def testAccessClockResourceWithoutToken(self): """ Test that a request to the protected resource with an invalid token is rejected. """ request = MockRequest('GET', 'clock') self._makeExampleRequest(request) self.assertEqual(401, request.responseCode, msg='Expected the protected clock resource ' 'to reject a request without a token.') self.assertNotSubstring(b'<html><body>', request.getResponse(), msg='Expected the protected clock resource ' 'not to send the protected content.')
def _testValidAccessRequest(self, token=_VALID_TOKEN): """ Test that a request to the protected resource with the given token is accepted. :param token: The token to use in the request. """ request = MockRequest('GET', 'clock') request.setRequestHeader(b'Authorization', 'Bearer ' + token) self._makeExampleRequest(request) self.assertIn( request.responseCode, (None, 200), msg='Expected the protected clock resource to accept a request with a valid token.') self.assertSubstring( b'<html><body>', request.getResponse(), msg='Expected the protected clock resource to send the protected content.')
def testAuthorizationCodeGrant(self): """ Test the authorization code grant flow. """ state = b'state' dataKey = self._doAuthorizationRequest(state) request = MockRequest('POST', 'oauth2', arguments={ 'confirm': 'yes', 'data_key': dataKey }) self._makeExampleRequest(request) self.assertEqual(302, request.responseCode, msg='Expected the auth resource to redirect the request.') redirectUrl = request.getResponseHeader(b'location') self.assertIsNotNone(redirectUrl, msg='Expected the auth resource to redirect the request.') parameter = OAuth2Abstract.AuthResourceTest.getParameterFromRedirectUrl(redirectUrl, False) self.assertIn('code', parameter, msg='Missing code parameter in response.') self.assertIn('state', parameter, msg='Missing state parameter in response.') self.assertEqual( state if isinstance(state, str) else state.decode('utf-8', errors='replace'), parameter['state'], msg='Result contained an unexpected state.') code = parameter['code'] request = Abstract.TokenResourceTest.generateValidTokenRequest(arguments={ 'grant_type': 'authorization_code', 'code': code, 'redirect_uri': self._VALID_CLIENT.redirectUris[0], }, url='oauth2/token', authentication=self._VALID_CLIENT) self._makeExampleRequest(request) self.assertEqual(200, request.responseCode, msg='Expected the token resource to accept the request.') jsonResult = json.loads(request.getResponse().decode('utf-8')) self.assertIn('access_token', jsonResult, msg='Expected the result from the token resource ' 'to contain an access_token parameter.') self.assertIn('refresh_token', jsonResult, msg='Expected the result from the token resource ' 'to contain a refresh_token parameter.') self.assertIn('scope', jsonResult, msg='Expected the result from the token resource ' 'to contain a scope parameter.') self.assertListEqual(jsonResult['scope'].split(), self._VALID_SCOPE, msg='The token resource returned a different ' 'scope than expected.') accessToken = jsonResult['access_token'] self._testValidAccessRequest(token=accessToken) refreshToken = jsonResult['refresh_token'] self._testTokenRefresh(refreshToken)
def testAuthorizationCodeGrant(self): """ Test the authorization code grant flow. """ state = b'state' request = AbstractAuthResourceTest.createAuthRequest( arguments={ 'response_type': 'code', 'client_id': self._VALID_CLIENT.id, 'redirect_uri': self._VALID_CLIENT.redirectUris[0], 'scope': ' '.join(self._VALID_SCOPE), 'state': state }) self._SERVER.makeSynchronousRequest(request) self.assertIn( request.responseCode, (None, 200), msg='Expected the auth resource to accept a valid request.') response = request.getResponse() self.assertSubstring( b'<!DOCTYPE html>', response, msg= 'Expected the auth resource to send the content returned by onAuthenticate.' ) dataKey = re.search(b"<input.*name=\"data_key\".*value=\"(?P<dataKey>.*)\">", response)\ .group('dataKey') request = MockRequest('POST', 'oauth2', arguments={ 'confirm': 'yes', 'data_key': dataKey }) self._SERVER.makeSynchronousRequest(request) self.assertEquals( request.responseCode, 302, msg='Expected the auth resource to redirect the request.') redirectUrl = request.getResponseHeader(b'location') self.assertIsNotNone( redirectUrl, msg='Expected the auth resource to redirect the request.') parameter = AbstractAuthResourceTest.getParameterFromRedirectUrl( redirectUrl, False) self.assertIn('code', parameter, msg='Missing code parameter in response.') self.assertIn('state', parameter, msg='Missing state parameter in response.') self.assertEquals(parameter['state'], state if isinstance(state, str) else state.decode( 'utf-8', errors='replace'), msg='Result contained an unexpected state.') code = parameter['code'] request = AbstractTokenResourceTest.generateValidTokenRequest( arguments={ 'grant_type': 'authorization_code', 'code': code, 'redirect_uri': self._VALID_CLIENT.redirectUris[0], }, url='oauth2/token', authentication=self._VALID_CLIENT) self._SERVER.makeSynchronousRequest(request) self.assertEquals( request.responseCode, 200, msg='Expected the token resource to accept the request.') jsonResult = json.loads(request.getResponse().decode('utf-8'), encoding='utf-8') self.assertIn('access_token', jsonResult, msg='Expected the result from the token resource ' 'to contain an access_token parameter.') self.assertIn('refresh_token', jsonResult, msg='Expected the result from the token resource ' 'to contain a refresh_token parameter.') self.assertIn('scope', jsonResult, msg='Expected the result from the token resource ' 'to contain a scope parameter.') self.assertListEqual(jsonResult['scope'].split(), self._VALID_SCOPE, msg='The token resource returned a different ' 'scope than expected.') accessToken = jsonResult['access_token'] self._testValidAccessRequest(token=accessToken) refreshToken = jsonResult['refresh_token'] self._testTokenRefresh(refreshToken)