def test_invalid_grant_type(self):
"""This test ensures that invalid grant_type parameters get the
appropriate error response.
"""
# Generate a valid auth token
with base.HybridSessionManager():
authorization_code = auth_api.authorization_code_save({
'user_id':
2,
'state':
'test_state',
'code':
'test_valid_code',
'expires_in':
300
})
content_type = 'application/x-www-form-urlencoded'
# POST with content: application/x-www-form-urlencoded
response = self.app.post('/v1/openid/token',
params={
'code': authorization_code.code,
'grant_type': 'invalid_grant_type'
},
content_type=content_type,
expect_errors=True)
# Assert that this is a successful response
self.assertEqual(400, response.status_code)
self.assertIsNotNone(response.json)
self.assertEqual('unsupported_grant_type', response.json['error'])
self.assertEqual(e_msg.INVALID_TOKEN_GRANT_TYPE,
response.json['error_description'])
def test_handle(self):
"""Assert that the handle method passes the correct values on."""
worker_base = MockEmailWorkerBase({})
with base.HybridSessionManager():
session = db_api_base.get_session()
user_1 = db_api_base.entity_get(models.User, 1, session=session)
worker_base.handle(session=session,
author=user_1,
method='POST',
url='http://localhost/',
path='/test',
query_string='',
status=201,
resource='story',
resource_id=1)
self.assertIsInstance(worker_base.handled_values['author'],
models.User)
self.assertEqual(1, worker_base.handled_values['author'].id)
self.assertEqual(2, len(worker_base.handled_values['subscribers']))
self.assertEqual('POST', worker_base.handled_values['method'])
self.assertEqual(201, worker_base.handled_values['status'])
self.assertEqual('/test', worker_base.handled_values['path'])
self.assertEqual('story', worker_base.handled_values['resource'])
self.assertEqual(1, worker_base.handled_values['resource_id'])
def test_valid_response_request(self, mock_post):
"""This test ensures that the authorize request against the oauth
endpoint succeeds with expected values.
"""
self._mock_response(mock_post, valid=True)
random_state = six.text_type(uuid.uuid4())
# Simple GET with various parameters
response = self.get_json(path='/openid/authorize_return',
expect_errors=True,
state=random_state,
**self.valid_params)
# Try to pull the code out of the response
location = response.headers.get('Location')
location_url = urlparse.urlparse(location)
parameters = urlparse.parse_qs(location_url[4])
with base.HybridSessionManager():
token = auth_api.authorization_code_get(parameters['code'])
redirect_uri = self.valid_params['sb_redirect_uri']
# Validate the redirect response
self.assertValidRedirect(response=response,
expected_status_code=302,
redirect_uri=redirect_uri,
state=token.state,
code=token.code)
def test_expired_access_token_time(self):
"""This test ensures that an access token is seen as expired if
storyboard is installed in multiple timezones.
"""
expired = datetime.datetime.now(
pytz.utc) - datetime.timedelta(minutes=6)
# Store the old TZ info, if it exists.
old_tz = None
if 'TZ' in os.environ:
old_tz = os.environ['TZ']
# Convert now into every possible timezone out there :)
for name in self.tested_timezones:
# Override the 'default timezone' for the current runtime.
os.environ['TZ'] = name
# Create a token.
with base.HybridSessionManager():
authorization_code = auth_api.authorization_code_save({
'user_id':
2,
'state':
'test_state',
'code':
'test_valid_code',
'expires_in':
300,
'created_at':
expired
})
content_type = 'application/x-www-form-urlencoded'
# POST with content: application/x-www-form-urlencoded
response = self.app.post('/v1/openid/token',
params={
'code': authorization_code.code,
'grant_type': 'authorization_code'
},
content_type=content_type,
expect_errors=True)
# Assert that this is a valid call.
self.assertEqual(401, response.status_code)
# Reset the timezone.
if old_tz:
os.environ['TZ'] = old_tz
else:
del os.environ['TZ']
def test_get_preference(self):
"""Assert that the get_preference method functions as expected."""
worker_base = MockEmailWorkerBase({})
with base.HybridSessionManager():
session = db_api_base.get_session()
user_1 = db_api_base.entity_get(models.User, 1, session=session)
foo_value = worker_base.get_preference('foo', user_1)
self.assertEqual('bar', foo_value)
no_value = worker_base.get_preference('no_value', user_1)
self.assertIsNone(no_value)
def test_get_subscribers(self):
"""Assert that the get_subscribers method functions as expected."""
worker_base = MockEmailWorkerBase({})
with base.HybridSessionManager():
session = db_api_base.get_session()
# Users 1 and 3 are subscribed to this story, user 1 as digest
# and user 3 as individual emails.
subscribers = worker_base.get_subscribers(session, 'story', 1)
self.assertEqual(2, len(subscribers))
self.assertEqual(1, subscribers[0].id)
self.assertEqual(3, subscribers[1].id)
def test_valid_access_token_time(self):
"""Assert that a newly created access token is valid if storyboard is
installed in a multitude of timezones.
