def test_new_client_authorization_code_are_not_marked_as_used(): database.save_new_authorization_code( 'auth-code-1nmb21', 'client-id','my-state', 'http://example.com/return') assert database.client_has_authorization_code('client-id', 'auth-code-1nmb21') assert not database.is_client_authorization_code_used('client-id', 'auth-code-1nmb21')
def test_should_mark_client_authorization_code_as_used(): database.save_new_authorization_code( 'auth-code-1nmb21', 'client-id', 'http://example.com/return', 'http://example.com/return?code=auth-code-1nmb21') database.mark_client_authorization_code_as_used('client-id', 'auth-code-1nmb21') assert database.client_has_authorization_code('client-id', 'auth-code-1nmb21') assert database.is_client_authorization_code_used('client-id', 'auth-code-1nmb21')
def validate_client_authorization(self): client = database.find_client(self.client_id) if not client: self.raise_http_401({'error': 'invalid_client', 'error_description': 'Invalid client_id or code on Authorization header'}) if not database.client_has_authorization_code(self.client_id, self.code_from_header): self.raise_http_401({'error': 'invalid_client', 'error_description': 'Invalid client_id or code on Authorization header'}) if not database.client_has_authorization_code(self.client_id, self.code): self.raise_http_400({'error': 'invalid_grant', 'error_description': 'Invalid code for this client'}) if not database.client_has_redirect_uri_for_code(self.client_id, self.code, self.redirect_uri): self.raise_http_400({'error': 'invalid_grant', 'error_description': 'redirect_uri does not match'}) if database.is_client_authorization_code_used(self.client_id, self.code): self.raise_http_400({'error': 'invalid_grant', 'error_description': 'Authorization grant already used'})