def test_authenticate_client(self): request = testing.FakeRequest(headers={}) # The authorization header is required self.assertRaises(HTTPUnauthorized, authenticate_client, request) request = testing.FakeRequest( headers={'Authorization': 'Advanced foobar'}) # Only the basic method is allowed self.assertRaises(HTTPUnauthorized, authenticate_client, request) request = testing.FakeRequest(headers={ 'Authorization': auth_basic_encode('foo', 'bar'), }, db=self.db) # Invalid user:password self.assertRaises(HTTPUnauthorized, authenticate_client, request) self.db.applications.insert({ 'client_id': '123456', 'client_secret': 'secret', }) request = testing.FakeRequest(headers={ 'Authorization': auth_basic_encode('123456', 'secret'), }, db=self.db) res = authenticate_client(request) self.assertEqual(res['client_id'], '123456') self.assertEqual(res['client_secret'], 'secret')
def test_token_endpoint_bad_client_id(self): app_id = self.db.applications.insert({ 'client_id': '123456', 'client_secret': 'secret', 'callback_url': 'https://example.com/callback', 'name': 'Example', 'main_url': 'https://example.com', }, safe=True) app_id2 = self.db.applications.insert({ 'client_id': '98765', 'client_secret': 'secret2', 'callback_url': 'https://example.com/callback2', 'name': 'Example2', 'main_url': 'https://example.com', }, safe=True) user_id = self.db.users.insert({ 'twitter_id': 'twitter1', 'screen_name': 'John Doe', 'first_name': 'John', 'last_name': 'Doe', 'authorized_apps': [app_id, app_id2], }, safe=True) self.set_user_cookie(str(user_id)) self.testapp.get('/oauth2/endpoints/authorization', { 'response_type': 'code', 'client_id': '123456', }) grant = self.db.authorization_codes.find_one({ 'scope': DEFAULT_SCOPE, 'client_id': '123456', 'user': user_id, }) code = grant['code'] # Authorize with app2 credentials headers = { 'Authorization': auth_basic_encode('98765', 'secret2'), } res = self.testapp.post('/oauth2/endpoints/token', { 'grant_type': 'authorization_code', 'code': code, }, headers=headers, status=401) self.assertEqual(res.status, '401 Unauthorized')
def test_token_endpoint(self): # 1. test incorrect requests res = self.testapp.post('/oauth2/endpoints/token', {}, status=401) self.assertEqual(res.status, '401 Unauthorized') headers = { 'Authorization': auth_basic_encode('123456', 'secret'), } res = self.testapp.post('/oauth2/endpoints/token', {}, headers=headers, status=401) self.assertEqual(res.status, '401 Unauthorized') app_id = self.db.applications.insert({ 'client_id': '123456', 'client_secret': 'secret', 'callback_url': 'https://example.com/callback', 'name': 'Example', 'main_url': 'https://example.com', }, safe=True) res = self.testapp.post('/oauth2/endpoints/token', {}, headers=headers, status=400) self.assertEqual(res.status, '400 Bad Request') res.mustcontain('Missing required grant_type') res = self.testapp.post('/oauth2/endpoints/token', { 'grant_type': 'password' }, headers=headers, status=501) self.assertEqual(res.status, '501 Not Implemented') res.mustcontain('Only authorization_code is supported') res = self.testapp.post('/oauth2/endpoints/token', { 'grant_type': 'authorization_code', }, headers=headers, status=400) self.assertEqual(res.status, '400 Bad Request') res.mustcontain('Missing required code') res = self.testapp.post('/oauth2/endpoints/token', { 'grant_type': 'authorization_code', 'code': 'this-code-does-not-exist', }, headers=headers, status=401) self.assertEqual(res.status, '401 Unauthorized') # 2. Test a valid request # first we generate an authorization_code user_id = self.db.users.insert({ 'twitter_id': 'twitter1', 'screen_name': 'John Doe', 'first_name': 'John', 'last_name': 'Doe', 'authorized_apps': [app_id], }, safe=True) self.set_user_cookie(str(user_id)) res = self.testapp.get('/oauth2/endpoints/authorization', { 'response_type': 'code', 'client_id': '123456', 'redirect_uri': 'https://example.com/callback', }) self.assertEqual(res.status, '302 Found') grant = self.db.authorization_codes.find_one({ 'scope': DEFAULT_SCOPE, 'client_id': '123456', 'user': user_id, }) self.assertNotEqual(grant, None) code = grant['code'] # now send the token request res = self.testapp.post('/oauth2/endpoints/token', { 'grant_type': 'authorization_code', 'code': code, }, headers=headers) self.assertEqual(res.status, '200 OK') self.assertEqual(res.headers['Cache-Control'], 'no-store') self.assertEqual(res.headers['Pragma'], 'no-cache') # the grant code should be removed grant = self.db.authorization_codes.find_one({ 'scope': DEFAULT_SCOPE, 'client_id': '123456', 'user': user_id, }) self.assertEqual(grant, None) # and an access token should be created self.assertEqual(res.json['token_type'], 'bearer') self.assertEqual(res.json['expires_in'], 3600) self.assertEqual(res.json['scope'], DEFAULT_SCOPE) access_code = self.db.access_codes.find_one({ 'code': res.json['access_code'], }) self.assertNotEqual(access_code, None)
def test_auth_basic_encode(self): self.assertEqual(auth_basic_encode('foo', 'bar'), 'Basic Zm9vOmJhcg==\n')