Client(name=name,
user_id=user_id,
is_internal=True,
is_confidential=False,
_default_scopes=scopes)
client.gen_salt()
if not access_token:
access_token = gen_salt(
current_app.config.get('OAUTH2SERVER_TOKEN_PERSONAL_SALT_LEN'))
token = Token(
client_id=client.client_id,
user_id=user_id,
access_token=access_token,
expires=None,
_scopes=scopes,
is_personal=True,
is_internal=is_internal,
)
db.session.add(client)
db.session.add(token)
return token
def _write_token(user):
"""Return json headers with write oauth token for given user."""
client_ = Client.query.filter_by(
user_id=user.id
).first()
if not client_:
client_ = Client(
client_id=user.id,
client_secret='client_secret_{}'.format(user.id),
name='client_test_{}'.format(user.id),
description='',
is_confidential=False,
user_id=user.id,
_redirect_uris='',
_default_scopes='',
)
db.session.add(client_)
token_ = Token.query.filter_by(
user_id=user.id
).first()
if not token_:
token_ = Token(
client_id=client_.client_id,
user_id=user.id,
access_token='dev_access_{}'.format(user.id),
refresh_token='dev_refresh_{}'.format(user.id),
expires=datetime.utcnow() + timedelta(hours=10),
is_personal=False,
is_internal=True,
_scopes=write_scope.id,
)
db.session.add(token_)
db.session.commit()
return bearer_auth(dict(
token=token_,
auth_header=[
('Authorization', 'Bearer {0}'.format(token_.access_token)),
]
))
def extra_token(app, db, oauth2_client, users):
"""Create token."""
with db.session.begin_nested():
token_ = Token(client_id=oauth2_client,
user_id=users[0]['id'],
access_token='dev_access_2',
refresh_token='dev_refresh_2',
expires=datetime.utcnow() + timedelta(hours=10),
is_personal=False,
is_internal=True,
_scopes=' '.join(
[extra_formats_scope.id, write_scope.id]))
db.session.add(token_)
db.session.commit()
return dict(token=token_,
auth_header=[
('Authorization',
'Bearer {0}'.format(token_.access_token)),
])
def create_user_token(client_name, user, access_token):
"""Create a token for the given user."""
# Create token for user
with db.session.begin_nested():
client = Client(name=client_name,
user_id=user.id,
is_internal=True,
is_confidential=False,
_default_scopes='')
client.gen_salt()
token = Token(client_id=client.client_id,
user_id=user.id,
access_token=access_token,
expires=None,
is_personal=True,
is_internal=True,
_scopes='')
db.session.add(client)
db.session.add(token)
return token
def init_authentication_token():
with db.session.begin_nested():
client = Client(name='admin',
user_id=1,
is_internal=True,
is_confidential=False,
_default_scopes="")
client.gen_salt()
token = Token(
client_id=client.client_id,
user_id=1,
access_token=current_app.config["AUTHENTICATION_TOKEN"],
expires=None,
_scopes="",
is_personal=True,
is_internal=True,
)
db.session.add(client)
db.session.add(token)
db.session.commit()
def test_patron_info(app, client, patron_martigny, librarian_martigny):
"""Test patron info."""
# All scopes
scopes = [
'fullname', 'birthdate', 'institution', 'expiration_date',
'patron_type', 'patron_types'
]
# create a oauth client liked to the librarian account
oauth_client = Client(client_id='dev',
client_secret='dev',
name='Test name',
description='Test description',
is_confidential=False,
user=librarian_martigny.user,
website='http://foo.org',
_redirect_uris='')
# token with all scopes
token = Token(client=oauth_client,
user=patron_martigny.user,
token_type='bearer',
access_token='test_access_1',
expires=None,
is_personal=False,
is_internal=False,
_scopes=' '.join(scopes))
# token without scope
no_scope_token = Token(client=oauth_client,
user=patron_martigny.user,
token_type='bearer',
access_token='test_access_2',
expires=None,
is_personal=False,
is_internal=False)
db.session.add(oauth_client)
db.session.add(token)
db.session.commit()
# denied with a wrong token
res = client.get(url_for('api_patrons.info', access_token='wrong'))
assert res.status_code == 401
# denied without token
res = client.get(url_for('api_patrons.info'))
assert res.status_code == 401
# minimal information without scope
res = client.get(
url_for('api_patrons.info', access_token=no_scope_token.access_token))
assert res.status_code == 200
assert res.json == {'barcode': patron_martigny['patron']['barcode'].pop()}
# full information with all scopes
res = client.get(
url_for('api_patrons.info', access_token=token.access_token))
assert res.status_code == 200
assert res.json == {
'barcode':
'4098124352',
'birthdate':
'1947-06-07',
'fullname':
'Roduit, Louis',
'patron_types': [{
'expiration_date': '2023-10-07T00:00:00',
'institution': 'org1',
'patron_type': 'patron-code'
}]
}
def setUp(self):
from invenio_oauth2server.models import Scope
from invenio_accounts.models import User
from invenio_oauth2server.models import Client, Token
from invenio_oauth2server.registry import scopes as scopes_registry
# Register a test scope
scopes_registry.register(Scope('test:scope1'))
scopes_registry.register(Scope('test:scope2', internal=True))
self.base_url = self.app.config.get('CFG_SITE_SECURE_URL')
# Create needed objects
u = User(email='*****@*****.**', nickname='tester')
u.password = "******"
self.create_objects([u])
# environment
#
# resource_owner -- client1 -- token_1
# |
# -------- token_2
# |
# consumer ----------------
# create resource_owner and consumer
self.resource_owner = User(email='*****@*****.**',
nickname='resource_owner',
password='******')
self.consumer = User(email='*****@*****.**',
nickname='consumer',
password='******')
self.create_objects([self.resource_owner, self.consumer])
# create resource_owner -> client_1
self.u1c1 = Client(client_id='client_test_u1c1',
client_secret='client_test_u1c1',
name='client_test_u1c1',
description='',
is_confidential=False,
user=self.resource_owner,
_redirect_uris='',
_default_scopes="")
self.create_objects([self.u1c1])
# create resource_owner -> client_1 / resource_owner -> token_1
self.u1c1u1t1 = Token(
client=self.u1c1,
user=self.resource_owner,
token_type='u',
access_token='dev_access_1',
refresh_token='dev_refresh_1',
expires=None,
is_personal=False,
is_internal=False,
_scopes='',
)
# create consumer -> client_1 / resource_owner -> token_2
self.u1c1u2t2 = Token(
client=self.u1c1,
user=self.consumer,
token_type='u',
access_token='dev_access_2',
refresh_token='dev_refresh_2',
expires=None,
is_personal=False,
is_internal=False,
_scopes='',
)
# create objects
self.create_objects([self.u1c1u1t1, self.u1c1u2t2])
self.objects = [
u, self.resource_owner, self.consumer, self.u1c1u1t1, self.u1c1u2t2
]