示例#1
0
def test_should_redirect_to_redirect_uri_argument_passing_auth_token():
    url = build_authorize_url({
        'client_id': 'client-id',
        'response_type': 'code',
        'redirect_uri': 'http://callback'
    })
    assert_redirect_parameters_keys(url, 'http://callback', ['code'])
def test_should_generate_tokens_using_generate_authorization_token_function():
    # tokens generation is stubbed in tests/helpers.py
    url = build_authorize_url({'client_id': '123',
                               'response_type': 'code',
                               'redirect_uri': 'http://callback'})
    resp = requests.get(url, allow_redirects=False)
    assert resp.headers['Location'].startswith('http://callback?code=authorization-code-')
示例#3
0
def test_should_require_response_type_parameter():
    url = build_authorize_url({
        'redirect_uri': 'http://callback/return',
        'client_id': 'client-id'
    })
    assert_required_redirect_parameter(url, 'http://callback/return',
                                       'response_type')
def test_should_return_405_on_post_default_behaviour():
    # it could be customized using plugins
    url = build_authorize_url({'client_id': '123',
                               'response_type': 'code',
                               'redirect_uri': 'http://callback'})
    resp = requests.post(url)
    assert 405 == resp.status_code
def test_should_keep_get_query_string_from_redirect_uri_when_adding_code_parameter():
    url = build_authorize_url({'client_id': '123',
                         'response_type': 'code',
                         'redirect_uri': 'http://callback?param1=value1'})
    resp = requests.get(url, allow_redirects=False)
    assert 302 == resp.status_code
    assert resp.headers['Location'].startswith('http://callback?param1=value1&code=')
示例#6
0
def test_using_authorization_POST_plugin_to_execute_on_authorization_request_POST_method():
    url = build_authorize_url({'client_id': 'client-id-from-plugins-test',
                               'response_type': 'code',
                               'redirect_uri': 'http://example.com/return'})
    resp = requests.post(url)

    assert 200 == resp.status_code
    assert u"I'm a dummy plugin doing nothing on POST" == resp.content
def test_should_redirect_with_server_error_error():
    url = build_authorize_url({'client_id': 'server_error',
                               'response_type': 'code',
                               'redirect_uri': 'http://callback'})
    resp = requests.get(url, allow_redirects=False)
    assert_error_redirect_params(resp, 'http://callback',
                                 'server_error',
                                 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request')
def test_should_require_response_type_parameter_to_be_code():
    url = build_authorize_url({'redirect_uri': 'http://callback/return',
                               'client_id': 'client-id',
                               'response_type': 'invalid'})
    expected_params = {'error': 'unsupported_response_type',
                       'error_description': 'Supported response_type: code'}
    assert_redirect_parameters(url, 'http://callback/return',
                               expected_params)
def test_should_redirect_with_invalid_scope_error():
    url = build_authorize_url({'client_id': 'invalid_scope',
                               'response_type': 'code',
                               'redirect_uri': 'http://callback'})
    resp = requests.get(url, allow_redirects=False)
    assert_error_redirect_params(resp, 'http://callback',
                                 'invalid_scope',
                                 'The requested scope is invalid, unknown, or malformed')
def test_should_redirect_with_temporarily_unavailable_error():
    url = build_authorize_url({'client_id': 'temporarily_unavailable',
                               'response_type': 'code',
                               'redirect_uri': 'http://callback'})
    resp = requests.get(url, allow_redirects=False)
    assert_error_redirect_params(resp, 'http://callback',
                                 'temporarily_unavailable',
                                 'The authorization server is currently unable to handle the request')
def test_should_redirect_with_unauthorized_client_error_if_client_id_cant_request_authorization():
    url = build_authorize_url({'client_id': 'unauthorized-client',
                               'response_type': 'code',
                               'redirect_uri': 'http://callback'})
    resp = requests.get(url, allow_redirects=False)
    assert_error_redirect_params(resp, 'http://callback',
                                 'unauthorized_client',
                                 'The client is not authorized to request an authorization code using this method')
示例#12
0
def test_should_return_405_on_post_default_behaviour():
    # it could be customized using plugins
    url = build_authorize_url({
        'client_id': '123',
        'response_type': 'code',
        'redirect_uri': 'http://callback'
    })
    resp = requests.post(url)
    assert 405 == resp.status_code
示例#13
0
def test_using_authorization_GET_plugin_to_execute_on_authorization_request_GET_method():
    # test plugins are registered on tests/server/plugins_to_test/dummy_plugins.py
    url = build_authorize_url({'client_id': 'client-id-from-plugins-test',
                               'response_type': 'code',
                               'redirect_uri': 'http://example.com/return'})
    resp = requests.get(url, allow_redirects=False)

