def test_oauth2_implicit_flow_token_is_reused_if_only_nonce_differs(
token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock):
auth1 = httpx_auth.OAuth2Implicit(
"http://provide_token?response_type=custom_token&nonce=1",
token_field_name="custom_token",
)
expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
token = create_token(expiry_in_1_hour)
tab = browser_mock.add_response(
opened_url=
"http://provide_token?response_type=custom_token&state=67b95d2c7555751d1d72c97c7cd9ad6630c8395e0eaa51ee86ac7e451211ded9cd98a7190848789fe93632d8960425710e93f1f5549c6c6bc328bf3865a85ff2&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&nonce=%5B%271%27%5D",
reply_url="http://localhost:5000",
data=
f"custom_token={token}&state=67b95d2c7555751d1d72c97c7cd9ad6630c8395e0eaa51ee86ac7e451211ded9cd98a7190848789fe93632d8960425710e93f1f5549c6c6bc328bf3865a85ff2",
)
assert get_header(httpx_mock,
auth1).get("Authorization") == f"Bearer {token}"
auth2 = httpx_auth.OAuth2Implicit(
"http://provide_token?response_type=custom_token&nonce=2",
token_field_name="custom_token",
)
response = httpx.get("http://authorized_only", auth=auth2)
# Return headers received on this dummy URL
assert response.request.headers.get("Authorization") == f"Bearer {token}"
tab.assert_success(
"You are now authenticated on 67b95d2c7555751d1d72c97c7cd9ad6630c8395e0eaa51ee86ac7e451211ded9cd98a7190848789fe93632d8960425710e93f1f5549c6c6bc328bf3865a85ff2. You may close this tab."
)
def test_oauth2_implicit_flow_post_token_is_expired_after_30_seconds_by_default(
token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock):
auth = httpx_auth.OAuth2Implicit("http://provide_token")
# Add a token that expires in 29 seconds, so should be considered as expired when issuing the request
expiry_in_29_seconds = datetime.datetime.utcnow() + datetime.timedelta(
seconds=29)
token_cache._add_token(
key=
"42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521",
token=create_token(expiry_in_29_seconds),
expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29),
)
# Meaning a new one will be requested
expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
token = create_token(expiry_in_1_hour)
tab = browser_mock.add_response(
opened_url=
"http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000",
data=
f"access_token={token}&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521",
)
assert get_header(httpx_mock,
auth).get("Authorization") == f"Bearer {token}"
tab.assert_success(
"You are now authenticated on 42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521. You may close this tab."
)
def test_browser_error(token_cache, httpx_mock: HTTPXMock, monkeypatch):
import httpx_auth.oauth2_authentication_responses_server
auth = httpx_auth.OAuth2Implicit("http://provide_token", timeout=0.1)
class FakeBrowser:
def open(self, url, new):
import webbrowser
raise webbrowser.Error("Failure")
monkeypatch.setattr(
httpx_auth.oauth2_authentication_responses_server.webbrowser,
"get",
lambda *args: FakeBrowser(),
)
httpx_mock.add_response(
method="GET",
url=
"http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
)
with pytest.raises(httpx_auth.TimeoutOccurred) as exception_info:
httpx.get("http://authorized_only", auth=auth)
assert (str(exception_info.value) ==
"User authentication was not received within 0.1 seconds.")
def test_oauth2_implicit_flow_token_is_not_reused_if_a_url_parameter_is_changing(
token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock):
auth1 = httpx_auth.OAuth2Implicit(
"http://provide_token?response_type=custom_token&fake_param=1",
token_field_name="custom_token",
)
expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
first_token = create_token(expiry_in_1_hour)
tab1 = browser_mock.add_response(
opened_url=
"http://provide_token?response_type=custom_token&fake_param=1&state=5652a8138e3a99dab7b94532c73ed5b10f19405316035d1efdc8bf7e0713690485254c2eaff912040eac44031889ef0a5ed5730c8a111541120d64a898c31afe&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000",
data=
f"custom_token={first_token}&state=5652a8138e3a99dab7b94532c73ed5b10f19405316035d1efdc8bf7e0713690485254c2eaff912040eac44031889ef0a5ed5730c8a111541120d64a898c31afe",
)
assert get_header(httpx_mock,
auth1).get("Authorization") == f"Bearer {first_token}"
# Ensure that the new token is different than previous one
expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(
hours=1, seconds=1)
auth2 = httpx_auth.OAuth2Implicit(
"http://provide_token?response_type=custom_token&fake_param=2",
token_field_name="custom_token",
)
second_token = create_token(expiry_in_1_hour)
tab2 = browser_mock.add_response(
opened_url=
"http://provide_token?response_type=custom_token&fake_param=2&state=5c3940ccf78ac6e7d6d8d06782d9fd95a533aa5425b616eaa38dc3ec9508fbd55152c58a0d8dd8a087e76b77902559285819a41cb78ce8713e5a3b974bf07ce9&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000",
data=
f"custom_token={second_token}&state=5c3940ccf78ac6e7d6d8d06782d9fd95a533aa5425b616eaa38dc3ec9508fbd55152c58a0d8dd8a087e76b77902559285819a41cb78ce8713e5a3b974bf07ce9",
)
response = httpx.get("http://authorized_only", auth=auth2)
# Return headers received on this dummy URL
assert response.request.headers.get(
"Authorization") == f"Bearer {second_token}"
tab1.assert_success(
"You are now authenticated on 5652a8138e3a99dab7b94532c73ed5b10f19405316035d1efdc8bf7e0713690485254c2eaff912040eac44031889ef0a5ed5730c8a111541120d64a898c31afe. You may close this tab."
