def setUp(self):
"""
Sets up a RefreshTokenAuthorizer using a mock AuthClient for testing
"""
super(RefreshTokenAuthorizerTests, self).setUp()
# known values for testing
self.refresh_token = "refresh_token_1"
self.access_token = "access_token_1"
self.expires_at = -1
# response values for simulating a refresh token grant response
self.response = mock.Mock()
self.response.by_resource_server = {
"rs1": {
"expires_at_seconds": -1,
"access_token": "access_token_2"
}
}
self.rs_data = self.response.by_resource_server['rs1']
# mock AuthClient for testing
self.ac = mock.Mock()
self.ac.oauth2_refresh_token = mock.Mock(
return_value=self.response)
self.authorizer = RefreshTokenAuthorizer(
self.refresh_token, self.ac, access_token=self.access_token,
expires_at=self.expires_at)
def get_authorizers_for_scopes(
scopes: List[str],
token_store: Optional[Union[pathlib.Path, str]] = None,
client_id: str = CLIENT_ID,
client_name: str = CLIENT_NAME,
no_login: bool = False,
) -> Dict[str, GlobusAuthorizer]:
token_store = token_store or str(DEFAULT_TOKEN_FILE)
token_cache = TokenCache(token_store)
token_cache.load_tokens()
token_sets: Dict[str, TokenSet] = {}
needed_scopes: Set[str] = set()
native_client = _get_globus_sdk_native_client(client_id, client_name)
for scope in scopes:
token_set = token_cache.get_tokens(scope)
if token_set is not None:
token_sets[scope] = token_set
else:
needed_scopes.add(scope)
if len(needed_scopes) > 0 and not no_login:
token_response = _do_login_for_scopes(native_client,
list(needed_scopes))
new_tokens = token_cache.update_from_oauth_token_response(
token_response, set(scopes))
token_sets.update(new_tokens)
authorizers: Dict[str, GlobusAuthorizer] = {}
for scope, token_set in token_sets.items():
if token_set is not None:
if token_set.refresh_token is not None:
def refresh_handler(grant_response: OAuthTokenResponse, *args,
**kwargs):
new_tokens = token_cache.update_from_oauth_token_response(
grant_response, set([scope]))
authorizer = RefreshTokenAuthorizer(
token_set.refresh_token,
native_client,
access_token=token_set.access_token,
expires_at=token_set.expiration_time,
on_refresh=refresh_handler,
)
# Force check that the token is not expired
authorizer.check_expiration_time()
else:
authorizer = AccessTokenAuthorizer(token_set.access_token)
authorizers[_get_base_scope(scope)] = authorizer
authorizers[scope] = authorizer
return authorizers
def get_authorizer_for_scope(
self, scope: str
) -> Optional[Union[RefreshTokenAuthorizer, AccessTokenAuthorizer]]:
try:
dep_tkn_resp = self.get_dependent_tokens().by_scopes[scope]
except KeyError:
return None
if "refresh_token" in dep_tkn_resp:
return RefreshTokenAuthorizer(
dep_tkn_resp["refresh_token"],
self.auth_client,
access_token=dep_tkn_resp["access_token"],
expires_at=dep_tkn_resp["expires_at_seconds"],
)
elif "access_token" in dep_tkn_resp:
return AccessTokenAuthorizer(dep_tkn_resp["access_token"])
else:
return None
def authorizer(client):
return RefreshTokenAuthorizer(REFRESH_TOKEN,
client,
access_token=ACCESS_TOKEN,
expires_at=EXPIRES_AT)
class RefreshTokenAuthorizerTests(CapturedIOTestCase):
def setUp(self):
"""
Sets up a RefreshTokenAuthorizer using a mock AuthClient for testing
"""
super(RefreshTokenAuthorizerTests, self).setUp()
# known values for testing
self.refresh_token = "refresh_token_1"
self.access_token = "access_token_1"
self.expires_at = -1
# response values for simulating a refresh token grant response
self.response = mock.Mock()
self.response.by_resource_server = {
"rs1": {
"expires_at_seconds": -1,
"access_token": "access_token_2"
}
}
self.rs_data = self.response.by_resource_server['rs1']
# mock AuthClient for testing
self.ac = mock.Mock()
self.ac.oauth2_refresh_token = mock.Mock(
return_value=self.response)
self.authorizer = RefreshTokenAuthorizer(
self.refresh_token, self.ac, access_token=self.access_token,
expires_at=self.expires_at)
def test_get_token_response(self):
"""
Calls _get_token_response, confirms that the mock
AuthClient is used and the known data was returned.
"""
# get new_access_token
res = self.authorizer._get_token_response()
# confirm expected response
self.assertEqual(res, self.response)
# confirm mock ConfidentailAppAuthClient was used as expected
self.ac.oauth2_refresh_token.assert_called_once_with(
self.refresh_token)
def test_multiple_resource_servers(self):
"""
Sets the mock ConfidentialAppAuthClient to return multiple resource
servers. Confirms GlobusError is raised when _extract_token_data is
called.
"""
self.response.by_resource_server = {
"rs1": {
"expires_at_seconds": -1,
"access_token": "access_token_2"
},
"rs2": {
"expires_at_seconds": -1,
"access_token": "access_token_3"
}
}
with self.assertRaises(ValueError) as err:
self.authorizer._extract_token_data(self.response)
self.assertIn("didn't return exactly one token", str(err.exception))