    assert 200 == resp.status_code
    assert u"I'm a dummy plugin doing nothing on GET" == resp.content
def test_should_return_401_with_unregistered_client_id():
    url = build_authorize_url({'client_id': 'unregistered-client-id',
                               'redirect_uri': 'http://callback/return'})
    resp = requests.get(url, allow_redirects=False)
    body = parse_json_response(resp)
    expected_body = {'error': 'invalid_client',
                     'error_description': 'Invalid client_id or code on Authorization header'}

    assert 401 == resp.status_code
    assert expected_body == body
def test_should_keep_get_query_string_from_redirect_uri_when_adding_code_parameter():
    url = build_authorize_url({'client_id': 'client-id',
                               'response_type': 'code',
                               'redirect_uri': 'http://callback?param1=value1'})
    resp = requests.get(url, allow_redirects=False)
    assert_status_code(resp, 302)

    url_parts = urlparse.urlparse(resp.headers['location'])
    assert 'callback' == url_parts.netloc
    assert ['code','param1'] == urlparse.parse_qs(url_parts.query).keys()
示例#16
0
def test_should_generate_tokens_using_generate_authorization_token_function():
    # tokens generation is stubbed in tests/helpers.py
    url = build_authorize_url({
        'client_id': '123',
        'response_type': 'code',
        'redirect_uri': 'http://callback'
    })
    resp = requests.get(url, allow_redirects=False)
    assert resp.headers['Location'].startswith(
        'http://callback?code=authorization-code-')
示例#17
0
def test_should_redirect_to_redirect_uri_argument_passing_auth_token_and_state_and_querystring(
):
    url = build_authorize_url({
        'client_id': 'client-id',
        'response_type': 'code',
        'state': 'my-state',
        'redirect_uri': 'http://callback?query=string'
    })
    assert_redirect_parameters_keys(url, 'http://callback',
                                    ['code', 'query', 'state'])
示例#18
0
def test_should_redirect_with_invalid_scope_error():
    url = build_authorize_url({
        'client_id': 'invalid_scope',
        'response_type': 'code',
        'redirect_uri': 'http://callback'
    })
    resp = requests.get(url, allow_redirects=False)
    assert_error_redirect_params(
        resp, 'http://callback', 'invalid_scope',
        'The requested scope is invalid, unknown, or malformed')
示例#19
0
def test_should_redirect_with_temporarily_unavailable_error():
    url = build_authorize_url({
        'client_id': 'temporarily_unavailable',
        'response_type': 'code',
        'redirect_uri': 'http://callback'
    })
    resp = requests.get(url, allow_redirects=False)
    assert_error_redirect_params(
        resp, 'http://callback', 'temporarily_unavailable',
        'The authorization server is currently unable to handle the request')
def test_should_redirect_to_redirect_uri_argument_passing_auth_token():
    # the default behaviour is to redirect, it can be customized using
    # plugins. see usage on oauth2u/tests/server/test_plugins.py and 
    # oauth2u/examples/
    url = build_authorize_url({'client_id': '123',
                               'response_type': 'code',
                               'redirect_uri': 'http://callback'})
    resp = requests.get(url, allow_redirects=False)
    assert 302 == resp.status_code
    assert resp.headers['Location'].startswith('http://callback?code=')
示例#21
0
def test_should_redirect_with_server_error_error():
    url = build_authorize_url({
        'client_id': 'server_error',
        'response_type': 'code',
        'redirect_uri': 'http://callback'
    })
    resp = requests.get(url, allow_redirects=False)
    assert_error_redirect_params(
        resp, 'http://callback', 'server_error',
        'The authorization server encountered an unexpected condition which prevented it from fulfilling the request'
    )
示例#22
0
def test_should_require_response_type_parameter_to_be_code():
    url = build_authorize_url({
        'redirect_uri': 'http://callback/return',
        'client_id': 'client-id',
        'response_type': 'invalid'
    })
    expected_params = {
        'error': 'unsupported_response_type',
        'error_description': 'Supported response_type: code'
    }
    assert_redirect_parameters(url, 'http://callback/return', expected_params)
示例#23
0
def test_should_redirect_with_unauthorized_client_error_if_client_id_cant_request_authorization(
):
    url = build_authorize_url({
        'client_id': 'unauthorized-client',
        'response_type': 'code',
        'redirect_uri': 'http://callback'
    })
    resp = requests.get(url, allow_redirects=False)
    assert_error_redirect_params(
        resp, 'http://callback', 'unauthorized_client',
        'The client is not authorized to request an authorization code using this method'
    )
示例#24
0
def test_should_keep_get_query_string_from_redirect_uri_when_adding_code_parameter(
):
    url = build_authorize_url({
        'client_id': 'client-id',
        'response_type': 'code',
        'redirect_uri': 'http://callback?param1=value1'
    })
    resp = requests.get(url, allow_redirects=False)
    assert_status_code(resp, 302)

