def Unauthenticated_user_is_redirected_to_login_page_when_tries_to_do_oauth_with_us(self):
redirectUri = 'https://client.example.com/oauth/redirect'
self.setupRandom()
appid = "app2-{0}".format(self.randString)
self.appsecret = "secret2-{0}".format(self.randString)
Application.new(appid, self.appsecret, redirectUri)
uri = "v1/oauth2/auth?response_type=code&client_id={0}&redirect_uri=https%3A%2F%2Fclient.example.com%2Foauth%2Fredirect".format(appid)
resp = app.test_client().get(uri)
self.assertEquals(302,resp.status_code)
self.assertTrue(resp.headers.has_key('Content-Length'))
self.assertTrue(resp.headers['Location'].startswith(config.base_url + "/static/login.html"))
def test_unauthenticated_user_is_redirected_to_login_page_when_tries_to_do_oauth_with_us(
self):
redirectUri = 'https://client.example.com/oauth/redirect'
self.setupRandom()
appid = "app2-{0}".format(self.randString)
self.appsecret = "secret2-{0}".format(self.randString)
Application.new(appid, self.appsecret, redirectUri)
uri = "v1/oauth2/auth?response_type=code&client_id={0}&redirect_uri=https%3A%2F%2Fclient.example.com%2Foauth%2Fredirect".format(
appid)
resp = app.test_client().get(uri)
self.assertEqual(302, resp.status_code)
self.assertTrue('Content-Length' in resp.headers)
locationHeader = resp.headers['Location']
self.assertTrue(locationHeader.startswith(config.Config.LOGIN_URL))
def _register_application(self):
self.appsecret = ''.join(random.choice(string.ascii_letters) for _ in range(32))
appname = "app_{0}".format(''.join(random.choice(string.ascii_letters) for _ in range(6)))
self.redirect_uri = 'https://demokracia.rulez.org/'
applicationtool.do_main(0, appname, self.appsecret, self.redirect_uri)
app = Application.find(appname)
self.appid = app.appid
def setCanEmail(self, appName, user, value):
app = Application.find(appName)
if app == None:
raise ReportedError(Messages.unknownApplication)
theMap = AppMap.get(app, user)
theMap.can_email = value
theMap.save()
def createEmailtestApp(klass):
name = klass.createRandomUserId()
app = Application.new(name, name, "https://{0}.com/".format(name))
klass.allApps.add(app)
AppMap.new(app, klass.user)
klass.boundApps.add(app)
klass.app = app
def test_there_is_a_list_of_all_apps_denoting_the_user_data_associated_with_them(
self):
foundApps = set()
for entry in self.appList:
app = Application.find(entry['name'])
foundApps.add(app)
self.assertEqual(self.allApps, foundApps)
def setCanEmail(self, appName, user, value):
app = Application.find(appName)
if app == None:
raise ReportedError(Messages.unknownApplication)
theMap = AppMap.get(app, user)
theMap.can_email = value
theMap.save()
def createApp(self):
appName = self.mkRandomString(5)
appSecret = self.mkRandomString(15)
redirect_uri = "https://{0}.example.com/redirect_uri".format(
self.mkRandomString(8))
app = Application.new(appName, appSecret, redirect_uri)
return app
def an_application_can_be_stored_and_retrieved(self):
session = db.session
session.add(self.app)
session.commit()
b = Application.get(self.app.appid)
self.assertEquals(self.app.name,b.name)
self.assertEquals(self.app.appid,b.appid)
session.close()
def validate_redirect_uri(self,client_id,redirect_uri):
if client_id is None or\
redirect_uri is None:
return False
app = Application.get(client_id)
if app is None:
return False
return app.redirect_uri == redirect_uri.split("?")[0]
def validate_client_id(self,
client_id,
message=unauthorizedClient,
errorCode=302,
uri=None):
app = Application.get(client_id)
if self.isEmpty(app):
raise ReportedError(unauthorizedClient, errorCode, uri=uri)
def test_an_application_can_be_stored_and_retrieved(self):
session = db.session
session.add(self.app)
session.commit()
application = Application.get(self.app.appid)
self.assertEqual(self.app.name, application.name)
self.assertEqual(self.app.appid, application.appid)
session.close()
def setUp(self):
self.setupRandom()
#Application.query.delete() # @UndefinedVariable
#KeyData.query.delete() # @UndefinedVariable
#TokenInfoByAccessKey.query.delete() # @UndefinedVariable
self.authProvider = AuthProvider(FlaskInterface())
self.session = db.session
self.app = Application.new(
"test app %s"%(self.mkRandomString(5)),
self.mkRandomPassword(),
"https://test.app/redirecturi")
self.session.add(self.app)
self.app2 = Application.new(
"test app %s"%(self.mkRandomString(5)),
self.mkRandomPassword(),
"https://test2.app:8080/redirecturi")
self.session.add(self.app2)
