def setUp(self): self.mock_validator = mock.MagicMock() self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock()) auth_code = AuthorizationCodeGrant( request_validator=self.mock_validator) auth_code.save_authorization_code = mock.MagicMock() implicit = ImplicitGrant(request_validator=self.mock_validator) implicit.save_token = mock.MagicMock() openid_connect_auth = OpenIDConnectAuthCode(self.mock_validator) openid_connect_implicit = OpenIDConnectImplicit(self.mock_validator) response_types = { 'code': auth_code, 'token': implicit, 'id_token': openid_connect_implicit, 'id_token token': openid_connect_implicit, 'code token': openid_connect_auth, 'code id_token': openid_connect_auth, 'code token id_token': openid_connect_auth, 'none': auth_code } self.expires_in = 1800 token = tokens.BearerToken(self.mock_validator, expires_in=self.expires_in) self.endpoint = AuthorizationEndpoint(default_response_type='code', default_token_type=token, response_types=response_types)
def __init__(self, request_validator, token_expires_in=None, token_generator=None, refresh_token_generator=None, *args, **kwargs): auth_grant = OrgAuthorizationCodeGrant(request_validator) implicit_grant = OrgImplicitGrant(request_validator) password_grant = OrgResourceOwnerPasswordCredentialsGrant( request_validator) credentials_grant = ClientCredentialsGrant(request_validator) refresh_grant = RefreshTokenGrant(request_validator) bearer = BearerToken(request_validator, token_generator, token_expires_in, refresh_token_generator) AuthorizationEndpoint.__init__(self, default_response_type='code', response_types={ 'code': auth_grant, 'token': implicit_grant, }, default_token_type=bearer) TokenEndpoint.__init__(self, default_grant_type='authorization_code', grant_types={ 'authorization_code': auth_grant, 'password': password_grant, 'client_credentials': credentials_grant, 'refresh_token': refresh_grant, }, default_token_type=bearer) ResourceEndpoint.__init__(self, default_token='Bearer', token_types={'Bearer': bearer}) RevocationEndpoint.__init__(self, request_validator)
def setUp(self): self.mock_validator = mock.MagicMock() self.mock_validator.get_code_challenge.return_value = None self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock()) auth_code = AuthorizationCodeGrant( request_validator=self.mock_validator) auth_code.save_authorization_code = mock.MagicMock() implicit = ImplicitGrant( request_validator=self.mock_validator) implicit.save_token = mock.MagicMock() response_types = { 'code': auth_code, 'token': implicit, 'none': auth_code } self.expires_in = 1800 token = tokens.BearerToken( self.mock_validator, expires_in=self.expires_in ) self.endpoint = AuthorizationEndpoint( default_response_type='code', default_token_type=token, response_types=response_types )
class AuthorizationEndpointTest(TestCase): def setUp(self): self.mock_validator = mock.MagicMock() self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock()) auth_code = AuthorizationCodeGrant( request_validator=self.mock_validator) auth_code.save_authorization_code = mock.MagicMock() implicit = ImplicitGrant( request_validator=self.mock_validator) implicit.save_token = mock.MagicMock() response_types = { 'code': auth_code, 'token': implicit, } self.expires_in = 1800 token = tokens.BearerToken(self.mock_validator, expires_in=self.expires_in) self.endpoint = AuthorizationEndpoint( default_response_type='code', default_token_type=token, response_types=response_types) @mock.patch('oauthlib.common.generate_token', new=lambda: 'abc') def test_authorization_grant(self): uri = 'http://i.b/l?response_type=code&client_id=me&scope=all+of+them&state=xyz' uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme' headers, body, status_code = self.endpoint.create_authorization_response( uri, scopes=['all', 'of', 'them']) self.assertIn('Location', headers) self.assertURLEqual(headers['Location'], 'http://back.to/me?code=abc&state=xyz') @mock.patch('oauthlib.common.generate_token', new=lambda: 