def test_cache_scopes(): scope_a = "scope_a" scope_b = "scope_b" scope_ab = scope_a + " " + scope_b expected_tokens = { scope_a: {"access_token": scope_a, "expires_in": 1 << 31, "ext_expires_in": 1 << 31, "token_type": "Bearer"}, scope_b: {"access_token": scope_b, "expires_in": 1 << 31, "ext_expires_in": 1 << 31, "token_type": "Bearer"}, scope_ab: {"access_token": scope_ab, "expires_in": 1 << 31, "ext_expires_in": 1 << 31, "token_type": "Bearer"}, } def mock_send(request, **kwargs): token = expected_tokens[request.data["resource"]] return mock_response(json_payload=token) client = AuthnClient(endpoint="http://foo", transport=Mock(send=mock_send)) # if the cache has a token for a & b, it should hit for a, b, a & b token = client.request_token([scope_a, scope_b], form_data={"resource": scope_ab}) assert token.token == scope_ab for scope in (scope_a, scope_b): assert client.get_cached_token([scope]).token == scope_ab assert client.get_cached_token([scope_a, scope_b]).token == scope_ab # if the cache has only tokens for a and b alone, a & b should miss client = AuthnClient(endpoint="http://foo", transport=Mock(send=mock_send)) for scope in (scope_a, scope_b): token = client.request_token([scope], form_data={"resource": scope}) assert token.token == scope assert client.get_cached_token([scope]).token == scope assert not client.get_cached_token([scope_a, scope_b])
def test_request_url(): authority = "authority.com" tenant = "expected_tenant" def validate_url(url): scheme, netloc, path, _, _, _ = urlparse(url) assert scheme == "https" assert netloc == authority assert path.startswith("/" + tenant) def mock_send(request, **kwargs): validate_url(request.url) return mock_response(json_payload={ "token_type": "Bearer", "expires_in": 42, "access_token": "***" }) client = AuthnClient(tenant=tenant, transport=Mock(send=mock_send), authority=authority) client.request_token(("scope", )) request = client.get_refresh_token_grant_request({"secret": "***"}, "scope") validate_url(request.url)
def test_request_url(): authority = "localhost" tenant = "expected_tenant" def validate_url(url): scheme, netloc, path, _, _, _ = urlparse(url) assert scheme == "https" assert netloc == authority assert path.startswith("/" + tenant) def mock_send(request, **kwargs): validate_url(request.url) return mock_response(json_payload={ "token_type": "Bearer", "expires_in": 42, "access_token": "***" }) client = AuthnClient(tenant=tenant, transport=Mock(send=mock_send), authority=authority) client.request_token(("scope", )) request = client.get_refresh_token_grant_request({"secret": "***"}, "scope") validate_url(request.url) # authority can be configured via environment variable with patch.dict("os.environ", {EnvironmentVariables.AZURE_AUTHORITY_HOST: authority}, clear=True): client = AuthnClient(tenant=tenant, transport=Mock(send=mock_send)) client.request_token(("scope", )) request = client.get_refresh_token_grant_request({"secret": "***"}, "scope") validate_url(request.url)
def test_cache_expiry(): access_token = "token" now = 42 expires_in = 1800 expires_on = now + expires_in expected_token = AccessToken(access_token, expires_on) token_payload = {"access_token": access_token, "expires_in": expires_in, "token_type": "Bearer"} mock_send = Mock(return_value=mock_response(json_payload=token_payload)) client = AuthnClient(endpoint="http://foo", transport=Mock(send=mock_send)) with patch("azure.identity._authn_client.time.time") as mock_time: # populate the cache with a valid token mock_time.return_value = now token = client.request_token("scope") assert token.token == expected_token.token assert token.expires_on == expected_token.expires_on cached_token = client.get_cached_token("scope") assert cached_token == expected_token # advance time past the cached token's expires_on mock_time.return_value = expires_on + 3600 cached_token = client.get_cached_token("scope") assert not cached_token # request a new token new_token = "new token" token_payload["access_token"] = new_token token = client.request_token("scope") assert token.token == new_token # it should be cached cached_token = client.get_cached_token("scope") assert cached_token.token == new_token
def test_caching_when_only_expires_in_set(): """the cache should function when auth responses don't include an explicit expires_on""" access_token = "token" now = 42 expires_in = 1800 expires_on = now + expires_in expected_token = AccessToken(access_token, expires_on) mock_send = Mock(return_value=mock_response( json_payload={ "access_token": access_token, "expires_in": expires_in, "token_type": "Bearer" })) client = AuthnClient(endpoint="http://foo", transport=Mock(send=mock_send)) with patch("azure.identity._authn_client.time.time") as mock_time: mock_time.return_value = 42 token = client.request_token(["scope"]) assert token.token == expected_token.token assert token.expires_on == expected_token.expires_on cached_token = client.get_cached_token(["scope"]) assert cached_token == expected_token
def test_caching_when_only_expires_in_set(): """the cache should function when auth responses don't include an explicit expires_on""" access_token = "token" now = 42 expires_in = 1800 expires_on = now + expires_in expected_token = AccessToken(access_token, expires_on) mock_response = Mock( text=lambda: json.dumps({"access_token": access_token, "expires_in": expires_in, "token_type": "Bearer"}), headers={"content-type": "application/json"}, status_code=200, content_type="application/json", ) mock_send = Mock(return_value=mock_response) client = AuthnClient(endpoint="http://foo", transport=Mock(send=mock_send)) with patch("azure.identity._authn_client.time.time") as mock_time: mock_time.return_value = 42 token = client.request_token(["scope"]) assert token.token == expected_token.token assert token.expires_on == expected_token.expires_on cached_token = client.get_cached_token(["scope"]) assert cached_token == expected_token
def test_cache_expiry(): access_token = "token" now = 42 expires_in = 1800 expires_on = now + expires_in expected_token = AccessToken(access_token, expires_on) token_payload = { "access_token": access_token, "expires_in": expires_in, "token_type": "Bearer" } mock_response = Mock( text=lambda: json.dumps(token_payload), headers={"content-type": "application/json"}, status_code=200, content_type=["application/json"], ) mock_send = Mock(return_value=mock_response) client = AuthnClient("http://foo", transport=Mock(send=mock_send)) with patch("azure.identity._authn_client.time.time") as mock_time: # populate the cache with a valid token mock_time.return_value = now token = client.request_token("scope") assert token.token == expected_token.token assert token.expires_on == expected_token.expires_on cached_token = client.get_cached_token("scope") assert cached_token == expected_token # advance time past the cached token's expires_on mock_time.return_value = expires_on + 3600 cached_token = client.get_cached_token("scope") assert not cached_token # request a new token new_token = "new token" token_payload["access_token"] = new_token token = client.request_token("scope") assert token.token == new_token # it should be cached cached_token = client.get_cached_token("scope") assert cached_token.token == new_token