예제 #1
0
    def save_authorization_code(self, client_id, code, request, *args,
                                **kwargs):
        """Save the code to the storage and remove the state as it is persisted
        in the "code" argument
        """

        openid = request._params["openid.claimed_id"]
        email = request._params["openid.sreg.email"]
        full_name = request._params["openid.sreg.fullname"]
        last_login = datetime.datetime.now(pytz.utc)

        user = user_api.user_get_by_openid(openid)
        user_dict = {"full_name": full_name,
                     "email": email,
                     "last_login": last_login}

        if not user:
            user_dict.update({"openid": openid})
            user = user_api.user_create(user_dict)
        else:
            user = user_api.user_update(user.id, user_dict)

        # def save_authorization_code(self, authorization_code, user_id):
        values = {
            "code": code["code"],
            "state": code["state"],
            "user_id": user.id,
            "expires_in": CONF.oauth.authorization_code_ttl
        }
        auth_api.authorization_code_save(values)
예제 #2
0
    def test_invalid_grant_type(self):
        """This test ensures that invalid grant_type parameters get the
        appropriate error response.
        """

        # Generate a valid auth token
        with base.HybridSessionManager():
            authorization_code = auth_api.authorization_code_save({
                'user_id': 2,
                'state': 'test_state',
                'code': 'test_valid_code',
                'expires_in': 300
            })

        content_type = 'application/x-www-form-urlencoded'
        # POST with content: application/x-www-form-urlencoded
        response = self.app.post('/v1/openid/token',
                                 params={
                                     'code': authorization_code.code,
                                     'grant_type': 'invalid_grant_type'
                                 },
                                 content_type=content_type,
                                 expect_errors=True)

        # Assert that this is a successful response
        self.assertEqual(400, response.status_code)
        self.assertIsNotNone(response.json)
        self.assertEqual('unsupported_grant_type', response.json['error'])
        self.assertEqual(e_msg.INVALID_TOKEN_GRANT_TYPE,
                         response.json['error_description'])
예제 #3
0
    def test_invalid_grant_type(self):
        """This test ensures that invalid grant_type parameters get the
        appropriate error response.
        """

        # Generate a valid auth token
        with base.HybridSessionManager():
            authorization_code = auth_api.authorization_code_save({
                'user_id':
                2,
                'state':
                'test_state',
                'code':
                'test_valid_code',
                'expires_in':
                300
            })

        content_type = 'application/x-www-form-urlencoded'
        # POST with content: application/x-www-form-urlencoded
        response = self.app.post('/v1/openid/token',
                                 params={
                                     'code': authorization_code.code,
                                     'grant_type': 'invalid_grant_type'
                                 },
                                 content_type=content_type,
                                 expect_errors=True)

        # Assert that this is a successful response
        self.assertEqual(400, response.status_code)
        self.assertIsNotNone(response.json)
        self.assertEqual('unsupported_grant_type', response.json['error'])
        self.assertEqual(e_msg.INVALID_TOKEN_GRANT_TYPE,
                         response.json['error_description'])
    def test_delete_code(self):
        created_code = auth_codes.authorization_code_save(self.code_01)

        self.assertIsNotNone(created_code,
                             "Could not create an Authorization code")

        auth_codes.authorization_code_delete(created_code.code)

        fetched_code = auth_codes.authorization_code_get(created_code.code)
        self.assertIsNone(fetched_code)
예제 #5
0
    def test_delete_code(self):
        created_code = auth_codes.authorization_code_save(self.code_01)

        self.assertIsNotNone(created_code,
                             "Could not create an Authorization code")

        auth_codes.authorization_code_delete(created_code.code)

        fetched_code = auth_codes.authorization_code_get(created_code.code)
        self.assertIsNone(fetched_code)
예제 #6
0
    def test_expired_access_token_time(self):
        """This test ensures that an access token is seen as expired if
        storyboard is installed in multiple timezones.
        """

        expired = datetime.datetime.now(
            pytz.utc) - datetime.timedelta(minutes=6)

        # Store the old TZ info, if it exists.
        old_tz = None
        if 'TZ' in os.environ:
            old_tz = os.environ['TZ']