    url_parts = urlparse.urlparse(resp.headers['location'])
    assert 'callback' == url_parts.netloc
    assert ['code', 'param1'] == urlparse.parse_qs(url_parts.query).keys()
def test_should_redirect_to_redirect_uri_with_authorization_code_from_plugin():
    http = requests.session()
    url = build_authorize_url({'client_id': 'client-id-verify-access',
                               'response_type': 'code',
                               'redirect_uri': 'http://callback'})
    resp = http.get(url)

    assert 200 == resp.status_code
    assert 'Hello resource owner, do you allow this client to access your resources?' in resp.content

    resp = http.post(url, data={'allow': 'yes'})

    assert_status_code(resp, 302)
    assert resp.headers['Location'].startswith('http://callback?code=authorization-code-')
示例#26
0
def test_should_return_401_with_unregistered_client_id():
    url = build_authorize_url({
        'client_id': 'unregistered-client-id',
        'redirect_uri': 'http://callback/return'
    })
    resp = requests.get(url, allow_redirects=False)
    body = parse_json_response(resp)
    expected_body = {
        'error': 'invalid_client',
        'error_description':
        'Invalid client_id or code on Authorization header'
    }

    assert 401 == resp.status_code
    assert expected_body == body
示例#27
0
def test_should_redirect_to_redirect_uri_with_authorization_code_from_plugin():
    http = requests.session()
    url = build_authorize_url({
        'client_id': 'client-id-verify-access',
        'response_type': 'code',
        'redirect_uri': 'http://callback'
    })
    resp = http.get(url)

    assert 200 == resp.status_code
    assert 'Hello resource owner, do you allow this client to access your resources?' in resp.content

    resp = http.post(url, data={'allow': 'yes'})

    assert_status_code(resp, 302)
    assert resp.headers['Location'].startswith(
        'http://callback?code=authorization-code-')
def test_should_redirect_to_redirect_uri_with_access_denied_from_plugin():
    # there is a plugin on 'authorization-GET' to ask for user permission
    # and a plugin on 'authorization-POST' to simulate a redirect to 
    # success or error, if user allowed of denied
    # in this test, the user will be denied (see client_id)

    http = requests.session()
    url = build_authorize_url({'client_id': 'client-id-verify-access',
                               'response_type': 'code',
                               'redirect_uri': 'http://callback'})
    resp = http.get(url)