)
tab2.assert_success(
"You are now authenticated on 5c3940ccf78ac6e7d6d8d06782d9fd95a533aa5425b616eaa38dc3ec9508fbd55152c58a0d8dd8a087e76b77902559285819a41cb78ce8713e5a3b974bf07ce9. You may close this tab."
)
def test_oauth2_implicit_flow_token_is_reused_if_not_expired(
token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock
):
auth1 = httpx_auth.OAuth2Implicit("http://provide_token")
expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
token = create_token(expiry_in_1_hour)
tab = browser_mock.add_response(
opened_url="http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000",
data=f"access_token={token}&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521",
)
assert get_header(httpx_mock, auth1).get("Authorization") == f"Bearer {token}"
oauth2 = httpx_auth.OAuth2Implicit("http://provide_token")
response = httpx.get("http://authorized_only", auth=oauth2)
# Return headers received on this dummy URL
assert response.request.headers.get("Authorization") == f"Bearer {token}"
tab.assert_success(
"You are now authenticated on 42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521. You may close this tab."
)
def test_state_change(token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock):
auth = httpx_auth.OAuth2Implicit("http://provide_token")
expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
token = create_token(expiry_in_1_hour)
tab = browser_mock.add_response(
opened_url="http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000",
data=f"access_token={token}&state=123456",
)
assert get_header(httpx_mock, auth).get("Authorization") == f"Bearer {token}"
tab.assert_success("You are now authenticated on 123456. You may close this tab.")
def test_oauth2_implicit_flow_expects_token_in_id_token_if_response_type_in_url_is_id_token(
token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock
):
auth = httpx_auth.OAuth2Implicit("http://provide_token?response_type=id_token")
expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
token = create_token(expiry_in_1_hour)
tab = browser_mock.add_response(
opened_url="http://provide_token?response_type=id_token&state=87c4108ec0eb03599335333a40434a36674269690b6957fef684bfb6c5a849ce660ef7031aa874c44d67cd3eada8febdfce41efb1ed3bc53a0a7e716cbba025a&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000",
data=f"id_token={token}&state=87c4108ec0eb03599335333a40434a36674269690b6957fef684bfb6c5a849ce660ef7031aa874c44d67cd3eada8febdfce41efb1ed3bc53a0a7e716cbba025a",
)
assert get_header(httpx_mock, auth).get("Authorization") == f"Bearer {token}"
tab.assert_success(
"You are now authenticated on 87c4108ec0eb03599335333a40434a36674269690b6957fef684bfb6c5a849ce660ef7031aa874c44d67cd3eada8febdfce41efb1ed3bc53a0a7e716cbba025a. You may close this tab."
)
def test_oauth2_implicit_flow_post_token_custom_expiry(
token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock):
auth = httpx_auth.OAuth2Implicit("http://provide_token", early_expiry=28)
# Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request
expiry_in_29_seconds = datetime.datetime.utcnow() + datetime.timedelta(
seconds=29)
token = create_token(expiry_in_29_seconds)
token_cache._add_token(
key=
"42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521",
token=create_token(expiry_in_29_seconds),
expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29),
)
assert get_header(httpx_mock,
auth).get("Authorization") == f"Bearer {token}"
def test_token_without_expiry_is_invalid(token_cache, browser_mock: BrowserMock):
tab = browser_mock.add_response(
opened_url="http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000",
data=f"access_token={create_token(None)}&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521",
)
with pytest.raises(httpx_auth.TokenExpiryNotProvided) as exception_info:
httpx.get(
"http://authorized_only",
auth=httpx_auth.OAuth2Implicit("http://provide_token"),
)
assert str(exception_info.value) == "Expiry (exp) is not provided in None."
tab.assert_success(
"You are now authenticated on 42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521. You may close this tab."
