def test_oauth2_client_credential_and_multiple_authentication_can_be_combined( token_cache, responses: RequestsMock): resource_owner_password_auth = requests_auth.OAuth2ClientCredentials( "http://provide_access_token", client_id="test_user", client_secret="test_pwd") responses.add( responses.POST, "http://provide_access_token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, ) api_key_auth = requests_auth.HeaderApiKey("my_provided_api_key") api_key_auth2 = requests_auth.HeaderApiKey("my_provided_api_key2", header_name="X-Api-Key2") header = get_header( responses, resource_owner_password_auth + (api_key_auth + api_key_auth2)) assert header.get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA" assert header.get("X-Api-Key") == "my_provided_api_key" assert header.get("X-Api-Key2") == "my_provided_api_key2"
def test_oauth2_client_credentials_flow_token_is_expired_after_30_seconds_by_default( token_cache, responses: RequestsMock): auth = requests_auth.OAuth2ClientCredentials("http://provide_access_token", client_id="test_user", client_secret="test_pwd") # Add a token that expires in 29 seconds, so should be considered as expired when issuing the request token_cache._add_token( key= "a8a1c17ded24b3710524306819084310b08f97e151c79f4f1979202c541f3e8506c93176f7ee816bfcd2b2f6de9c5c3e16aaff220f1ad8f08d31ee086e8618da", token="2YotnFZFEjr1zCsicMWpAA", expiry=requests_auth.oauth2_tokens._to_expiry(expires_in=29), ) # Meaning a new one will be requested responses.add( responses.POST, "http://provide_access_token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, ) assert (get_header( responses, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_client_credentials_flow_uses_provided_session( token_cache, responses: RequestsMock): session = requests.Session() session.headers.update({"x-test": "Test value"}) auth = requests_auth.OAuth2ClientCredentials( "http://provide_access_token", client_id="test_user", client_secret="test_pwd", session=session, ) responses.add( responses.POST, "http://provide_access_token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, ) assert (get_header( responses, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA") request = get_request(responses, "http://provide_access_token/") assert request.headers["x-test"] == "Test value"
def test_header_value_must_contains_token(): with pytest.raises(Exception) as exception_info: requests_auth.OAuth2ClientCredentials("http://test_url", "test_user", "test_pwd", header_value="Bearer token") assert str(exception_info.value ) == "header_value parameter must contains {token}."
def test_oauth2_client_credentials_flow_token_is_sent_in_authorization_header_by_default(self): auth = requests_auth.OAuth2ClientCredentials( TEST_SERVICE_HOST + '/provide_access_token', username='******', password='******', timeout=TIMEOUT ) self.assertRegex(get_header(auth).get('Authorization'), '^Bearer 2YotnFZFEjr1zCsicMWpAA')
def test_with_invalid_grant_request_no_json(token_cache, responses: RequestsMock): auth = requests_auth.OAuth2ClientCredentials("http://provide_access_token", client_id="test_user", client_secret="test_pwd") responses.add(responses.POST, "http://provide_access_token", body="failure", status=400) with pytest.raises(requests_auth.InvalidGrantRequest) as exception_info: requests.get("http://authorized_only", auth=auth) assert str(exception_info.value) == "failure"
def test_with_invalid_grant_request_without_error(token_cache, responses: RequestsMock): auth = requests_auth.OAuth2ClientCredentials("http://provide_access_token", client_id="test_user", client_secret="test_pwd") responses.add( responses.POST, "http://provide_access_token", json={"other": "other info"}, status=400, ) with pytest.raises(requests_auth.InvalidGrantRequest) as exception_info: requests.get("http://authorized_only", auth=auth) assert str(exception_info.value) == "{'other': 'other info'}"
def test_with_invalid_grant_request_invalid_scope_error( token_cache, responses: RequestsMock): auth = requests_auth.OAuth2ClientCredentials("http://provide_access_token", client_id="test_user", client_secret="test_pwd") responses.add( responses.POST, "http://provide_access_token", json={"error": "invalid_scope"}, status=400, ) with pytest.raises(requests_auth.InvalidGrantRequest) as exception_info: requests.get("http://authorized_only", auth=auth) assert ( str(exception_info.value) == "invalid_scope: The requested scope is invalid, unknown, malformed, or " "exceeds the scope granted by the resource owner.")
def test_with_invalid_grant_request_unsupported_grant_type_error( token_cache, responses: RequestsMock): auth = requests_auth.OAuth2ClientCredentials("http://provide_access_token", client_id="test_user", client_secret="test_pwd") responses.add( responses.POST, "http://provide_access_token", json={"error": "unsupported_grant_type"}, status=400, ) with pytest.raises(requests_auth.InvalidGrantRequest) as exception_info: requests.get("http://authorized_only", auth=auth) assert ( str(exception_info.value) == "unsupported_grant_type: The authorization grant type is not supported by the " "authorization server.")