        # Convert now into every possible timezone out there :)
        for name in self.tested_timezones:

            # Override the 'default timezone' for the current runtime.
            os.environ['TZ'] = name

            # Create a token.
            with base.HybridSessionManager():
                authorization_code = auth_api.authorization_code_save({
                    'user_id':
                    2,
                    'state':
                    'test_state',
                    'code':
                    'test_valid_code',
                    'expires_in':
                    300,
                    'created_at':
                    expired
                })

            content_type = 'application/x-www-form-urlencoded'
            # POST with content: application/x-www-form-urlencoded
            response = self.app.post('/v1/openid/token',
                                     params={
                                         'code': authorization_code.code,
                                         'grant_type': 'authorization_code'
                                     },
                                     content_type=content_type,
                                     expect_errors=True)

            # Assert that this is a valid call.
            self.assertEqual(401, response.status_code)

            # Reset the timezone.
            if old_tz:
                os.environ['TZ'] = old_tz
            else:
                del os.environ['TZ']
예제 #7
0
    def test_expired_access_token_time(self):
        """This test ensures that an access token is seen as expired if
        storyboard is installed in multiple timezones.
        """

        expired = datetime.datetime.now(pytz.utc) - datetime.timedelta(
            minutes=6)

        # Store the old TZ info, if it exists.
        old_tz = None
        if 'TZ' in os.environ:
            old_tz = os.environ['TZ']

        # Convert now into every possible timezone out there :)
        for name in self.tested_timezones:

            # Override the 'default timezone' for the current runtime.
            os.environ['TZ'] = name

            # Create a token.
            with base.HybridSessionManager():
                authorization_code = auth_api.authorization_code_save({
                    'user_id': 2,
                    'state': 'test_state',
                    'code': 'test_valid_code',
                    'expires_in': 300,
                    'created_at': expired
                })

            content_type = 'application/x-www-form-urlencoded'
            # POST with content: application/x-www-form-urlencoded
            response = self.app.post('/v1/openid/token',
                                     params={
                                         'code': authorization_code.code,
                                         'grant_type': 'authorization_code'
                                     },
                                     content_type=content_type,
                                     expect_errors=True)

            # Assert that this is a valid call.
            self.assertEqual(401, response.status_code)

            # Reset the timezone.
            if old_tz:
                os.environ['TZ'] = old_tz
            else:
                del os.environ['TZ']
예제 #8
0
    def test_valid_access_token_time(self):
        """Assert that a newly created access token is valid if storyboard is
        installed in a multitude of timezones.
        """

        # Store the old TZ info, if it exists.
        old_tz = None
        if 'TZ' in os.environ:
            old_tz = os.environ['TZ']

        # Convert now into every possible timezone out there :)
        for name in self.tested_timezones:

            # Override the 'default timezone' for the current runtime.
            os.environ['TZ'] = name

            # Create a token.
            with base.HybridSessionManager():
                authorization_code = auth_api.authorization_code_save({
                    'user_id':
                    2,
                    'state':
                    'test_state',
                    'code':
                    'test_valid_code',
                    'expires_in':
                    300
                })

            response = self.app.post(
                '/v1/openid/token',
                params={
                    'code': authorization_code.code,
                    'grant_type': 'authorization_code'
                },
                content_type='application/x-www-form-urlencoded',
                expect_errors=True)

            # Assert that this is a valid call.
            self.assertEqual(200, response.status_code)

            # Reset the timezone.
            if old_tz:
                os.environ['TZ'] = old_tz
            else:
                del os.environ['TZ']
예제 #9
0
    def test_valid_access_token_time(self):
        """Assert that a newly created access token is valid if storyboard is
        installed in a multitude of timezones.
        """

        # Store the old TZ info, if it exists.
        old_tz = None
        if 'TZ' in os.environ:
            old_tz = os.environ['TZ']

        # Convert now into every possible timezone out there :)
        for name in self.tested_timezones:

            # Override the 'default timezone' for the current runtime.
            os.environ['TZ'] = name

            # Create a token.
            with base.HybridSessionManager():
                authorization_code = auth_api.authorization_code_save({
                    'user_id': 2,
                    'state': 'test_state',
                    'code': 'test_valid_code',
                    'expires_in': 300
                })

            response = self.app.post('/v1/openid/token',
                                     params={
                                         'code': authorization_code.code,
                                         'grant_type': 'authorization_code'
                                     },
                                     content_type=
                                     'application/x-www-form-urlencoded',
                                     expect_errors=True)

