def testNoRefreshToken(self):
""" Test the rejection of a request without a refresh token. """
request = self.generateValidTokenRequest(arguments={'grant_type': 'refresh_token'},
authentication=self._VALID_CLIENT)
result = self._TOKEN_RESOURCE.render_POST(request)
self.assertFailedTokenRequest(request, result, MissingParameterError('refresh_token'),
msg='Expected the token resource to reject a refresh_token '
'request without a refresh token.')
def testWithoutClientId(self):
""" Test the rejection of a request without a client id. """
request = self.createAuthRequest(arguments={
'response_type': self._RESPONSE_TYPE,
'redirect_uri': self._VALID_CLIENT.redirectUris[0],
'scope': 'All',
'state': b'state\xFF\xFF'
})
result = self._AUTH_RESOURCE.render_GET(request)
self.assertFailedRequest(
request, result, MissingParameterError('client_id'),
msg='Expected the auth resource to reject a request without a client id.')
def testWithoutScopeNoDefault(self):
""" Test the rejection of a request without a scope if no default scope is defined. """
state = b'state\xFF\xFF'
redirectUri = self._VALID_CLIENT.redirectUris[0]
request = self.createAuthRequest(arguments={
'response_type': self._RESPONSE_TYPE,
'client_id': self._VALID_CLIENT.id,
'redirect_uri': redirectUri,
'state': state
})
result = self._AUTH_RESOURCE.render_GET(request)
self.assertFailedRequest(
request, result, MissingParameterError('scope', state=state), redirectUri=redirectUri,
msg='Expected the auth resource to reject a request without a scope.')
def testAuthorizedClientWithoutScopeNoDefault(self):
"""
Test the rejection of a request without a scope
when the token resource has no default scope.
"""
request = self.generateValidTokenRequest(
arguments={'grant_type': 'client_credentials'},
authentication=self._VALID_CLIENT)
result = self._TOKEN_RESOURCE.render_POST(request)
self.assertFailedTokenRequest(
request,
result,
MissingParameterError('scope'),
msg=
'Expected the resource token to reject a client_credentials request '
'without a scope when no default scope is given.')
def testWithoutCode(self):
""" Test the rejection of a request without an authorization code. """
request = self.generateValidTokenRequest(
arguments={
'grant_type': 'authorization_code',
'redirect_uri': self._VALID_CLIENT.redirectUris[0],
},
authentication=self._VALID_CLIENT)
result = self._TOKEN_RESOURCE.render_POST(request)
self.assertFailedTokenRequest(
request,
result,
MissingParameterError('code'),
msg=
'Expected the resource token to reject an authorization_code request '
'without an authorization code.')
def testMissingUserName(self):
""" Test the rejection of a request that is missing the user name. """
request = self.generateValidTokenRequest(
arguments={
'grant_type': 'password',
'scope': ' '.join(self._VALID_SCOPE),
'password': b'somePassword'
},
authentication=self._VALID_CLIENT)
result = self._TOKEN_RESOURCE.render_POST(request)
self.assertFailedTokenRequest(
request,
result,
MissingParameterError('username'),
msg=
'Expected the resource token to reject a password request without an username.'
)
def testMissingRedirectUri(self):
""" Test the rejection of a request without a missing redirection uri. """
code = 'missingRedirectUriCode'
self._addAuthorizationToStorage(code, self._VALID_CLIENT, ['scope'],
self._VALID_CLIENT.redirectUris[0])
request = self.generateValidTokenRequest(
arguments={
'grant_type': 'authorization_code',
'code': code,
},
authentication=self._VALID_CLIENT)
result = self._TOKEN_RESOURCE.render_POST(request)
self.assertFailedTokenRequest(
request,
result,
MissingParameterError('redirect_uri'),
msg='Expected the resource token to reject an authorization_code '
'request without a redirect uri.')
def testWithoutRedirectUriButClientHasMultiple(self):
"""
Test the rejection of a request without a redirect uri
if the client has more than one predefined redirect uri.
"""
client = PublicClient('clientWithMultipleRedirectUris', ['https://return.nonexistent'] * 2,
['authorization_code'])
request = self.createAuthRequest(arguments={
'response_type': self._RESPONSE_TYPE,
'client_id': client.id,
'scope': 'All',
'state': b'state\xFF\xFF'
})
self._CLIENT_STORAGE.addClient(client)
result = self._AUTH_RESOURCE.render_GET(request)
self.assertFailedRequest(
request, result, MissingParameterError('redirect_uri'),
msg='Expected the auth resource to reject a request without a redirect uri.')
def testAuthorizedWithoutScopeNoDefault(self):
"""
Test the rejection of a request without a scope,
if the token resource does not have a default scope.
"""
request = self.generateValidTokenRequest(
arguments={
'grant_type': 'password',
'username': b'someUser',
'password': b'somePassword',
},
authentication=self._VALID_CLIENT)
result = self._TOKEN_RESOURCE.render_POST(request)
self.assertFailedTokenRequest(
request,
result,
MissingParameterError('scope'),
msg='Expected the resource token to reject a password request '
'without a scope when the token resource has no default.')