self.session.commit()
def do_main(verbose, name, secret, redirectUri):
if verbose > 0:
print("registering application {0} with secret {1} at {2}".format(name, secret, redirectUri))
app = Application.new(name, secret, redirectUri)
if app is None:
print "already existing app with this name: {0}".format(name)
return 2
print "id of the app is: {0}".format(app.appid)
return 0
def validate_redirect_uri(self,
client_id,
redirect_uri,
message=invalidRequest,
errorCode=302):
app = Application.get(client_id)
if self.isEmpty(app):
raise ReportedError(message, errorCode, uri=redirect_uri)
if not app.redirect_uri == redirect_uri.split("?")[0]:
raise ReportedError(message, errorCode, uri=redirect_uri)
def test_logged_in_users_can_get_their_app_list(self):
with app.test_client() as c:
self.login(c, self.user)
resp = c.get("/v1/getmyapps")
self.assertEqual(resp.status_code, 200)
text = self.getResponseText(resp)
appList = json.loads(text)
for entry in appList:
theApp = Application.find(entry['name'])
self.assertEqual(entry['hostname'], theApp.redirect_uri.split('/')[2])
def shownDataForApp(self, user, authenticator):
app = Application.get(authenticator)
appmapEntry = AppMap.get(app, user)
shownEmail = appmapEntry.getEmail()
shownUserId = appmapEntry.userid
shownAssurances = self.computeAssurancesForApp(user, app)
return dict(
email=shownEmail,
userid=shownUserId,
assurances=shownAssurances)
def setUp(self):
self.setupRandom()
Application.query.delete() # @UndefinedVariable
KeyData.query.delete() # @UndefinedVariable
TokenInfoByAccessKey.query.delete() # @UndefinedVariable
self.ap = AuthProvider()
self.session = db.session
self.app = Application.new("test app 5", "secret5", "https://test.app/redirecturi")
self.session.add(self.app)
self.session.commit()
def shownDataForApp(self, user, authenticator):
app = Application.get(authenticator)
appmapEntry = AppMap.get(app, user)
shownEmail = appmapEntry.getEmail()
shownUserId = appmapEntry.userid
shownAssurances = self.computeAssurancesForApp(user, app)
return dict(
email=shownEmail,
userid=shownUserId,
assurances=shownAssurances)
def test_the_list_entries_contain_whether_the_user_enabled_emailing(self):
missingCount = 0
for entry in self.appList:
app = Application.find(entry['name'])
mapEntry = AppMap.find(app, self.user)
if mapEntry:
self.assertEqual(entry['email_enabled'], mapEntry.can_email)
else:
missingCount += 1
self.assertTrue(missingCount < len(self.appList))
self.assertTrue(missingCount > 0)
def test_the_list_entries_contain_whether_the_user_enabled_emailing(self):
missingCount= 0
for entry in self.appList:
app = Application.find(entry['name'])
mapEntry=AppMap.find(app,self.user)
if mapEntry:
self.assertEqual(entry['email_enabled'], mapEntry.can_email)
else:
missingCount += 1
self.assertTrue(missingCount < len(self.appList))
self.assertTrue(missingCount > 0)
def do_main(verbose, name, secret, redirectUri, assurances):
if verbose and verbose > 0:
print("registering application {0} with secret {1} at {2}".format(name, secret, redirectUri))
app = Application.new(name, secret, redirectUri)
for assurance in assurances:
AppAssurance(app,assurance).save()
if app is None:
print("already existing app with this name: {0}".format(name))
return 2
print("id of the app is: {0}".format(app.appid))
return 0
def do_main(verbose, name, secret, redirectUri, assurances):
if verbose and verbose > 0:
print("registering application {0} with secret {1} at {2}".format(
name, secret, redirectUri))
app = Application.new(name, secret, redirectUri)
for assurance in assurances:
AppAssurance(app, assurance).save()
if app is None:
print("already existing app with this name: {0}".format(name))
return 2
print("id of the app is: {0}".format(app.appid))
return 0
def createTestAppMaps(self):
self.boundApps = set()
self.emailerApps = list()
for i in range(20): # @UnusedVariable
name = self.createRandomUserId()
newApp = Application.new(name, name,
"https://{0}.com/".format(name))
if (random.randint(1, 2) == 1):
newApp.can_email = True
newApp.save()
self.emailerApps.append(newApp)
self.allApps = set(Application.all())
self.emailerMaps = list()
for app in self.allApps:
if (random.randint(1, 2) == 1):
self.boundApps.add(app)
m = AppMap.new(app, self.user)
if app.can_email and (random.randint(1, 2) == 1):
m.can_email = True
self.emailerMaps.append(m)
m.save()
def test_applicationtool_works_with_a_name_a_https_redrect_uri_a_secret_and_two_assurances(self):
