def test_cache_scopes(): scope_a = "scope_a" scope_b = "scope_b" scope_ab = scope_a + " " + scope_b expected_tokens = { scope_a: {"access_token": scope_a, "expires_in": 1 << 31, "ext_expires_in": 1 << 31, "token_type": "Bearer"}, scope_b: {"access_token": scope_b, "expires_in": 1 << 31, "ext_expires_in": 1 << 31, "token_type": "Bearer"}, scope_ab: {"access_token": scope_ab, "expires_in": 1 << 31, "ext_expires_in": 1 << 31, "token_type": "Bearer"}, } def mock_send(request, **kwargs): token = expected_tokens[request.data["resource"]] return mock_response(json_payload=token) client = AuthnClient(endpoint="http://foo", transport=Mock(send=mock_send)) # if the cache has a token for a & b, it should hit for a, b, a & b token = client.request_token([scope_a, scope_b], form_data={"resource": scope_ab}) assert token.token == scope_ab for scope in (scope_a, scope_b): assert client.get_cached_token([scope]).token == scope_ab assert client.get_cached_token([scope_a, scope_b]).token == scope_ab # if the cache has only tokens for a and b alone, a & b should miss client = AuthnClient(endpoint="http://foo", transport=Mock(send=mock_send)) for scope in (scope_a, scope_b): token = client.request_token([scope], form_data={"resource": scope}) assert token.token == scope assert client.get_cached_token([scope]).token == scope assert not client.get_cached_token([scope_a, scope_b])
def test_cache_expiry(): access_token = "token" now = 42 expires_in = 1800 expires_on = now + expires_in expected_token = AccessToken(access_token, expires_on) token_payload = {"access_token": access_token, "expires_in": expires_in, "token_type": "Bearer"} mock_send = Mock(return_value=mock_response(json_payload=token_payload)) client = AuthnClient(endpoint="http://foo", transport=Mock(send=mock_send)) with patch("azure.identity._authn_client.time.time") as mock_time: # populate the cache with a valid token mock_time.return_value = now token = client.request_token("scope") assert token.token == expected_token.token assert token.expires_on == expected_token.expires_on cached_token = client.get_cached_token("scope") assert cached_token == expected_token # advance time past the cached token's expires_on mock_time.return_value = expires_on + 3600 cached_token = client.get_cached_token("scope") assert not cached_token # request a new token new_token = "new token" token_payload["access_token"] = new_token token = client.request_token("scope") assert token.token == new_token # it should be cached cached_token = client.get_cached_token("scope") assert cached_token.token == new_token
def test_caching_when_only_expires_in_set(): """the cache should function when auth responses don't include an explicit expires_on""" access_token = "token" now = 42 expires_in = 1800 expires_on = now + expires_in expected_token = AccessToken(access_token, expires_on) mock_send = Mock(return_value=mock_response( json_payload={ "access_token": access_token, "expires_in": expires_in, "token_type": "Bearer" })) client = AuthnClient(endpoint="http://foo", transport=Mock(send=mock_send)) with patch("azure.identity._authn_client.time.time") as mock_time: mock_time.return_value = 42 token = client.request_token(["scope"]) assert token.token == expected_token.token assert token.expires_on == expected_token.expires_on cached_token = client.get_cached_token(["scope"]) assert cached_token == expected_token
def test_caching_when_only_expires_in_set(): """the cache should function when auth responses don't include an explicit expires_on""" access_token = "token" now = 42 expires_in = 1800 expires_on = now + expires_in expected_token = AccessToken(access_token, expires_on) mock_response = Mock( text=lambda: json.dumps({"access_token": access_token, "expires_in": expires_in, "token_type": "Bearer"}), headers={"content-type": "application/json"}, status_code=200, content_type="application/json", ) mock_send = Mock(return_value=mock_response) client = AuthnClient(endpoint="http://foo", transport=Mock(send=mock_send)) with patch("azure.identity._authn_client.time.time") as mock_time: mock_time.return_value = 42 token = client.request_token(["scope"]) assert token.token == expected_token.token assert token.expires_on == expected_token.expires_on cached_token = client.get_cached_token(["scope"]) assert cached_token == expected_token
def test_cache_expiry(): access_token = "token" now = 42 expires_in = 1800 expires_on = now + expires_in expected_token = AccessToken(access_token, expires_on) token_payload = { "access_token": access_token, "expires_in": expires_in, "token_type": "Bearer" } mock_response = Mock( text=lambda: json.dumps(token_payload), headers={"content-type": "application/json"}, status_code=200, content_type=["application/json"], ) mock_send = Mock(return_value=mock_response) client = AuthnClient("http://foo", transport=Mock(send=mock_send)) with patch("azure.identity._authn_client.time.time") as mock_time: # populate the cache with a valid token mock_time.return_value = now token = client.request_token("scope") assert token.token == expected_token.token assert token.expires_on == expected_token.expires_on cached_token = client.get_cached_token("scope") assert cached_token == expected_token # advance time past the cached token's expires_on mock_time.return_value = expires_on + 3600 cached_token = client.get_cached_token("scope") assert not cached_token # request a new token new_token = "new token" token_payload["access_token"] = new_token token = client.request_token("scope") assert token.token == new_token # it should be cached cached_token = client.get_cached_token("scope") assert cached_token.token == new_token