Esempio n. 1
0
	def test_token_flow_repeat(self):
		self.handler.token(self.args)	# creates record
		self.oauth2_authorize()		# user authorization
		self.handler.token(self.args)	# should tradein auth code

		# check status
		records = self.handler.get_records(self.args['client_id'])
		assert_equal(1, len(records))
		record = records[0]
		# has all the tokens
		assert_equal(None, record.auth_code)
		assert_not_equal(None, record.refresh_token)
		assert_not_equal(None, record.access_token)
		# access token works
		access_token_data = handler.access_token(record, self.args['client_secret'])
		access_token = access_token_data['access_token']
		assert_true(self.validate_access(access_token))

		# get it again
		self.handler.token(self.args)	# should tradein auth code
		# check status
		records = self.handler.get_records(self.args['client_id'])
		assert_equal(1, len(records))
		record = records[0]
		# has all the tokens
		assert_equal(None, record.auth_code)
		assert_not_equal(None, record.refresh_token)
		assert_not_equal(None, record.access_token)
		# access token works
		access_token_data2 = handler.access_token(record, self.args['client_secret'])
		access_token2 = access_token_data2['access_token']
		assert_equal(access_token, access_token2)
		assert_true(self.validate_access(access_token2))
Esempio n. 2
0
	def test_token_force_refresh(self):
		self.handler.token(self.args)	# creates record
		self.oauth2_authorize()		# user authorization
		self.handler.token(self.args)	# should tradein auth code

		# check status
		records = self.handler.get_records(self.args['client_id'])
		assert_equal(1, len(records))
		record = records[0]
		# has all the tokens
		assert_equal(None, record.auth_code)
		assert_not_equal(None, record.refresh_token)
		assert_not_equal(None, record.access_token)
		# access token works
		access_token_data = handler.access_token(record, self.args['client_secret'])
		access_token = access_token_data['access_token']
		assert_true(self.validate_access(access_token))
		# try getting access token again
		self.handler.token(self.args)	# should get previous access
		access_token_data = handler.access_token(record, self.args['client_secret'])
		assert_equal(access_token, access_token_data['access_token'])
		# try getting access token again
		self.args['force_new_access'] = 'True'
		self.handler.token(self.args)	# should get previous access
		access_token_data = handler.access_token(record, self.args['client_secret'])
		assert_not_equal(access_token, access_token_data['access_token'])
		# try getting access token again without refresh
		requests.delete('http://127.0.0.1:9873/refreshtoken', data={'client_id':self.args['client_id']})
		self.handler.token(self.args)	# should await user input
		assert_equal(None, record.auth_code)
		assert_equal(None, record.refresh_token)
		assert_equal(None, record.access_token)
Esempio n. 3
0
	def test_refresh_code(self):
		self.load_authcode()

		# trade in auth code
		records = self.handler.get_records(self.args['client_id'])
		record = records[0]
		self.handler.tradein_auth_code(record, self.args['client_secret'])
		access_token_data = handler.access_token(record, self.args['client_secret'])
		access_token = access_token_data['access_token']

		assert_true(self.validate_access(access_token))

		# clear out the tokens and try refresh
		record.auth_code = None
		record.access_token = None
		self.handler.refresh_access(record, self.args['client_secret'])

		# try to validate
		assert_equal(None, records[0].auth_code, "Didn't fetch a new auth_code")
		assert_not_equal(None, records[0].refresh_token, "Has refresh token")
		assert_not_equal(None, records[0].access_token, "Has access token")
		access_token_data = handler.access_token(records[0], self.args['client_secret'])
		assert_in('access_token', access_token_data)
		access_token = access_token_data['access_token']
		assert_true(len(access_token) > 10)

		# check access_token
		assert_true(self.validate_access(access_token))
Esempio n. 4
0
	def test_create_realcode(self):
		self.load_authcode()