appname = self.mkRandomString(6)
password = self.mkRandomPassword()
uri = "https://%s.org/"%(appname)
out, err, isExit = self.runApplicationToolWithParameters([appname, password, uri, 'test', 'test2'])
self.assertFalse(isExit)
outStr = out.getvalue()
self.assertTrue( 'id of the app is:' in outStr)
appId = outStr.split(": ")[1].strip()
app = Application.find(appname)
self.assertEqual(app.appid, appId)
self.assertEqual(app.secret, password)
self.assertEqual(app.redirect_uri, uri)
self.assertEqual(AppAssurance.get(app), ['test','test2'])
def test_unauthenticated_user_is_redirected_to_login_page_when_tries_to_do_oauth_with_us_2(self):
controller=AuthProvider(FakeInterface())
controller.app = FakeApp()
redirectUri = 'https://client.example.com/oauth/redirect'
self.setupRandom()
appid = "app2-{0}".format(self.randString)
self.appsecret = "secret2-{0}".format(self.randString)
app = Application.new(appid, self.appsecret, redirectUri)
uri = "v1/oauth2/auth?response_type=code&client_id={0}&redirect_uri=https%3A%2F%2Fclient.example.com%2Foauth%2Fredirect".format(app.appid)
controller.interface.set_request_context(url=uri)
with self.assertRaises(ReportedError) as e:
controller.auth_interface()
self.assertEqual(302,e.exception.status)
self.assertTrue(e.exception.uri.startswith(config.Config.BASE_URL + "/static/login.html"))
def getCode(self, c):
redirect_uri = 'https://test.app/redirecturi'
appid = "app-{0}".format(self.randString)
self.appsecret = "secret-{0}".format(self.randString)
application = Application.new(appid, self.appsecret, redirect_uri)
self.appid = application.appid
uri = config.base_url + '/v1/oauth2/auth'
query_string = 'response_type=code&client_id={0}&redirect_uri={1}'.format(self.appid,
redirect_uri)
resp = c.get(uri, query_string=query_string)
self.assertEqual(302, resp.status_code)
location = resp.headers['Location']
self.assertTrue(location.startswith('https://test.app/redirecturi?code='))
return location.split('=')[1]
def test_applicationtool_works_with_a_name_a_https_redrect_uri_a_secret_and_two_assurances(
self):
appname = self.mkRandomString(6)
password = self.mkRandomPassword()
uri = "https://%s.org/" % (appname)
out, err, isExit = self.runApplicationToolWithParameters(
[appname, password, uri, 'test', 'test2'])
self.assertFalse(isExit)
outStr = out.getvalue()
self.assertTrue('id of the app is:' in outStr)
appId = outStr.split(": ")[1].strip()
app = Application.find(appname)
self.assertEqual(app.appid, appId)
self.assertEqual(app.secret, password)
self.assertEqual(app.redirect_uri, uri)
self.assertEqual(AppAssurance.get(app), ['test', 'test2'])
def chooseAppWithOppositeEmailCapability(self, canEmail):
for appName in self.appNames:
theApp = Application.find(appName)
theMap = AppMap.get(theApp, self.user)
if theMap.can_email is not canEmail:
return theApp
def test_can_email_is_saved(self):
self.app.can_email = True
self.app.save()
app = Application.get(self.app.appid)
self.assertEqual(True, app.can_email)
def test_the_list_entries_contain_the_app_hostname(self):
for entry in self.appList:
app = Application.find(entry['name'])
self.assertEqual(entry['hostname'], app.redirect_uri.split('/')[2])
def getApplication():
app = Application.find("testapp")
if not app:
app = Application.new("testapp", "S3cret",
"https://app-none.github.com/")
return app
def __init__(self, app, name):
self.app = app
self.assurance = name
@classmethod
def get(cls, app):
assurances = AppAssurance.query.filter_by(app=app).all()
assuranceList = []
for item in assurances:
assuranceList.append(item.assurance)
return assuranceList
@classmethod
def add(cls, app, name):
if name in cls.get(app):
return None
appAssurance = AppAssurance(app,name)
appAssurance.save()
return appAssurance
@classmethod
def removeAllForApp(cls, app):
applications = cls.query.filter_by(app=app).all()
for application in applications:
application.rm()
Application.subscribe(AppAssurance.removeAllForApp, "pre_rm")
def _setupApp(self):
self.setupRandom()
self.redirect_uri = "https://app-{0}.github.com/".format(self.randString)
self.appname = "testapp{0}".format(self.randString)
self.app = Application.new(self.appname, "S3cret", self.redirect_uri)
self.assertTrue(self.app)
def createApp(self):
appName = self.mkRandomString(5)
appSecret = self.mkRandomString(15)
redirect_uri = "https://{0}.example.com/redirect_uri".format(self.mkRandomString(8))
app = Application.new(appName, appSecret, redirect_uri)
