def test_login_whenCalledWithValidCodeAndInvalidUsernameAndPassword_returns200WithFailureMessage( self): storage.hset('clients', 'test-1', '0123456789') storage.set('sessions_0123456789012345', json.dumps(self.session_content_1)) with mock.patch('requests.post', side_effect=self.mocked_requests_post_failed ) as mock_getuserdetails: # with mock.patch('ldap_authenticator.ldap_authenticator.verify_user') as mock_verifyuser: # mock_verifyuser.return_value = {'success': False, 'claims': {'givenName': 'Test', 'sn': 'User', # 'mail': '*****@*****.**'}} returned_result = self.app.post('/login?code=0123456789012345', data={ 'username': '******', 'password': '******' }) body = returned_result.data.decode('utf-8') self.assertEqual(200, returned_result.status_code) self.assertIn( 'Incorrect username and/or password entered, please try again.', body)
def test_token_whenCalledWithExpiredCode_returns400InvalidGrant(self): storage.hset('clients', 'test-1', '0123456789') storage.set('sessions_0123456789012345', json.dumps(self.session_content_1)) storage.expire('sessions_0123456789012345', 1) time.sleep(2) returned_result = self.app.post('/token', data={ 'client_id': 'test-1', 'client_secret': '0123456789', 'code': '0123456789012345', 'grant_type': 'authorization_code', 'redirect_uri': 'http://test.app/redirectpath' }) self.assertEqual(400, returned_result.status_code) body = returned_result.data.decode('utf-8') error_dict = json.loads(body) self.assertIn('error', error_dict) self.assertEqual(error_dict['error'], 'invalid_grant')
def test_token_whenCalledWithUserThatDoesNotHaveAnEmployeeNumber_returns400InvalidGrant( self): storage.hset('clients', 'test-1', '0123456789') session = self.session_content_1.copy() del (session['claims']['id_number']) storage.set('sessions_0123456789012345', json.dumps(self.session_content_1)) returned_result = self.app.post('/token', data={ 'client_id': 'test-1', 'client_secret': '0123456789', 'code': '0123456789012345', 'grant_type': 'authorization_code', 'redirect_uri': 'http://test.app/redirectpath' }) self.assertEqual(400, returned_result.status_code) body = returned_result.data.decode('utf-8') error_dict = json.loads(body) self.assertIn('error', error_dict) self.assertEqual(error_dict['error'], 'invalid_grant')
def test_loginAndToken_whenCalledWithValidCodeTwice_returns400InvalidRequest( self): storage.hset('clients', 'test-1', '0123456789') storage.set('sessions_0123456789012345', json.dumps(self.session_content_1)) with mock.patch('requests.post', side_effect=self.mocked_requests_post_success ) as mock_getuserdetails: returned_result = self.app.post('/login?code=0123456789012345', data={ 'username': '******', 'password': '******' }) body = returned_result.data.decode('utf-8') self.assertEqual(302, returned_result.status_code) returned_result = self.app.post('/token', data={ 'client_id': 'test-1', 'client_secret': '0123456789', 'code': '0123456789012345', 'grant_type': 'authorization_code', 'redirect_uri': 'http://test.app/redirectpath' }) self.assertEqual(200, returned_result.status_code) returned_result = self.app.post('/token', data={ 'client_id': 'test-1', 'client_secret': '0123456789', 'code': '0123456789012345', 'grant_type': 'authorization_code', 'redirect_uri': 'http://test.app/redirectpath' }) self.assertEqual(400, returned_result.status_code) body = returned_result.data.decode('utf-8') error_dict = json.loads(body) self.assertIn('error', error_dict) self.assertEqual(error_dict['error'], 'invalid_request')
def test_login_whenCalledWithValidCodeUsernameAndPassword_return302RedirectToClient( self): storage.hset('clients', 'test-1', '0123456789') storage.set('sessions_0123456789012345', json.dumps(self.session_content_1)) with mock.patch('requests.post', side_effect=self.mocked_requests_post_success ) as mock_getuserdetails: returned_result = self.app.post('/login?code=0123456789012345', data={ 'username': '******', 'password': '******' }) self.assertEqual(302, returned_result.status_code)
def test_token_whenCalledWithValidCode_returnsValidToken(self): storage.hset('clients', 'test-1', '0123456789') storage.set('sessions_0123456789012345', json.dumps(self.session_content_1)) returned_result = self.app.post('/token', data={ 'client_id': 'test-1', 'client_secret': '0123456789', 'code': '0123456789012345', 'grant_type': 'authorization_code', 'redirect_uri': 'http://test.app/redirectpath' }) self.assertEqual(200, returned_result.status_code)
def subscribe(user_id): if storage.set(user_id): return 'Ты подписался на рассылку. Для отписки напиши /unsub' else: return 'Я очень польщен, но дважды подписаться на рассылку нельзя'
def _persist(self): storage.set('sessions_%s' % self.code, json.dumps(self.__dict__)) storage.expire( 'sessions_%s' % self.code, 600) # 10 minutes - RFC 6749 4.1.2 max lifetime for a code