예제 #1
0
    def test_introspect_unsupported_token(self):
        endpoint = IntrospectEndpoint(self.validator,
                                      supported_token_types=['access_token'])
        body = urlencode([('token', 'foo'),
                          ('token_type_hint', 'refresh_token')])
        h, b, s = endpoint.create_introspect_response(self.uri,
                headers=self.headers, body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b)['error'], 'unsupported_token_type')
        self.assertEqual(s, 400)

        h, b, s = endpoint.create_introspect_response(self.uri,
                headers=self.headers, body='')
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b)['error'], 'invalid_request')
        self.assertEqual(s, 400)
예제 #2
0
    def test_introspect_unsupported_token(self):
        endpoint = IntrospectEndpoint(self.validator,
                                      supported_token_types=['access_token'])
        body = urlencode([('token', 'foo'),
                          ('token_type_hint', 'refresh_token')])
        h, b, s = endpoint.create_introspect_response(self.uri,
                headers=self.headers, body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b)['error'], 'unsupported_token_type')
        self.assertEqual(s, 400)

        h, b, s = endpoint.create_introspect_response(self.uri,
                headers=self.headers, body='')
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b)['error'], 'invalid_request')
        self.assertEqual(s, 400)
 def test_introspect_bad_post_request(self):
     endpoint = IntrospectEndpoint(self.validator,
                                   supported_token_types=['access_token'])
     for param in ['token', 'secret', 'code', 'foo']:
         uri = 'http://some.endpoint?' + urlencode([(param, 'secret')])
         body = urlencode([('token', 'foo'),
                           ('token_type_hint', 'access_token')])
         h, b, s = endpoint.create_introspect_response(
             uri,
             headers=self.headers, body=body)
         self.assertEqual(h, self.resp_h)
         self.assertEqual(loads(b)['error'], 'invalid_request')
         self.assertIn('query parameters are not allowed', loads(b)['error_description'])
         self.assertEqual(s, 400)
 def test_introspect_invalid_request_method(self):
     endpoint = IntrospectEndpoint(self.validator,
                                   supported_token_types=['access_token'])
     test_methods = ['GET', 'pUt', 'dEleTe', 'paTcH']
     test_methods = test_methods + [x.lower() for x in test_methods] + [x.upper() for x in test_methods]
     for method in test_methods:
         body = urlencode([('token', 'foo'),
                           ('token_type_hint', 'refresh_token')])
         h, b, s = endpoint.create_introspect_response(self.uri,
                 http_method = method, headers=self.headers, body=body)
         self.assertEqual(h, self.resp_h)
         self.assertEqual(loads(b)['error'], 'invalid_request')
         self.assertIn('Unsupported request method', loads(b)['error_description'])
         self.assertEqual(s, 400)
예제 #5
0
class IntrospectEndpointTest(TestCase):

    def setUp(self):
        self.validator = MagicMock(wraps=RequestValidator())
        self.validator.client_authentication_required.return_value = True
        self.validator.authenticate_client.return_value = True
        self.validator.validate_bearer_token.return_value = True
        self.validator.introspect_token.return_value = {}
        self.endpoint = IntrospectEndpoint(self.validator)

        self.uri = 'should_not_matter'
        self.headers = {
            'Content-Type': 'application/x-www-form-urlencoded',
        }
        self.resp_h = {
            'Cache-Control': 'no-store',
            'Content-Type': 'application/json',
            'Pragma': 'no-cache'
        }
        self.resp_b = {
            "active": True
        }

    def test_introspect_token(self):
        for token_type in ('access_token', 'refresh_token', 'invalid'):
            body = urlencode([('token', 'foo'),
                              ('token_type_hint', token_type)])
            h, b, s = self.endpoint.create_introspect_response(self.uri,
                    headers=self.headers, body=body)
            self.assertEqual(h, self.resp_h)
            self.assertEqual(loads(b), self.resp_b)
            self.assertEqual(s, 200)

    def test_introspect_token_nohint(self):
        # don't specify token_type_hint
        body = urlencode([('token', 'foo')])
        h, b, s = self.endpoint.create_introspect_response(self.uri,
                headers=self.headers, body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b), self.resp_b)
        self.assertEqual(s, 200)

    def test_introspect_token_false(self):
        self.validator.introspect_token.return_value = None
        body = urlencode([('token', 'foo')])
        h, b, s = self.endpoint.create_introspect_response(self.uri,
                headers=self.headers, body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b), {"active": False})
        self.assertEqual(s, 200)

    def test_introspect_token_claims(self):
        self.validator.introspect_token.return_value = {"foo": "bar"}
        body = urlencode([('token', 'foo')])
        h, b, s = self.endpoint.create_introspect_response(self.uri,
                headers=self.headers, body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b), {"active": True, "foo": "bar"})
        self.assertEqual(s, 200)