return app
def getAppList(self, user):
ret = list()
for app in Application.all():
entry = self.createUserAppMapEntry(user, app)
ret.append(entry)
return ret
def setUp(self):
Application.query.delete() # @UndefinedVariable
self.app = Application.new("test app1", "secret1", "https://test.app/redirecturi1")
def getAppList(self, user):
ret = list()
for app in Application.all():
entry = self.createUserAppMapEntry(user, app)
ret.append(entry)
return ret
def test_the_list_entries_contain_the_can_email_attribute_of_application(self):
for app in self.appList:
self.assertEqual(app['can_email'],Application.find(app['name']).can_email)
def validate_redirect_uri(self, client_id, redirect_uri, message=invalidRequest, errorCode=302):
app = Application.get(client_id)
if self.isEmpty(app):
raise ReportedError(message, errorCode, uri=redirect_uri)
if not app.redirect_uri == redirect_uri.split("?")[0]:
raise ReportedError(message, errorCode, uri=redirect_uri)
def test_getstatsAsJson_gives_the_statistics_in_json(self):
applicationCount = Application.getStats()
with app.test_client() as client:
resp = client.get(config.BASE_URL + "/v1/statistics")
self.stats=json.loads(resp.data.decode('utf-8'))
self.assertEqual(self.stats['applications'],applicationCount)
def validate_client_secret(self,client_id,client_secret):
if client_id is None:
return False
app = Application.get(client_id)
return app.secret == client_secret
def test_the_list_entries_contain_the_proxy_username(self):
for entry in self.appList:
app = Application.find(entry['name'])
mapEntry=AppMap.find(app,self.user)
if mapEntry:
self.assertEqual(entry['username'], mapEntry.userid)
def test_the_list_entries_contain_the_proxy_username(self):
for entry in self.appList:
app = Application.find(entry['name'])
mapEntry = AppMap.find(app, self.user)
if mapEntry:
self.assertEqual(entry['username'], mapEntry.userid)
def getStats(self):
ret = dict()
ret['users'] = User.getStats()
ret['applications'] = Application.getStats()
ret['assurances'] = Assurance.getStats()
return ret
def test_the_list_entries_contain_the_can_email_attribute_of_application(
self):
for app in self.appList:
self.assertEqual(app['can_email'],
Application.find(app['name']).can_email)
def validate_client_secret(self, client_id, client_secret):
app = Application.get(client_id)
if app.secret != client_secret:
raise ReportedError(invalidClient, 400)
def test_can_email_is_saved(self):
self.app.can_email = True
self.app.save()
app = Application.get(self.app.appid)
self.assertEqual(True, app.can_email)
def setUp(self):
AppMap.query.delete() #@UndefinedVariable
AppAssurance.query.delete() #@UndefinedVariable
Application.query.delete() #@UndefinedVariable
self.app = Application.new("test app1", "secret1",
"https://test.app/redirecturi1")
def test_there_is_a_list_of_all_apps_denoting_the_user_data_associated_with_them(self):
foundApps = set()
for entry in self.appList:
app = Application.find(entry['name'])
foundApps.add(app)
self.assertEqual(self.allApps, foundApps)
def getApplication():
app = Application.find("testapp")
if not app:
app = Application.new("testapp", "S3cret", "https://app-none.github.com/")
return app
def validate_client_id(self, client_id, message=unauthorizedClient, errorCode=302, uri=None):
app = Application.get(client_id)
if self.isEmpty(app):
raise ReportedError(unauthorizedClient, errorCode, uri=uri)
def validate_client_secret(self,client_id, client_secret):
app = Application.get(client_id)
if app.secret != client_secret:
raise ReportedError(invalidClient, 400)
def test_the_list_entries_contain_the_app_hostname(self):
for entry in self.appList:
app = Application.find(entry['name'])
self.assertEqual(entry['hostname'], app.redirect_uri.split('/')[2])
app = relationship(Application, foreign_keys=[app_id])
def __init__(self, app, name):
self.app = app
self.assurance = name
@classmethod
def get(cls, app):
assurances = AppAssurance.query.filter_by(app=app).all()
assuranceList = []
for item in assurances:
assuranceList.append(item.assurance)
return assuranceList
@classmethod
def add(cls, app, name):
if name in cls.get(app):
return None
appAssurance = AppAssurance(app, name)
appAssurance.save()
return appAssurance
@classmethod
def removeAllForApp(cls, app):
applications = cls.query.filter_by(app=app).all()
for application in applications:
application.rm()
Application.subscribe(AppAssurance.removeAllForApp, "pre_rm")