class TestOAuthClient():
def setup_class(self):
self.client = Client("1")
self.client.redirect_uris = ["http://example.com/redirect"]
def test_areq_1(self):
ar = self.client.construct_AuthorizationRequest(
request_args={"response_type": ["code"]})
assert ar["redirect_uri"] == "http://example.com/redirect"
assert ar["response_type"] == ["code"]
assert ar["client_id"] == "1"
assert "state" not in ar
assert "scope" not in ar
def test_areq_2(self):
self.client.state = "abc"
req_args = {"response_type": ["code"], "scope": ["foo", "bar"]}
ar = self.client.construct_AuthorizationRequest(request_args=req_args)
assert ar["redirect_uri"] == "http://example.com/redirect"
assert ar["response_type"] == ["code"]
assert ar["client_id"] == "1"
assert ar["state"] == "abc"
assert ar["scope"] == ["foo", "bar"]
def test_areq_replace_default_state(self):
self.client.state = "efg"
req_args = {"response_type": ["code"], "scope": ["foo", "bar"]}
ar = self.client.construct_AuthorizationRequest(request_args=req_args)
assert ar["redirect_uri"] == "http://example.com/redirect"
assert ar["response_type"] == ["code"]
assert ar["client_id"] == "1"
assert ar["state"] == "efg"
assert ar["scope"] == ["foo", "bar"]
def test_parse_authz_resp_url(self):
url = "https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=ghi"
aresp = self.client.parse_response(AuthorizationResponse,
info=url, sformat="urlencoded")
assert aresp["code"] == "SplxlOBeZQQYbYS6WxSbIA"
assert aresp["state"] == "ghi"
assert self.client.grant["ghi"]
assert self.client.grant["ghi"].code == aresp["code"]
assert self.client.grant["ghi"].grant_expiration_time
def test_parse_authz_resp_query(self):
query = "code=SplxlOBeZQQYbYS6WxSbIA&state=hij"
aresp = self.client.parse_response(AuthorizationResponse,
info=query, sformat="urlencoded")
assert aresp["code"] == "SplxlOBeZQQYbYS6WxSbIA"
assert aresp["state"] == "hij"
print self.client.grant.keys()
assert self.client.grant["hij"]
assert self.client.grant["hij"].code == aresp["code"]
assert self.client.grant["hij"].grant_expiration_time
def test_parse_authz_resp_query_multi_scope(self):
query = "code=SplxlOBeZQQYbYS6WxAAAA&state=klm"
aresp = self.client.parse_response(AuthorizationResponse,
info=query, sformat="urlencoded")
assert aresp["code"] == "SplxlOBeZQQYbYS6WxAAAA"
assert aresp["state"] == "klm"
assert self.client.grant["klm"]
assert self.client.grant["klm"].code == aresp["code"]
assert self.client.grant["klm"].grant_expiration_time
assert _eq(self.client.grant.keys(), ['ghi', 'hij', 'klm'])
def test_parse_authz_resp_query_unknown_parameter(self):
query = "code=SplxlOBeZQQYbYS6WxSbIA&state=xyz&foo=bar"
aresp = self.client.parse_response(AuthorizationResponse,
info=query, sformat="urlencoded")
assert aresp["code"] == "SplxlOBeZQQYbYS6WxSbIA"
assert aresp["state"] == "xyz"
print aresp.__dict__.keys()
assert "foo" not in aresp.__dict__
assert self.client.grant["xyz"]
assert self.client.grant["xyz"].code == aresp["code"]
assert self.client.grant["xyz"].grant_expiration_time
def test_get_access_token_request_1(self):
self.client.reset()
self.client.redirect_uris = ["http://client.example.com/authz"]
grant = Grant()
grant.code = "AbCdEf"
grant.grant_expiration_time = time_util.utc_time_sans_frac() + 30
self.client.grant = {"stat": grant}
# scope is default=""
atr = self.client.construct_AccessTokenRequest(state="stat")
assert atr["grant_type"] == "authorization_code"
assert atr["code"] == "AbCdEf"
assert atr["redirect_uri"] == "http://client.example.com/authz"
def test_construct_access_token_request_fail(self):
raises(Exception,
'self.client.construct_AccessTokenRequest(state="unknown")')
def test_get_access_token_request_override(self):
self.client.reset()
self.client.redirect_uris = ["http://client.example.com/authz"]
grant = Grant()
grant.code = "AbCdEf"