            # Assert that this is a valid call.
            self.assertEqual(200, response.status_code)

            # Reset the timezone.
            if old_tz:
                os.environ['TZ'] = old_tz
            else:
                del os.environ['TZ']
예제 #10
0
    def test_valid_refresh_token(self):
        """This test ensures that a valid refresh token can be converted into
        a valid access token, and cleans up after itself.
        """

        # Generate a valid access code
        with base.HybridSessionManager():
            authorization_code = auth_api.authorization_code_save({
                'user_id': 2,
                'state': 'test_state',
                'code': 'test_valid_code'
            })

        content_type = 'application/x-www-form-urlencoded'
        # Generate an auth and a refresh token.
        resp_1 = self.app.post('/v1/openid/token',
                               params={
                                   'code': authorization_code.code,
                                   'grant_type': 'authorization_code'
                               },
                               content_type=content_type,
                               expect_errors=True)

        # Assert that this is a successful response
        self.assertEqual(200, resp_1.status_code)

        # Assert that the token came back in the response
        t1 = resp_1.json

        # Assert that both are in the database.
        with base.HybridSessionManager():
            access_token = \
                token_api.access_token_get_by_token(t1['access_token'])
        self.assertIsNotNone(access_token)

        with base.HybridSessionManager():
            refresh_token = refresh_tokens.refresh_token_get_by_token(
                t1['refresh_token'])

        self.assertIsNotNone(refresh_token)

        content_type = 'application/x-www-form-urlencoded'
        # Issue a refresh token request.
        resp_2 = self.app.post('/v1/openid/token',
                               params={
                                   'refresh_token': t1['refresh_token'],
                                   'grant_type': 'refresh_token'
                               },
                               content_type=content_type,
                               expect_errors=True)

        # Assert that the response is good.
        self.assertEqual(200, resp_2.status_code)

        # Assert that the token came back in the response
        t2 = resp_2.json
        self.assertIsNotNone(t2['access_token'])
        self.assertIsNotNone(t2['expires_in'])
        self.assertIsNotNone(t2['id_token'])
        self.assertIsNotNone(t2['refresh_token'])
        self.assertIsNotNone(t2['token_type'])
        self.assertEqual('Bearer', t2['token_type'])

        # Assert that the access token is in the database
        with base.HybridSessionManager():
            new_access_token = \
                token_api.access_token_get_by_token(t2['access_token'])
        self.assertIsNotNone(new_access_token)

        # Assert that system configured values is owned by the correct user.
        self.assertEqual(2, new_access_token.user_id)
        self.assertEqual(t2['id_token'], new_access_token.user_id)
        self.assertEqual(t2['expires_in'], CONF.oauth.access_token_ttl)
        self.assertEqual(t2['expires_in'], new_access_token.expires_in)
        self.assertEqual(t2['access_token'],
                         new_access_token.access_token)

        # Assert that the refresh token is in the database

        with base.HybridSessionManager():
            new_refresh_token = refresh_tokens.refresh_token_get_by_token(
                t2['refresh_token'])

        self.assertIsNotNone(new_refresh_token)

        # Assert that system configured values is owned by the correct user.
        self.assertEqual(2, new_refresh_token.user_id)
        self.assertEqual(CONF.oauth.refresh_token_ttl,
                         new_refresh_token.expires_in)
        self.assertEqual(t2['refresh_token'],
                         new_refresh_token.refresh_token)

        # Assert that the old access tokens are no longer in the database and
        # have been cleaned up.

        with base.HybridSessionManager():
            no_access_token = \
                token_api.access_token_get_by_token(t1['access_token'])
        with base.HybridSessionManager():
            no_refresh_token = \
                refresh_tokens.refresh_token_get_by_token(t1['refresh_token'])

        self.assertIsNone(no_refresh_token)
        self.assertIsNone(no_access_token)
예제 #11
0
    def test_valid_access_request(self):
        """This test ensures that the access token request may execute
        properly with a valid token.
        """

