def test_validate_request_token_from_headers(self): """ Bearer token get retrieved from headers. """ with mock.patch('oauthlib.common.Request', autospec=True) as RequestMock, \ mock.patch('oauthlib.oauth2.rfc6749.request_validator.RequestValidator', autospec=True) as RequestValidatorMock: request_validator_mock = RequestValidatorMock() token = JWTToken(request_validator=request_validator_mock) request = RequestMock('/uri') # Scopes is retrieved using the __call__ method which is not picked up correctly by mock.patch # with autospec=True request.scopes = mock.MagicMock() request.headers = { 'Authorization': 'Bearer some-token-from-header' } token.validate_request(request=request) request_validator_mock.validate_jwt_bearer_token.assert_called_once_with('some-token-from-header', request.scopes, request)
def test_validate_request_token_from_headers_basic(self): """ Wrong kind of token (Basic) retrieved from headers. Confirm token is not parsed. """ with mock.patch('oauthlib.common.Request', autospec=True) as RequestMock, \ mock.patch('oauthlib.openid.RequestValidator', autospec=True) as RequestValidatorMock: request_validator_mock = RequestValidatorMock() token = JWTToken(request_validator=request_validator_mock) request = RequestMock('/uri') # Scopes is retrieved using the __call__ method which is not picked up correctly by mock.patch # with autospec=True request.scopes = mock.MagicMock() request.headers = { 'Authorization': 'Basic some-token-from-header' } token.validate_request(request=request) request_validator_mock.validate_jwt_bearer_token.assert_called_once_with(None, request.scopes, request)
def test_create_token_callable_expires_in(self): """ Test retrieval of the expires in value by calling the callable expires_in property """ expires_in_mock = mock.MagicMock() request_mock = mock.MagicMock() token = JWTToken(expires_in=expires_in_mock, request_validator=mock.MagicMock()) token.create_token(request=request_mock) expires_in_mock.assert_called_once_with(request_mock)
def test_create_token_non_callable_expires_in(self): """ When a non callable expires in is set this should just be set to the request """ expires_in_mock = mock.NonCallableMagicMock() request_mock = mock.MagicMock() token = JWTToken(expires_in=expires_in_mock, request_validator=mock.MagicMock()) token.create_token(request=request_mock) self.assertFalse(expires_in_mock.called) self.assertEqual(request_mock.expires_in, expires_in_mock)
def test_token(token, expected_result): with mock.patch('oauthlib.common.Request', autospec=True) as RequestMock: jwt_token = JWTToken() request = RequestMock('/uri') # Scopes is retrieved using the __call__ method which is not picked up correctly by mock.patch # with autospec=True request.headers = {'Authorization': 'Bearer {}'.format(token)} result = jwt_token.estimate_type(request=request) self.assertEqual(result, expected_result)
def test_create_token_calls_get_id_token(self): """ When create_token is called the call should be forwarded to the get_id_token on the token validator """ request_mock = mock.MagicMock() with mock.patch('oauthlib.oauth2.rfc6749.request_validator.RequestValidator', autospec=True) as RequestValidatorMock: request_validator = RequestValidatorMock() token = JWTToken(expires_in=mock.MagicMock(), request_validator=request_validator) token.create_token(request=request_mock) request_validator.get_jwt_bearer_token.assert_called_once_with(None, None, request_mock)
def test_validate_token_from_request(self): """ Token get retrieved from request object. """ with mock.patch('oauthlib.common.Request', autospec=True) as RequestMock, \ mock.patch('oauthlib.openid.RequestValidator', autospec=True) as RequestValidatorMock: request_validator_mock = RequestValidatorMock() token = JWTToken(request_validator=request_validator_mock) request = RequestMock('/uri') # Scopes is retrieved using the __call__ method which is not picked up correctly by mock.patch # with autospec=True request.scopes = mock.MagicMock() request.access_token = 'some-token-from-request-object' request.headers = {} token.validate_request(request=request) request_validator_mock.validate_jwt_bearer_token.assert_called_once_with( 'some-token-from-request-object', request.scopes, request)
def __init__(self, request_validator, token_expires_in=None, token_generator=None, refresh_token_generator=None, *args, **kwargs): """Construct a new all-grants-in-one server. :param request_validator: An implementation of oauthlib.oauth2.RequestValidator. :param token_expires_in: An int or a function to generate a token expiration offset (in seconds) given a oauthlib.common.Request object. :param token_generator: A function to generate a token from a request. :param refresh_token_generator: A function to generate a token from a request for the refresh token. :param kwargs: Extra parameters to pass to authorization-, token-, resource-, and revocation-endpoint constructors. """ auth_grant = OAuth2AuthorizationCodeGrant(request_validator) implicit_grant = OAuth2ImplicitGrant(request_validator) password_grant = ResourceOwnerPasswordCredentialsGrant( request_validator) credentials_grant = ClientCredentialsGrant(request_validator) refresh_grant = RefreshTokenGrant(request_validator) openid_connect_auth = AuthorizationCodeGrant(request_validator) openid_connect_implicit = ImplicitGrant(request_validator) openid_connect_hybrid = HybridGrant(request_validator) bearer = BearerToken(request_validator, token_generator, token_expires_in, refresh_token_generator) jwt = JWTToken(request_validator, token_generator, token_expires_in, refresh_token_generator) auth_grant_choice = AuthorizationCodeGrantDispatcher(default_auth_grant=auth_grant, oidc_auth_grant=openid_connect_auth) implicit_grant_choice = ImplicitTokenGrantDispatcher(default_implicit_grant=implicit_grant, oidc_implicit_grant=openid_connect_implicit) # See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Combinations for valid combinations # internally our AuthorizationEndpoint will ensure they can appear in any order for any valid combination AuthorizationEndpoint.__init__(self, default_response_type='code', response_types={ 'code': auth_grant_choice, 'token': implicit_grant_choice, 'id_token': openid_connect_implicit, 'id_token token': openid_connect_implicit, 'code token': openid_connect_hybrid, 'code id_token': openid_connect_hybrid, 'code id_token token': openid_connect_hybrid, 'none': auth_grant }, default_token_type=bearer) token_grant_choice = AuthorizationTokenGrantDispatcher(request_validator, default_token_grant=auth_grant, oidc_token_grant=openid_connect_auth) TokenEndpoint.__init__(self, default_grant_type='authorization_code', grant_types={ 'authorization_code': token_grant_choice, 'password': password_grant, 'client_credentials': credentials_grant, 'refresh_token': refresh_grant, }, default_token_type=bearer) ResourceEndpoint.__init__(self, default_token='Bearer', token_types={'Bearer': bearer, 'JWT': jwt}) RevocationEndpoint.__init__(self, request_validator)