grant.grant_expiration_time = time_util.utc_time_sans_frac() + 30
self.client.grant = {"xyz": grant}
atr = self.client.construct_AccessTokenRequest(state="xyz")
assert atr["grant_type"] == "authorization_code"
assert atr["code"] == "AbCdEf"
assert atr["redirect_uri"] == "http://client.example.com/authz"
def test_construct_request_no_input(self):
self.client.response_type = ["code"]
atr = self.client.construct_AuthorizationRequest()
print atr
assert atr["redirect_uri"] == "http://client.example.com/authz"
assert atr["response_type"] == ["code"]
assert atr["client_id"] == "1"
def test_parse_access_token_response(self):
jso = """{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"example",
"expires_in":3600,
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter":"example_value"
}"""
self.client.parse_response(AccessTokenResponse,
info="".join([
x.strip() for x in jso.split("\n")]))
assert self.client.grant
_grant = self.client.grant[""]
assert len(_grant.tokens) == 1
token = _grant.tokens[0]
assert token.access_token == "2YotnFZFEjr1zCsicMWpAA"
assert token.token_type == "example"
assert token.expires_in == 3600
assert token.refresh_token == "tGzv3JOkF0XG5Qx2TlKWIA"
# I'm dropping parameters I don't recognize
assert "example_parameter" not in self.client.__dict__
#assert self.client.access_token_is_valid()
def test_get_access_token_refresh_1(self):
print self.client.grant
self.client.grant[""].grant_expiration_time = time.time() + 60
self.client.grant[""].code = "access_code"
token = self.client.grant[""].tokens[0]
print token
# Uses refresh_token from previous response
atr = self.client.construct_RefreshAccessTokenRequest(token=token)
print atr.to_dict()
assert atr.type() == "RefreshAccessTokenRequest"
assert atr["grant_type"] == "refresh_token"
assert atr["refresh_token"] == "tGzv3JOkF0XG5Qx2TlKWIA"
def test_get_access_token_refresh_2(self):
self.client.grant["foo"] = Grant()
_get = time_util.utc_time_sans_frac() + 60
self.client.grant["foo"].grant_expiration_time = _get
self.client.grant["foo"].code = "access_code"
print self.client.grant["foo"]
resp = AccessTokenResponse(refresh_token="refresh_with_me",
access_token="access")
self.client.grant["foo"].tokens.append(Token(resp))
# Uses refresh_token from previous response
atr = self.client.construct_RefreshAccessTokenRequest(state="foo")
assert atr.type() == "RefreshAccessTokenRequest"
assert atr["grant_type"] == "refresh_token"
assert atr["refresh_token"] == "refresh_with_me"
def test_parse_authz_err_response(self):
ruri = "https://client.example.com/cb?error=access_denied&state=xyz"
resp = self.client.parse_response(AuthorizationResponse,
info=ruri, sformat="urlencoded")
print type(resp), resp
assert resp.type() == "AuthorizationErrorResponse"
assert resp["error"] == "access_denied"
assert resp["state"] == "xyz"
def test_return_non_existant_grant(self):
assert self.client.grant_from_state("123456abcdef") is None
def test_construct_request_with_extra_args(self):
print self.client.__dict__.items()
req = self.client.construct_AccessTokenRequest(
state="foo", extra_args={"foo": "bar"})
assert req
print req.keys()
assert _eq(req.keys(), ['code', 'grant_type', 'client_id',
'redirect_uri', 'foo'])
assert req["foo"] == "bar"
def test_construct_TokenRevocationRequest(self):
req = self.client.construct_TokenRevocationRequest(state="foo")
assert req
print req.keys()
assert _eq(req.keys(), ['token'])
assert req["token"] == "access"
def test_request_info_simple(self):
self.client.authorization_endpoint = "https://example.com/authz"
uri, body, h_args, cis = self.client.request_info(AuthorizationRequest)
# default == "POST"
assert uri == 'https://example.com/authz'
assert body == "redirect_uri=http%3A%2F%2Fclient.example.com%2Fauthz&response_type=code&client_id=1"
assert h_args == {'headers': {'content-type':
'application/x-www-form-urlencoded'}}
