def test_valid_response_request(self, mock_post): """This test ensures that the authorize request against the oauth endpoint succeeds with expected values. """ self._mock_response(mock_post, valid=True) random_state = six.text_type(uuid.uuid4()) # Simple GET with various parameters response = self.get_json(path='/openid/authorize_return', expect_errors=True, state=random_state, **self.valid_params) # Try to pull the code out of the response location = response.headers.get('Location') location_url = urlparse.urlparse(location) parameters = urlparse.parse_qs(location_url[4]) with base.HybridSessionManager(): token = auth_api.authorization_code_get(parameters['code']) redirect_uri = self.valid_params['sb_redirect_uri'] # Validate the redirect response self.assertValidRedirect(response=response, expected_status_code=302, redirect_uri=redirect_uri, state=token.state, code=token.code)
def test_delete_code(self): created_code = auth_codes.authorization_code_save(self.code_01) self.assertIsNotNone(created_code, "Could not create an Authorization code") auth_codes.authorization_code_delete(created_code.code) fetched_code = auth_codes.authorization_code_get(created_code.code) self.assertIsNone(fetched_code)
def _resolve_user_id(self, request): # Try authorization code code = request._params.get("code") if code: code_info = auth_api.authorization_code_get(code) return code_info.user_id # Try refresh token refresh_token = request._params.get("refresh_token") refresh_token_entry = \ refresh_token_api.refresh_token_get_by_token(refresh_token) if refresh_token_entry: return refresh_token_entry.user_id return None
def validate_code(self, client_id, code, client, request, *args, **kwargs): """Validate the code belongs to the client. It must exist, and it must be recent. """ db_code = auth_api.authorization_code_get(code) if not db_code: return False # Calculate the expiration date. expires_on = db_code.created_at + datetime.timedelta( seconds=db_code.expires_in) # Generate a UTC now() with timezone attached so we can run a # comparison against the timezone-sensitive result that comes from # the database. now = datetime.datetime.now(tz=pytz.utc) return expires_on > now
def _access_token_by_code(self): auth_code = request.params.get("code") code_info = auth_api.authorization_code_get(auth_code) headers, body, code = SERVER.create_token_response( uri=request.url, http_method=request.method, body=request.body, headers=request.headers) response.headers = dict( (str(k), str(v)) for k, v in six.iteritems(headers)) response.status_code = code json_body = json.loads(body) # Update a body with user_id only if a response is 2xx if code / 100 == 2: json_body.update({'id_token': code_info.user_id}) response.json = json_body return response
def _access_token_by_code(self): auth_code = request.params.get("code") code_info = auth_api.authorization_code_get(auth_code) headers, body, code = SERVER.create_token_response( uri=request.url, http_method=request.method, body=request.body, headers=request.headers) response.headers = dict((str(k), str(v)) for k, v in six.iteritems(headers)) response.status_code = code json_body = json.loads(body) # Update a body with user_id only if a response is 2xx if code / 100 == 2: json_body.update({ 'id_token': code_info.user_id }) response.json = json_body return response
def test_valid_access_request(self): """This test ensures that the access token request may execute properly with a valid token. """ # Generate a valid auth token with base.HybridSessionManager(): authorization_code = auth_api.authorization_code_save({ 'user_id': 2, 'state': 'test_state', 'code': 'test_valid_code' }) content_type = 'application/x-www-form-urlencoded' # POST with content: application/x-www-form-urlencoded response = self.app.post('/v1/openid/token', params={ 'code': authorization_code.code, 'grant_type': 'authorization_code' }, content_type=content_type, expect_errors=True) # Assert that this is a successful response self.assertEqual(200, response.status_code) # Assert that the token came back in the response token = response.json self.assertIsNotNone(token['access_token']) self.assertIsNotNone(token['expires_in']) self.assertIsNotNone(token['id_token']) self.assertIsNotNone(token['refresh_token']) self.assertIsNotNone(token['token_type']) self.assertEqual('Bearer', token['token_type']) # Assert that the access token is in the database with base.HybridSessionManager(): access_token = \ token_api.access_token_get_by_token(token['access_token']) self.assertIsNotNone(access_token) # Assert that system configured values is owned by the correct user. self.assertEqual(2, access_token.user_id) self.assertEqual(token['id_token'], access_token.user_id) self.assertEqual(token['expires_in'], CONF.oauth.access_token_ttl) self.assertEqual(token['expires_in'], access_token.expires_in) self.assertEqual(token['access_token'], access_token.access_token) # Assert that the refresh token is in the database with base.HybridSessionManager(): refresh_token = \ refresh_tokens.refresh_token_get_by_token( token['refresh_token']) self.assertIsNotNone(refresh_token) # Assert that system configured values is owned by the correct user. self.assertEqual(2, refresh_token.user_id) self.assertEqual(CONF.oauth.refresh_token_ttl, refresh_token.expires_in) self.assertEqual(token['refresh_token'], refresh_token.refresh_token) # Assert that the authorization code is no longer in the database. with base.HybridSessionManager(): none_code = \ auth_api.authorization_code_get(authorization_code.code) self.assertIsNone(none_code)