def test_exchange_id_token_fail(self):
http = HttpMockSequence([
({'status': '200'}, """{ "access_token":"SlAV32hkKG",
"refresh_token":"8xLOxBtZp8",
"id_token": "stuff.payload"}"""),
])
self.assertRaises(VerifyJwtTokenError, self.flow.step2_exchange,
'some random code', http=http)
def test_urlencoded_expires_param(self):
http = HttpMockSequence([
# Note the 'expires=3600' where you'd normally
# have if named 'expires_in'
({'status': '200'}, 'access_token=SlAV32hkKG&expires=3600'),
])
credentials = self.flow.step2_exchange('some random code', http=http)
self.assertNotEqual(None, credentials.token_expiry)
def test_urlencoded_exchange_no_expires_in(self):
http = HttpMockSequence([
# This might be redundant but just to make sure
# urlencoded access_token gets parsed correctly
({'status': '200'}, 'access_token=SlAV32hkKG'),
])
credentials = self.flow.step2_exchange('some random code', http=http)
self.assertEqual(None, credentials.token_expiry)
def test_exchange_no_expires_in(self):
http = HttpMockSequence([
({
'status': '200'
}, """{ "access_token":"SlAV32hkKG",
"refresh_token":"8xLOxBtZp8" }"""),
])
credentials = self.flow.step2_exchange('some random code', http=http)
self.assertEqual(None, credentials.token_expiry)
def test_urlencoded_exchange_failure(self):
http = HttpMockSequence([
({'status': '400'}, 'error=invalid_request'),
])
try:
credentials = self.flow.step2_exchange('some random code', http=http)
self.fail('should raise exception if exchange doesn\'t get 200')
except FlowExchangeError, e:
self.assertEquals('invalid_request', str(e))
def test_urlencoded_exchange_success(self):
http = HttpMockSequence([
({
'status': '200'
}, 'access_token=SlAV32hkKG&expires_in=3600'),
])
credentials = self.flow.step2_exchange('some random code', http=http)
self.assertEqual('SlAV32hkKG', credentials.access_token)
self.assertNotEqual(None, credentials.token_expiry)
def test_exchange_failure(self):
http = HttpMockSequence([
({'status': '400'}, '{"error":"invalid_request"}'),
])
try:
credentials = self.flow.step2_exchange('some random code', http=http)
self.fail('should raise exception if exchange doesn\'t get 200')
except FlowExchangeError:
pass
def test_non_401_error_response(self):
http = HttpMockSequence([
({
'status': '400'
}, ''),
])
http = self.credentials.authorize(http)
resp, content = http.request('http://example.com')
self.assertEqual(400, resp.status)
self.assertEqual(None, self.credentials.token_response)
def test_exchange_code_for_token(self):
token = 'asdfghjkl'
payload =simplejson.dumps({'access_token': token, 'expires_in': 3600})
http = HttpMockSequence([
({'status': '200'}, payload),
])
credentials = credentials_from_code(self.client_id, self.client_secret,
self.scope, self.code, redirect_uri=self.redirect_uri,
http=http)
self.assertEquals(credentials.access_token, token)
self.assertNotEqual(None, credentials.token_expiry)
def test_exchange_code_and_cached_file_for_token(self):
http = HttpMockSequence([
({'status': '200'}, '{ "access_token":"asdfghjkl"}'),
])
cache_mock = CacheMock()
load_and_cache('client_secrets.json', 'some_secrets', cache_mock)
credentials = credentials_from_clientsecrets_and_code(
'some_secrets', self.scope,
self.code, http=http, cache=cache_mock)
self.assertEquals(credentials.access_token, 'asdfghjkl')
def test_exchange_code_and_file_for_token(self):
http = HttpMockSequence([
({
'status': '200'
}, """{ "access_token":"asdfghjkl",
"expires_in":3600 }"""),
])
credentials = credentials_from_clientsecrets_and_code(
datafile('client_secrets.json'), self.scope, self.code, http=http)
self.assertEquals(credentials.access_token, 'asdfghjkl')
