def test_loginAndToken_whenTokenCalledBeforeAuth_returns400InvalidGrant( self): req = self.authorisation_request_1 storage.hset('clients', 'test-1', '0123456789') login_result = self.app.post('/login', data=req) self.assertEqual(200, login_result.status_code) body = login_result.data.decode('utf-8') code = re.search('(?:code=)(\w*)', body).group(1) token_result = self.app.post('/token', data={ 'client_id': 'test-1', 'client_secret': '0123456789', 'code': code, 'grant_type': 'authorization_code', 'redirect_uri': 'http://abc' }) self.assertEqual(400, token_result.status_code) body = token_result.data.decode('utf-8') error_dict = json.loads(body) self.assertIn('error', error_dict) self.assertEqual(error_dict['error'], 'invalid_grant')
def test_login_whenCalledWithValidCodeAndInvalidUsernameAndPassword_returns200WithFailureMessage( self): storage.hset('clients', 'test-1', '0123456789') storage.set('sessions_0123456789012345', json.dumps(self.session_content_1)) with mock.patch('requests.post', side_effect=self.mocked_requests_post_failed ) as mock_getuserdetails: # with mock.patch('ldap_authenticator.ldap_authenticator.verify_user') as mock_verifyuser: # mock_verifyuser.return_value = {'success': False, 'claims': {'givenName': 'Test', 'sn': 'User', # 'mail': '*****@*****.**'}} returned_result = self.app.post('/login?code=0123456789012345', data={ 'username': '******', 'password': '******' }) body = returned_result.data.decode('utf-8') self.assertEqual(200, returned_result.status_code) self.assertIn( 'Incorrect username and/or password entered, please try again.', body)
def test_token_whenCalledWithExpiredCode_returns400InvalidGrant(self): storage.hset('clients', 'test-1', '0123456789') storage.set('sessions_0123456789012345', json.dumps(self.session_content_1)) storage.expire('sessions_0123456789012345', 1) time.sleep(2) returned_result = self.app.post('/token', data={ 'client_id': 'test-1', 'client_secret': '0123456789', 'code': '0123456789012345', 'grant_type': 'authorization_code', 'redirect_uri': 'http://test.app/redirectpath' }) self.assertEqual(400, returned_result.status_code) body = returned_result.data.decode('utf-8') error_dict = json.loads(body) self.assertIn('error', error_dict) self.assertEqual(error_dict['error'], 'invalid_grant')
def test_token_whenCalledWithUserThatDoesNotHaveAnEmployeeNumber_returns400InvalidGrant( self): storage.hset('clients', 'test-1', '0123456789') session = self.session_content_1.copy() del (session['claims']['id_number']) storage.set('sessions_0123456789012345', json.dumps(self.session_content_1)) returned_result = self.app.post('/token', data={ 'client_id': 'test-1', 'client_secret': '0123456789', 'code': '0123456789012345', 'grant_type': 'authorization_code', 'redirect_uri': 'http://test.app/redirectpath' }) self.assertEqual(400, returned_result.status_code) body = returned_result.data.decode('utf-8') error_dict = json.loads(body) self.assertIn('error', error_dict) self.assertEqual(error_dict['error'], 'invalid_grant')
def test_login_whenCalledWithAuthzFlowParams_returns200LoginPage(self): storage.hset('clients', 'test-1', '0123456789') req = self.authorisation_request_1 returned_result = self.app.post('/login', data=req) self.assertEqual(200, returned_result.status_code) body = returned_result.data.decode('utf-8') self.assertIn('form action="/login?', body)
def test_loginAndToken_whenCalledWithValidCodeTwice_returns400InvalidRequest( self): storage.hset('clients', 'test-1', '0123456789') storage.set('sessions_0123456789012345', json.dumps(self.session_content_1)) with mock.patch('requests.post', side_effect=self.mocked_requests_post_success ) as mock_getuserdetails: returned_result = self.app.post('/login?code=0123456789012345', data={ 'username': '******', 'password': '******' }) body = returned_result.data.decode('utf-8') self.assertEqual(302, returned_result.status_code) returned_result = self.app.post('/token', data={ 'client_id': 'test-1', 'client_secret': '0123456789', 'code': '0123456789012345', 'grant_type': 'authorization_code', 'redirect_uri': 'http://test.app/redirectpath' }) self.assertEqual(200, returned_result.status_code) returned_result = self.app.post('/token', data={ 'client_id': 'test-1', 'client_secret': '0123456789', 'code': '0123456789012345', 'grant_type': 'authorization_code', 'redirect_uri': 'http://test.app/redirectpath' }) self.assertEqual(400, returned_result.status_code) body = returned_result.data.decode('utf-8') error_dict = json.loads(body) self.assertIn('error', error_dict) self.assertEqual(error_dict['error'], 'invalid_request')
def test_login_whenCalledWithInvalidScope_returns400InvalidScope(self): storage.hset('clients', 'test-1', '0123456789') req = self.authorisation_request_1 req['scope'] = 'wibble' returned_result = self.app.post('/login', data=req) self.assertEqual(400, returned_result.status_code) body = returned_result.data.decode('utf-8') error_dict = json.loads(body) self.assertIn('error', error_dict) self.assertEqual(error_dict['error'], 'invalid_scope') self.assertIn('state', error_dict) self.assertEqual(error_dict['state'], self.authorisation_request_1['state'])
def test_login_whenCalledWithValidCodeUsernameAndPassword_return302RedirectToClient( self): storage.hset('clients', 'test-1', '0123456789') storage.set('sessions_0123456789012345', json.dumps(self.session_content_1)) with mock.patch('requests.post', side_effect=self.mocked_requests_post_success ) as mock_getuserdetails: returned_result = self.app.post('/login?code=0123456789012345', data={ 'username': '******', 'password': '******' }) self.assertEqual(302, returned_result.status_code)
def test_login_whenCalledWithNonce_returns200AndPersistsNonce(self): storage.hset('clients', 'test-1', '0123456789') req = self.authorisation_request_1 req['nonce'] = 'wibble123' returned_result = self.app.post('/login', data=req) self.assertEqual(200, returned_result.status_code) body = returned_result.data.decode('utf-8') code = re.search('(?:code=)(\w*)', body).group(1) session_raw = storage.get('sessions_%s' % code) session = json.loads(session_raw) self.assertIn('nonce', session) self.assertEqual(session['nonce'], 'wibble123')
def test_token_whenCalledWithValidCode_returnsValidToken(self): storage.hset('clients', 'test-1', '0123456789') storage.set('sessions_0123456789012345', json.dumps(self.session_content_1)) returned_result = self.app.post('/token', data={ 'client_id': 'test-1', 'client_secret': '0123456789', 'code': '0123456789012345', 'grant_type': 'authorization_code', 'redirect_uri': 'http://test.app/redirectpath' }) self.assertEqual(200, returned_result.status_code)