def test_token_endpoint():
provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ,
verify_client, symkey=rndstr(16))
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id="client1")
_sdb = provider.sdb
sid = _sdb.token.key(user="******", areq=authreq)
access_grant = _sdb.token(sid=sid)
_sdb[sid] = {
"oauth_state": "authz",
"user_id": "user_id",
"authzreq": "",
"client_id": "client1",
"code": access_grant,
"code_used": False,
"redirect_uri": "http://example.com/authz"
}
# Construct Access token request
areq = AccessTokenRequest(code=access_grant,
redirect_uri="http://example.com/authz",
client_id="client1", client_secret="hemlighet",)
print areq.to_dict()
resp = provider.token_endpoint(request=areq.to_urlencoded())
print resp.message
atr = AccessTokenResponse().deserialize(resp.message, "json")
print atr.keys()
assert _eq(atr.keys(), ['access_token', 'expires_in', 'token_type',
'refresh_token'])
def test_to_urlencoded_extended_omit(self):
atr = AccessTokenResponse(
access_token="2YotnFZFEjr1zCsicMWpAA",
token_type="example",
expires_in=3600,
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
example_parameter="example_value",
scope=["inner", "outer"],
extra=["local", "external"],
level=3)
uec = atr.to_urlencoded()
assert query_string_compare(uec,
"scope=inner+outer&level=3&expires_in=3600&token_type=example&extra=local&extra=external&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA&access_token=2YotnFZFEjr1zCsicMWpAA&example_parameter=example_value")
del atr["extra"]
ouec = atr.to_urlencoded()
assert query_string_compare(ouec,
"access_token=2YotnFZFEjr1zCsicMWpAA&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA&level=3&example_parameter=example_value&token_type=example&expires_in=3600&scope=inner+outer")
assert len(uec) == (len(ouec) + len("extra=local") +
len("extra=external") + 2)
atr2 = AccessTokenResponse().deserialize(uec, "urlencoded")
assert _eq(atr2.keys(), ['access_token', 'expires_in', 'token_type',
'scope', 'refresh_token', 'level',
'example_parameter', 'extra'])
atr3 = AccessTokenResponse().deserialize(ouec, "urlencoded")
assert _eq(atr3.keys(), ['access_token', 'expires_in', 'token_type',
'scope', 'refresh_token', 'level',
'example_parameter'])
def test_to_urlencoded_extended_omit(self):
atr = AccessTokenResponse(
access_token="2YotnFZFEjr1zCsicMWpAA",
token_type="example",
expires_in=3600,
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
example_parameter="example_value",
scope=["inner", "outer"],
extra=["local", "external"],
level=3)
uec = atr.to_urlencoded()
assert query_string_compare(uec,
"scope=inner+outer&level=3&expires_in=3600&token_type=example&extra=local&"
"extra=external&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA&"
"access_token=2YotnFZFEjr1zCsicMWpAA&example_parameter=example_value")
del atr["extra"]
ouec = atr.to_urlencoded()
assert query_string_compare(ouec,
"access_token=2YotnFZFEjr1zCsicMWpAA&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA&"
"level=3&example_parameter=example_value&token_type=example&expires_in=3600&"
"scope=inner+outer")
assert len(uec) == (len(ouec) + len("extra=local") +
len("extra=external") + 2)
atr2 = AccessTokenResponse().deserialize(uec, "urlencoded")
assert _eq(atr2.keys(), ['access_token', 'expires_in', 'token_type',
'scope', 'refresh_token', 'level',
'example_parameter', 'extra'])
atr3 = AccessTokenResponse().deserialize(ouec, "urlencoded")
assert _eq(atr3.keys(), ['access_token', 'expires_in', 'token_type',
'scope', 'refresh_token', 'level',
'example_parameter'])
def test_token_endpoint(self):
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id="client1")
_sdb = self.provider.sdb
sid = _sdb.access_token.key(user="******", areq=authreq)
access_grant = _sdb.access_token(sid=sid)
_sdb[sid] = {
"oauth_state": "authz",
"sub": "sub",
"authzreq": "",
"client_id": "client1",
"code": access_grant,
"code_used": False,
"redirect_uri": "http://example.com/authz"
}
# Construct Access token request
areq = AccessTokenRequest(code=access_grant,
redirect_uri="http://example.com/authz",
client_id="client1",
client_secret="hemlighet",
grant_type='authorization_code')
resp = self.provider.token_endpoint(request=areq.to_urlencoded())
atr = AccessTokenResponse().deserialize(resp.message, "json")
