def test_oauth1_authorize(self): request = self.factory.get('/login') request.session = self.factory.session oauth = OAuth() client = oauth.register( 'dev', client_id='dev', client_secret='dev', request_token_url='https://i.b/reqeust-token', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', ) with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value( 'oauth_token=foo&oauth_verifier=baz') resp = client.authorize_redirect(request) self.assertEqual(resp.status_code, 302) url = resp.get('Location') self.assertIn('oauth_token=foo', url) request2 = self.factory.get(url) request2.session = request.session with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value( 'oauth_token=a&oauth_token_secret=b') token = client.authorize_access_token(request2) self.assertEqual(token['oauth_token'], 'a')
def test_oauth1_authorize(self): app = Flask(__name__) app.secret_key = '!' oauth = OAuth(app, cache=SimpleCache()) client = oauth.register('dev', client_id='dev', client_secret='dev', request_token_url='https://i.b/reqeust-token', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize') with app.test_request_context(): with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value( 'oauth_token=foo&oauth_verifier=baz') resp = client.authorize_redirect('https://b.com/bar') self.assertEqual(resp.status_code, 302) url = resp.headers.get('Location') self.assertIn('oauth_token=foo', url) self.assertIsNotNone(session.get('_dev_authlib_req_token_')) with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value( 'oauth_token=a&oauth_token_secret=b') token = client.authorize_access_token() self.assertEqual(token['oauth_token'], 'a')
def test_oauth2_authorize_with_metadata(self): app = Flask(__name__) app.secret_key = '!' oauth = OAuth(app) client = oauth.register( 'dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', ) self.assertRaises(RuntimeError, client.create_authorization_url) client = oauth.register( 'dev2', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', server_metadata_url='https://i.b/.well-known/openid-configuration') with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value( {'authorization_endpoint': 'https://i.b/authorize'}) with app.test_request_context(): resp = client.authorize_redirect('https://b.com/bar') self.assertEqual(resp.status_code, 302)
def test_oauth2_authorize(self): app = Flask(__name__) app.secret_key = '!' oauth = OAuth(app) client = oauth.register('dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize') with app.test_request_context(): resp = client.authorize_redirect('https://b.com/bar') self.assertEqual(resp.status_code, 302) url = resp.headers.get('Location') self.assertIn('state=', url) state = session['_dev_authlib_state_'] self.assertIsNotNone(state) with app.test_request_context(path='/?code=a&state={}'.format(state)): # session is cleared in tests session['_dev_authlib_state_'] = state with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value(get_bearer_token()) token = client.authorize_access_token() self.assertEqual(token['access_token'], 'a') with app.test_request_context(): self.assertEqual(client.token, None)
def test_oauth2_authorize_code_verifier(self): request = self.factory.get('/login') request.session = self.factory.session oauth = OAuth() client = oauth.register( 'dev', client_id='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', client_kwargs={'code_challenge_method': 'S256'}, ) state = 'foo' code_verifier = 'bar' rv = client.authorize_redirect(request, 'https://a.b/c', state=state, code_verifier=code_verifier) self.assertEqual(rv.status_code, 302) url = rv.get('Location') self.assertIn('state=', url) self.assertIn('code_challenge=', url) with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value(get_bearer_token()) request2 = self.factory.get('/authorize?state={}'.format(state)) request2.session = request.session token = client.authorize_access_token(request2) self.assertEqual(token['access_token'], 'a')
def test_oauth2_authorize(self): request = self.factory.get('/login') request.session = self.factory.session oauth = OAuth() client = oauth.register( 'dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', ) rv = client.authorize_redirect(request, 'https://a.b/c') self.assertEqual(rv.status_code, 302) url = rv.get('Location') self.assertIn('state=', url) state = dict(url_decode(urlparse.urlparse(url).query))['state'] with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value(get_bearer_token()) request2 = self.factory.get('/authorize?state={}'.format(state)) request2.session = request.session token = client.authorize_access_token(request2) self.assertEqual(token['access_token'], 'a')
def test_request_without_token(self): with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value({'name': 'a'}) client = OAuthClient(client_id='foo') try: client.get('https://i.b/user') except OAuthError as exc: self.assertEqual('missing_token', exc.error)
def test_oauth2_fetch_access_token(self): url = 'https://example.com/token' token = get_bearer_token() with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value(token) client = OAuthClient(client_id='foo', access_token_url=url) self.assertEqual(client.fetch_access_token(), token) self.assertEqual(client.fetch_access_token(url), token)
