def testProviderHandling(self): self.mox.StubOutWithMock(time, 'time') time.time().AndReturn(self._SAMPLE_TIME_NOW) self.mox.StubOutWithMock(users_id_token, '_get_token') users_id_token._get_token( request=None, allowed_auth_schemes=('Bearer',), allowed_query_keys=()).AndReturn(self._SAMPLE_TOKEN) providers = [{ 'issuer': self._SAMPLE_ISSUERS[0][::-1], 'cert_uri': self._SAMPLE_CERT_URI[0][::-1], }, { 'issuer': self._SAMPLE_ISSUERS[0], 'cert_uri': self._SAMPLE_CERT_URI[0], }] self.mox.StubOutWithMock(users_id_token, '_parse_and_verify_jwt') users_id_token._parse_and_verify_jwt( self._SAMPLE_TOKEN, self._SAMPLE_TIME_NOW, (providers[0]['issuer'],), self._SAMPLE_AUDIENCES, providers[0]['cert_uri'], self.cache).AndReturn(None) users_id_token._parse_and_verify_jwt( self._SAMPLE_TOKEN, self._SAMPLE_TIME_NOW, (providers[1]['issuer'],), self._SAMPLE_AUDIENCES, providers[1]['cert_uri'], self.cache).AndReturn(self._SAMPLE_TOKEN_INFO) self.mox.ReplayAll() parsed_token = users_id_token.get_verified_jwt( providers, self._SAMPLE_AUDIENCES, cache=self.cache) self.mox.VerifyAll() self.assertEqual(parsed_token, self._SAMPLE_TOKEN_INFO)
def get_user_id(): """ Get the Google+ User ID from the environment. Attempts to get the user ID if the token in the environment is either an ID token or a bearer token. If there is no token in the environment or there the current token is invalid (no current endpoints user), will not attempt either. :rtype: unicode :return: The Google+ User ID of the user whose token is in the environment if it can be retrieved, else None. """ # Assumes endpoints.get_current_user has already returned a # non-null value, hence the needed environment variables # should already be set and this won't make the RPC/url fetch # a second time. if endpoints.get_current_user() is None: return # noinspection PyProtectedMember token = users_id_token._get_token(None) if token is None: return user_id = _get_user_id_from_id_token(token) if user_id is None: user_id = _get_user_id_from_bearer_token(token) return user_id
def testGetTokenQueryParamBearer(self): request = mock.MagicMock(messages.Message) request.get_unrecognized_field_info.return_value = (self._SAMPLE_TOKEN, messages.Variant.STRING) token = users_id_token._get_token(request) request.get_unrecognized_field_info.assert_called_once_with('bearer_token') self.assertEqual(token, self._SAMPLE_TOKEN)
def testGetTokenNone(self): request = self.mox.CreateMock(messages.Message) request.get_unrecognized_field_info('bearer_token').AndReturn((None, None)) request.get_unrecognized_field_info('access_token').AndReturn((None, None)) self.mox.ReplayAll() token = users_id_token._get_token(request) self.mox.VerifyAll() self.assertIsNone(token)
def testGetTokenQueryParamBearer(self): request = self.mox.CreateMock(messages.Message) request.get_unrecognized_field_info('bearer_token').AndReturn( (self._SAMPLE_TOKEN, messages.Variant.STRING)) self.mox.ReplayAll() token = users_id_token._get_token(request) self.mox.VerifyAll() self.assertEqual(token, self._SAMPLE_TOKEN)
def testGetTokenNone(self): request = mock.MagicMock(messages.Message) request.get_unrecognized_field_info.side_effect = [ (None, None), # bearer_token (None, None), # access_token ] token = users_id_token._get_token(request) assert token is None request.get_unrecognized_field_info.assert_has_calls( [mock.call('bearer_token'), mock.call('access_token')])
def testGetTokenQueryParamAccess(self): request = mock.MagicMock(messages.Message) request.get_unrecognized_field_info.side_effect = [ (None, None), # bearer_token (self._SAMPLE_TOKEN, messages.Variant.STRING), # access_token ] token = users_id_token._get_token(request) self.assertEqual(token, self._SAMPLE_TOKEN) request.get_unrecognized_field_info.assert_has_calls( [mock.call('bearer_token'), mock.call('access_token')])
def testGetTokenQueryParamInvalidHeader(self): os.environ['HTTP_AUTHORIZATION'] = 'Invalid ' + self._SAMPLE_TOKEN token = users_id_token._get_token(None) self.assertIsNone(token)
def testGetTokenQueryParamInvalidBearerHeader(self): # Capitalization matters. This should fail. os.environ['HTTP_AUTHORIZATION'] = 'BEARER ' + self._SAMPLE_TOKEN token = users_id_token._get_token(None) self.assertIsNone(token)
def testGetTokenQueryParamBearerHeader(self): os.environ['HTTP_AUTHORIZATION'] = 'Bearer ' + self._SAMPLE_TOKEN token = users_id_token._get_token(None) self.assertEqual(token, self._SAMPLE_TOKEN)