def test_expires_in_sent_as_str(token_cache, responses: RequestsMock): auth = requests_auth.OAuth2ClientCredentials("http://provide_access_token", client_id="test_user", client_secret="test_pwd") responses.add( responses.POST, "http://provide_access_token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": "3600", "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, ) assert (get_header( responses, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_client_credentials_flow_token_custom_expiry( token_cache, responses: RequestsMock): auth = requests_auth.OAuth2ClientCredentials( "http://provide_access_token", client_id="test_user", client_secret="test_pwd", early_expiry=28, ) # Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request token_cache._add_token( key= "a8a1c17ded24b3710524306819084310b08f97e151c79f4f1979202c541f3e8506c93176f7ee816bfcd2b2f6de9c5c3e16aaff220f1ad8f08d31ee086e8618da", token="2YotnFZFEjr1zCsicMWpAA", expiry=requests_auth.oauth2_tokens._to_expiry(expires_in=29), ) assert (get_header( responses, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_with_invalid_grant_request_invalid_grant_error( token_cache, responses: RequestsMock): auth = requests_auth.OAuth2ClientCredentials("http://provide_access_token", client_id="test_user", client_secret="test_pwd") responses.add( responses.POST, "http://provide_access_token", json={"error": "invalid_grant"}, status=400, ) with pytest.raises(requests_auth.InvalidGrantRequest) as exception_info: requests.get("http://authorized_only", auth=auth) assert ( str(exception_info.value) == "invalid_grant: The provided authorization grant (e.g., authorization code, " "resource owner credentials) or refresh token is invalid, expired, revoked, " "does not match the redirection URI used in the authorization request, or was " "issued to another client.")
def test_with_invalid_grant_request_invalid_request_error( token_cache, responses: RequestsMock): auth = requests_auth.OAuth2ClientCredentials("http://provide_access_token", client_id="test_user", client_secret="test_pwd") responses.add( responses.POST, "http://provide_access_token", json={"error": "invalid_request"}, status=400, ) with pytest.raises(requests_auth.InvalidGrantRequest) as exception_info: requests.get("http://authorized_only", auth=auth) assert ( str(exception_info.value) == "invalid_request: The request is missing a required parameter, includes an " "unsupported parameter value (other than grant type), repeats a parameter, " "includes multiple credentials, utilizes more than one mechanism for " "authenticating the client, or is otherwise malformed.")
def test_with_invalid_grant_request_invalid_request_error_and_error_description_and_uri( token_cache, responses: RequestsMock): auth = requests_auth.OAuth2ClientCredentials("http://provide_access_token", client_id="test_user", client_secret="test_pwd") responses.add( responses.POST, "http://provide_access_token", json={ "error": "invalid_request", "error_description": "desc of the error", "error_uri": "http://test_url", }, status=400, ) with pytest.raises(requests_auth.InvalidGrantRequest) as exception_info: requests.get("http://authorized_only", auth=auth) assert ( str(exception_info.value) == f"invalid_request: desc of the error\nMore information can be found on http://test_url" )
def test_with_invalid_grant_request_invalid_client_error( token_cache, responses: RequestsMock): auth = requests_auth.OAuth2ClientCredentials("http://provide_access_token", client_id="test_user", client_secret="test_pwd") responses.add( responses.POST, "http://provide_access_token", json={"error": "invalid_client"}, status=400, ) with pytest.raises(requests_auth.InvalidGrantRequest) as exception_info: requests.get("http://authorized_only", auth=auth) assert ( str(exception_info.value) == "invalid_client: Client authentication failed (e.g., unknown client, no " "client authentication included, or unsupported authentication method). The " "authorization server MAY return an HTTP 401 (Unauthorized) status code to " "indicate which HTTP authentication schemes are supported. If the client " 'attempted to authenticate via the "Authorization" request header field, the ' "authorization server MUST respond with an HTTP 401 (Unauthorized) status " 'code and include the "WWW-Authenticate" response header field matching the ' "authentication scheme used by the client.")
def test_token_url_is_mandatory(): with pytest.raises(Exception) as exception_info: requests_auth.OAuth2ClientCredentials("", "test_user", "test_pwd") assert str(exception_info.value) == "Token URL is mandatory."
def test_client_secret_is_mandatory(): with pytest.raises(Exception) as exception_info: requests_auth.OAuth2ClientCredentials("http://test_url", "test_user", "") assert str(exception_info.value) == "client_secret is mandatory."