assert cis.type() == "AuthorizationRequest"
def test_request_info_simple_get(self):
#self.client.authorization_endpoint = "https://example.com/authz"
uri, body, h_args, cis = self.client.request_info(AuthorizationRequest,
method="GET")
assert uri == 'https://example.com/authz?redirect_uri=http%3A%2F%2Fclient.example.com%2Fauthz&response_type=code&client_id=1'
assert body is None
assert h_args == {}
assert cis.type() == "AuthorizationRequest"
def test_request_info_simple_get_with_req_args(self):
#self.client.authorization_endpoint = "https://example.com/authz"
uri, body, h_args, cis = self.client.request_info(
AuthorizationRequest, method="GET", request_args={"state": "init"})
print uri
assert uri == 'https://example.com/authz?state=init&redirect_uri=http%3A%2F%2Fclient.example.com%2Fauthz&response_type=code&client_id=1'
assert body is None
assert h_args == {}
assert cis.type() == "AuthorizationRequest"
def test_request_info_simple_get_with_extra_args(self):
#self.client.authorization_endpoint = "https://example.com/authz"
uri, body, h_args, cis = self.client.request_info(
AuthorizationRequest, method="GET", extra_args={"rock": "little"})
print uri
assert uri == 'https://example.com/authz?redirect_uri=http%3A%2F%2Fclient.example.com%2Fauthz&response_type=code&client_id=1&rock=little'
assert body is None
assert h_args == {}
assert cis.type() == "AuthorizationRequest"
def test_request_info_with_req_and_extra_args(self):
#self.client.authorization_endpoint = "https://example.com/authz"
uri, body, h_args, cis = self.client.request_info(
AuthorizationRequest,
method="GET",
request_args={"state": "init"},
extra_args={"rock": "little"})
print uri
assert uri == 'https://example.com/authz?state=init&redirect_uri=http%3A%2F%2Fclient.example.com%2Fauthz&response_type=code&client_id=1&rock=little'
assert body is None
assert h_args == {}
assert cis.type() == "AuthorizationRequest"
class TestOAuthClient():
def setup_class(self):
self.client = Client("1")
self.client.redirect_uris = ["http://example.com/redirect"]
def test_areq_1(self):
ar = self.client.construct_AuthorizationRequest(
request_args={"response_type": ["code"]})
assert ar["redirect_uri"] == "http://example.com/redirect"
assert ar["response_type"] == ["code"]
assert ar["client_id"] == "1"
assert "state" not in ar
assert "scope" not in ar
def test_areq_2(self):
self.client.state = "abc"
req_args = {"response_type": ["code"], "scope": ["foo", "bar"]}
ar = self.client.construct_AuthorizationRequest(request_args=req_args)
assert ar["redirect_uri"] == "http://example.com/redirect"
assert ar["response_type"] == ["code"]
assert ar["client_id"] == "1"
assert ar["state"] == "abc"
assert ar["scope"] == ["foo", "bar"]
def test_areq_replace_default_state(self):
self.client.state = "efg"
req_args = {"response_type": ["code"], "scope": ["foo", "bar"]}
ar = self.client.construct_AuthorizationRequest(request_args=req_args)
assert ar["redirect_uri"] == "http://example.com/redirect"
assert ar["response_type"] == ["code"]
assert ar["client_id"] == "1"
assert ar["state"] == "efg"
assert ar["scope"] == ["foo", "bar"]
def test_parse_authz_resp_url(self):
url = "https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=ghi"
aresp = self.client.parse_response(AuthorizationResponse,
info=url,
sformat="urlencoded")
assert aresp["code"] == "SplxlOBeZQQYbYS6WxSbIA"
assert aresp["state"] == "ghi"
assert self.client.grant["ghi"]
assert self.client.grant["ghi"].code == aresp["code"]
assert self.client.grant["ghi"].grant_expiration_time
def test_parse_authz_resp_query(self):
query = "code=SplxlOBeZQQYbYS6WxSbIA&state=hij"
aresp = self.client.parse_response(AuthorizationResponse,
info=query,
sformat="urlencoded")
assert aresp["code"] == "SplxlOBeZQQYbYS6WxSbIA"
assert aresp["state"] == "hij"
print self.client.grant.keys()