assert _eq(atr.keys(), ['access_token', 'token_type', 'refresh_token'])
def test_token_endpoint(self):
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id="client1")
_sdb = self.provider.sdb
sid = _sdb.access_token.key(user="******", areq=authreq)
access_grant = _sdb.token_factory['code'](sid=sid)
_sdb[sid] = {
"oauth_state": "authz",
"sub": "sub",
"authzreq": authreq.to_json(),
"client_id": "client1",
"code": access_grant,
"code_used": False,
"redirect_uri": "http://example.com/authz",
'response_type': ['code']
}
# Construct Access token request
areq = AccessTokenRequest(code=access_grant,
redirect_uri="http://example.com/authz",
client_id="client1",
client_secret="hemlighet",
grant_type='authorization_code')
resp = self.provider.token_endpoint(request=areq.to_urlencoded())
atr = AccessTokenResponse().deserialize(resp.message, "json")
assert _eq(atr.keys(), ['access_token', 'token_type'])
def test_token_endpoint(self):
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id="client1")
_sdb = self.provider.sdb
sid = _sdb.access_token.key(user="******", areq=authreq)
access_grant = _sdb.access_token(sid=sid)
_sdb[sid] = {
"oauth_state": "authz",
"sub": "sub",
"authzreq": "",
"client_id": "client1",
"code": access_grant,
"code_used": False,
"redirect_uri": "http://example.com/authz"
}
# Construct Access token request
areq = AccessTokenRequest(code=access_grant,
redirect_uri="http://example.com/authz",
client_id="client1",
client_secret="hemlighet",
grant_type='authorization_code')
with LogCapture(level=logging.DEBUG) as logcap:
resp = self.provider.token_endpoint(request=areq.to_urlencoded())
atr = AccessTokenResponse().deserialize(resp.message, "json")
assert _eq(atr.keys(), ['access_token', 'token_type', 'refresh_token'])
expected = (
'body: code=<REDACTED>&client_secret=<REDACTED>&grant_type'
'=authorization_code'
' &client_id=client1&redirect_uri=http%3A%2F%2Fexample.com%2Fauthz')
assert _eq(parse_qs(logcap.records[1].msg[6:]), parse_qs(expected[6:]))
expected = {u'code': '<REDACTED>', u'client_secret': '<REDACTED>',
u'redirect_uri': u'http://example.com/authz',
u'client_id': 'client1',
u'grant_type': 'authorization_code'}
# Don't try this at home, kids!
# We have to eval() to a dict here because otherwise the arbitrary
# ordering of the string causes the test to fail intermittently.
assert _eq(eval(logcap.records[2].msg[4:]), expected)
assert _eq(logcap.records[3].msg, 'Verified Client ID: client1')
expected = {'redirect_uri': u'http://example.com/authz',
'client_secret': '<REDACTED>',
'code': u'<REDACTED>', 'client_id': 'client1',
'grant_type': 'authorization_code'}
assert eval(logcap.records[4].msg[20:]) == expected
expected = {'code': '<REDACTED>', 'authzreq': '', 'sub': 'sub',
'access_token': '<REDACTED>',
'token_type': 'Bearer',
'redirect_uri': 'http://example.com/authz',
'code_used': True, 'client_id': 'client1',
'oauth_state': 'token',
'refresh_token': '<REDACTED>', 'access_token_scope': '?'}
assert _eq(eval(logcap.records[5].msg[7:]), expected)
expected = {'access_token': u'<REDACTED>', 'token_type': 'Bearer',
'refresh_token': '<REDACTED>'}
assert _eq(eval(logcap.records[6].msg[21:]), expected)
def test_token_endpoint(self):
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id="client1")
_sdb = self.provider.sdb
sid = _sdb.access_token.key(user="******", areq=authreq)
access_grant = _sdb.access_token(sid=sid)
_sdb[sid] = {
"oauth_state": "authz",
"sub": "sub",
"authzreq": "",
"client_id": "client1",
"code": access_grant,
"code_used": False,
"redirect_uri": "http://example.com/authz"
}
# Construct Access token request
areq = AccessTokenRequest(code=access_grant,
redirect_uri="http://example.com/authz",
client_id="client1",
client_secret="hemlighet",
grant_type='authorization_code')
with LogCapture(level=logging.DEBUG) as logcap:
resp = self.provider.token_endpoint(request=areq.to_urlencoded())
atr = AccessTokenResponse().deserialize(resp.message, "json")
assert _eq(atr.keys(), ['access_token', 'token_type', 'refresh_token'])
expected = (
'token_request: code=<REDACTED>&client_secret=<REDACTED>&grant_type=authorization_code'
'&client_id=client1&redirect_uri=http%3A%2F%2Fexample.com%2Fauthz')
assert _eq(parse_qs(logcap.records[1].msg[15:]), parse_qs(expected[15:]))