		# trade in auth code
		records = self.handler.get_records(self.args['client_id'])
		record = records[0]
		self.handler.tradein_auth_code(record, self.args['client_secret'])
		assert_equal(None, record.auth_code, "Cleared auth_code")
		assert_not_equal(None, record.refresh_token, "Has refresh token")
		assert_not_equal(None, record.access_token, "Has access token")
		access_token_data = handler.access_token(record, self.args['client_secret'])
		assert_in('access_token', access_token_data)
		access_token = access_token_data['access_token']
		assert_true(len(access_token) > 10)

		# check access_token
		assert_true(self.validate_access(access_token))
Esempio n. 5
0
	def test_token_missing_expiration(self):
		self.handler.token(self.args)	# creates record
		self.oauth2_authorize()		# user authorization
		self.handler.token(self.args)	# should tradein auth code
		record = self.handler.get_records(self.args['client_id'])[0]
		record.access_exp = None	# pretend we never got one
		self.handler.token(self.args)	# should use the same one

		# check status
		records = self.handler.get_records(self.args['client_id'])
		assert_equal(1, len(records))
		record = records[0]
		# has all the tokens
		assert_equal(None, record.auth_code)
		assert_not_equal(None, record.refresh_token)
		assert_not_equal(None, record.access_token)
		# access token works
		access_token_data = handler.access_token(record, self.args['client_secret'])
		access_token = access_token_data['access_token']
		assert_true(self.validate_access(access_token))
Esempio n. 6
0
	def test_token_flow_missing_refresh(self):
		self.handler.token(self.args)	# creates record
		self.oauth2_authorize()		# user authorization
		self.handler.token(self.args)	# gets refresh and access tokens
		requests.delete('http://127.0.0.1:9873/refreshtoken', data={'client_id':self.args['client_id']})
		record = self.handler.get_records(self.args['client_id'])[0]
		record.access_token = None
		# auth code has already been deleted, make a new one
		self.oauth2_authorize()		# user authorization
		self.handler.token(self.args)	# should try refresh code, fail and use auth

		# check status
		records = self.handler.get_records(self.args['client_id'])
		assert_equal(1, len(records))
		record = records[0]
		# has all the tokens
		assert_equal(None, record.auth_code)
		assert_not_equal(None, record.refresh_token)
		assert_not_equal(None, record.access_token)
		access_token_data = handler.access_token(record, self.args['client_secret'])
		access_token = access_token_data['access_token']
		assert_true(self.validate_access(access_token))
Esempio n. 7
0
	def test_invalid_client_refresh(self):
		self.load_authcode()

		# trade in auth code
		records = self.handler.get_records(self.args['client_id'])
		record = records[0]
		self.handler.tradein_auth_code(record, self.args['client_secret'])
		access_token_data = handler.access_token(record, self.args['client_secret'])
		access_token = access_token_data['access_token']

		assert_true(self.validate_access(access_token))

		# invalidate client
		testserver_store.client_refresh[self.args['client_id']] = "INVALID!!!"

		# clear out the tokens and try refresh
		record.auth_code = None
		record.access_token = None
		self.handler.refresh_access(record, self.args['client_secret'])

		# Make sure we didn't get a token
		assert_equal(None, record.auth_code, "No auth code")
		assert_equal(None, record.refresh_token, "No refresh token")
		assert_equal(None, record.access_token, "No access token")
Esempio n. 8
0
	def test_missing_client_refresh(self):
		self.load_authcode()

		# trade in auth code
		records = self.handler.get_records(self.args['client_id'])
		record = records[0]
		self.handler.tradein_auth_code(record, self.args['client_secret'])
		access_token_data = handler.access_token(record, self.args['client_secret'])
		access_token = access_token_data['access_token']

		assert_true(self.validate_access(access_token))

		# invalidate client
		requests.delete('http://127.0.0.1:9873/refreshtoken', data={'client_id':self.args['client_id']})

		# clear out the tokens and try refresh
		record.auth_code = None
		record.access_token = None
		self.handler.refresh_access(record, self.args['client_secret'])

		# Make sure we didn't get a token
		assert_equal(None, record.auth_code, "No auth code")
		assert_equal(None, record.refresh_token, "No refresh token")
		assert_equal(None, record.access_token, "No access token")