def google_id_token(app, user, fake): """A google id token for an identity associated with the user fixture.""" client_id = app.config['GOOGLE_OAUTH2_ALLOWED_CLIENT_IDS'][0] payload = dict( iat=datetime.datetime.utcnow() - datetime.timedelta(minutes=1), exp=datetime.datetime.utcnow() + datetime.timedelta(hours=1), aud=client_id, iss='accounts.google.com', sub=fake.numerify('################################'), email=fake.safe_email(), email_verified=False, ) key = list(app.config.get('TESTING_GOOGLE_OAUTH2_CERT_PRIV_KEYS').values())[0] t = jwt.encode(payload, key, algorithm='RS256').decode('ascii') associate_user_with_google_id(user, t) return t
def test_google_user_multiple_association(db, valid_payload, no_user_google_token, user): """Repeatedly associating an id only affects one row.""" # pylint: disable=no-member for _ in range(10): associate_user_with_google_id(user, no_user_google_token) db.session.commit() u = user_for_google_id_token(no_user_google_token) assert u.id == user.id # Check identity is added only once assert UserIdentity.query.filter( UserIdentity.provider == 'google', UserIdentity.provider_identity == valid_payload['sub'] ).count() == 1
def test_google_user_association_requires_sub(app, user, valid_payload): del valid_payload['sub'] t = _encode_valid_token(app, valid_payload) with pytest.raises(BadRequest): associate_user_with_google_id(user, t)
def test_google_user_association_requires_valid_token(user, valid_payload): t = _encode_invalid_token(valid_payload) with pytest.raises(BadRequest): associate_user_with_google_id(user, t)
def test_google_user_association(no_user_google_token, user): associate_user_with_google_id(user, no_user_google_token) u = user_for_google_id_token(no_user_google_token) assert u.id == user.id