expected = {u'code': '<REDACTED>', u'client_secret': '<REDACTED>',
u'redirect_uri': u'http://example.com/authz',
u'client_id': 'client1',
u'grant_type': 'authorization_code'}
# Don't try this at home, kids!
# We have to eval() to a dict here because otherwise the arbitrary
# ordering of the string causes the test to fail intermittently.
assert _eq(eval(logcap.records[2].msg[4:]), expected)
assert _eq(logcap.records[3].msg, 'Verified Client ID: client1')
expected = {'redirect_uri': u'http://example.com/authz',
'client_secret': '<REDACTED>',
'code': u'<REDACTED>', 'client_id': 'client1',
'grant_type': 'authorization_code'}
assert eval(logcap.records[4].msg[20:]) == expected
expected = {'code': '<REDACTED>', 'authzreq': '', 'sub': 'sub',
'access_token': '<REDACTED>',
'token_type': 'Bearer',
'redirect_uri': 'http://example.com/authz',
'code_used': True, 'client_id': 'client1',
'oauth_state': 'token',
'refresh_token': '<REDACTED>', 'access_token_scope': '?'}
assert _eq(eval(logcap.records[5].msg[7:]), expected)
expected = {'access_token': u'<REDACTED>', 'token_type': 'Bearer',
'refresh_token': '<REDACTED>'}
assert _eq(eval(logcap.records[6].msg[21:]), expected)
def test_password_grant_type_ok(self):
# Set a not so dummy Authn method and token policy
self.provider.authn_broker = AUTHN_BROKER2
self.provider.set_token_policy('client1', {'grant_type': ['password']})
areq = ROPCAccessTokenRequest(grant_type='password', username='******', password='******')
areq['client_id'] = 'client1' # Token endpoint would fill that in based on client_authn
resp = self.provider.password_grant_type(areq)
atr = AccessTokenResponse().deserialize(resp.message, "json")
assert _eq(atr.keys(), ['access_token', 'token_type', 'refresh_token'])
def test_token_endpoint():
provider = Provider("pyoicserv",
sdb.SessionDB(),
CDB,
AUTHN_BROKER,
AUTHZ,
verify_client,
symkey=rndstr(16))
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id="client1")
_sdb = provider.sdb
sid = _sdb.token.key(user="******", areq=authreq)
access_grant = _sdb.token(sid=sid)
_sdb[sid] = {
"oauth_state": "authz",
"sub": "sub",
"authzreq": "",
"client_id": "client1",
"code": access_grant,
"code_used": False,
"redirect_uri": "http://example.com/authz"
}
# Construct Access token request
areq = AccessTokenRequest(
code=access_grant,
redirect_uri="http://example.com/authz",
client_id="client1",
client_secret="hemlighet",
)
print areq.to_dict()
resp = provider.token_endpoint(request=areq.to_urlencoded())
print resp.message
atr = AccessTokenResponse().deserialize(resp.message, "json")
print atr.keys()
assert _eq(atr.keys(),
['access_token', 'expires_in', 'token_type', 'refresh_token'])
def test_token_endpoint():
provider = Provider("pyoicserv", sdb.SessionDB(), CDB, FUNCTIONS)
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id="client1")
_sdb = provider.sdb
sid = _sdb.token.key(user="******", areq=authreq)
access_grant = _sdb.token(sid=sid)
_sdb[sid] = {
"oauth_state": "authz",
"user_id": "user_id",
"authzreq": "",
"client_id": "client1",
"code": access_grant,
"code_used": False,
"redirect_uri":"http://example.com/authz"
}
# Construct Access token request
areq = AccessTokenRequest(code=access_grant,
redirect_uri="http://example.com/authz")
str = areq.to_urlencoded()
