def test_token_endpoint_malformed(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id=CLIENT_ID, response_type="code", scope=["openid"]) _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) ae = AuthnEvent("user", "salt") _sdb[sid] = { "oauth_state": "authz", "authn_event": ae.to_json(), "authzreq": authreq.to_json(), "client_id": CLIENT_ID, "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri": "http://example.com/authz", } _sdb.do_sub(sid, "client_salt") # Construct Access token request areq = AccessTokenRequest(code=access_grant[0:len(access_grant) - 1], client_id=CLIENT_ID, redirect_uri="http://example.com/authz", client_secret=CLIENT_SECRET, grant_type='authorization_code') txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt) atr = TokenErrorResponse().deserialize(resp.message, "json") assert atr['error'] == "invalid_request"
def test_to_json(self): ae = AuthnEvent('uid', 'salt', authn_time=1000, valid_until=1500) json_repr = ae.to_json() assert json.loads(json_repr) == { 'uid': 'uid', 'salt': 'salt', 'authn_time': 1000, 'valid_until': 1500, 'authn_info': None }
def test_to_json(self): ae = AuthnEvent("uid", "salt", authn_time=1000, valid_until=1500) json_repr = ae.to_json() assert json.loads(json_repr) == { "uid": "uid", "salt": "salt", "authn_time": 1000, "valid_until": 1500, "authn_info": None, }
def test_refresh_access_token_request(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id=CLIENT_ID, response_type="code", scope=["openid", 'offline_access'], prompt='consent') _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) ae = AuthnEvent("user", "salt") _sdb[sid] = { "oauth_state": "authz", "authn_event": ae.to_json(), "authzreq": authreq.to_json(), "client_id": CLIENT_ID, "code": access_grant, "code_used": False, "scope": ["openid", 'offline_access'], "redirect_uri": "http://example.com/authz", } _sdb.do_sub(sid, "client_salt") # Construct Access token request areq = AccessTokenRequest(code=access_grant, client_id=CLIENT_ID, redirect_uri="http://example.com/authz", client_secret=CLIENT_SECRET, grant_type='authorization_code') txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt) atr = AccessTokenResponse().deserialize(resp.message, "json") rareq = RefreshAccessTokenRequest(grant_type="refresh_token", refresh_token=atr['refresh_token'], client_id=CLIENT_ID, client_secret=CLIENT_SECRET, scope=['openid']) resp = self.provider.token_endpoint(request=rareq.to_urlencoded()) atr2 = AccessTokenResponse().deserialize(resp.message, "json") assert atr2['access_token'] != atr['access_token'] assert atr2['refresh_token'] == atr['refresh_token'] assert atr2['token_type'] == 'Bearer'
def test_token_endpoint_ok_state(self): authreq = AuthorizationRequest( state="state", redirect_uri="http://example.com/authz", client_id="client1", response_type="code", scope=["openid"], ) _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) ae = AuthnEvent("user", "salt") _sdb[sid] = { "oauth_state": "authz", "authn_event": ae.to_json(), "authzreq": "", "client_id": "client1", "code": access_grant, "state": "state", "code_used": False, "scope": ["openid"], "redirect_uri": "http://example.com/authz", } _sdb.do_sub(sid, "client_salt") # Construct Access token request areq = AccessTokenRequest( code=access_grant, client_id="client1", redirect_uri="http://example.com/authz", client_secret="hemlighet", grant_type="authorization_code", state="state", ) txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt) atr = AccessTokenResponse().deserialize(resp.message, "json") assert atr["token_type"] == "Bearer"
def test_token_endpoint_unauth(self): state = 'state' authreq = AuthorizationRequest(state=state, redirect_uri="http://example.com/authz", client_id="client_1") _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) ae = AuthnEvent("user", "salt") _sdb[sid] = { "authn_event": ae.to_json(), "oauth_state": "authz", "authzreq": "", "client_id": "client_1", "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri": "http://example.com/authz", 'state': state } _sdb.do_sub(sid, "client_salt") # Construct Access token request areq = AccessTokenRequest(code=access_grant, redirect_uri="http://example.com/authz", client_id="client_1", client_secret="secret", state=state, grant_type='authorization_code') txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt, remote_user="******", request_method="POST") atr = TokenErrorResponse().deserialize(resp.message, "json") assert atr["error"] == "unauthorized_client"
def test_to_json(self): ae = AuthnEvent('uid', 'salt', authn_time=1000, valid_until=1500) json_repr = ae.to_json() assert json.loads(json_repr) == {'uid': 'uid', 'salt': 'salt', 'authn_time': 1000, 'valid_until': 1500, 'authn_info': None}