def save_authorization_code(self, client_id, code, request, *args, **kwargs): """Save the code to the storage and remove the state as it is persisted in the "code" argument """ openid = request._params["openid.claimed_id"] email = request._params["openid.sreg.email"] full_name = request._params["openid.sreg.fullname"] last_login = datetime.datetime.now(pytz.utc) user = user_api.user_get_by_openid(openid) user_dict = {"full_name": full_name, "email": email, "last_login": last_login} if not user: user_dict.update({"openid": openid}) user = user_api.user_create(user_dict) else: user = user_api.user_update(user.id, user_dict) # def save_authorization_code(self, authorization_code, user_id): values = { "code": code["code"], "state": code["state"], "user_id": user.id, "expires_in": CONF.oauth.authorization_code_ttl } auth_api.authorization_code_save(values)
def test_invalid_grant_type(self): """This test ensures that invalid grant_type parameters get the appropriate error response. """ # Generate a valid auth token with base.HybridSessionManager(): authorization_code = auth_api.authorization_code_save({ 'user_id': 2, 'state': 'test_state', 'code': 'test_valid_code', 'expires_in': 300 }) content_type = 'application/x-www-form-urlencoded' # POST with content: application/x-www-form-urlencoded response = self.app.post('/v1/openid/token', params={ 'code': authorization_code.code, 'grant_type': 'invalid_grant_type' }, content_type=content_type, expect_errors=True) # Assert that this is a successful response self.assertEqual(400, response.status_code) self.assertIsNotNone(response.json) self.assertEqual('unsupported_grant_type', response.json['error']) self.assertEqual(e_msg.INVALID_TOKEN_GRANT_TYPE, response.json['error_description'])
def test_delete_code(self): created_code = auth_codes.authorization_code_save(self.code_01) self.assertIsNotNone(created_code, "Could not create an Authorization code") auth_codes.authorization_code_delete(created_code.code) fetched_code = auth_codes.authorization_code_get(created_code.code) self.assertIsNone(fetched_code)
def test_expired_access_token_time(self): """This test ensures that an access token is seen as expired if storyboard is installed in multiple timezones. """ expired = datetime.datetime.now( pytz.utc) - datetime.timedelta(minutes=6) # Store the old TZ info, if it exists. old_tz = None if 'TZ' in os.environ: old_tz = os.environ['TZ'] # Convert now into every possible timezone out there :) for name in self.tested_timezones: # Override the 'default timezone' for the current runtime. os.environ['TZ'] = name # Create a token. with base.HybridSessionManager(): authorization_code = auth_api.authorization_code_save({ 'user_id': 2, 'state': 'test_state', 'code': 'test_valid_code', 'expires_in': 300, 'created_at': expired }) content_type = 'application/x-www-form-urlencoded' # POST with content: application/x-www-form-urlencoded response = self.app.post('/v1/openid/token', params={ 'code': authorization_code.code, 'grant_type': 'authorization_code' }, content_type=content_type, expect_errors=True) # Assert that this is a valid call. self.assertEqual(401, response.status_code) # Reset the timezone. if old_tz: os.environ['TZ'] = old_tz else: del os.environ['TZ']
def test_expired_access_token_time(self): """This test ensures that an access token is seen as expired if storyboard is installed in multiple timezones. """ expired = datetime.datetime.now(pytz.utc) - datetime.timedelta( minutes=6) # Store the old TZ info, if it exists. old_tz = None if 'TZ' in os.environ: old_tz = os.environ['TZ'] # Convert now into every possible timezone out there :) for name in self.tested_timezones: # Override the 'default timezone' for the current runtime. os.environ['TZ'] = name # Create a token. with base.HybridSessionManager(): authorization_code = auth_api.authorization_code_save({ 'user_id': 2, 'state': 'test_state', 'code': 'test_valid_code', 'expires_in': 300, 'created_at': expired }) content_type = 'application/x-www-form-urlencoded' # POST with content: application/x-www-form-urlencoded response = self.app.post('/v1/openid/token', params={ 'code': authorization_code.code, 'grant_type': 'authorization_code' }, content_type=content_type, expect_errors=True) # Assert that this is a valid call. self.assertEqual(401, response.status_code) # Reset the timezone. if old_tz: os.environ['TZ'] = old_tz else: del os.environ['TZ']
def test_valid_access_token_time(self): """Assert that a newly created access token is valid if storyboard is installed in a multitude of timezones. """ # Store the old TZ info, if it exists. old_tz = None if 'TZ' in os.environ: old_tz = os.environ['TZ'] # Convert now into every possible timezone out there :) for name in self.tested_timezones: # Override the 'default timezone' for the current runtime. os.environ['TZ'] = name # Create a token. with base.HybridSessionManager(): authorization_code = auth_api.authorization_code_save({ 'user_id': 2, 'state': 'test_state', 'code': 'test_valid_code', 'expires_in': 300 }) response = self.app.post( '/v1/openid/token', params={ 'code': authorization_code.code, 'grant_type': 'authorization_code' }, content_type='application/x-www-form-urlencoded', expect_errors=True) # Assert that this is a valid call. self.assertEqual(200, response.status_code) # Reset the timezone. if old_tz: os.environ['TZ'] = old_tz else: del os.environ['TZ']
def test_valid_access_token_time(self): """Assert that a newly created access token is valid if storyboard is installed in a multitude of timezones. """ # Store the old TZ info, if it exists. old_tz = None if 'TZ' in os.environ: old_tz = os.environ['TZ'] # Convert now into every possible timezone out there :) for name in self.tested_timezones: # Override the 'default timezone' for the current runtime. os.environ['TZ'] = name # Create a token. with base.HybridSessionManager(): authorization_code = auth_api.authorization_code_save({ 'user_id': 2, 'state': 'test_state', 'code': 'test_valid_code', 'expires_in': 300 }) response = self.app.post('/v1/openid/token', params={ 'code': authorization_code.code, 'grant_type': 'authorization_code' }, content_type= 'application/x-www-form-urlencoded', expect_errors=True) # Assert that this is a valid call. self.assertEqual(200, response.status_code) # Reset the timezone. if old_tz: os.environ['TZ'] = old_tz else: del os.environ['TZ']
