def setUp(self): self.user = self.create_user() self.org = self.create_organization() self.sentry_app = self.create_sentry_app( name='nulldb', organization=self.org, ) self.install, self.grant = Creator.run( organization=self.org, slug='nulldb', ) self.authorizer = Authorizer( install=self.install, grant_type='authorization_code', code=self.grant.code, client_id=self.sentry_app.application.client_id, user=self.sentry_app.proxy_user, )
def setUp(self): self.user = self.create_user() self.org = self.create_organization() self.sentry_app = SentryAppCreator.run( name='nulldb', organization=self.org, scopes=(), webhook_url='http://example.com', ) self.install, self.grant = Creator.run( organization=self.org, slug='nulldb', ) self.authorizer = Authorizer( install=self.install, grant_type='authorization_code', code=self.grant.code, client_id=self.sentry_app.application.client_id, user=self.sentry_app.proxy_user, )
def post(self, request, install): try: token = Authorizer.run( grant_type=request.json_body.get('grant_type'), code=request.json_body.get('code'), client_id=request.json_body.get('client_id'), user=request.user, install=install, ) except APIUnauthorized: return Response({'error': 'Unauthorized'}, status=403) return Response(ApiTokenSerializer().serialize( token, { 'state': request.json_body.get('state'), 'application': None, }, request.user, ), status=201)
class TestAuthorizer(TestCase): def setUp(self): self.user = self.create_user() self.org = self.create_organization() self.sentry_app = self.create_sentry_app( name='nulldb', organization=self.org, ) self.install, self.grant = Creator.run( organization=self.org, slug='nulldb', ) self.authorizer = Authorizer( install=self.install, grant_type='authorization_code', code=self.grant.code, client_id=self.sentry_app.application.client_id, user=self.sentry_app.proxy_user, ) def test_simple(self): token = self.authorizer.call() assert token is not None def test_token_expires_in_eight_hours(self): token = self.authorizer.call() assert token.expires_at.hour == (datetime.now() + timedelta(hours=8)).hour def test_invalid_grant_type(self): self.authorizer.grant_type = 'stuff' with self.assertRaises(APIUnauthorized): self.authorizer.call() def test_non_owner(self): self.authorizer.user = self.create_user(is_sentry_app=True) with self.assertRaises(APIUnauthorized): self.authorizer.call() def test_non_sentry_app(self): self.authorizer.user = self.create_user() with self.assertRaises(APIUnauthorized): self.authorizer.call() def test_missing_grant(self): self.authorizer.code = '123' with self.assertRaises(APIUnauthorized): self.authorizer.call() def test_mismatching_client_id(self): self.authorizer.client_id = '123' with self.assertRaises(APIUnauthorized): self.authorizer.call()
class TestAuthorizer(TestCase): def setUp(self): self.user = self.create_user() self.org = self.create_organization() self.sentry_app = SentryAppCreator.run( name='nulldb', organization=self.org, scopes=(), webhook_url='http://example.com', ) self.install, self.grant = Creator.run( organization=self.org, slug='nulldb', ) self.authorizer = Authorizer( install=self.install, grant_type='authorization_code', code=self.grant.code, client_id=self.sentry_app.application.client_id, user=self.sentry_app.proxy_user, ) def test_simple(self): token = self.authorizer.call() assert token is not None def test_token_expires_in_eight_hours(self): token = self.authorizer.call() assert token.expires_at.hour == (datetime.now() + timedelta(hours=8)).hour def test_invalid_grant_type(self): self.authorizer.grant_type = 'stuff' with self.assertRaises(APIUnauthorized): self.authorizer.call() def test_non_owner(self): self.authorizer.user = self.create_user(is_sentry_app=True) with self.assertRaises(APIUnauthorized): self.authorizer.call() def test_non_sentry_app(self): self.authorizer.user = self.create_user() with self.assertRaises(APIUnauthorized): self.authorizer.call() def test_missing_grant(self): self.authorizer.code = '123' with self.assertRaises(APIUnauthorized): self.authorizer.call() def test_mismatching_client_id(self): self.authorizer.client_id = '123' with self.assertRaises(APIUnauthorized): self.authorizer.call()