'abc') def test_implicit_grant(self): uri = 'http://i.b/l?response_type=token&client_id=me&scope=all+of+them&state=xyz' uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme' headers, body, status_code = self.endpoint.create_authorization_response( uri, scopes=['all', 'of', 'them']) self.assertIn('Location', headers) self.assertURLEqual(headers['Location'], 'http://back.to/me#access_token=abc&expires_in=' + str(self.expires_in) + '&token_type=Bearer&state=xyz&scope=all+of+them', parse_fragment=True) def test_missing_type(self): uri = 'http://i.b/l?client_id=me&scope=all+of+them' uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme' self.mock_validator.validate_request = mock.MagicMock( side_effect=errors.InvalidRequestError()) headers, body, status_code = self.endpoint.create_authorization_response( uri, scopes=['all', 'of', 'them']) self.assertIn('Location', headers) self.assertURLEqual(headers['Location'], 'http://back.to/me?error=invalid_request&error_description=Missing+response_type+parameter.') def test_invalid_type(self): uri = 'http://i.b/l?response_type=invalid&client_id=me&scope=all+of+them' uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme' self.mock_validator.validate_request = mock.MagicMock( side_effect=errors.UnsupportedResponseTypeError()) headers, body, status_code = self.endpoint.create_authorization_response( uri, scopes=['all', 'of', 'them']) self.assertIn('Location', headers) self.assertURLEqual(headers['Location'], 'http://back.to/me?error=unsupported_response_type')
def __init__(self, request_validator, token_generator=None, token_expires_in=None, refresh_token_generator=None, **kwargs): """Construct a new web application server. :param request_validator: An implementation of oauthlib.oauth2.RequestValidator. :param token_expires_in: An int or a function to generate a token expiration offset (in seconds) given a oauthlib.common.Request object. :param token_generator: A function to generate a token from a request. :param refresh_token_generator: A function to generate a token from a request for the refresh token. :param kwargs: Extra parameters to pass to authorization-, token-, resource-, and revocation-endpoint constructors. """ auth_grant = AuthorizationCodeGrant(request_validator) refresh_grant = RefreshTokenGrant(request_validator) bearer = BearerToken(request_validator, token_generator, token_expires_in, refresh_token_generator) AuthorizationEndpoint.__init__(self, default_response_type='code', response_types={'code': auth_grant}, default_token_type=bearer) TokenEndpoint.__init__(self, default_grant_type='authorization_code', grant_types={ 'authorization_code': auth_grant, 'refresh_token': refresh_grant, }, default_token_type=bearer) ResourceEndpoint.__init__(self, default_token='Bearer', token_types={'Bearer': bearer}) RevocationEndpoint.__init__(self, request_validator)
class AuthorizationEndpointTest(TestCase): def setUp(self): self.mock_validator = mock.MagicMock() self.addCleanup(setattr, self, "mock_validator", mock.MagicMock()) auth_code = AuthorizationCodeGrant(request_validator=self.mock_validator) auth_code.save_authorization_code = mock.MagicMock() implicit = ImplicitGrant(request_validator=self.mock_validator) implicit.save_token = mock.MagicMock() response_types = {"code": auth_code, "token": implicit} self.expires_in = 1800 token = tokens.BearerToken(self.mock_validator, expires_in=self.expires_in) self.endpoint = AuthorizationEndpoint( default_response_type="code", default_token_type=token, response_types=response_types ) @mock.patch("oauthlib.common.generate_token", new=lambda: "abc") def test_authorization_grant(self): uri = "http://i.b/l?response_type=code&client_id=me&scope=all+of+them&state=xyz" uri += "&redirect_uri=http%3A%2F%2Fback.to%2Fme" headers, body, status_code = self.endpoint.create_authorization_response(uri, scopes=["all", "of", "them"]) self.assertIn("Location", headers) self.assertURLEqual(headers["Location"], "http://back.to/me?code=abc&state=xyz") @mock.patch("oauthlib.common.generate_token", new=lambda: "abc") def test_implicit_grant(self): uri = "http://i.b/l?response_type=token&client_id=me&scope=all+of+them&state=xyz" uri += "&redirect_uri=http%3A%2F%2Fback.to%2Fme" headers, body, status_code = self.endpoint.create_authorization_response(uri, scopes=["all", "of", "them"]) self.assertIn("Location", headers) self.assertURLEqual( headers["Location"], "http://back.to/me#access_token=abc&expires_in=" + str(self.expires_in) + "&token_type=Bearer&state=xyz&scope=all+of+them", parse_fragment=True, ) def test_missing_type(self): uri = "http://i.b/l?client_id=me&scope=all+of+them" uri += "&redirect_uri=http%3A%2F%2Fback.to%2Fme" self.mock_validator.validate_request = mock.MagicMock(side_effect=errors.InvalidRequestError()) headers, body, status_code = self.endpoint.create_authorization_response(uri, scopes=["all", "of", "them"]) self.assertIn("Location", headers) self.assertURLEqual( headers["Location"], "http://back.to/me?error=invalid_request&error_description=Missing+response_type+parameter.", ) def test_invalid_type(self): uri = "http://i.b/l?response_type=invalid&client_id=me&scope=all+of+them" uri += "&redirect_uri=http%3A%2F%2Fback.to%2Fme" self.mock_validator.validate_request = mock.MagicMock(side_effect=errors.UnsupportedResponseTypeError()) headers, body, status_code = self.endpoint.create_authorization_response(uri, scopes=["all", "of", "them"]) self.assertIn("Location", headers) self.assertURLEqual(headers["Location"], "http://back.to/me?error=unsupported_response_type")
class OpenIDConnectEndpointTest(TestCase): def setUp(self): self.mock_validator = mock.MagicMock() self.mock_validator.authenticate_client.side_effect = self.set_client grant = OpenIDConnectAuthCode(request_validator=self.mock_validator) bearer = BearerToken(self.mock_validator) self.endpoint = AuthorizationEndpoint(grant, bearer, response_types={'code': grant}) params = { 'prompt': 'consent', 'state': 'abc', 'redirect_uri': 'https://a.b/cb', 'response_type': 'code', 'client_id': 'abcdef', 'scope': 'hello openid' } self.url = 'http://a.b/path?' + urlencode(params) def set_client(self, request): request.client = mock.MagicMock() request.client.client_id = 'mocked' return True @mock.patch('oauthlib.common.generate_token') def test_authorization_endpoint_handles_prompt(self, generate_token): generate_token.return_value = "MOCK_CODE" # In the GET view: scopes, creds = self.endpoint.validate_authorization_request(self.url) # In the POST view: creds['scopes'] = scopes h, b, s = self.endpoint.create_authorization_response( self.url, credentials=creds) expected = 'https://a.b/cb?state=abc&code=MOCK_CODE' self.assertURLEqual(h['Location'], expected) self.assertEqual(b, None) self.assertEqual(s, 302) def test_prompt_none_exclusiveness(self): """ Test that prompt=none can't be used with another prompt value. """ params = { 'prompt': 'none consent', 'state': 'abc', 'redirect_uri': 'https://a.b/cb', 'response_type': 'code', 'client_id': 'abcdef', 'scope': 'hello openid' } url = 'http://a.b/path?' + urlencode(params) with self.assertRaises(InvalidRequestError): self.endpoint.validate_authorization_request(url)
def setUp(self): self.mock_validator = mock.MagicMock() self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock()) auth_code = AuthorizationCodeGrant( request_validator=self.mock_validator) auth_code.save_authorization_code = mock.MagicMock() implicit = ImplicitGrant( request_validator=self.mock_validator) implicit.save_token = mock.MagicMock() openid_connect_auth = OpenIDConnectAuthCode(self.mock_validator) openid_connect_implicit = OpenIDConnectImplicit(self.mock_validator) response_types = { 'code': auth_code, 'token': implicit, 'id_token': openid_connect_implicit, 'id_token token': openid_connect_implicit, 'code token': openid_connect_auth, 'code id_token': openid_connect_auth, 'code token id_token': openid_connect_auth, 'none': auth_code } self.expires_in = 1800 token = tokens.BearerToken(self.mock_validator, expires_in=self.expires_in) self.endpoint = AuthorizationEndpoint( default_response_type='code', default_token_type=token, response_types=response_types)