fil = StringIO.StringIO(buf=str)
environ = BASE_ENVIRON.copy()
environ["CONTENT_LENGTH"] = len(str)
environ["wsgi.input"] = fil
environ["REMOTE_USER"] = "******"
resp = provider.token_endpoint(environ, start_response)
print resp
atr = AccessTokenResponse().deserialize(resp[0], "json")
print atr.keys()
assert _eq(atr.keys(), ['access_token', 'expires_in', 'token_type',
'refresh_token'])
def test_password_grant_type_ok(self):
# Set a not so dummy Authn method and token policy
self.provider.authn_broker = AUTHN_BROKER2
self.provider.set_token_policy("client1", {"grant_type": ["password"]})
areq = ROPCAccessTokenRequest(grant_type="password",
username="******",
password="******")
areq[
"client_id"] = "client1" # Token endpoint would fill that in based on client_authn
resp = self.provider.password_grant_type(areq)
atr = AccessTokenResponse().deserialize(resp.message, "json")
assert _eq(atr.keys(), ["access_token", "token_type", "refresh_token"])
def test_token_endpoint(self):
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id="client1")
_sdb = self.provider.sdb
sid = _sdb.access_token.key(user="******", areq=authreq)
access_grant = _sdb.access_token(sid=sid)
_sdb[sid] = {
"oauth_state": "authz",
"sub": "sub",
"authzreq": "",
"client_id": "client1",
"code": access_grant,
"code_used": False,
"redirect_uri": "http://example.com/authz",
}
# Construct Access token request
areq = AccessTokenRequest(
code=access_grant,
redirect_uri="http://example.com/authz",
client_id="client1",
client_secret="hemlighet",
grant_type="authorization_code",
)
with LogCapture(level=logging.DEBUG) as logcap:
resp = self.provider.token_endpoint(request=areq.to_urlencoded())
atr = AccessTokenResponse().deserialize(resp.message, "json")
assert _eq(atr.keys(), ["access_token", "token_type", "refresh_token"])
expected = (
"token_request: code=<REDACTED>&client_secret=<REDACTED>&grant_type=authorization_code"
"&client_id=client1&redirect_uri=http%3A%2F%2Fexample.com%2Fauthz")
assert _eq(parse_qs(logcap.records[1].msg[15:]),
parse_qs(expected[15:]))
expected2 = {
"code": "<REDACTED>",
"client_secret": "<REDACTED>",
"redirect_uri": "http://example.com/authz",
"client_id": "client1",
"grant_type": "authorization_code",
}
# Don't try this at home, kids!
# We have to eval() to a dict here because otherwise the arbitrary
# ordering of the string causes the test to fail intermittently.
assert _eq(eval(logcap.records[2].msg[4:]), expected2)
assert _eq(logcap.records[3].msg, "Verified Client ID: client1")
expected3 = {
"redirect_uri": "http://example.com/authz",
"client_secret": "<REDACTED>",
"code": "<REDACTED>",
"client_id": "client1",
"grant_type": "authorization_code",
}
assert eval(logcap.records[4].msg[20:]) == expected3
expected4 = {
"code": "<REDACTED>",
"authzreq": "",
"sub": "sub",
"access_token": "<REDACTED>",
"token_type": "Bearer",
"redirect_uri": "http://example.com/authz",
"code_used": True,
"client_id": "client1",
"oauth_state": "token",
"refresh_token": "<REDACTED>",
"access_token_scope": "?",
}
assert _eq(eval(logcap.records[5].msg[7:]), expected4)
expected5 = {
"access_token": "<REDACTED>",
"token_type": "Bearer",
"refresh_token": "<REDACTED>",
}
assert _eq(eval(logcap.records[6].msg[21:]), expected5)