)
def test_with_invalid_token_request_invalid_request_error_and_error_description(
token_cache, browser_mock: BrowserMock):
tab = browser_mock.add_response(
opened_url=
"http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url=
"http://localhost:5000#error=invalid_request&error_description=desc",
)
with pytest.raises(httpx_auth.InvalidGrantRequest) as exception_info:
httpx.get(
"http://authorized_only",
auth=httpx_auth.OAuth2Implicit("http://provide_token"),
)
assert str(exception_info.value) == "invalid_request: desc"
tab.assert_failure(
"Unable to properly perform authentication: invalid_request: desc")
def test_oauth2_implicit_flow_get_failure_if_token_is_not_provided(
token_cache, browser_mock: BrowserMock):
tab = browser_mock.add_response(
opened_url=
"http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000",
)
with pytest.raises(Exception) as exception_info:
httpx.get(
"http://authorized_only",
auth=httpx_auth.OAuth2Implicit("http://provide_token"),
)
assert str(exception_info.value) == "access_token not provided within {}."
tab.assert_failure(
"Unable to properly perform authentication: access_token not provided within {}."
)
def test_oauth2_implicit_flow_failure_if_token_is_not_received_within_the_timeout_interval(
token_cache, browser_mock: BrowserMock):
browser_mock.add_response(
opened_url=
"http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
# Simulate no redirect
reply_url=None,
)
with pytest.raises(httpx_auth.TimeoutOccurred) as exception_info:
httpx.get(
"http://authorized_only",
auth=httpx_auth.OAuth2Implicit("http://provide_token",
timeout=0.1),
)
assert (str(exception_info.value) ==
"User authentication was not received within 0.1 seconds.")
def test_with_invalid_token_request_server_error_error(
token_cache, browser_mock: BrowserMock):
tab = browser_mock.add_response(
opened_url=
"http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000#error=server_error",
)
with pytest.raises(httpx_auth.InvalidGrantRequest) as exception_info:
httpx.get(
"http://authorized_only",
auth=httpx_auth.OAuth2Implicit("http://provide_token"),
)
assert (
str(exception_info.value) ==
"server_error: The authorization server encountered an unexpected condition that prevented it from fulfilling the request. (This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.)"
)
tab.assert_failure(
"Unable to properly perform authentication: server_error: The authorization server encountered an unexpected condition that prevented it from fulfilling the request. (This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.)"
)
def test_with_invalid_token_request_unsupported_response_type_error(
token_cache, browser_mock: BrowserMock):
tab = browser_mock.add_response(
opened_url=
"http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000#error=unsupported_response_type",
)
with pytest.raises(httpx_auth.InvalidGrantRequest) as exception_info:
httpx.get(
"http://authorized_only",
auth=httpx_auth.OAuth2Implicit("http://provide_token"),
)
assert (
str(exception_info.value) ==
"unsupported_response_type: The authorization server does not support obtaining an authorization code or an access token using this method."
)
tab.assert_failure(
"Unable to properly perform authentication: unsupported_response_type: The authorization server does not support obtaining an authorization code or an access token using this method."
)
def test_oauth2_implicit_flow_can_send_a_custom_response_type_and_expects_token_to_be_received_with_this_name(
token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock
):
auth = httpx_auth.OAuth2Implicit(
"http://provide_token",
response_type="custom_token",
token_field_name="custom_token",
)
expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
token = create_token(expiry_in_1_hour)
tab = browser_mock.add_response(
opened_url="http://provide_token?response_type=custom_token&state=67b95d2c7555751d1d72c97c7cd9ad6630c8395e0eaa51ee86ac7e451211ded9cd98a7190848789fe93632d8960425710e93f1f5549c6c6bc328bf3865a85ff2&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000",
data=f"custom_token={token}&state=67b95d2c7555751d1d72c97c7cd9ad6630c8395e0eaa51ee86ac7e451211ded9cd98a7190848789fe93632d8960425710e93f1f5549c6c6bc328bf3865a85ff2",
)
assert get_header(httpx_mock, auth).get("Authorization") == f"Bearer {token}"
tab.assert_success(
"You are now authenticated on 67b95d2c7555751d1d72c97c7cd9ad6630c8395e0eaa51ee86ac7e451211ded9cd98a7190848789fe93632d8960425710e93f1f5549c6c6bc328bf3865a85ff2. You may close this tab."
)
def test_oauth2_implicit_flow_token_can_be_requested_on_a_custom_server_port(
token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock
):
# TODO Should use a method to retrieve a free port instead
available_port = 5002
auth = httpx_auth.OAuth2Implicit(
"http://provide_token", redirect_uri_port=available_port
)
expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
token = create_token(expiry_in_1_hour)
tab = browser_mock.add_response(
opened_url="http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5002%2F",
reply_url="http://localhost:5002",
data=f"access_token={token}&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521",
)
assert get_header(httpx_mock, auth).get("Authorization") == f"Bearer {token}"
tab.assert_success(
"You are now authenticated on 42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521. You may close this tab."