"""
# Store the old TZ info, if it exists.
old_tz = None
if 'TZ' in os.environ:
old_tz = os.environ['TZ']
# Convert now into every possible timezone out there :)
for name in self.tested_timezones:
# Override the 'default timezone' for the current runtime.
os.environ['TZ'] = name
# Create a token.
with base.HybridSessionManager():
authorization_code = auth_api.authorization_code_save({
'user_id':
2,
'state':
'test_state',
'code':
'test_valid_code',
'expires_in':
300
})
response = self.app.post(
'/v1/openid/token',
params={
'code': authorization_code.code,
'grant_type': 'authorization_code'
},
content_type='application/x-www-form-urlencoded',
expect_errors=True)
# Assert that this is a valid call.
self.assertEqual(200, response.status_code)
# Reset the timezone.
if old_tz:
os.environ['TZ'] = old_tz
else:
del os.environ['TZ']
def test_resolve_by_name(self):
'''Assert that resolve_resource_by_name works.'''
worker = TestWorkerPlugin({})
with base.HybridSessionManager():
session = db_api_base.get_session()
task = worker.resolve_resource_by_name(session, 'task', 1)
self.assertIsNotNone(task)
self.assertEqual(1, task.id)
project_group = worker.resolve_resource_by_name(
session, 'project_group', 1)
self.assertIsNotNone(project_group)
self.assertEqual(1, project_group.id)
project = worker.resolve_resource_by_name(session, 'project', 1)
self.assertIsNotNone(project)
self.assertEqual(1, project.id)
user = worker.resolve_resource_by_name(session, 'user', 1)
self.assertIsNotNone(user)
self.assertEqual(1, user.id)
team = worker.resolve_resource_by_name(session, 'team', 1)
self.assertIsNotNone(team)
self.assertEqual(1, team.id)
story = worker.resolve_resource_by_name(session, 'story', 1)
self.assertIsNotNone(story)
self.assertEqual(1, story.id)
branch = worker.resolve_resource_by_name(session, 'branch', 1)
self.assertIsNotNone(branch)
self.assertEqual(1, branch.id)
milestone = worker.resolve_resource_by_name(
session, 'milestone', 1)
self.assertIsNotNone(milestone)
self.assertEqual(1, milestone.id)
def test_handle_email(self, get_smtp_client):
"""Make sure that events from the queue are sent as emails."""
dummy_smtp = mock.Mock(smtplib.SMTP)
worker_base = SubscriptionEmailWorker({})
get_smtp_client.return_value.__enter__ = dummy_smtp
with base.HybridSessionManager():
session = db_api_base.get_session()
author = db_api_base.entity_get(models.User, 2, session=session)
story = db_api_base.entity_get(models.Story, 1, session=session)
story_dict = story.as_dict()
story_after_dict = copy.copy(story_dict)
story_after_dict['title'] = 'New Test Title'
subscribers = worker_base.get_subscribers(session, 'story', 1)
self.assertEqual(2, len(subscribers))
worker_base.handle_email(session=session,
author=author,
subscribers=subscribers,
method='PUT',
url='http://localhost/',
path='/stories/1',
query_string='',
status=200,
resource='story',
resource_id=1,
resource_before=story_dict,
resource_after=story_after_dict)
# There should be two subscribers, but only one should get an
# email since the other is a digest receiver.
subscribed_user = db_api_base.entity_get(models.User,
3,
session=session)
self.assertEqual(dummy_smtp.return_value.sendmail.call_count, 1)
self.assertEqual(
dummy_smtp.return_value.sendmail.call_args[1]['to_addrs'],
subscribed_user.email)
def test_valid_refresh_token(self):
"""This test ensures that a valid refresh token can be converted into
a valid access token, and cleans up after itself.
