def test_authenticate_client(self):
request = testing.FakeRequest(headers={})
# The authorization header is required
self.assertRaises(HTTPUnauthorized, authenticate_client, request)
request = testing.FakeRequest(
headers={'Authorization': 'Advanced foobar'})
# Only the basic method is allowed
self.assertRaises(HTTPUnauthorized, authenticate_client, request)
request = testing.FakeRequest(headers={
'Authorization': auth_basic_encode('foo', 'bar'),
}, db=self.db)
# Invalid user:password
self.assertRaises(HTTPUnauthorized, authenticate_client, request)
self.db.applications.insert({
'client_id': '123456',
'client_secret': 'secret',
})
request = testing.FakeRequest(headers={
'Authorization': auth_basic_encode('123456', 'secret'),
}, db=self.db)
res = authenticate_client(request)
self.assertEqual(res['client_id'], '123456')
self.assertEqual(res['client_secret'], 'secret')
def token_endpoint(request):
app = authenticate_client(request)
grant_type = request.POST.get('grant_type')
if grant_type is None:
return HTTPBadRequest('Missing required grant_type')
if grant_type != 'authorization_code':
return HTTPNotImplemented('Only authorization_code is supported')
code = request.POST.get('code')
if code is None:
return HTTPBadRequest('Missing required code')
authorizator = Authorizator(request.db, app)
grant = authorizator.auth_codes.find(code)
if grant is None:
return HTTPUnauthorized()
# TODO: check if the grant is rotten
if app['client_id'] != grant['client_id']:
return HTTPUnauthorized()
authorizator.auth_codes.remove(grant)
request.response.headers['Cache-Control'] = 'no-store'
request.response.headers['Pragma'] = 'no-cache'
access_code = authorizator.access_codes.create(grant['user'], grant)
return {
'access_code': access_code,
'token_type': 'bearer',
'expires_in': 3600,
'scope': grant['scope'],
}