def test_loginAndToken_whenTokenCalledBeforeAuth_returns400InvalidGrant(
self):
req = self.authorisation_request_1
storage.hset('clients', 'test-1', '0123456789')
login_result = self.app.post('/login', data=req)
self.assertEqual(200, login_result.status_code)
body = login_result.data.decode('utf-8')
code = re.search('(?:code=)(\w*)', body).group(1)
token_result = self.app.post('/token',
data={
'client_id': 'test-1',
'client_secret': '0123456789',
'code': code,
'grant_type': 'authorization_code',
'redirect_uri': 'http://abc'
})
self.assertEqual(400, token_result.status_code)
body = token_result.data.decode('utf-8')
error_dict = json.loads(body)
self.assertIn('error', error_dict)
self.assertEqual(error_dict['error'], 'invalid_grant')
def test_login_whenCalledWithValidCodeAndInvalidUsernameAndPassword_returns200WithFailureMessage(
self):
storage.hset('clients', 'test-1', '0123456789')
storage.set('sessions_0123456789012345',
json.dumps(self.session_content_1))
with mock.patch('requests.post',
side_effect=self.mocked_requests_post_failed
) as mock_getuserdetails:
# with mock.patch('ldap_authenticator.ldap_authenticator.verify_user') as mock_verifyuser:
# mock_verifyuser.return_value = {'success': False, 'claims': {'givenName': 'Test', 'sn': 'User',
# 'mail': '*****@*****.**'}}
returned_result = self.app.post('/login?code=0123456789012345',
data={
'username': '******',
'password': '******'
})
body = returned_result.data.decode('utf-8')
self.assertEqual(200, returned_result.status_code)
self.assertIn(
'Incorrect username and/or password entered, please try again.',
body)
def test_token_whenCalledWithExpiredCode_returns400InvalidGrant(self):
storage.hset('clients', 'test-1', '0123456789')
storage.set('sessions_0123456789012345',
json.dumps(self.session_content_1))
storage.expire('sessions_0123456789012345', 1)
time.sleep(2)
returned_result = self.app.post('/token',
data={
'client_id':
'test-1',
'client_secret':
'0123456789',
'code':
'0123456789012345',
'grant_type':
'authorization_code',
'redirect_uri':
'http://test.app/redirectpath'
})
self.assertEqual(400, returned_result.status_code)
body = returned_result.data.decode('utf-8')
error_dict = json.loads(body)
self.assertIn('error', error_dict)
self.assertEqual(error_dict['error'], 'invalid_grant')
def test_token_whenCalledWithUserThatDoesNotHaveAnEmployeeNumber_returns400InvalidGrant(
self):
storage.hset('clients', 'test-1', '0123456789')
session = self.session_content_1.copy()
del (session['claims']['id_number'])
storage.set('sessions_0123456789012345',
json.dumps(self.session_content_1))
returned_result = self.app.post('/token',
data={
'client_id':
'test-1',
'client_secret':
'0123456789',
'code':
'0123456789012345',
'grant_type':
'authorization_code',
'redirect_uri':
'http://test.app/redirectpath'
})
self.assertEqual(400, returned_result.status_code)
body = returned_result.data.decode('utf-8')
error_dict = json.loads(body)
self.assertIn('error', error_dict)
self.assertEqual(error_dict['error'], 'invalid_grant')
def test_login_whenCalledWithAuthzFlowParams_returns200LoginPage(self):
storage.hset('clients', 'test-1', '0123456789')
req = self.authorisation_request_1
returned_result = self.app.post('/login', data=req)
self.assertEqual(200, returned_result.status_code)
body = returned_result.data.decode('utf-8')
self.assertIn('form action="/login?', body)
def test_loginAndToken_whenCalledWithValidCodeTwice_returns400InvalidRequest(
self):
storage.hset('clients', 'test-1', '0123456789')
storage.set('sessions_0123456789012345',
json.dumps(self.session_content_1))
with mock.patch('requests.post',
side_effect=self.mocked_requests_post_success
) as mock_getuserdetails:
returned_result = self.app.post('/login?code=0123456789012345',
data={
'username': '******',
'password': '******'
})
body = returned_result.data.decode('utf-8')
self.assertEqual(302, returned_result.status_code)
returned_result = self.app.post('/token',
data={
'client_id':
'test-1',
'client_secret':
'0123456789',
'code':
'0123456789012345',
'grant_type':
'authorization_code',
'redirect_uri':
'http://test.app/redirectpath'
})
self.assertEqual(200, returned_result.status_code)
returned_result = self.app.post('/token',
data={
'client_id':
'test-1',
'client_secret':
'0123456789',
'code':
'0123456789012345',
'grant_type':
'authorization_code',
'redirect_uri':
'http://test.app/redirectpath'
})
self.assertEqual(400, returned_result.status_code)
body = returned_result.data.decode('utf-8')
error_dict = json.loads(body)
self.assertIn('error', error_dict)
self.assertEqual(error_dict['error'], 'invalid_request')
def test_login_whenCalledWithInvalidScope_returns400InvalidScope(self):
storage.hset('clients', 'test-1', '0123456789')
req = self.authorisation_request_1
req['scope'] = 'wibble'
returned_result = self.app.post('/login', data=req)
self.assertEqual(400, returned_result.status_code)
body = returned_result.data.decode('utf-8')
error_dict = json.loads(body)
self.assertIn('error', error_dict)
self.assertEqual(error_dict['error'], 'invalid_scope')
self.assertIn('state', error_dict)
self.assertEqual(error_dict['state'],
self.authorisation_request_1['state'])
def test_login_whenCalledWithValidCodeUsernameAndPassword_return302RedirectToClient(
self):
storage.hset('clients', 'test-1', '0123456789')
storage.set('sessions_0123456789012345',
json.dumps(self.session_content_1))
with mock.patch('requests.post',
side_effect=self.mocked_requests_post_success
) as mock_getuserdetails:
returned_result = self.app.post('/login?code=0123456789012345',
data={
'username': '******',
'password': '******'
})
self.assertEqual(302, returned_result.status_code)
def test_login_whenCalledWithNonce_returns200AndPersistsNonce(self):
storage.hset('clients', 'test-1', '0123456789')
req = self.authorisation_request_1
req['nonce'] = 'wibble123'
returned_result = self.app.post('/login', data=req)
self.assertEqual(200, returned_result.status_code)
body = returned_result.data.decode('utf-8')
code = re.search('(?:code=)(\w*)', body).group(1)
session_raw = storage.get('sessions_%s' % code)
session = json.loads(session_raw)
self.assertIn('nonce', session)
self.assertEqual(session['nonce'], 'wibble123')
def test_token_whenCalledWithValidCode_returnsValidToken(self):
storage.hset('clients', 'test-1', '0123456789')
storage.set('sessions_0123456789012345',
json.dumps(self.session_content_1))
returned_result = self.app.post('/token',
data={
'client_id':
'test-1',
'client_secret':
'0123456789',
'code':
'0123456789012345',
'grant_type':
'authorization_code',
'redirect_uri':
'http://test.app/redirectpath'
})
self.assertEqual(200, returned_result.status_code)