        # Generate a valid auth token
        with base.HybridSessionManager():
            authorization_code = auth_api.authorization_code_save({
                'user_id': 2,
                'state': 'test_state',
                'code': 'test_valid_code'
            })

        content_type = 'application/x-www-form-urlencoded'
        # POST with content: application/x-www-form-urlencoded
        response = self.app.post('/v1/openid/token',
                                 params={
                                     'code': authorization_code.code,
                                     'grant_type': 'authorization_code'
                                 },
                                 content_type=content_type,
                                 expect_errors=True)

        # Assert that this is a successful response
        self.assertEqual(200, response.status_code)

        # Assert that the token came back in the response
        token = response.json
        self.assertIsNotNone(token['access_token'])
        self.assertIsNotNone(token['expires_in'])
        self.assertIsNotNone(token['id_token'])
        self.assertIsNotNone(token['refresh_token'])
        self.assertIsNotNone(token['token_type'])
        self.assertEqual('Bearer', token['token_type'])

        # Assert that the access token is in the database
        with base.HybridSessionManager():
            access_token = \
                token_api.access_token_get_by_token(token['access_token'])
        self.assertIsNotNone(access_token)

        # Assert that system configured values is owned by the correct user.
        self.assertEqual(2, access_token.user_id)
        self.assertEqual(token['id_token'], access_token.user_id)
        self.assertEqual(token['expires_in'], CONF.oauth.access_token_ttl)
        self.assertEqual(token['expires_in'], access_token.expires_in)
        self.assertEqual(token['access_token'], access_token.access_token)

        # Assert that the refresh token is in the database
        with base.HybridSessionManager():
            refresh_token = \
                refresh_tokens.refresh_token_get_by_token(
                    token['refresh_token'])

        self.assertIsNotNone(refresh_token)

        # Assert that system configured values is owned by the correct user.
        self.assertEqual(2, refresh_token.user_id)
        self.assertEqual(CONF.oauth.refresh_token_ttl,
                         refresh_token.expires_in)
        self.assertEqual(token['refresh_token'], refresh_token.refresh_token)

        # Assert that the authorization code is no longer in the database.
        with base.HybridSessionManager():
            none_code = \
                auth_api.authorization_code_get(authorization_code.code)
        self.assertIsNone(none_code)
예제 #12
0
    def test_valid_refresh_token(self):
        """This test ensures that a valid refresh token can be converted into
        a valid access token, and cleans up after itself.
        """

        # Generate a valid access code
        with base.HybridSessionManager():
            authorization_code = auth_api.authorization_code_save({
                'user_id':
                2,
                'state':
                'test_state',
                'code':
                'test_valid_code'
            })

        content_type = 'application/x-www-form-urlencoded'
        # Generate an auth and a refresh token.
        resp_1 = self.app.post('/v1/openid/token',
                               params={
                                   'code': authorization_code.code,
                                   'grant_type': 'authorization_code'
                               },
                               content_type=content_type,
                               expect_errors=True)

        # Assert that this is a successful response
        self.assertEqual(200, resp_1.status_code)

        # Assert that the token came back in the response
        t1 = resp_1.json

        # Assert that both are in the database.
        with base.HybridSessionManager():
            access_token = \
                token_api.access_token_get_by_token(t1['access_token'])
        self.assertIsNotNone(access_token)

        with base.HybridSessionManager():
            refresh_token = refresh_tokens.refresh_token_get_by_token(
                t1['refresh_token'])

        self.assertIsNotNone(refresh_token)

        content_type = 'application/x-www-form-urlencoded'
        # Issue a refresh token request.
        resp_2 = self.app.post('/v1/openid/token',
                               params={
                                   'refresh_token': t1['refresh_token'],
                                   'grant_type': 'refresh_token'
                               },
                               content_type=content_type,
                               expect_errors=True)

        # Assert that the response is good.
        self.assertEqual(200, resp_2.status_code)

        # Assert that the token came back in the response
        t2 = resp_2.json
        self.assertIsNotNone(t2['access_token'])
        self.assertIsNotNone(t2['expires_in'])
        self.assertIsNotNone(t2['id_token'])
        self.assertIsNotNone(t2['refresh_token'])
        self.assertIsNotNone(t2['token_type'])
        self.assertEqual('Bearer', t2['token_type'])