def test_valid_refresh_token(self): """This test ensures that a valid refresh token can be converted into a valid access token, and cleans up after itself. """ # Generate a valid access code with base.HybridSessionManager(): authorization_code = auth_api.authorization_code_save({ 'user_id': 2, 'state': 'test_state', 'code': 'test_valid_code' }) content_type = 'application/x-www-form-urlencoded' # Generate an auth and a refresh token. resp_1 = self.app.post('/v1/openid/token', params={ 'code': authorization_code.code, 'grant_type': 'authorization_code' }, content_type=content_type, expect_errors=True) # Assert that this is a successful response self.assertEqual(200, resp_1.status_code) # Assert that the token came back in the response t1 = resp_1.json # Assert that both are in the database. with base.HybridSessionManager(): access_token = \ token_api.access_token_get_by_token(t1['access_token']) self.assertIsNotNone(access_token) with base.HybridSessionManager(): refresh_token = refresh_tokens.refresh_token_get_by_token( t1['refresh_token']) self.assertIsNotNone(refresh_token) content_type = 'application/x-www-form-urlencoded' # Issue a refresh token request. resp_2 = self.app.post('/v1/openid/token', params={ 'refresh_token': t1['refresh_token'], 'grant_type': 'refresh_token' }, content_type=content_type, expect_errors=True) # Assert that the response is good. self.assertEqual(200, resp_2.status_code) # Assert that the token came back in the response t2 = resp_2.json self.assertIsNotNone(t2['access_token']) self.assertIsNotNone(t2['expires_in']) self.assertIsNotNone(t2['id_token']) self.assertIsNotNone(t2['refresh_token']) self.assertIsNotNone(t2['token_type']) self.assertEqual('Bearer', t2['token_type']) # Assert that the access token is in the database with base.HybridSessionManager(): new_access_token = \ token_api.access_token_get_by_token(t2['access_token']) self.assertIsNotNone(new_access_token) # Assert that system configured values is owned by the correct user. self.assertEqual(2, new_access_token.user_id) self.assertEqual(t2['id_token'], new_access_token.user_id) self.assertEqual(t2['expires_in'], CONF.oauth.access_token_ttl) self.assertEqual(t2['expires_in'], new_access_token.expires_in) self.assertEqual(t2['access_token'], new_access_token.access_token) # Assert that the refresh token is in the database with base.HybridSessionManager(): new_refresh_token = refresh_tokens.refresh_token_get_by_token( t2['refresh_token']) self.assertIsNotNone(new_refresh_token) # Assert that system configured values is owned by the correct user. self.assertEqual(2, new_refresh_token.user_id) self.assertEqual(CONF.oauth.refresh_token_ttl, new_refresh_token.expires_in) self.assertEqual(t2['refresh_token'], new_refresh_token.refresh_token) # Assert that the old access tokens are no longer in the database and # have been cleaned up. with base.HybridSessionManager(): no_access_token = \ token_api.access_token_get_by_token(t1['access_token']) with base.HybridSessionManager(): no_refresh_token = \ refresh_tokens.refresh_token_get_by_token(t1['refresh_token']) self.assertIsNone(no_refresh_token) self.assertIsNone(no_access_token)
def test_valid_access_request(self): """This test ensures that the access token request may execute properly with a valid token. """ # Generate a valid auth token with base.HybridSessionManager(): authorization_code = auth_api.authorization_code_save({ 'user_id': 2, 'state': 'test_state', 'code': 'test_valid_code' }) content_type = 'application/x-www-form-urlencoded' # POST with content: application/x-www-form-urlencoded response = self.app.post('/v1/openid/token', params={ 'code': authorization_code.code, 'grant_type': 'authorization_code' }, content_type=content_type, expect_errors=True) # Assert that this is a successful response self.assertEqual(200, response.status_code) # Assert that the token came back in the response token = response.json self.assertIsNotNone(token['access_token']) self.assertIsNotNone(token['expires_in']) self.assertIsNotNone(token['id_token']) self.assertIsNotNone(token['refresh_token']) self.assertIsNotNone(token['token_type']) self.assertEqual('Bearer', token['token_type']) # Assert that the access token is in the database with base.HybridSessionManager(): access_token = \ token_api.access_token_get_by_token(token['access_token']) self.assertIsNotNone(access_token) # Assert that system configured values is owned by the correct user. self.assertEqual(2, access_token.user_id) self.assertEqual(token['id_token'], access_token.user_id) self.assertEqual(token['expires_in'], CONF.oauth.access_token_ttl) self.assertEqual(token['expires_in'], access_token.expires_in) self.assertEqual(token['access_token'], access_token.access_token) # Assert that the refresh token is in the database with base.HybridSessionManager(): refresh_token = \ refresh_tokens.refresh_token_get_by_token( token['refresh_token']) self.assertIsNotNone(refresh_token) # Assert that system configured values is owned by the correct user. self.assertEqual(2, refresh_token.user_id) self.assertEqual(CONF.oauth.refresh_token_ttl, refresh_token.expires_in) self.assertEqual(token['refresh_token'], refresh_token.refresh_token) # Assert that the authorization code is no longer in the database. with base.HybridSessionManager(): none_code = \ auth_api.authorization_code_get(authorization_code.code) self.assertIsNone(none_code)