def test_token_endpoint_password(self):
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id="client1")
_sdb = self.provider.sdb
sid = _sdb.access_token.key(user="******", areq=authreq)
access_grant = _sdb.access_token(sid=sid)
_sdb[sid] = {
"oauth_state": "authz",
"sub": "sub",
"authzreq": "",
"client_id": "client1",
"code": access_grant,
"code_used": False,
"redirect_uri": "http://example.com/authz",
"token_endpoint_auth_method": "client_secret_basic",
}
areq = ROPCAccessTokenRequest(grant_type="password",
username="******",
password="******")
authn = "Basic Y2xpZW50Mjp2ZXJ5c2VjcmV0="
resp = self.provider.token_endpoint(request=areq.to_urlencoded(),
authn=authn)
parsed = TokenErrorResponse().from_json(resp.message)
assert parsed["error"] == "unsupported_grant_type"
def test_init(self):
ropc = ROPCAccessTokenRequest(grant_type="password",
username="******", password="******")
assert ropc["grant_type"] == "password"
assert ropc["username"] == "johndoe"
assert ropc["password"] == "A3ddj3w"
def test_password_grant_type_bad(self):
# Set a not so dummy Authn method and token policy
self.provider.authn_broker = AUTHN_BROKER2
self.provider.set_token_policy('client1', {'grant_type': ['password']})
areq = ROPCAccessTokenRequest(grant_type='password', username='******', password='******')
areq['client_id'] = 'client1' # Token endpoint would fill that in based on client_authn
resp = self.provider.password_grant_type(areq)
atr = TokenErrorResponse().deserialize(resp.message, "json")
assert atr['error'] == 'invalid_grant'
def test_password_grant_type_no_authn(self):
# Set a blank AuthnBroker
self.provider.authn_broker = AuthnBroker()
self.provider.set_token_policy('client1', {'grant_type': ['password']})
areq = ROPCAccessTokenRequest(grant_type='password', username='******', password='******')
areq['client_id'] = 'client1' # Token endpoint would fill that in based on client_authn
resp = self.provider.password_grant_type(areq)
atr = TokenErrorResponse().deserialize(resp.message, "json")
assert atr['error'] == 'invalid_grant'
def test_password_grant_type_ok(self):
# Set a not so dummy Authn method and token policy
self.provider.authn_broker = AUTHN_BROKER2
self.provider.set_token_policy('client1', {'grant_type': ['password']})
areq = ROPCAccessTokenRequest(grant_type='password', username='******', password='******')
areq['client_id'] = 'client1' # Token endpoint would fill that in based on client_authn
resp = self.provider.password_grant_type(areq)
atr = AccessTokenResponse().deserialize(resp.message, "json")
assert _eq(atr.keys(), ['access_token', 'token_type', 'refresh_token'])
def test_password_grant_type_bad(self):
# Set a not so dummy Authn method and token policy
self.provider.authn_broker = AUTHN_BROKER2
self.provider.set_token_policy("client1", {"grant_type": ["password"]})
areq = ROPCAccessTokenRequest(grant_type="password",
username="******",
password="******")
areq[
"client_id"] = "client1" # Token endpoint would fill that in based on client_authn
resp = self.provider.password_grant_type(areq)
atr = TokenErrorResponse().deserialize(resp.message, "json")
assert atr["error"] == "invalid_grant"
def test_password_grant_type_no_authn(self):
# Set a blank AuthnBroker
self.provider.authn_broker = AuthnBroker()
self.provider.set_token_policy("client1", {"grant_type": ["password"]})
areq = ROPCAccessTokenRequest(grant_type="password",
username="******",
password="******")
areq[
"client_id"] = "client1" # Token endpoint would fill that in based on client_authn
resp = self.provider.password_grant_type(areq)
atr = TokenErrorResponse().deserialize(resp.message, "json")
assert atr["error"] == "invalid_grant"
def test_password_grant_type_ok(self):
# Set a not so dummy Authn method and token policy
self.provider.authn_broker = AUTHN_BROKER2
self.provider.set_token_policy("client1", {"grant_type": ["password"]})
areq = ROPCAccessTokenRequest(grant_type="password",
username="******",
password="******")
areq[
"client_id"] = "client1" # Token endpoint would fill that in based on client_authn
resp = self.provider.password_grant_type(areq)
atr = AccessTokenResponse().deserialize(resp.message, "json")
assert _eq(atr.keys(), ["access_token", "token_type", "refresh_token"])