self.assertNotEqual(None, credentials.token_expiry)
def test_assertion_refresh(self):
http = HttpMockSequence([
({
'status': '200'
}, '{"access_token":"1/3w"}'),
({
'status': '200'
}, 'echo_request_headers'),
])
http = self.credentials.authorize(http)
resp, content = http.request('http://example.com')
self.assertEqual('Bearer 1/3w', content['Authorization'])
def test_exchange_code_and_file_for_token_fail(self):
http = HttpMockSequence([
({'status': '400'}, '{"error":"invalid_request"}'),
])
try:
credentials = credentials_from_clientsecrets_and_code(
datafile('client_secrets.json'), self.scope,
self.code, http=http)
self.fail('should raise exception if exchange doesn\'t get 200')
except FlowExchangeError:
pass
def test_exchange_code_for_token_fail(self):
http = HttpMockSequence([
({'status': '400'}, '{"error":"invalid_request"}'),
])
try:
credentials = credentials_from_code(self.client_id, self.client_secret,
self.scope, self.code, redirect_uri=self.redirect_uri,
http=http)
self.fail('should raise exception if exchange doesn\'t get 200')
except FlowExchangeError:
pass
def test_exchange_fails_if_no_code(self):
http = HttpMockSequence([
({'status': '200'}, """{ "access_token":"SlAV32hkKG",
"refresh_token":"8xLOxBtZp8" }"""),
])
code = {'error': 'thou shall not pass'}
try:
credentials = self.flow.step2_exchange(code, http=http)
self.fail('should raise exception if no code in dictionary.')
except FlowExchangeError, e:
self.assertTrue('shall not pass' in str(e))
def test_token_refresh_success(self):
for status_code in REFRESH_STATUS_CODES:
http = HttpMockSequence([
({'status': status_code}, ''),
])
http = self.credentials.authorize(http)
try:
resp, content = http.request('http://example.com')
self.fail('should throw exception if token expires')
except AccessTokenCredentialsError:
pass
except Exception:
self.fail('should only throw AccessTokenCredentialsError')
def test_token_refresh_success(self):
for status_code in REFRESH_STATUS_CODES:
token_response = {'access_token': '1/3w', 'expires_in': 3600}
http = HttpMockSequence([
({'status': status_code}, ''),
({'status': '200'}, simplejson.dumps(token_response)),
({'status': '200'}, 'echo_request_headers'),
])
http = self.credentials.authorize(http)
resp, content = http.request('http://example.com')
self.assertEqual('Bearer 1/3w', content['Authorization'])
self.assertFalse(self.credentials.access_token_expired)
self.assertEqual(token_response, self.credentials.token_response)
def test_exchange_success(self):
http = HttpMockSequence([
({'status': '200'},
"""{ "access_token":"SlAV32hkKG",
"expires_in":3600,
"refresh_token":"8xLOxBtZp8" }"""),
])
credentials = self.flow.step2_exchange('some random code', http=http)
self.assertEqual('SlAV32hkKG', credentials.access_token)
self.assertNotEqual(None, credentials.token_expiry)
self.assertEqual('8xLOxBtZp8', credentials.refresh_token)
self.assertEqual('dummy_revoke_uri', credentials.revoke_uri)
def test_exchange_id_token_fail(self):
body = {'foo': 'bar'}
payload = base64.urlsafe_b64encode(simplejson.dumps(body)).strip('=')
jwt = (base64.urlsafe_b64encode('stuff')+ '.' + payload + '.' +
base64.urlsafe_b64encode('signature'))
http = HttpMockSequence([
({'status': '200'}, """{ "access_token":"SlAV32hkKG",
"refresh_token":"8xLOxBtZp8",
"id_token": "%s"}""" % jwt),
])
credentials = self.flow.step2_exchange('some random code', http=http)
self.assertEqual(credentials.id_token, body)
def test_token_refresh_failure(self):
for status_code in REFRESH_STATUS_CODES:
http = HttpMockSequence([
({'status': status_code}, ''),
({'status': '400'}, '{"error":"access_denied"}'),