def setUp(self): self.mock_validator = mock.MagicMock() self.mock_validator.authenticate_client.side_effect = self.set_client grant = OpenIDConnectAuthCode(request_validator=self.mock_validator) bearer = BearerToken(self.mock_validator) self.endpoint = AuthorizationEndpoint(grant, bearer, response_types={'code': grant}) params = { 'prompt': 'consent', 'state': 'abc', 'redirect_uri': 'https://a.b/cb', 'response_type': 'code', 'client_id': 'abcdef', 'scope': 'hello openid' } self.url = 'http://a.b/path?' + urlencode(params)
def setUp(self): self.mock_validator = mock.MagicMock() self.addCleanup(setattr, self, "mock_validator", mock.MagicMock()) auth_code = AuthorizationCodeGrant(request_validator=self.mock_validator) auth_code.save_authorization_code = mock.MagicMock() implicit = ImplicitGrant(request_validator=self.mock_validator) implicit.save_token = mock.MagicMock() response_types = {"code": auth_code, "token": implicit} self.expires_in = 1800 token = tokens.BearerToken(self.mock_validator, expires_in=self.expires_in) self.endpoint = AuthorizationEndpoint( default_response_type="code", default_token_type=token, response_types=response_types )
def setUp(self): self.mock_validator = mock.MagicMock() self.mock_validator.authenticate_client.side_effect = self.set_client grant = AuthorizationCodeGrant(request_validator=self.mock_validator) bearer = BearerToken(self.mock_validator) self.endpoint = AuthorizationEndpoint(grant, bearer, response_types={'code': grant}) params = { 'prompt': 'consent', 'display': 'touch', 'nonce': 'abcd', 'state': 'abc', 'redirect_uri': 'https://a.b/cb', 'response_type': 'code', 'client_id': 'abcdef', 'scope': 'hello openid' } self.url = 'http://a.b/path?' + urlencode(params)
class AuthorizationEndpointTest(TestCase): def setUp(self): self.mock_validator = mock.MagicMock() self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock()) auth_code = AuthorizationCodeGrant( request_validator=self.mock_validator) auth_code.save_authorization_code = mock.MagicMock() implicit = ImplicitGrant(request_validator=self.mock_validator) implicit.save_token = mock.MagicMock() openid_connect_auth = OpenIDConnectAuthCode(self.mock_validator) openid_connect_implicit = OpenIDConnectImplicit(self.mock_validator) response_types = { 'code': auth_code, 'token': implicit, 'id_token': openid_connect_implicit, 'id_token token': openid_connect_implicit, 'code token': openid_connect_auth, 'code id_token': openid_connect_auth, 'code token id_token': openid_connect_auth, 'none': auth_code } self.expires_in = 1800 token = tokens.BearerToken(self.mock_validator, expires_in=self.expires_in) self.endpoint = AuthorizationEndpoint(default_response_type='code', default_token_type=token, response_types=response_types) @mock.patch('oauthlib.common.generate_token', new=lambda: 'abc') def test_authorization_grant(self): uri = 'http://i.b/l?response_type=code&client_id=me&scope=all+of+them&state=xyz' uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme' headers, body, status_code = self.endpoint.create_authorization_response( uri, scopes=['all', 'of', 'them']) self.assertIn('Location', headers) self.assertURLEqual(headers['Location'], 'http://back.to/me?code=abc&state=xyz') @mock.patch('oauthlib.common.generate_token', new=lambda: 'abc') def test_implicit_grant(self): uri = 'http://i.b/l?response_type=token&client_id=me&scope=all+of+them&state=xyz' uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme' headers, body, status_code = self.endpoint.create_authorization_response( uri, scopes=['all', 'of', 'them']) self.assertIn('Location', headers) self.assertURLEqual(headers['Location'], 'http://back.to/me#access_token=abc&expires_in=' + str(self.expires_in) + '&token_type=Bearer&state=xyz&scope=all+of+them', parse_fragment=True) def