def test_oauth1_fetch_access_token(self): with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value('oauth_token=foo') client = OAuthClient('foo', request_token_url='https://a.com/req', access_token_url='https://example.com/token') request_token = {'oauth_token': 'req'} resp = client.fetch_access_token(request_token=request_token, oauth_verifier='bar') self.assertEqual(resp['oauth_token'], 'foo')
def test_oauth1_generate_authorize_redirect(self): def save_request_token(token): self.assertIn('oauth_token', token) with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value('oauth_token=foo') client = OAuthClient('foo', request_token_url='https://a.com/req', authorize_url='https://a.com/auth') uri, state = client.generate_authorize_redirect( 'https://b.com/bar', save_request_token) self.assertIsNone(state) self.assertIn('oauth_token=foo', uri)
def test_openid_authorize(self): app = Flask(__name__) app.secret_key = '!' oauth = OAuth(app) key = jwk.dumps('secret', 'oct', kid='f') client = oauth.register( 'dev', client_id='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', client_kwargs={'scope': 'openid profile'}, jwks={'keys': [key]}, ) with app.test_request_context(): resp = client.authorize_redirect('https://b.com/bar') self.assertEqual(resp.status_code, 302) url = resp.headers['Location'] query_data = dict(url_decode(urlparse.urlparse(url).query)) state = query_data['state'] self.assertIsNotNone(state) session_data = session[f'_state_dev_{state}'] nonce = session_data['data']['nonce'] self.assertIsNotNone(nonce) self.assertEqual(nonce, query_data['nonce']) token = get_bearer_token() token['id_token'] = generate_id_token( token, {'sub': '123'}, key, alg='HS256', iss='https://i.b', aud='dev', exp=3600, nonce=query_data['nonce'], ) path = '/?code=a&state={}'.format(state) with app.test_request_context(path=path): session[f'_state_dev_{state}'] = session_data with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value(token) token = client.authorize_access_token() self.assertEqual(token['access_token'], 'a') self.assertIn('userinfo', token)
def test_oauth2_access_token_with_post(self): app = Flask(__name__) app.secret_key = '!' oauth = OAuth(app) client = oauth.register('dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize') payload = {'code': 'a', 'state': 'b'} with app.test_request_context(data=payload, method='POST'): session['_dev_authlib_state_'] = 'b' with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value(get_bearer_token()) token = client.authorize_access_token() self.assertEqual(token['access_token'], 'a')
def test_openid_authorize(self): request = self.factory.get('/login') request.session = self.factory.session key = jwk.dumps('secret', 'oct', kid='f') oauth = OAuth() client = oauth.register( 'dev', client_id='dev', jwks={'keys': [key]}, api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', client_kwargs={'scope': 'openid profile'}, ) resp = client.authorize_redirect(request, 'https://b.com/bar') self.assertEqual(resp.status_code, 302) url = resp.get('Location') self.assertIn('nonce=', url) query_data = dict(url_decode(urlparse.urlparse(url).query)) token = get_bearer_token() token['id_token'] = generate_id_token( token, {'sub': '123'}, key, alg='HS256', iss='https://i.b', aud='dev', exp=3600, nonce=query_data['nonce'], ) state = query_data['state'] with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value(token) request2 = self.factory.get( '/authorize?state={}&code=foo'.format(state)) request2.session = request.session token = client.authorize_access_token(request2) self.assertEqual(token['access_token'], 'a') self.assertIn('userinfo', token) self.assertEqual(token['userinfo']['sub'], '123')
def test_oauth2_access_token_with_post(self): oauth = OAuth() client = oauth.register( 'dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', ) payload = {'code': 'a', 'state': 'b'} with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value(get_bearer_token()) request = self.factory.post('/token', data=payload) request.session = self.factory.session request.session['_state_dev_b'] = {'data': {}} token = client.authorize_access_token(request) self.assertEqual(token['access_token'], 'a')
def test_request_with_token(self): with mock.patch('requests.sessions.Session.send') as send: send.return_value = mock_send_value({'name': 'a'}) client = OAuthClient(client_id='foo') token = get_bearer_token() resp = client.get('https://i.b/user', token=token) self.assertEqual(resp.json()['name'], 'a') resp = client.post('https://i.b/user', token=token) self.assertEqual(resp.json()['name'], 'a') resp = client.put('https://i.b/user', token=token) self.assertEqual(resp.json()['name'], 'a') resp = client.delete('https://i.b/user', token=token) self.assertEqual(resp.json()['name'], 'a') client.api_base_url = 'https://i.b' resp = client.get('user', token=token) self.assertEqual(resp.json()['name'], 'a')
def fake_send(sess, req, **kwargs): self.assertEqual(sess.token['access_token'], 'dev') return mock_send_value(get_bearer_token())
def fake_send(sess, req, **kwargs): self.assertIn(f'code_verifier={verifier}', req.body) return mock_send_value(get_bearer_token())
def fake_send(sess, req, **kwargs): self.assertIn('code_verifier={}'.format(verifier), req.body) return mock_send_value(get_bearer_token())