def test_exchange_id_token_fail(self): http = HttpMockSequence([ ({'status': '200'}, """{ "access_token":"SlAV32hkKG", "refresh_token":"8xLOxBtZp8", "id_token": "stuff.payload"}"""), ]) self.assertRaises(VerifyJwtTokenError, self.flow.step2_exchange, 'some random code', http=http)
def test_urlencoded_expires_param(self): http = HttpMockSequence([ # Note the 'expires=3600' where you'd normally # have if named 'expires_in' ({'status': '200'}, 'access_token=SlAV32hkKG&expires=3600'), ]) credentials = self.flow.step2_exchange('some random code', http=http) self.assertNotEqual(None, credentials.token_expiry)
def test_urlencoded_exchange_no_expires_in(self): http = HttpMockSequence([ # This might be redundant but just to make sure # urlencoded access_token gets parsed correctly ({'status': '200'}, 'access_token=SlAV32hkKG'), ]) credentials = self.flow.step2_exchange('some random code', http=http) self.assertEqual(None, credentials.token_expiry)
def test_exchange_no_expires_in(self): http = HttpMockSequence([ ({ 'status': '200' }, """{ "access_token":"SlAV32hkKG", "refresh_token":"8xLOxBtZp8" }"""), ]) credentials = self.flow.step2_exchange('some random code', http=http) self.assertEqual(None, credentials.token_expiry)
def test_urlencoded_exchange_failure(self): http = HttpMockSequence([ ({'status': '400'}, 'error=invalid_request'), ]) try: credentials = self.flow.step2_exchange('some random code', http=http) self.fail('should raise exception if exchange doesn\'t get 200') except FlowExchangeError, e: self.assertEquals('invalid_request', str(e))
def test_urlencoded_exchange_success(self): http = HttpMockSequence([ ({ 'status': '200' }, 'access_token=SlAV32hkKG&expires_in=3600'), ]) credentials = self.flow.step2_exchange('some random code', http=http) self.assertEqual('SlAV32hkKG', credentials.access_token) self.assertNotEqual(None, credentials.token_expiry)
def test_exchange_failure(self): http = HttpMockSequence([ ({'status': '400'}, '{"error":"invalid_request"}'), ]) try: credentials = self.flow.step2_exchange('some random code', http=http) self.fail('should raise exception if exchange doesn\'t get 200') except FlowExchangeError: pass
def test_non_401_error_response(self): http = HttpMockSequence([ ({ 'status': '400' }, ''), ]) http = self.credentials.authorize(http) resp, content = http.request('http://example.com') self.assertEqual(400, resp.status) self.assertEqual(None, self.credentials.token_response)
def test_exchange_code_for_token(self): token = 'asdfghjkl' payload =simplejson.dumps({'access_token': token, 'expires_in': 3600}) http = HttpMockSequence([ ({'status': '200'}, payload), ]) credentials = credentials_from_code(self.client_id, self.client_secret, self.scope, self.code, redirect_uri=self.redirect_uri, http=http) self.assertEquals(credentials.access_token, token) self.assertNotEqual(None, credentials.token_expiry)
def test_exchange_code_and_cached_file_for_token(self): http = HttpMockSequence([ ({'status': '200'}, '{ "access_token":"asdfghjkl"}'), ]) cache_mock = CacheMock() load_and_cache('client_secrets.json', 'some_secrets', cache_mock) credentials = credentials_from_clientsecrets_and_code( 'some_secrets', self.scope, self.code, http=http, cache=cache_mock) self.assertEquals(credentials.access_token, 'asdfghjkl')
def test_exchange_code_and_file_for_token(self): http = HttpMockSequence([ ({ 'status': '200' }, """{ "access_token":"asdfghjkl", "expires_in":3600 }"""), ]) credentials = credentials_from_clientsecrets_and_code( datafile('client_secrets.json'), self.scope, self.code, http=http) self.assertEquals(credentials.access_token, 'asdfghjkl') self.assertNotEqual(None, credentials.token_expiry)
def test_assertion_refresh(self): http = HttpMockSequence([ ({ 'status': '200' }, '{"access_token":"1/3w"}'), ({ 'status': '200' }, 'echo_request_headers'), ]) http = self.credentials.authorize(http) resp, content = http.request('http://example.com') self.assertEqual('Bearer 1/3w', content['Authorization'])
def test_exchange_code_and_file_for_token_fail(self): http = HttpMockSequence([ ({'status': '400'}, '{"error":"invalid_request"}'), ]) try: credentials = credentials_from_clientsecrets_and_code( datafile('client_secrets.json'), self.scope, self.code, http=http) self.fail('should raise exception if exchange doesn\'t get 200') except FlowExchangeError: pass
def test_exchange_code_for_token_fail(self): http = HttpMockSequence([ ({'status': '400'}, '{"error":"invalid_request"}'), ]) try: credentials = credentials_from_code(self.client_id, self.client_secret, self.scope, self.code, redirect_uri=self.redirect_uri, http=http) self.fail('should raise exception if exchange doesn\'t get 200') except FlowExchangeError: pass
def test_exchange_fails_if_no_code(self): http = HttpMockSequence([ ({'status': '200'}, """{ "access_token":"SlAV32hkKG", "refresh_token":"8xLOxBtZp8" }"""), ]) code = {'error': 'thou shall not pass'} try: credentials = self.flow.step2_exchange(code, http=http) self.fail('should raise exception if no code in dictionary.') except FlowExchangeError, e: self.assertTrue('shall not pass' in str(e))
def test_token_refresh_success(self): for status_code in REFRESH_STATUS_CODES: http = HttpMockSequence([ ({'status': status_code}, ''), ]) http = self.credentials.authorize(http) try: resp, content = http.request('http://example.com') self.fail('should throw exception if token expires') except AccessTokenCredentialsError: pass except Exception: self.fail('should only throw AccessTokenCredentialsError')
