def _test_redirect_uri_grant_combination(self, redirect_uris, grant_type,
is_valid):
doc = User.objects.get(username='******')
common_fields = {
'authorization_grant_type': grant_type,
'redirect_uris': redirect_uris,
}
application = self.create_oauth_application(user=doc)
# This should always succeed.
super(Application, application).clean()
form = ApplicationChangeForm(
data=dict(model_to_dict(application), **common_fields),
instance=application,
)
self.assertEqual(form.is_valid(), is_valid)
application = Application(user=doc, **common_fields)
# Ensure that the error cases of AbstractApplication.clean() matches
# our implementation.
if is_valid:
super(Application, application).clean()
else:
self.assertIn('redirect_uris', form.errors)
with self.assertRaises(ValidationError):
super(Application, application).clean()
def test_enable_disabled_for_security(self):
"""Testing ApplicationChangeForm will not enable an application
disabled for security
"""
local_site = LocalSite.objects.get(pk=1)
admin = User.objects.get(username='******')
owner = User.objects.get(username='******')
local_site.users.remove(owner)
application = self.create_oauth_application(user=admin,
local_site=local_site,
enabled=False,
original_user=owner)
self.assertTrue(application.is_disabled_for_security)
self.assertEqual(application.original_user, owner)
form = ApplicationChangeForm(
data=dict(model_to_dict(application),
enabled=True),
instance=application,
)
self.assertFalse(form.is_valid())
self.assertEqual(form.non_field_errors(),
[ApplicationCreationForm.DISABLED_FOR_SECURITY_ERROR])
def _test_redirect_uri_grant_combination(self, redirect_uris, grant_type,
is_valid):
doc = User.objects.get(username='******')
common_fields = {
'authorization_grant_type': grant_type,
'redirect_uris': redirect_uris,
}
application = self.create_oauth_application(user=doc)
# This should always succeed.
super(Application, application).clean()
form = ApplicationChangeForm(
data=dict(model_to_dict(application), **common_fields),
instance=application,
)
self.assertEqual(form.is_valid(), is_valid)
application = Application(user=doc, **common_fields)
# Ensure that the error cases of AbstractApplication.clean() matches
# our implementation.
if is_valid:
super(Application, application).clean()
else:
self.assertIn('redirect_uris', form.errors)
with self.assertRaises(ValidationError):
super(Application, application).clean()
def test_enable_disabled_for_security(self):
"""Testing ApplicationChangeForm will not enable an application
disabled for security
"""
local_site = LocalSite.objects.get(pk=1)
admin = User.objects.get(username='******')
owner = User.objects.get(username='******')
local_site.users.remove(owner)
application = self.create_oauth_application(user=admin,
local_site=local_site,
enabled=False,
original_user=owner)
self.assertTrue(application.is_disabled_for_security)
self.assertEqual(application.original_user, owner)
form = ApplicationChangeForm(
data=dict(model_to_dict(application), enabled=True),
instance=application,
)
self.assertFalse(form.is_valid())
self.assertEqual(form.non_field_errors(),
[ApplicationCreationForm.DISABLED_FOR_SECURITY_ERROR])
def test_reassign_client_id(self):
"""Testing ApplicationChangeForm cannot re-assign client_id"""
user = User.objects.get(username='******')
application = self.create_oauth_application(user)
original_id = application.client_id
form = ApplicationChangeForm(
data=dict(
model_to_dict(instance=application,
fields=ApplicationChangeForm.base_fields,
exclude=('client_id', 'client_secret')),
client_id='foo',
),
instance=application,
)
self.assertTrue(form.is_valid())
application = form.save()
self.assertEqual(application.client_id, original_id)
def test_reassign_client_secret(self):
"""Testing ApplicationChangeForm cannot re-assign client_secret"""
user = User.objects.get(username='******')
application = self.create_oauth_application(user)
original_secret = application.client_secret
form = ApplicationChangeForm(
data=dict(
model_to_dict(
instance=application,
fields=ApplicationChangeForm.base_fields,
exclude=('client_id', 'client_secret')
),
client_secret='bar',
),
instance=application,
)
form.is_valid()
self.assertTrue(form.is_valid())
application = form.save()
self.assertEqual(application.client_secret, original_secret)