assert self.client.grant["hij"]
assert self.client.grant["hij"].code == aresp["code"]
assert self.client.grant["hij"].grant_expiration_time
def test_parse_authz_resp_query_multi_scope(self):
query = "code=SplxlOBeZQQYbYS6WxAAAA&state=klm"
aresp = self.client.parse_response(AuthorizationResponse,
info=query,
sformat="urlencoded")
assert aresp["code"] == "SplxlOBeZQQYbYS6WxAAAA"
assert aresp["state"] == "klm"
assert self.client.grant["klm"]
assert self.client.grant["klm"].code == aresp["code"]
assert self.client.grant["klm"].grant_expiration_time
assert _eq(self.client.grant.keys(), ['ghi', 'hij', 'klm'])
def test_parse_authz_resp_query_unknown_parameter(self):
query = "code=SplxlOBeZQQYbYS6WxSbIA&state=xyz&foo=bar"
aresp = self.client.parse_response(AuthorizationResponse,
info=query,
sformat="urlencoded")
assert aresp["code"] == "SplxlOBeZQQYbYS6WxSbIA"
assert aresp["state"] == "xyz"
print aresp.__dict__.keys()
assert "foo" not in aresp.__dict__
assert self.client.grant["xyz"]
assert self.client.grant["xyz"].code == aresp["code"]
assert self.client.grant["xyz"].grant_expiration_time
def test_get_access_token_request_1(self):
self.client.reset()
self.client.redirect_uris = ["http://client.example.com/authz"]
grant = Grant()
grant.code = "AbCdEf"
grant.grant_expiration_time = time_util.utc_time_sans_frac() + 30
self.client.grant = {"stat": grant}
# scope is default=""
atr = self.client.construct_AccessTokenRequest(state="stat")
assert atr["grant_type"] == "authorization_code"
assert atr["code"] == "AbCdEf"
assert atr["redirect_uri"] == "http://client.example.com/authz"
def test_construct_access_token_request_fail(self):
raises(Exception,
'self.client.construct_AccessTokenRequest(state="unknown")')
def test_get_access_token_request_override(self):
self.client.reset()
self.client.redirect_uris = ["http://client.example.com/authz"]
grant = Grant()
grant.code = "AbCdEf"
grant.grant_expiration_time = time_util.utc_time_sans_frac() + 30
self.client.grant = {"xyz": grant}
atr = self.client.construct_AccessTokenRequest(state="xyz")
assert atr["grant_type"] == "authorization_code"
assert atr["code"] == "AbCdEf"
assert atr["redirect_uri"] == "http://client.example.com/authz"
def test_construct_request_no_input(self):
self.client.response_type = ["code"]
atr = self.client.construct_AuthorizationRequest()
print atr
assert atr["redirect_uri"] == "http://client.example.com/authz"
assert atr["response_type"] == ["code"]
assert atr["client_id"] == "1"
def test_parse_access_token_response(self):
jso = """{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"example",
"expires_in":3600,
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter":"example_value"
}"""
self.client.parse_response(AccessTokenResponse,
info="".join(
[x.strip() for x in jso.split("\n")]))
assert self.client.grant
_grant = self.client.grant[""]
assert len(_grant.tokens) == 1
token = _grant.tokens[0]
assert token.access_token == "2YotnFZFEjr1zCsicMWpAA"
assert token.token_type == "example"
assert token.expires_in == 3600
assert token.refresh_token == "tGzv3JOkF0XG5Qx2TlKWIA"
# I'm dropping parameters I don't recognize
assert "example_parameter" not in self.client.__dict__
#assert self.client.access_token_is_valid()
def test_get_access_token_refresh_1(self):
print self.client.grant
self.client.grant[""].grant_expiration_time = time.time() + 60
self.client.grant[""].code = "access_code"
token = self.client.grant[""].tokens[0]
print token
# Uses refresh_token from previous response
atr = self.client.construct_RefreshAccessTokenRequest(token=token)
print atr.to_dict()
assert atr.type() == "RefreshAccessTokenRequest"
assert atr["grant_type"] == "refresh_token"
assert atr["refresh_token"] == "tGzv3JOkF0XG5Qx2TlKWIA"
def test_get_access_token_refresh_2(self):
self.client.grant["foo"] = Grant()
_get = time_util.utc_time_sans_frac() + 60