def test_token_refresh_success(self): for status_code in REFRESH_STATUS_CODES: token_response = {'access_token': '1/3w', 'expires_in': 3600} http = HttpMockSequence([ ({'status': status_code}, ''), ({'status': '200'}, simplejson.dumps(token_response)), ({'status': '200'}, 'echo_request_headers'), ]) http = self.credentials.authorize(http) resp, content = http.request('http://example.com') self.assertEqual('Bearer 1/3w', content['Authorization']) self.assertFalse(self.credentials.access_token_expired) self.assertEqual(token_response, self.credentials.token_response)
def test_exchange_success(self): http = HttpMockSequence([ ({'status': '200'}, """{ "access_token":"SlAV32hkKG", "expires_in":3600, "refresh_token":"8xLOxBtZp8" }"""), ]) credentials = self.flow.step2_exchange('some random code', http=http) self.assertEqual('SlAV32hkKG', credentials.access_token) self.assertNotEqual(None, credentials.token_expiry) self.assertEqual('8xLOxBtZp8', credentials.refresh_token) self.assertEqual('dummy_revoke_uri', credentials.revoke_uri)
def test_exchange_id_token_fail(self): body = {'foo': 'bar'} payload = base64.urlsafe_b64encode(simplejson.dumps(body)).strip('=') jwt = (base64.urlsafe_b64encode('stuff')+ '.' + payload + '.' + base64.urlsafe_b64encode('signature')) http = HttpMockSequence([ ({'status': '200'}, """{ "access_token":"SlAV32hkKG", "refresh_token":"8xLOxBtZp8", "id_token": "%s"}""" % jwt), ]) credentials = self.flow.step2_exchange('some random code', http=http) self.assertEqual(credentials.id_token, body)
def test_token_refresh_failure(self): for status_code in REFRESH_STATUS_CODES: http = HttpMockSequence([ ({'status': status_code}, ''), ({'status': '400'}, '{"error":"access_denied"}'), ]) http = self.credentials.authorize(http) try: http.request('http://example.com') self.fail('should raise AccessTokenRefreshError exception') except AccessTokenRefreshError: pass self.assertTrue(self.credentials.access_token_expired) self.assertEqual(None, self.credentials.token_response)
def test_verify_id_token_with_certs_uri_fails(self): jwt = self._create_signed_jwt() http = HttpMockSequence([ ({ 'status': '404' }, datafile('certs.json')), ]) self.assertRaises(VerifyJwtTokenError, verify_id_token, jwt, '*****@*****.**', http=http)
def test_verify_id_token_with_certs_uri(self): jwt = self._create_signed_jwt() http = HttpMockSequence([ ({ 'status': '200' }, datafile('certs.json')), ]) contents = verify_id_token( jwt, '*****@*****.**', http=http) self.assertEqual('billy bob', contents['user']) self.assertEqual('data', contents['metadata']['meta'])
def test_credentials_good(self): private_key = datafile('privatekey.%s' % self.format) credentials = SignedJwtAssertionCredentials('*****@*****.**', private_key, scope='read+write', sub='*****@*****.**') http = HttpMockSequence([ ({ 'status': '200' }, '{"access_token":"1/3w","expires_in":3600}'), ({ 'status': '200' }, 'echo_request_headers'), ]) http = credentials.authorize(http) resp, content = http.request('http://example.org') self.assertEqual('Bearer 1/3w', content['Authorization'])
def test_exchange_failure_with_json_error(self): # Some providers have 'error' attribute as a JSON object # in place of regular string. # This test makes sure no strange object-to-string coversion # exceptions are being raised instead of FlowExchangeError. http = HttpMockSequence([ ({'status': '400'}, """ {"error": { "type": "OAuthException", "message": "Error validating verification code."} }"""), ]) try: credentials = self.flow.step2_exchange('some random code', http=http) self.fail('should raise exception if exchange doesn\'t get 200') except FlowExchangeError, e: pass
def _credentials_refresh(self, credentials): http = HttpMockSequence([ ({ 'status': '200' }, '{"access_token":"1/3w","expires_in":3600}'), ({ 'status': '401' }, ''), ({ 'status': '200' }, '{"access_token":"3/3w","expires_in":3600}'), ({ 'status': '200' }, 'echo_request_headers'), ]) http = credentials.authorize(http) resp, content = http.request('http://example.org') return content
def test_get_access_token(self): S = 2 # number of seconds in which the token expires token_response_first = {'access_token': 'first_token', 'expires_in': S} token_response_second = { 'access_token': 'second_token', 'expires_in': S } http = HttpMockSequence([ ({ 'status': '200' }, simplejson.dumps(token_response_first)), ({ 'status': '200' }, simplejson.dumps(token_response_second)), ]) token = self.credentials.get_access_token(http=http) self.assertEqual('first_token', token.access_token) self.assertEqual(S - 1, token.expires_in) self.assertFalse(self.credentials.access_token_expired) self.assertEqual(token_response_first, self.credentials.token_response) token = self.credentials.get_access_token(http=http) self.assertEqual('first_token', token.access_token) self.assertEqual(S - 1, token.expires_in) self.assertFalse(self.credentials.access_token_expired) self.assertEqual(token_response_first, self.credentials.token_response) time.sleep(S) self.assertTrue(self.credentials.access_token_expired) token = self.credentials.get_access_token(http=http) self.assertEqual('second_token', token.access_token) self.assertEqual(S - 1, token.expires_in) self.assertFalse(self.credentials.access_token_expired) self.assertEqual(token_response_second, self.credentials.token_response)