"""
# Generate a valid access code
with base.HybridSessionManager():
authorization_code = auth_api.authorization_code_save({
'user_id':
2,
'state':
'test_state',
'code':
'test_valid_code'
})
content_type = 'application/x-www-form-urlencoded'
# Generate an auth and a refresh token.
resp_1 = self.app.post('/v1/openid/token',
params={
'code': authorization_code.code,
'grant_type': 'authorization_code'
},
content_type=content_type,
expect_errors=True)
# Assert that this is a successful response
self.assertEqual(200, resp_1.status_code)
# Assert that the token came back in the response
t1 = resp_1.json
# Assert that both are in the database.
with base.HybridSessionManager():
access_token = \
token_api.access_token_get_by_token(t1['access_token'])
self.assertIsNotNone(access_token)
with base.HybridSessionManager():
refresh_token = refresh_tokens.refresh_token_get_by_token(
t1['refresh_token'])
self.assertIsNotNone(refresh_token)
content_type = 'application/x-www-form-urlencoded'
# Issue a refresh token request.
resp_2 = self.app.post('/v1/openid/token',
params={
'refresh_token': t1['refresh_token'],
'grant_type': 'refresh_token'
},
content_type=content_type,
expect_errors=True)
# Assert that the response is good.
self.assertEqual(200, resp_2.status_code)
# Assert that the token came back in the response
t2 = resp_2.json
self.assertIsNotNone(t2['access_token'])
self.assertIsNotNone(t2['expires_in'])
self.assertIsNotNone(t2['id_token'])
self.assertIsNotNone(t2['refresh_token'])
self.assertIsNotNone(t2['token_type'])
self.assertEqual('Bearer', t2['token_type'])
# Assert that the access token is in the database
with base.HybridSessionManager():
new_access_token = \
token_api.access_token_get_by_token(t2['access_token'])
self.assertIsNotNone(new_access_token)
# Assert that system configured values is owned by the correct user.
self.assertEqual(2, new_access_token.user_id)
self.assertEqual(t2['id_token'], new_access_token.user_id)
self.assertEqual(t2['expires_in'], CONF.oauth.access_token_ttl)
self.assertEqual(t2['expires_in'], new_access_token.expires_in)
self.assertEqual(t2['access_token'], new_access_token.access_token)
# Assert that the refresh token is in the database
with base.HybridSessionManager():
new_refresh_token = refresh_tokens.refresh_token_get_by_token(
t2['refresh_token'])
self.assertIsNotNone(new_refresh_token)
# Assert that system configured values is owned by the correct user.
self.assertEqual(2, new_refresh_token.user_id)
self.assertEqual(CONF.oauth.refresh_token_ttl,
new_refresh_token.expires_in)
self.assertEqual(t2['refresh_token'], new_refresh_token.refresh_token)
# Assert that the old access tokens are no longer in the database and
# have been cleaned up.
with base.HybridSessionManager():
no_access_token = \
token_api.access_token_get_by_token(t1['access_token'])
with base.HybridSessionManager():
no_refresh_token = \
refresh_tokens.refresh_token_get_by_token(t1['refresh_token'])
self.assertIsNone(no_refresh_token)
self.assertIsNone(no_access_token)
def test_valid_access_request(self):
"""This test ensures that the access token request may execute
properly with a valid token.
"""
# Generate a valid auth token
with base.HybridSessionManager():
authorization_code = auth_api.authorization_code_save({
'user_id':
2,
'state':
'test_state',
'code':
'test_valid_code'
})
content_type = 'application/x-www-form-urlencoded'
# POST with content: application/x-www-form-urlencoded
response = self.app.post('/v1/openid/token',
params={
'code': authorization_code.code,
'grant_type': 'authorization_code'
},
content_type=content_type,
expect_errors=True)
# Assert that this is a successful response
self.assertEqual(200, response.status_code)
# Assert that the token came back in the response
token = response.json
self.assertIsNotNone(token['access_token'])
self.assertIsNotNone(token['expires_in'])
self.assertIsNotNone(token['id_token'])
self.assertIsNotNone(token['refresh_token'])
self.assertIsNotNone(token['token_type'])
self.assertEqual('Bearer', token['token_type'])
# Assert that the access token is in the database
with base.HybridSessionManager():
access_token = \
token_api.access_token_get_by_token(token['access_token'])
self.assertIsNotNone(access_token)
# Assert that system configured values is owned by the correct user.
self.assertEqual(2, access_token.user_id)
self.assertEqual(token['id_token'], access_token.user_id)
self.assertEqual(token['expires_in'], CONF.oauth.access_token_ttl)
self.assertEqual(token['expires_in'], access_token.expires_in)
self.assertEqual(token['access_token'], access_token.access_token)
# Assert that the refresh token is in the database
with base.HybridSessionManager():
refresh_token = \
refresh_tokens.refresh_token_get_by_token(
token['refresh_token'])
self.assertIsNotNone(refresh_token)
# Assert that system configured values is owned by the correct user.
self.assertEqual(2, refresh_token.user_id)
self.assertEqual(CONF.oauth.refresh_token_ttl,
refresh_token.expires_in)
self.assertEqual(token['refresh_token'], refresh_token.refresh_token)
# Assert that the authorization code is no longer in the database.
with base.HybridSessionManager():
none_code = \
auth_api.authorization_code_get(authorization_code.code)
self.assertIsNone(none_code)