test_none_grant(self): uri = 'http://i.b/l?response_type=none&client_id=me&scope=all+of+them&state=xyz' uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme' headers, body, status_code = self.endpoint.create_authorization_response( uri, scopes=['all', 'of', 'them']) self.assertIn('Location', headers) self.assertURLEqual(headers['Location'], 'http://back.to/me?state=xyz', parse_fragment=True) self.assertEqual(body, None) self.assertEqual(status_code, 302) # and without the state parameter uri = 'http://i.b/l?response_type=none&client_id=me&scope=all+of+them' uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme' headers, body, status_code = self.endpoint.create_authorization_response( uri, scopes=['all', 'of', 'them']) self.assertIn('Location', headers) self.assertURLEqual(headers['Location'], 'http://back.to/me', parse_fragment=True) self.assertEqual(body, None) self.assertEqual(status_code, 302) def test_missing_type(self): uri = 'http://i.b/l?client_id=me&scope=all+of+them' uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme' self.mock_validator.validate_request = mock.MagicMock( side_effect=errors.InvalidRequestError()) headers, body, status_code = self.endpoint.create_authorization_response( uri, scopes=['all', 'of', 'them']) self.assertIn('Location', headers) self.assertURLEqual( headers['Location'], 'http://back.to/me?error=invalid_request&error_description=Missing+response_type+parameter.' ) def test_invalid_type(self): uri = 'http://i.b/l?response_type=invalid&client_id=me&scope=all+of+them' uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme' self.mock_validator.validate_request = mock.MagicMock( side_effect=errors.UnsupportedResponseTypeError()) headers, body, status_code = self.endpoint.create_authorization_response( uri, scopes=['all', 'of', 'them']) self.assertIn('Location', headers) self.assertURLEqual( headers['Location'], 'http://back.to/me?error=unsupported_response_type')
class OpenIDConnectEndpointTest(TestCase): def setUp(self): self.mock_validator = mock.MagicMock() self.mock_validator.authenticate_client.side_effect = self.set_client grant = AuthorizationCodeGrant(request_validator=self.mock_validator) bearer = BearerToken(self.mock_validator) self.endpoint = AuthorizationEndpoint(grant, bearer, response_types={'code': grant}) params = { 'prompt': 'consent', 'display': 'touch', 'nonce': 'abcd', 'state': 'abc', 'redirect_uri': 'https://a.b/cb', 'response_type': 'code', 'client_id': 'abcdef', 'scope': 'hello openid' } self.url = 'http://a.b/path?' + urlencode(params) def set_client(self, request): request.client = mock.MagicMock() request.client.client_id = 'mocked' return True @mock.patch('oauthlib.common.generate_token') def test_authorization_endpoint_handles_prompt(self, generate_token): generate_token.return_value = "MOCK_CODE" # In the GET view: scopes, creds = self.endpoint.validate_authorization_request(self.url) # In the POST view: creds['scopes'] = scopes h, b, s = self.endpoint.create_authorization_response(self.url, credentials=creds) expected = 'https://a.b/cb?state=abc&code=MOCK_CODE' self.assertURLEqual(h['Location'], expected) self.assertEqual(b, None) self.assertEqual(s, 302) def test_prompt_none_exclusiveness(self): """ Test that prompt=none can't be used with another prompt value. """ params = { 'prompt': 'none consent', 'state': 'abc', 'redirect_uri': 'https://a.b/cb', 'response_type': 'code', 'client_id': 'abcdef', 'scope': 'hello openid' } url = 'http://a.b/path?' + urlencode(params) with self.assertRaises(InvalidRequestError): self.endpoint.validate_authorization_request(url) def test_oidc_params_preservation(self): """ Test that the nonce parameter is passed through. """ scopes, creds = self.endpoint.validate_authorization_request(self.url) self.assertEqual(creds['prompt'], {'consent'}) self.assertEqual(creds['nonce'], 'abcd') self.assertEqual(creds['display'], 'touch')