def test_revoke_scope(test_client): user_admin_info, _ = setUp() create_app(user_admin_info['_id']) _, access_token = login(test_client) response = test_client.post( '/oauth/auth/authorize/{}/{}'.format( user_admin_info['_id'], ObjectId('5e59557579da4ec3ff04a683')), json=dict(scope=['app:action:POST', 'app:action:GET']), headers=dict(Authorization='Bearer {}'.format(access_token))) response = test_client.post( '/oauth/auth/revoke/{}/{}'.format( user_admin_info['_id'], ObjectId('5e59557579da4ec3ff04a683')), json=dict(scope=['app:action:GET']), headers=dict(Authorization='Bearer {}'.format(access_token))) r_json = json.loads(response.data) assert response.status_code == 200 assert 'message' in r_json response_client = test_client.get( '/oauth/users/{}'.format(user_admin_info['_id']), headers=dict(Authorization='Bearer {}'.format(access_token))) r_c_json = json.loads(response_client.data) authorization = r_c_json['clients_authorized'][0] assert authorization['id'] == str(ObjectId('5e59557579da4ec3ff04a683')) assert authorization['scope'] == "['app:action:POST']"
def test_token_password_invalid(test_client): _, user_info = setUp() response = test_client.post( '/oauth/users/send-password', json=dict(username=user_info['credential']['username'])) assert response.status_code == 200 token = random_string(20) response = test_client.post( '/oauth/users/valid-token-password/{}'.format(token)) assert response.status_code != 200
def test_save_token_password(test_client): _, user_info = setUp() response = test_client.post( '/oauth/users/send-password', json=dict(username=user_info['credential']['username'])) assert response.status_code == 200 model = mongo.db.recover_pass recover = model.find_one({"user_id": user_info['_id']}) token = recover['token'] response = test_client.post( '/oauth/users/valid-token-password/{}'.format(token)) assert response.status_code == 200
def login(test_client, username='******', password='******'): response = test_client.post('/oauth/auth/login', json=dict( username=username, password=password )) return response, json.loads(response.data)['access_token'] \ if response.status_code == 200 else None
def test_delete_author_app(test_client): _, u_infos = setUp() _, access_token = login(test_client) response = test_client.post( '/oauth/clients/{}/author/{}'.format( '5e59557579da4ec3ff04a682', str(u_infos['_id'])), headers=dict(Authorization='Bearer {}'.format(access_token))) assert response.status_code == 200 _, access_token = login(test_client, username='******') response = test_client.get( '/oauth/clients/users/{}'.format(str(u_infos['_id'])), headers=dict(Authorization='Bearer {}'.format(access_token)) ) r_json = json.loads(response.data) assert response.status_code == 200 assert len(r_json['clients']) == 2 response = test_client.delete( '/oauth/clients/{}/author/{}'.format( '5e59557579da4ec3ff04a682', str(u_infos['_id'])), headers=dict(Authorization='Bearer {}'.format(access_token))) assert response.status_code == 200 _, access_token = login(test_client, username='******') response = test_client.get( '/oauth/clients/users/{}'.format(str(u_infos['_id'])), headers=dict(Authorization='Bearer {}'.format(access_token)) ) r_json = json.loads(response.data) assert response.status_code == 200 assert len(r_json['clients']) == 1
def test_add_author_app_403(test_client): u_admin_infos, _ = setUp() response = test_client.post( '/oauth/clients/{}/author/{}'.format( '5e59557579da4ec3ff04a682', str(u_admin_infos['_id']))) assert response.status_code == 403
def test_create_user_409(test_client): _, _ = setUp() _, access_token = login(test_client) response = test_client.post( '/oauth/users/', json=dict(**USER_BASE, email='*****@*****.**'), headers=dict(Authorization='Bearer {}'.format(access_token))) assert response.status_code == 409
def test_add_author_app_404(test_client): u_admin_infos, _ = setUp() _, access_token = login(test_client) response = test_client.post( '/oauth/clients/{}/author/{}'.format( 'abc', str(u_admin_infos['_id'])), headers=dict(Authorization='Bearer {}'.format(access_token))) assert response.status_code == 404
def test_scope_404(test_client): _, u_info = setUp() create_app(u_info['_id']) _, access_token = login(test_client) response = test_client.post( '/oauth/auth/authorize/abc/{}'.format(u_info['_id']), json=dict(scopes=['app:action:POST']), headers=dict(Authorization='Bearer {}'.format(access_token))) assert response.status_code == 404
def test_create_user(test_client): _, _ = setUp() _, access_token = login(test_client) response = test_client.post( '/oauth/users/', json=dict(**USER_BASE, email='*****@*****.**'), headers=dict(Authorization='Bearer {}'.format(access_token))) r_json = json.loads(response.data) assert response.status_code == 201 assert '_id' in r_json
