示例#1
0
    def test_sending_valid_request_returns_access_token(self):
        message = "grant_type=password&client_id=%s&client_secret=%s&username=%s&password=%s" % (self.app.key(), self.app.secret, 'admin', 'asdfasdf')
        response = api_request(self, self.get_url('/api/token'), method='POST', body=message, unsigned=True)
        access_token = Accesstoken.all()
        self.assertEqual(len(access_token), 1)
        self.assertTrue(access_token[0])

        # Now clean up so the invalid test will work out of order.
        for token in access_token:
            token.delete()
示例#2
0
    def test_access_token_is_not_deleted_when_new_one_is_requested(self):
        # First request one.
        message = "grant_type=authorization_code&code=%s&redirect_uri=%s&client_id=%s&client_secret=%s" % (self.authorization.code, self.app.redirect_url, self.app.key(), self.app.secret)

        response = api_request(self, self.get_url('/api/token'), method='POST', body=message, unsigned=True)

        #one access token should have been created:
        access_token = Accesstoken.get('id=1')
        self.assertTrue(access_token)
        self.assertFalse(access_token.deleted)
        access_tokens = Accesstoken.all()
        self.assertEqual(len(access_tokens), 1)

        j_response = json_decode(response.body)
        self.assertEqual(j_response['token_type'], 'mac')
        self.assertEqual(j_response['access_token'], access_token.consumer_key)
        self.assertEqual(j_response['secret'], access_token.consumer_secret)
        self.assertEqual(j_response['algorithm'], 'hmac-sha-1')

        # Now request another.
        other_authorization = Authorizationcode.generate(self.app.id, self.app.redirect_url, self.user_b.id)
        message = "grant_type=authorization_code&code=%s&redirect_uri=%s&client_id=%s&client_secret=%s" % (other_authorization.code, self.app.redirect_url, self.app.key(), self.app.secret)

        response = api_request(self, self.get_url('/api/token'), method='POST', body=message, unsigned=True)

        # A second access token should have been created, but the
        # first one should be gone.
        access_token = Accesstoken.get('id=1')
        self.assertFalse(access_token.deleted)
        access_token = Accesstoken.get('id=2')
        self.assertFalse(access_token.deleted)
        access_tokens = Accesstoken.all()
        self.assertEqual(len(access_tokens), 2)

        j_response = json_decode(response.body)
        self.assertEqual(j_response['token_type'], 'mac')
        self.assertEqual(j_response['access_token'], access_token.consumer_key)
        self.assertEqual(j_response['secret'], access_token.consumer_secret)
        self.assertEqual(j_response['algorithm'], 'hmac-sha-1')
示例#3
0
 def test_sending_invalid_password_returns_error(self):
     message = "grant_type=password&client_id=%s&client_secret=%s&username=%s&password=%s" % (self.app.key(), self.app.secret, 'admin', 'qwerqwer')
     response = api_request(self, self.get_url('/api/token'), method='POST', body=message, unsigned=True)
     access_token = Accesstoken.all()
     self.assertEqual(len(access_token), 0)