)
def test_with_invalid_token_request_temporarily_unavailable_error(
token_cache, browser_mock: BrowserMock):
tab = browser_mock.add_response(
opened_url=
"http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000#error=temporarily_unavailable",
)
with pytest.raises(httpx_auth.InvalidGrantRequest) as exception_info:
httpx.get(
"http://authorized_only",
auth=httpx_auth.OAuth2Implicit("http://provide_token"),
)
assert (
str(exception_info.value) ==
"temporarily_unavailable: The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. (This error code is needed because a 503 Service Unavailable HTTP status code cannot be returned to the client via an HTTP redirect.)"
)
tab.assert_failure(
"Unable to properly perform authentication: temporarily_unavailable: The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. (This error code is needed because a 503 Service Unavailable HTTP status code cannot be returned to the client via an HTTP redirect.)"
)
def test_oauth2_implicit_flow_post_failure_if_state_is_not_provided(
token_cache, browser_mock: BrowserMock):
expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
token = create_token(expiry_in_1_hour)
tab = browser_mock.add_response(
opened_url=
"http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000",
data=f"access_token={token}",
)
with pytest.raises(httpx_auth.StateNotProvided) as exception_info:
httpx.get(
"http://authorized_only",
auth=httpx_auth.OAuth2Implicit("http://provide_token"),
)
assert (str(exception_info.value) ==
f"state not provided within {{'access_token': ['{token}']}}.")
tab.assert_failure(
f"Unable to properly perform authentication: state not provided within {{'access_token': ['{token}']}}."
)
def test_oauth2_implicit_flow_token_is_requested_again_if_expired(
token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock):
auth = httpx_auth.OAuth2Implicit("http://provide_token")
# This token will expires in 100 milliseconds
expiry_in_1_second = datetime.datetime.utcnow() + datetime.timedelta(
milliseconds=100)
first_token = create_token(expiry_in_1_second)
tab1 = browser_mock.add_response(
opened_url=
"http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000",
data=
f"access_token={first_token}&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521",
)
assert get_header(httpx_mock,
auth).get("Authorization") == f"Bearer {first_token}"
# Wait to ensure that the token will be considered as expired
time.sleep(0.2)
# Token should now be expired, a new one should be requested
expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
second_token = create_token(expiry_in_1_hour)
tab2 = browser_mock.add_response(
opened_url=
"http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000",
data=
f"access_token={second_token}&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521",
)
response = httpx.get("http://authorized_only", auth=auth)
# Return headers received on this dummy URL
assert response.request.headers.get(
"Authorization") == f"Bearer {second_token}"
tab1.assert_success(
"You are now authenticated on 42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521. You may close this tab."
)
tab2.assert_success(
"You are now authenticated on 42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521. You may close this tab."
)
def test_oauth2_implicit_and_multiple_authentication_can_be_combined(
token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock
):
implicit_auth = httpx_auth.OAuth2Implicit("http://provide_token")
expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
token = create_token(expiry_in_1_hour)
tab = browser_mock.add_response(
opened_url="http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000",
data=f"access_token={token}&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521",
)
api_key_auth = httpx_auth.HeaderApiKey("my_provided_api_key")
api_key_auth2 = httpx_auth.HeaderApiKey(
"my_provided_api_key2", header_name="X-Api-Key2"
)
header = get_header(httpx_mock, implicit_auth & (api_key_auth & api_key_auth2))
assert header.get("Authorization") == f"Bearer {token}"
assert header.get("X-Api-Key") == "my_provided_api_key"
assert header.get("X-Api-Key2") == "my_provided_api_key2"
tab.assert_success(
"You are now authenticated on 42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521. You may close this tab."
)
def test_token_mock(token_cache_mock, httpx_mock: HTTPXMock):
auth = httpx_auth.OAuth2Implicit("http://provide_token")
expected_token = httpx_auth.OAuth2.token_cache.get_token("")
assert (get_header(
httpx_mock, auth).get("Authorization") == f"Bearer {expected_token}")
def test_header_value_must_contains_token():
with pytest.raises(Exception) as exception_info:
httpx_auth.OAuth2Implicit("http://test_url",
header_value="Bearer token")
assert str(exception_info.value
) == "header_value parameter must contains {token}."
def test_oauth2_implicit_flow_url_is_mandatory():
with pytest.raises(Exception) as exception_info:
httpx_auth.OAuth2Implicit(None)
assert str(exception_info.value) == "Authorization URL is mandatory."
def test_oauth2_implicit_flow(token_cache_mock, httpx_mock: HTTPXMock):
auth = httpx_auth.OAuth2Implicit("http://provide_token")
assert (get_header(
httpx_mock,
auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
