def testAccessClockResourceWithoutToken(self):
""" Test that a request to the protected resource with an invalid token is rejected. """
request = MockRequest('GET', 'clock')
self._makeExampleRequest(request)
self.assertEqual(401, request.responseCode, msg='Expected the protected clock resource '
'to reject a request without a token.')
self.assertNotSubstring(b'<html><body>', request.getResponse(),
msg='Expected the protected clock resource '
'not to send the protected content.')
def _testValidAccessRequest(self, token=_VALID_TOKEN):
"""
Test that a request to the protected resource with the given token is accepted.
:param token: The token to use in the request.
"""
request = MockRequest('GET', 'clock')
request.setRequestHeader(b'Authorization', 'Bearer ' + token)
self._makeExampleRequest(request)
self.assertIn(
request.responseCode, (None, 200),
msg='Expected the protected clock resource to accept a request with a valid token.')
self.assertSubstring(
b'<html><body>', request.getResponse(),
msg='Expected the protected clock resource to send the protected content.')
def testAuthorizationCodeGrant(self):
""" Test the authorization code grant flow. """
state = b'state'
dataKey = self._doAuthorizationRequest(state)
request = MockRequest('POST', 'oauth2', arguments={
'confirm': 'yes',
'data_key': dataKey
})
self._makeExampleRequest(request)
self.assertEqual(302, request.responseCode,
msg='Expected the auth resource to redirect the request.')
redirectUrl = request.getResponseHeader(b'location')
self.assertIsNotNone(redirectUrl, msg='Expected the auth resource to redirect the request.')
parameter = OAuth2Abstract.AuthResourceTest.getParameterFromRedirectUrl(redirectUrl, False)
self.assertIn('code', parameter, msg='Missing code parameter in response.')
self.assertIn('state', parameter, msg='Missing state parameter in response.')
self.assertEqual(
state if isinstance(state, str) else state.decode('utf-8', errors='replace'),
parameter['state'], msg='Result contained an unexpected state.')
code = parameter['code']
request = Abstract.TokenResourceTest.generateValidTokenRequest(arguments={
'grant_type': 'authorization_code',
'code': code,
'redirect_uri': self._VALID_CLIENT.redirectUris[0],
}, url='oauth2/token', authentication=self._VALID_CLIENT)
self._makeExampleRequest(request)
self.assertEqual(200, request.responseCode,
msg='Expected the token resource to accept the request.')
jsonResult = json.loads(request.getResponse().decode('utf-8'))
self.assertIn('access_token', jsonResult, msg='Expected the result from the token resource '
'to contain an access_token parameter.')
self.assertIn('refresh_token', jsonResult,
msg='Expected the result from the token resource '
'to contain a refresh_token parameter.')
self.assertIn('scope', jsonResult,
msg='Expected the result from the token resource '
'to contain a scope parameter.')
self.assertListEqual(jsonResult['scope'].split(), self._VALID_SCOPE,
msg='The token resource returned a different '
'scope than expected.')
accessToken = jsonResult['access_token']
self._testValidAccessRequest(token=accessToken)
refreshToken = jsonResult['refresh_token']
self._testTokenRefresh(refreshToken)
def testAuthorizationCodeGrant(self):
""" Test the authorization code grant flow. """
state = b'state'
request = AbstractAuthResourceTest.createAuthRequest(
arguments={
'response_type': 'code',
'client_id': self._VALID_CLIENT.id,
'redirect_uri': self._VALID_CLIENT.redirectUris[0],
'scope': ' '.join(self._VALID_SCOPE),
'state': state
})
self._SERVER.makeSynchronousRequest(request)
self.assertIn(
request.responseCode, (None, 200),
msg='Expected the auth resource to accept a valid request.')
response = request.getResponse()
self.assertSubstring(
b'<!DOCTYPE html>',
response,
msg=
'Expected the auth resource to send the content returned by onAuthenticate.'
)
dataKey = re.search(b"<input.*name=\"data_key\".*value=\"(?P<dataKey>.*)\">", response)\
.group('dataKey')
request = MockRequest('POST',
'oauth2',
arguments={
'confirm': 'yes',
'data_key': dataKey
})
self._SERVER.makeSynchronousRequest(request)
self.assertEquals(
request.responseCode,
302,
msg='Expected the auth resource to redirect the request.')
redirectUrl = request.getResponseHeader(b'location')
self.assertIsNotNone(
redirectUrl,
msg='Expected the auth resource to redirect the request.')
parameter = AbstractAuthResourceTest.getParameterFromRedirectUrl(
redirectUrl, False)
self.assertIn('code',
parameter,
msg='Missing code parameter in response.')
self.assertIn('state',
parameter,
msg='Missing state parameter in response.')
self.assertEquals(parameter['state'],
state if isinstance(state, str) else state.decode(
'utf-8', errors='replace'),
msg='Result contained an unexpected state.')
code = parameter['code']
request = AbstractTokenResourceTest.generateValidTokenRequest(
arguments={
'grant_type': 'authorization_code',
'code': code,
'redirect_uri': self._VALID_CLIENT.redirectUris[0],
},
url='oauth2/token',
authentication=self._VALID_CLIENT)
self._SERVER.makeSynchronousRequest(request)
self.assertEquals(
request.responseCode,
200,
msg='Expected the token resource to accept the request.')
jsonResult = json.loads(request.getResponse().decode('utf-8'),
encoding='utf-8')
self.assertIn('access_token',
jsonResult,
msg='Expected the result from the token resource '
'to contain an access_token parameter.')
self.assertIn('refresh_token',
jsonResult,
msg='Expected the result from the token resource '
'to contain a refresh_token parameter.')
self.assertIn('scope',
jsonResult,
msg='Expected the result from the token resource '
'to contain a scope parameter.')
self.assertListEqual(jsonResult['scope'].split(),
self._VALID_SCOPE,
msg='The token resource returned a different '
'scope than expected.')
accessToken = jsonResult['access_token']
self._testValidAccessRequest(token=accessToken)
refreshToken = jsonResult['refresh_token']
self._testTokenRefresh(refreshToken)