])
http = self.credentials.authorize(http)
try:
http.request('http://example.com')
self.fail('should raise AccessTokenRefreshError exception')
except AccessTokenRefreshError:
pass
self.assertTrue(self.credentials.access_token_expired)
self.assertEqual(None, self.credentials.token_response)
def test_verify_id_token_with_certs_uri_fails(self):
jwt = self._create_signed_jwt()
http = HttpMockSequence([
({
'status': '404'
}, datafile('certs.json')),
])
self.assertRaises(VerifyJwtTokenError,
verify_id_token,
jwt,
'*****@*****.**',
http=http)
def test_verify_id_token_with_certs_uri(self):
jwt = self._create_signed_jwt()
http = HttpMockSequence([
({
'status': '200'
}, datafile('certs.json')),
])
contents = verify_id_token(
jwt,
'*****@*****.**',
http=http)
self.assertEqual('billy bob', contents['user'])
self.assertEqual('data', contents['metadata']['meta'])
def test_credentials_good(self):
private_key = datafile('privatekey.%s' % self.format)
credentials = SignedJwtAssertionCredentials('*****@*****.**',
private_key,
scope='read+write',
sub='*****@*****.**')
http = HttpMockSequence([
({
'status': '200'
}, '{"access_token":"1/3w","expires_in":3600}'),
({
'status': '200'
}, 'echo_request_headers'),
])
http = credentials.authorize(http)
resp, content = http.request('http://example.org')
self.assertEqual('Bearer 1/3w', content['Authorization'])
def test_exchange_failure_with_json_error(self):
# Some providers have 'error' attribute as a JSON object
# in place of regular string.
# This test makes sure no strange object-to-string coversion
# exceptions are being raised instead of FlowExchangeError.
http = HttpMockSequence([
({'status': '400'},
""" {"error": {
"type": "OAuthException",
"message": "Error validating verification code."} }"""),
])
try:
credentials = self.flow.step2_exchange('some random code', http=http)
self.fail('should raise exception if exchange doesn\'t get 200')
except FlowExchangeError, e:
pass
def _credentials_refresh(self, credentials):
http = HttpMockSequence([
({
'status': '200'
}, '{"access_token":"1/3w","expires_in":3600}'),
({
'status': '401'
}, ''),
({
'status': '200'
}, '{"access_token":"3/3w","expires_in":3600}'),
({
'status': '200'
}, 'echo_request_headers'),
])
http = credentials.authorize(http)
resp, content = http.request('http://example.org')
return content
def test_get_access_token(self):
S = 2 # number of seconds in which the token expires
token_response_first = {'access_token': 'first_token', 'expires_in': S}
token_response_second = {
'access_token': 'second_token',
'expires_in': S
}
http = HttpMockSequence([
({
'status': '200'
}, simplejson.dumps(token_response_first)),
({
'status': '200'
}, simplejson.dumps(token_response_second)),
])
token = self.credentials.get_access_token(http=http)
self.assertEqual('first_token', token.access_token)
self.assertEqual(S - 1, token.expires_in)
self.assertFalse(self.credentials.access_token_expired)
self.assertEqual(token_response_first, self.credentials.token_response)
token = self.credentials.get_access_token(http=http)
self.assertEqual('first_token', token.access_token)
self.assertEqual(S - 1, token.expires_in)
self.assertFalse(self.credentials.access_token_expired)
self.assertEqual(token_response_first, self.credentials.token_response)
time.sleep(S)
self.assertTrue(self.credentials.access_token_expired)
token = self.credentials.get_access_token(http=http)
self.assertEqual('second_token', token.access_token)
self.assertEqual(S - 1, token.expires_in)
self.assertFalse(self.credentials.access_token_expired)
self.assertEqual(token_response_second,
self.credentials.token_response)