    def test_introspect_token_claims_spoof_active(self):
        self.validator.introspect_token.return_value = {"foo": "bar", "active": False}
        body = urlencode([('token', 'foo')])
        h, b, s = self.endpoint.create_introspect_response(self.uri,
                headers=self.headers, body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b), {"active": True, "foo": "bar"})
        self.assertEqual(s, 200)

    def test_introspect_token_client_authentication_failed(self):
        self.validator.authenticate_client.return_value = False
        body = urlencode([('token', 'foo'),
                          ('token_type_hint', 'access_token')])
        h, b, s = self.endpoint.create_introspect_response(self.uri,
                headers=self.headers, body=body)
        self.assertEqual(h, {
            'Content-Type': 'application/json',
            'Cache-Control': 'no-store',
            'Pragma': 'no-cache',
            "WWW-Authenticate": 'Bearer, error="invalid_client"'
        })
        self.assertEqual(loads(b)['error'], 'invalid_client')
        self.assertEqual(s, 401)

    def test_introspect_token_public_client_authentication(self):
        self.validator.client_authentication_required.return_value = False
        self.validator.authenticate_client_id.return_value = True
        for token_type in ('access_token', 'refresh_token', 'invalid'):
            body = urlencode([('token', 'foo'),
                              ('token_type_hint', token_type)])
            h, b, s = self.endpoint.create_introspect_response(self.uri,
                    headers=self.headers, body=body)
            self.assertEqual(h, self.resp_h)
            self.assertEqual(loads(b), self.resp_b)
            self.assertEqual(s, 200)

    def test_introspect_token_public_client_authentication_failed(self):
        self.validator.client_authentication_required.return_value = False
        self.validator.authenticate_client_id.return_value = False
        body = urlencode([('token', 'foo'),
                          ('token_type_hint', 'access_token')])
        h, b, s = self.endpoint.create_introspect_response(self.uri,
                headers=self.headers, body=body)
        self.assertEqual(h, {
            'Content-Type': 'application/json',
            'Cache-Control': 'no-store',
            'Pragma': 'no-cache',
            "WWW-Authenticate": 'Bearer, error="invalid_client"'
        })
        self.assertEqual(loads(b)['error'], 'invalid_client')
        self.assertEqual(s, 401)


    def test_introspect_unsupported_token(self):
        endpoint = IntrospectEndpoint(self.validator,
                                      supported_token_types=['access_token'])
        body = urlencode([('token', 'foo'),
                          ('token_type_hint', 'refresh_token')])
        h, b, s = endpoint.create_introspect_response(self.uri,
                headers=self.headers, body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b)['error'], 'unsupported_token_type')
        self.assertEqual(s, 400)

        h, b, s = endpoint.create_introspect_response(self.uri,
                headers=self.headers, body='')
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b)['error'], 'invalid_request')
        self.assertEqual(s, 400)
예제 #6
0
class IntrospectEndpointTest(TestCase):
    def setUp(self):
        self.validator = MagicMock(wraps=RequestValidator())
        self.validator.client_authentication_required.return_value = True
        self.validator.authenticate_client.return_value = True
        self.validator.validate_bearer_token.return_value = True
        self.validator.introspect_token.return_value = {}
        self.endpoint = IntrospectEndpoint(self.validator)

        self.uri = 'should_not_matter'
        self.headers = {
            'Content-Type': 'application/x-www-form-urlencoded',
        }
        self.resp_h = {
            'Cache-Control': 'no-store',
            'Content-Type': 'application/json',
            'Pragma': 'no-cache'
        }
        self.resp_b = {"active": True}

    def test_introspect_token(self):
        for token_type in ('access_token', 'refresh_token', 'invalid'):
            body = urlencode([('token', 'foo'),
                              ('token_type_hint', token_type)])
            h, b, s = self.endpoint.create_introspect_response(
                self.uri, headers=self.headers, body=body)
            self.assertEqual(h, self.resp_h)
            self.assertEqual(loads(b), self.resp_b)
            self.assertEqual(s, 200)

    def test_introspect_token_nohint(self):
        # don't specify token_type_hint
        body = urlencode([('token', 'foo')])
        h, b, s = self.endpoint.create_introspect_response(
            self.uri, headers=self.headers, body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b), self.resp_b)
        self.assertEqual(s, 200)

    def test_introspect_token_false(self):
        self.validator.introspect_token.return_value = None
        body = urlencode([('token', 'foo')])
        h, b, s = self.endpoint.create_introspect_response(
            self.uri, headers=self.headers, body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b), {"active": False})
        self.assertEqual(s, 200)

    def test_introspect_token_claims(self):
        self.validator.introspect_token.return_value = {"foo": "bar"}
        body = urlencode([('token', 'foo')])
        h, b, s = self.endpoint.create_introspect_response(
            self.uri, headers=self.headers, body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b), {"active": True, "foo": "bar"})
        self.assertEqual(s, 200)