def test_create_user_400(test_client): _, _ = setUp() _, access_token = login(test_client) user = dict(**USER_BASE, email='*****@*****.**') del user['name'] response = test_client.post( '/oauth/users/', json=user, headers=dict(Authorization='Bearer {}'.format(access_token))) assert response.status_code == 400
def test_scope_400(test_client): user_admin_info, _ = setUp() create_app(user_admin_info['_id']) _, access_token = login(test_client) response = test_client.post( '/oauth/auth/authorize/{}/{}'.format( user_admin_info['_id'], ObjectId('5e59557579da4ec3ff04a683')), json=dict(scopes=[]), headers=dict(Authorization='Bearer {}'.format(access_token))) assert response.status_code == 400
def test_create_user_admin_403(test_client): _, _ = setUp() response = test_client.post('/oauth/users/?admin=True', json=dict(name='Admin', email='*****@*****.**', institution='INPE', occupation='-', admin=True, password='******', confirm_password='******')) assert response.status_code == 403
def test_create_app_400(test_client): _, _ = setUp() _, access_token = login(test_client) new_client = dict( client_name='app-test', client_uri='http://localhost:8080/app-test', redirect_uri='http://localhost:8080/app-test/redirect', ) response = test_client.post( '/oauth/clients/', json=new_client, headers=dict(Authorization='Bearer {}'.format(access_token))) assert response.status_code == 400
def test_generate_token_403_without_auth(test_client): user_admin_info, _ = setUp() create_app(user_admin_info['_id']) _, access_token = login(test_client) _ = test_client.post( '/oauth/auth/authorize/{}/{}'.format( user_admin_info['_id'], ObjectId('5e59557579da4ec3ff04a683')), json=dict(scope=['registry:repository:*']), headers=dict(Authorization='Bearer {}'.format(access_token))) response = test_client.get('/oauth/auth/token?service={}&scope={}'.format( 'registry', 'registry:repository:*')) assert response.status_code == 403
def test_create_app_admin_403(test_client): _, _ = setUp() new_client = dict( client_name='test-1', client_uri='http://localhost:8080/test-1', redirect_uri='http://localhost:8080/test-1/test-1', type_secret='string', client_secret='abc' ) response = test_client.post( '/oauth/clients/', json=new_client) assert response.status_code == 403
def test_create_app_admin_403_no_admn(test_client): _, _ = setUp() _, access_token = login(test_client, username='******') new_client = dict( client_name='test-1', client_uri='http://localhost:8080/test-1', redirect_uri='http://localhost:8080/test-1/test-1', type_secret='string', client_secret='abc' ) response = test_client.post( '/oauth/clients/', json=new_client, headers=dict(Authorization='Bearer {}'.format(access_token))) assert response.status_code == 403
def test_generate_token_insensitive(test_client): user_admin_info, _ = setUp() create_app(user_admin_info['_id']) _, access_token = login(test_client) _ = test_client.post( '/oauth/auth/authorize/{}/{}'.format( user_admin_info['_id'], ObjectId('5e59557579da4ec3ff04a683')), json=dict(scope=['registry:repository:POST']), headers=dict(Authorization='Bearer {}'.format(access_token))) response = test_client.get( '/oauth/auth/token?service={}&scope={}'.format( 'registry', 'REGISTRY:repository:post'), headers=dict(Authorization='Bearer {}'.format(access_token))) r_json = json.loads(response.data) assert response.status_code == 200 assert 'token' in r_json
def test_create_app(test_client): _, _ = setUp() _, access_token = login(test_client) new_client = dict( client_name='app-test', client_uri='http://localhost:8080/app-test', redirect_uri='http://localhost:8080/app-test/redirect', type_secret='string', client_secret='abc-key' ) response = test_client.post( '/oauth/clients/', json=new_client, headers=dict(Authorization='Bearer {}'.format(access_token))) r_json = json.loads(response.data) assert response.status_code == 201 assert '_id' in r_json
def test_add_author_app_duplicate(test_client): u_admin_infos, _ = setUp() _, access_token = login(test_client) response = test_client.post( '/oauth/clients/{}/author/{}'.format( '5e59557579da4ec3ff04a682', str(u_admin_infos['_id'])), headers=dict(Authorization='Bearer {}'.format(access_token))) assert response.status_code == 200 _, access_token = login(test_client) response = test_client.get( '/oauth/clients/users/{}'.format(str(u_admin_infos['_id'])), headers=dict(Authorization='Bearer {}'.format(access_token)) ) r_json = json.loads(response.data) assert response.status_code == 200 assert len(r_json['clients']) == 1 assert 'client_secret' in r_json['clients'][0]
def login(test_client, username='******'): response = test_client.post('/oauth/auth/login', json=dict( username=username, password='******' )) return response, json.loads(response.data)['access_token']