def testAuthorizationCodeGrantDeny(self):
""" Test the authorization code grant flow when the user denies. """
state = b'state'
request = AbstractAuthResourceTest.createAuthRequest(
arguments={
'response_type': 'code',
'client_id': self._VALID_CLIENT.id,
'redirect_uri': self._VALID_CLIENT.redirectUris[0],
'scope': ' '.join(self._VALID_SCOPE),
'state': state
})
self._SERVER.makeSynchronousRequest(request)
self.assertIn(
request.responseCode, (None, 200),
msg='Expected the auth resource to accept a valid request.')
response = request.getResponse()
self.assertSubstring(
b'<!DOCTYPE html>',
response,
msg=
'Expected the auth resource to send the content returned by onAuthenticate.'
)
dataKey = re.search(b"<input.*name=\"data_key\".*value=\"(?P<dataKey>.*)\">", response) \
.group('dataKey')
request = MockRequest('POST',
'oauth2',
arguments={
'confirm': 'no',
'data_key': dataKey
})
self._SERVER.makeSynchronousRequest(request)
self.assertEquals(
request.responseCode,
302,
msg='Expected the auth resource to redirect the request.')
redirectUrl = request.getResponseHeader(b'location')
self.assertIsNotNone(
redirectUrl,
msg='Expected the auth resource to redirect the request.')
parameter = AbstractAuthResourceTest.getParameterFromRedirectUrl(
redirectUrl, False)
self.assertIn('error',
parameter,
msg='Missing error parameter in response.')
self.assertEquals(parameter['error'],
UserDeniesAuthorization().message,
msg='Result contained an unexpected error.')
self.assertIn('state',
parameter,
msg='Missing state parameter in response.')
self.assertEquals(parameter['state'],
state if isinstance(state, str) else state.decode(
'utf-8', errors='replace'),
msg='Result contained an unexpected state.')
def testAuthorizationCodeGrant(self):
""" Test the authorization code grant flow. """
state = b'state'
dataKey = self._doAuthorizationRequest(state)
request = MockRequest('POST', 'oauth2', arguments={
'confirm': 'yes',
'data_key': dataKey
})
self._makeExampleRequest(request)
self.assertEqual(302, request.responseCode,
msg='Expected the auth resource to redirect the request.')
redirectUrl = request.getResponseHeader(b'location')
self.assertIsNotNone(redirectUrl, msg='Expected the auth resource to redirect the request.')
parameter = OAuth2Abstract.AuthResourceTest.getParameterFromRedirectUrl(redirectUrl, False)
self.assertIn('code', parameter, msg='Missing code parameter in response.')
self.assertIn('state', parameter, msg='Missing state parameter in response.')
self.assertEqual(
state if isinstance(state, str) else state.decode('utf-8', errors='replace'),
parameter['state'], msg='Result contained an unexpected state.')
code = parameter['code']
request = Abstract.TokenResourceTest.generateValidTokenRequest(arguments={
'grant_type': 'authorization_code',
'code': code,
'redirect_uri': self._VALID_CLIENT.redirectUris[0],
}, url='oauth2/token', authentication=self._VALID_CLIENT)
self._makeExampleRequest(request)
self.assertEqual(200, request.responseCode,
msg='Expected the token resource to accept the request.')
jsonResult = json.loads(request.getResponse().decode('utf-8'))
self.assertIn('access_token', jsonResult, msg='Expected the result from the token resource '
'to contain an access_token parameter.')
self.assertIn('refresh_token', jsonResult,
msg='Expected the result from the token resource '
'to contain a refresh_token parameter.')
self.assertIn('scope', jsonResult,
msg='Expected the result from the token resource '
'to contain a scope parameter.')
self.assertListEqual(jsonResult['scope'].split(), self._VALID_SCOPE,
msg='The token resource returned a different '
'scope than expected.')
accessToken = jsonResult['access_token']
self._testValidAccessRequest(token=accessToken)
refreshToken = jsonResult['refresh_token']
self._testTokenRefresh(refreshToken)
def testWithAccessTokenInQuery(self):
"""
Test a request to a protected resource with a valid token in the request query.