    def test_introspect_token_claims_spoof_active(self):
        self.validator.introspect_token.return_value = {
            "foo": "bar",
            "active": False
        }
        body = urlencode([('token', 'foo')])
        h, b, s = self.endpoint.create_introspect_response(
            self.uri, headers=self.headers, body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b), {"active": True, "foo": "bar"})
        self.assertEqual(s, 200)

    def test_introspect_token_client_authentication_failed(self):
        self.validator.authenticate_client.return_value = False
        body = urlencode([('token', 'foo'),
                          ('token_type_hint', 'access_token')])
        h, b, s = self.endpoint.create_introspect_response(
            self.uri, headers=self.headers, body=body)
        self.assertEqual(
            h, {
                'Content-Type': 'application/json',
                'Cache-Control': 'no-store',
                'Pragma': 'no-cache',
                "WWW-Authenticate": 'Bearer, error="invalid_client"'
            })
        self.assertEqual(loads(b)['error'], 'invalid_client')
        self.assertEqual(s, 401)

    def test_introspect_token_public_client_authentication(self):
        self.validator.client_authentication_required.return_value = False
        self.validator.authenticate_client_id.return_value = True
        for token_type in ('access_token', 'refresh_token', 'invalid'):
            body = urlencode([('token', 'foo'),
                              ('token_type_hint', token_type)])
            h, b, s = self.endpoint.create_introspect_response(
                self.uri, headers=self.headers, body=body)
            self.assertEqual(h, self.resp_h)
            self.assertEqual(loads(b), self.resp_b)
            self.assertEqual(s, 200)

    def test_introspect_token_public_client_authentication_failed(self):
        self.validator.client_authentication_required.return_value = False
        self.validator.authenticate_client_id.return_value = False
        body = urlencode([('token', 'foo'),
                          ('token_type_hint', 'access_token')])
        h, b, s = self.endpoint.create_introspect_response(
            self.uri, headers=self.headers, body=body)
        self.assertEqual(
            h, {
                'Content-Type': 'application/json',
                'Cache-Control': 'no-store',
                'Pragma': 'no-cache',
                "WWW-Authenticate": 'Bearer, error="invalid_client"'
            })
        self.assertEqual(loads(b)['error'], 'invalid_client')
        self.assertEqual(s, 401)

    def test_introspect_unsupported_token(self):
        endpoint = IntrospectEndpoint(self.validator,
                                      supported_token_types=['access_token'])
        body = urlencode([('token', 'foo'),
                          ('token_type_hint', 'refresh_token')])
        h, b, s = endpoint.create_introspect_response(self.uri,
                                                      headers=self.headers,
                                                      body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b)['error'], 'unsupported_token_type')
        self.assertEqual(s, 400)

        h, b, s = endpoint.create_introspect_response(self.uri,
                                                      headers=self.headers,
                                                      body='')
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b)['error'], 'invalid_request')
        self.assertEqual(s, 400)

    def test_introspect_invalid_request_method(self):
        endpoint = IntrospectEndpoint(self.validator,
                                      supported_token_types=['access_token'])
        test_methods = ['GET', 'pUt', 'dEleTe', 'paTcH']
        test_methods = test_methods + [x.lower() for x in test_methods
                                       ] + [x.upper() for x in test_methods]
        for method in test_methods:
            body = urlencode([('token', 'foo'),
                              ('token_type_hint', 'refresh_token')])
            h, b, s = endpoint.create_introspect_response(self.uri,
                                                          http_method=method,
                                                          headers=self.headers,
                                                          body=body)
            self.assertEqual(h, self.resp_h)
            self.assertEqual(loads(b)['error'], 'invalid_request')
            self.assertIn('Unsupported request method',
                          loads(b)['error_description'])
            self.assertEqual(s, 400)

    def test_introspect_bad_post_request(self):
        endpoint = IntrospectEndpoint(self.validator,
                                      supported_token_types=['access_token'])
        for param in ['token', 'secret', 'code', 'foo']:
            uri = 'http://some.endpoint?' + urlencode([(param, 'secret')])
            body = urlencode([('token', 'foo'),
                              ('token_type_hint', 'access_token')])
            h, b, s = endpoint.create_introspect_response(uri,
                                                          headers=self.headers,
                                                          body=body)
            self.assertEqual(h, self.resp_h)
            self.assertEqual(loads(b)['error'], 'invalid_request')
            self.assertIn('query parameters are not allowed',
                          loads(b)['error_description'])
            self.assertEqual(s, 400)
예제 #7
0
class IntrospectEndpointTest(TestCase):

