def test_sending_valid_request_returns_access_token(self):
message = "grant_type=password&client_id=%s&client_secret=%s&username=%s&password=%s" % (self.app.key(), self.app.secret, 'admin', 'asdfasdf')
response = api_request(self, self.get_url('/api/token'), method='POST', body=message, unsigned=True)
access_token = Accesstoken.all()
self.assertEqual(len(access_token), 1)
self.assertTrue(access_token[0])
# Now clean up so the invalid test will work out of order.
for token in access_token:
token.delete()
def test_access_token_is_not_deleted_when_new_one_is_requested(self):
# First request one.
message = "grant_type=authorization_code&code=%s&redirect_uri=%s&client_id=%s&client_secret=%s" % (self.authorization.code, self.app.redirect_url, self.app.key(), self.app.secret)
response = api_request(self, self.get_url('/api/token'), method='POST', body=message, unsigned=True)
#one access token should have been created:
access_token = Accesstoken.get('id=1')
self.assertTrue(access_token)
self.assertFalse(access_token.deleted)
access_tokens = Accesstoken.all()
self.assertEqual(len(access_tokens), 1)
j_response = json_decode(response.body)
self.assertEqual(j_response['token_type'], 'mac')
self.assertEqual(j_response['access_token'], access_token.consumer_key)
self.assertEqual(j_response['secret'], access_token.consumer_secret)
self.assertEqual(j_response['algorithm'], 'hmac-sha-1')
# Now request another.
other_authorization = Authorizationcode.generate(self.app.id, self.app.redirect_url, self.user_b.id)
message = "grant_type=authorization_code&code=%s&redirect_uri=%s&client_id=%s&client_secret=%s" % (other_authorization.code, self.app.redirect_url, self.app.key(), self.app.secret)
response = api_request(self, self.get_url('/api/token'), method='POST', body=message, unsigned=True)
# A second access token should have been created, but the
# first one should be gone.
access_token = Accesstoken.get('id=1')
self.assertFalse(access_token.deleted)
access_token = Accesstoken.get('id=2')
self.assertFalse(access_token.deleted)
access_tokens = Accesstoken.all()
self.assertEqual(len(access_tokens), 2)
j_response = json_decode(response.body)
self.assertEqual(j_response['token_type'], 'mac')
self.assertEqual(j_response['access_token'], access_token.consumer_key)
self.assertEqual(j_response['secret'], access_token.consumer_secret)
self.assertEqual(j_response['algorithm'], 'hmac-sha-1')
def test_sending_invalid_password_returns_error(self):
message = "grant_type=password&client_id=%s&client_secret=%s&username=%s&password=%s" % (self.app.key(), self.app.secret, 'admin', 'qwerqwer')
response = api_request(self, self.get_url('/api/token'), method='POST', body=message, unsigned=True)
access_token = Accesstoken.all()
self.assertEqual(len(access_token), 0)