See https://tools.ietf.org/html/rfc6750#section-2.3
"""
request = MockRequest(
'GET', 'protectedResource?access_token=' + self.VALID_TOKEN)
self.assertTrue(isAuthorized(request, self.VALID_TOKEN_SCOPE[0]),
msg='Expected isAuthorized to accept a request '
'with a valid token as a query parameter.')
self.assertFalse(
request.finished,
msg='isAuthorized should not finish the request if it\'s valid.')
self.assertIn(
'private',
request.getResponseHeader('Cache-Control'),
msg=
'The response to a request with the access token as a query parameter '
'should contain a Cache-Control header with the "private" option.')
def testAuthorizationCodeGrantDeny(self):
""" Test the authorization code grant flow when the user denies. """
state = b'state'
dataKey = self._doAuthorizationRequest(state)
request = MockRequest('POST', 'oauth2', arguments={
'confirm': 'no',
'data_key': dataKey
})
self._makeExampleRequest(request)
self.assertEqual(302, request.responseCode,
msg='Expected the auth resource to redirect the request.')
redirectUrl = request.getResponseHeader(b'location')
self.assertIsNotNone(redirectUrl, msg='Expected the auth resource to redirect the request.')
parameter = OAuth2Abstract.AuthResourceTest.getParameterFromRedirectUrl(redirectUrl, False)
self.assertIn('error', parameter, msg='Missing error parameter in response.')
self.assertEqual(
UserDeniesAuthorization().name, parameter['error'],
msg='Result contained an unexpected error.')
self.assertIn('state', parameter, msg='Missing state parameter in response.')
self.assertEqual(
state if isinstance(state, str) else state.decode('utf-8', errors='replace'),
parameter['state'], msg='Result contained an unexpected state.')
def testAuthorizationCodeGrant(self):
""" Test the authorization code grant flow. """
state = b'state'
request = AbstractAuthResourceTest.createAuthRequest(
arguments={
'response_type': 'code',
'client_id': self._VALID_CLIENT.id,
'redirect_uri': self._VALID_CLIENT.redirectUris[0],
'scope': ' '.join(self._VALID_SCOPE),
'state': state
})
self._SERVER.makeSynchronousRequest(request)
self.assertIn(
request.responseCode, (None, 200),
msg='Expected the auth resource to accept a valid request.')
response = request.getResponse()
self.assertSubstring(
b'<!DOCTYPE html>',
response,
msg=
'Expected the auth resource to send the content returned by onAuthenticate.'
)
dataKey = re.search(b"<input.*name=\"data_key\".*value=\"(?P<dataKey>.*)\">", response)\
.group('dataKey')
request = MockRequest('POST',
'oauth2',
arguments={
'confirm': 'yes',
'data_key': dataKey
})
self._SERVER.makeSynchronousRequest(request)
self.assertEquals(
request.responseCode,
302,
msg='Expected the auth resource to redirect the request.')
redirectUrl = request.getResponseHeader(b'location')
self.assertIsNotNone(
redirectUrl,
msg='Expected the auth resource to redirect the request.')
parameter = AbstractAuthResourceTest.getParameterFromRedirectUrl(
redirectUrl, False)
self.assertIn('code',
parameter,
msg='Missing code parameter in response.')
self.assertIn('state',
parameter,
msg='Missing state parameter in response.')
self.assertEquals(parameter['state'],
state if isinstance(state, str) else state.decode(
'utf-8', errors='replace'),
msg='Result contained an unexpected state.')
code = parameter['code']
request = AbstractTokenResourceTest.generateValidTokenRequest(
arguments={
'grant_type': 'authorization_code',
'code': code,
'redirect_uri': self._VALID_CLIENT.redirectUris[0],
},
url='oauth2/token',
authentication=self._VALID_CLIENT)
self._SERVER.makeSynchronousRequest(request)
self.assertEquals(
request.responseCode,
200,
msg='Expected the token resource to accept the request.')
jsonResult = json.loads(request.getResponse().decode('utf-8'),
encoding='utf-8')
self.assertIn('access_token',
jsonResult,
msg='Expected the result from the token resource '
'to contain an access_token parameter.')
self.assertIn('refresh_token',
jsonResult,
msg='Expected the result from the token resource '
'to contain a refresh_token parameter.')
self.assertIn('scope',
jsonResult,
msg='Expected the result from the token resource '
'to contain a scope parameter.')
self.assertListEqual(jsonResult['scope'].split(),
self._VALID_SCOPE,
msg='The token resource returned a different '
'scope than expected.')
accessToken = jsonResult['access_token']
self._testValidAccessRequest(token=accessToken)
refreshToken = jsonResult['refresh_token']
self._testTokenRefresh(refreshToken)