    def setUp(self):
        self.validator = MagicMock(wraps=RequestValidator())
        self.validator.client_authentication_required.return_value = True
        self.validator.authenticate_client.return_value = True
        self.validator.validate_bearer_token.return_value = True
        self.validator.introspect_token.return_value = {}
        self.endpoint = IntrospectEndpoint(self.validator)

        self.uri = 'should_not_matter'
        self.headers = {
            'Content-Type': 'application/x-www-form-urlencoded',
        }
        self.resp_h = {
            'Cache-Control': 'no-store',
            'Content-Type': 'application/json',
            'Pragma': 'no-cache'
        }
        self.resp_b = {
            "active": True
        }

    def test_introspect_token(self):
        for token_type in ('access_token', 'refresh_token', 'invalid'):
            body = urlencode([('token', 'foo'),
                              ('token_type_hint', token_type)])
            h, b, s = self.endpoint.create_introspect_response(self.uri,
                    headers=self.headers, body=body)
            self.assertEqual(h, self.resp_h)
            self.assertEqual(loads(b), self.resp_b)
            self.assertEqual(s, 200)

    def test_introspect_token_nohint(self):
        # don't specify token_type_hint
        body = urlencode([('token', 'foo')])
        h, b, s = self.endpoint.create_introspect_response(self.uri,
                headers=self.headers, body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b), self.resp_b)
        self.assertEqual(s, 200)

    def test_introspect_token_false(self):
        self.validator.introspect_token.return_value = None
        body = urlencode([('token', 'foo')])
        h, b, s = self.endpoint.create_introspect_response(self.uri,
                headers=self.headers, body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b), {"active": False})
        self.assertEqual(s, 200)

    def test_introspect_token_claims(self):
        self.validator.introspect_token.return_value = {"foo": "bar"}
        body = urlencode([('token', 'foo')])
        h, b, s = self.endpoint.create_introspect_response(self.uri,
                headers=self.headers, body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b), {"active": True, "foo": "bar"})
        self.assertEqual(s, 200)

    def test_introspect_token_claims_spoof_active(self):
        self.validator.introspect_token.return_value = {"foo": "bar", "active": False}
        body = urlencode([('token', 'foo')])
        h, b, s = self.endpoint.create_introspect_response(self.uri,
                headers=self.headers, body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b), {"active": True, "foo": "bar"})
        self.assertEqual(s, 200)

    def test_introspect_token_client_authentication_failed(self):
        self.validator.authenticate_client.return_value = False
        body = urlencode([('token', 'foo'),
                          ('token_type_hint', 'access_token')])
        h, b, s = self.endpoint.create_introspect_response(self.uri,
                headers=self.headers, body=body)
        self.assertEqual(h, {
            'Content-Type': 'application/json',
            'Cache-Control': 'no-store',
            'Pragma': 'no-cache',
            "WWW-Authenticate": 'Bearer, error="invalid_client"'
        })
        self.assertEqual(loads(b)['error'], 'invalid_client')
        self.assertEqual(s, 401)

    def test_introspect_token_public_client_authentication(self):
        self.validator.client_authentication_required.return_value = False
        self.validator.authenticate_client_id.return_value = True
        for token_type in ('access_token', 'refresh_token', 'invalid'):
            body = urlencode([('token', 'foo'),
                              ('token_type_hint', token_type)])
            h, b, s = self.endpoint.create_introspect_response(self.uri,
                    headers=self.headers, body=body)
            self.assertEqual(h, self.resp_h)
            self.assertEqual(loads(b), self.resp_b)
            self.assertEqual(s, 200)

    def test_introspect_token_public_client_authentication_failed(self):
        self.validator.client_authentication_required.return_value = False
        self.validator.authenticate_client_id.return_value = False
        body = urlencode([('token', 'foo'),
                          ('token_type_hint', 'access_token')])
        h, b, s = self.endpoint.create_introspect_response(self.uri,
                headers=self.headers, body=body)
        self.assertEqual(h, {
            'Content-Type': 'application/json',
            'Cache-Control': 'no-store',
            'Pragma': 'no-cache',
            "WWW-Authenticate": 'Bearer, error="invalid_client"'
        })
        self.assertEqual(loads(b)['error'], 'invalid_client')
        self.assertEqual(s, 401)

    def test_introspect_unsupported_token(self):
        endpoint = IntrospectEndpoint(self.validator,
                                      supported_token_types=['access_token'])
        body = urlencode([('token', 'foo'),
                          ('token_type_hint', 'refresh_token')])
        h, b, s = endpoint.create_introspect_response(self.uri,
                headers=self.headers, body=body)
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b)['error'], 'unsupported_token_type')
        self.assertEqual(s, 400)

        h, b, s = endpoint.create_introspect_response(self.uri,
                headers=self.headers, body='')
        self.assertEqual(h, self.resp_h)
        self.assertEqual(loads(b)['error'], 'invalid_request')
        self.assertEqual(s, 400)