    # make sure GET plugin overrides default redirect
    assert 200 == resp.status_code
    assert 'Hello resource owner, do you allow this client to access your resources?' in resp.content

    # simulares a POST denying access from user
    resp = http.post(url, data={'allow': 'no'})
    assert_error_redirect_params(resp, 'http://callback',
                                 'access_denied',
                                 'The resource owner or authorization server denied the request')
示例#29
0
def test_should_redirect_to_redirect_uri_with_access_denied_from_plugin():
    # there is a plugin on 'authorization-GET' to ask for user permission
    # and a plugin on 'authorization-POST' to simulate a redirect to
    # success or error, if user allowed of denied
    # in this test, the user will be denied (see client_id)

    http = requests.session()
    url = build_authorize_url({
        'client_id': 'client-id-verify-access',
        'response_type': 'code',
        'redirect_uri': 'http://callback'
    })
    resp = http.get(url)

    # make sure GET plugin overrides default redirect
    assert 200 == resp.status_code
    assert 'Hello resource owner, do you allow this client to access your resources?' in resp.content

    # simulares a POST denying access from user
    resp = http.post(url, data={'allow': 'no'})
    assert_error_redirect_params(
        resp, 'http://callback', 'access_denied',
        'The resource owner or authorization server denied the request')
示例#30
0
def test_should_require_redirect_uri_parameter():
    # if redirect_uri is not provided I can't redirect with GET
    # parameters, then just return 400 and a body with json
    url = build_authorize_url({'client_id': 'client-id'})
    assert_bad_request_for_required_parameter(url, 'redirect_uri')
示例#31
0
def test_should_require_client_id_parameter():
    url = build_authorize_url({'redirect_uri': 'http://callback/return'})
    assert_bad_request_for_required_parameter(url, 'client_id')
def test_should_require_response_type_argument():
    assert_required_argument(build_authorize_url(), 'response_type')
def test_should_require_response_type_parameter():
    url = build_authorize_url({'redirect_uri': 'http://callback/return',
                               'client_id': 'client-id'})
    assert_required_redirect_parameter(url, 'http://callback/return',
                                       'response_type')
def test_should_require_response_type_argument_to_be_code():
    url = build_authorize_url({'response_type': 'invalid'})
    assert_argument_value(url, 'response_type', 'code')
def test_should_require_client_id_parameter():
    url = build_authorize_url({'redirect_uri': 'http://callback/return'})
    assert_bad_request_for_required_parameter(url, 'client_id')
def test_should_require_redirect_uri_parameter():
    # if redirect_uri is not provided I can't redirect with GET
    # parameters, then just return 400 and a body with json
    url = build_authorize_url({'client_id': 'client-id'})
    assert_bad_request_for_required_parameter(url, 'redirect_uri')
def test_should_redirect_to_redirect_uri_argument_passing_auth_token_and_state_and_querystring():
    url = build_authorize_url({'client_id': 'client-id',
                               'response_type': 'code',
                               'state': 'my-state',
                               'redirect_uri': 'http://callback?query=string'})
    assert_redirect_parameters_keys(url, 'http://callback', ['code','query','state'])
def test_should_require_client_id_argument():
    url = build_authorize_url({'response_type': 'code'})
    assert_required_argument(url, 'client_id')
def test_should_require_redirect_uri_argument():
    # XXX: it should be optional
    url = build_authorize_url({'client_id': '123',
                               'response_type': 'code'})
    assert_required_argument(url, 'redirect_uri')
def test_should_redirect_to_redirect_uri_argument_passing_auth_token():
    url = build_authorize_url({'client_id': 'client-id',
                               'response_type': 'code',
                               'redirect_uri': 'http://callback'})
    assert_redirect_parameters_keys(url, 'http://callback', ['code'])