        # Assert that the access token is in the database
        with base.HybridSessionManager():
            new_access_token = \
                token_api.access_token_get_by_token(t2['access_token'])
        self.assertIsNotNone(new_access_token)

        # Assert that system configured values is owned by the correct user.
        self.assertEqual(2, new_access_token.user_id)
        self.assertEqual(t2['id_token'], new_access_token.user_id)
        self.assertEqual(t2['expires_in'], CONF.oauth.access_token_ttl)
        self.assertEqual(t2['expires_in'], new_access_token.expires_in)
        self.assertEqual(t2['access_token'], new_access_token.access_token)

        # Assert that the refresh token is in the database

        with base.HybridSessionManager():
            new_refresh_token = refresh_tokens.refresh_token_get_by_token(
                t2['refresh_token'])

        self.assertIsNotNone(new_refresh_token)

        # Assert that system configured values is owned by the correct user.
        self.assertEqual(2, new_refresh_token.user_id)
        self.assertEqual(CONF.oauth.refresh_token_ttl,
                         new_refresh_token.expires_in)
        self.assertEqual(t2['refresh_token'], new_refresh_token.refresh_token)

        # Assert that the old access tokens are no longer in the database and
        # have been cleaned up.

        with base.HybridSessionManager():
            no_access_token = \
                token_api.access_token_get_by_token(t1['access_token'])
        with base.HybridSessionManager():
            no_refresh_token = \
                refresh_tokens.refresh_token_get_by_token(t1['refresh_token'])

        self.assertIsNone(no_refresh_token)
        self.assertIsNone(no_access_token)
예제 #13
0
    def test_valid_access_request(self):
        """This test ensures that the access token request may execute
        properly with a valid token.
        """

        # Generate a valid auth token
        with base.HybridSessionManager():
            authorization_code = auth_api.authorization_code_save({
                'user_id':
                2,
                'state':
                'test_state',
                'code':
                'test_valid_code'
            })

        content_type = 'application/x-www-form-urlencoded'
        # POST with content: application/x-www-form-urlencoded
        response = self.app.post('/v1/openid/token',
                                 params={
                                     'code': authorization_code.code,
                                     'grant_type': 'authorization_code'
                                 },
                                 content_type=content_type,
                                 expect_errors=True)

        # Assert that this is a successful response
        self.assertEqual(200, response.status_code)

        # Assert that the token came back in the response
        token = response.json
        self.assertIsNotNone(token['access_token'])
        self.assertIsNotNone(token['expires_in'])
        self.assertIsNotNone(token['id_token'])
        self.assertIsNotNone(token['refresh_token'])
        self.assertIsNotNone(token['token_type'])
        self.assertEqual('Bearer', token['token_type'])

        # Assert that the access token is in the database
        with base.HybridSessionManager():
            access_token = \
                token_api.access_token_get_by_token(token['access_token'])
        self.assertIsNotNone(access_token)

        # Assert that system configured values is owned by the correct user.
        self.assertEqual(2, access_token.user_id)
        self.assertEqual(token['id_token'], access_token.user_id)
        self.assertEqual(token['expires_in'], CONF.oauth.access_token_ttl)
        self.assertEqual(token['expires_in'], access_token.expires_in)
        self.assertEqual(token['access_token'], access_token.access_token)

        # Assert that the refresh token is in the database
        with base.HybridSessionManager():
            refresh_token = \
                refresh_tokens.refresh_token_get_by_token(
                    token['refresh_token'])

        self.assertIsNotNone(refresh_token)

        # Assert that system configured values is owned by the correct user.
        self.assertEqual(2, refresh_token.user_id)
        self.assertEqual(CONF.oauth.refresh_token_ttl,
                         refresh_token.expires_in)
        self.assertEqual(token['refresh_token'], refresh_token.refresh_token)

        # Assert that the authorization code is no longer in the database.
        with base.HybridSessionManager():
            none_code = \
                auth_api.authorization_code_get(authorization_code.code)
        self.assertIsNone(none_code)