self.client.grant["foo"].grant_expiration_time = _get
self.client.grant["foo"].code = "access_code"
print self.client.grant["foo"]
resp = AccessTokenResponse(refresh_token="refresh_with_me",
access_token="access")
self.client.grant["foo"].tokens.append(Token(resp))
# Uses refresh_token from previous response
atr = self.client.construct_RefreshAccessTokenRequest(state="foo")
assert atr.type() == "RefreshAccessTokenRequest"
assert atr["grant_type"] == "refresh_token"
assert atr["refresh_token"] == "refresh_with_me"
def test_parse_authz_err_response(self):
ruri = "https://client.example.com/cb?error=access_denied&state=xyz"
resp = self.client.parse_response(AuthorizationResponse,
info=ruri,
sformat="urlencoded")
print type(resp), resp
assert resp.type() == "AuthorizationErrorResponse"
assert resp["error"] == "access_denied"
assert resp["state"] == "xyz"
def test_return_non_existant_grant(self):
assert self.client.grant_from_state("123456abcdef") is None
def test_construct_request_with_extra_args(self):
print self.client.__dict__.items()
req = self.client.construct_AccessTokenRequest(
state="foo", extra_args={"foo": "bar"})
assert req
print req.keys()
assert _eq(req.keys(),
['code', 'grant_type', 'client_id', 'redirect_uri', 'foo'])
assert req["foo"] == "bar"
def test_construct_TokenRevocationRequest(self):
req = self.client.construct_TokenRevocationRequest(state="foo")
assert req
print req.keys()
assert _eq(req.keys(), ['token'])
assert req["token"] == "access"
def test_request_info_simple(self):
self.client.authorization_endpoint = "https://example.com/authz"
uri, body, h_args, cis = self.client.request_info(AuthorizationRequest)
# default == "POST"
assert uri == 'https://example.com/authz'
assert body == "redirect_uri=http%3A%2F%2Fclient.example.com%2Fauthz&response_type=code&client_id=1"
assert h_args == {
'headers': {
'Content-type': 'application/x-www-form-urlencoded'
}
}
assert cis.type() == "AuthorizationRequest"
def test_request_info_simple_get(self):
#self.client.authorization_endpoint = "https://example.com/authz"
uri, body, h_args, cis = self.client.request_info(AuthorizationRequest,
method="GET")
assert uri == 'https://example.com/authz?redirect_uri=http%3A%2F%2Fclient.example.com%2Fauthz&response_type=code&client_id=1'
assert body is None
assert h_args == {}
assert cis.type() == "AuthorizationRequest"
def test_request_info_simple_get_with_req_args(self):
#self.client.authorization_endpoint = "https://example.com/authz"
uri, body, h_args, cis = self.client.request_info(
AuthorizationRequest, method="GET", request_args={"state": "init"})
print uri
assert uri == 'https://example.com/authz?state=init&redirect_uri=http%3A%2F%2Fclient.example.com%2Fauthz&response_type=code&client_id=1'
assert body is None
assert h_args == {}
assert cis.type() == "AuthorizationRequest"
def test_request_info_simple_get_with_extra_args(self):
#self.client.authorization_endpoint = "https://example.com/authz"
uri, body, h_args, cis = self.client.request_info(
AuthorizationRequest, method="GET", extra_args={"rock": "little"})
print uri
assert uri == 'https://example.com/authz?redirect_uri=http%3A%2F%2Fclient.example.com%2Fauthz&response_type=code&client_id=1&rock=little'
assert body is None
assert h_args == {}
assert cis.type() == "AuthorizationRequest"
def test_request_info_with_req_and_extra_args(self):
#self.client.authorization_endpoint = "https://example.com/authz"
uri, body, h_args, cis = self.client.request_info(
AuthorizationRequest,
method="GET",
request_args={"state": "init"},
extra_args={"rock": "little"})
print uri
assert uri == 'https://example.com/authz?state=init&redirect_uri=http%3A%2F%2Fclient.example.com%2Fauthz&response_type=code&client_id=1&rock=little'
assert body is None
assert h_args == {}
assert cis.type() == "AuthorizationRequest"
