def test_with_public_clients(ua_client):
request = http_request(ua_client, 'client_secret')
req = PasswordExchangeRequest.from_werkzeug(request,
verify_requisites=success)
assert req.is_invalid()
req = PasswordExchangeRequest.from_werkzeug(request,
verify_requisites=success,
client_secret_required=False)
assert not req.is_invalid()
def test_anonymous_request(web_client):
# delete client_id and client_secret from request
request = http_request(web_client, 'client_id', 'client_secret')
req = PasswordExchangeRequest.from_werkzeug(request,
verify_requisites=success)
assert req.is_invalid()
req = PasswordExchangeRequest.from_werkzeug(request,
verify_requisites=success,
client_required=False)
assert not req.is_invalid()
def test_success(web_client):
req = PasswordExchangeRequest.from_werkzeug(http_request(web_client),
verify_requisites=success)
access_token = req.exchange_for_token()
assert access_token.username == 'user1'
assert access_token.user_id == 1
assert access_token.client_id == web_client.id
def access_token():
"""
Token endpoint.
This endpoint exchanges HTTP requests containing authorization codes and
client requsites to access token, suitable for making API access.
The interaction is performed "behind the scenes" between client and server
without any user involvement.
"""
def verify_requisites(username, password):
"""
callback function verifying requisites and returning None or dict
which should be associated with AccessToken. In this particular
example we consider user_id as username
"""
user = USERS.get(username)
if not user:
return None
if password != user['password']:
return None
ret = {'user_id': username}
ret.update(user)
return ret
grant_type = request.form.get('grant_type')
if grant_type == 'authorization_code':
req = CodeExchangeRequest.from_werkzeug(request)
elif grant_type == 'password':
req = PasswordExchangeRequest.from_werkzeug(request, verify_requisites)
else:
return AccessTokenError('invalid_request').to_werkzeug_response()
if req.is_invalid():
return req.get_error().to_werkzeug_response()
access_token = req.exchange_for_token()
return access_token.to_werkzeug_response()
def test_wrong_password(web_client):
request = http_request(web_client, client_secret='123')
req = PasswordExchangeRequest.from_werkzeug(request,
verify_requisites=success)
assert req.is_invalid()
