def test_new_client_authorization_code_are_not_marked_as_used(): database.save_new_authorization_code( 'auth-code-1nmb21', 'client-id','my-state', 'http://example.com/return') assert database.client_has_authorization_code('client-id', 'auth-code-1nmb21') assert not database.is_client_authorization_code_used('client-id', 'auth-code-1nmb21')
def validate_user_credentials(handler): ''' This plugin will be executed in the authorization request handler on POST method. Different from GET method, no code is executed in the default handler. That's why we use ``client_id`` (stored on cookie by ``ask_user_credentials()`` above) to query tokens from database (saved on GET handler). ''' client_id = handler.get_secure_cookie('client_id') code = handler.get_secure_cookie('code') database = handler.application.database credentials = (handler.get_argument('username',''), handler.get_argument('password','')) allow = (handler.get_argument('allow','off') == 'on') if not database.client_has_authorization_code(client_id, code): handler.write('<p>No authorization code created to this client_id</p>') elif credentials == ('admin', 'admin'): if allow: handler.redirect_access_granted(client_id, code) else: handler.redirect_access_denied(client_id, code) else: handler.write('<p>Invalid username and/or password</p>' '<p><em>hint: try "admin" and "admin"</em></p>' '<p><a href="{0}">Try again</a></p>'.format(handler.request.uri))
def test_should_mark_client_authorization_code_as_used(): database.save_new_authorization_code( 'auth-code-1nmb21', 'client-id', 'http://example.com/return', 'http://example.com/return?code=auth-code-1nmb21') database.mark_client_authorization_code_as_used('client-id', 'auth-code-1nmb21') assert database.client_has_authorization_code('client-id', 'auth-code-1nmb21') assert database.is_client_authorization_code_used('client-id', 'auth-code-1nmb21')
def test_should_save_and_retrieve_client_authorization_code(): assert not database.find_client('client-id') database.save_new_authorization_code( 'auth-code-1nmb21', 'client-id','my-state', 'http://example.com/return') assert database.find_client('client-id') assert 1 == database.client_authorization_codes_count('client-id') assert database.client_has_authorization_code('client-id', 'auth-code-1nmb21')
def validate_client_authorization(self): client = database.find_client(self.client_id) if not client: self.raise_http_401({'error': 'invalid_client', 'error_description': 'Invalid client_id or code on Authorization header'}) if not database.client_has_authorization_code(self.client_id, self.code_from_header): self.raise_http_401({'error': 'invalid_client', 'error_description': 'Invalid client_id or code on Authorization header'}) if not database.client_has_authorization_code(self.client_id, self.code): self.raise_http_400({'error': 'invalid_grant', 'error_description': 'Invalid code for this client'}) if not database.client_has_redirect_uri_for_code(self.client_id, self.code, self.redirect_uri): self.raise_http_400({'error': 'invalid_grant', 'error_description': 'redirect_uri does not match'}) if database.is_client_authorization_code_used(self.client_id, self.code): self.raise_http_400({'error': 'invalid_grant', 'error_description': 'Authorization grant already used'})