def assert_error_response_body(response, error, error_description): body = parse_json_response(response) expected_body = {'error': error, 'error_description': error_description} assert 400 == response.status_code assert expected_body == body assert_has_no_cache_headers(response)
def assert_valid_access_token(response): body = parse_json_response(response) assert 200 == response.status_code assert ['access_token', 'token_type', 'expires_in'] == body.keys() assert body['access_token'].startswith('access-token-') assert 'bearer' == body['token_type'] assert_has_no_cache_headers(response)
def assert_bad_request_for_required_parameter(url, missing_parameter): resp = requests.get(url, allow_redirects=False) body = parse_json_response(resp) expected_body = {'error': 'invalid_request', 'error_description': 'Parameter %s is required' % missing_parameter} assert 400 == resp.status_code assert expected_body == body
def assert_unauthorized(response): expected_response = { 'error': 'invalid_client', 'error_description': 'Invalid client_id or code on Authorization header', } assert 401 == response.status_code assert expected_response == parse_json_response(response) assert 'Basic realm="OAuth 2.0 Secure Area"' == response.headers.get('WWW-Authenticate') assert_has_no_cache_headers(response)
def assert_error_response_body(response, error, error_description): body = parse_json_response(response) expected_body = { 'error': error, 'error_description': error_description } assert 400 == response.status_code assert expected_body == body assert_has_no_cache_headers(response)
def test_should_return_401_with_unregistered_client_id(): url = build_authorize_url({'client_id': 'unregistered-client-id', 'redirect_uri': 'http://callback/return'}) resp = requests.get(url, allow_redirects=False) body = parse_json_response(resp) expected_body = {'error': 'invalid_client', 'error_description': 'Invalid client_id or code on Authorization header'} assert 401 == resp.status_code assert expected_body == body
def assert_bad_request_for_required_parameter(url, missing_parameter): resp = requests.get(url, allow_redirects=False) body = parse_json_response(resp) expected_body = { 'error': 'invalid_request', 'error_description': 'Parameter %s is required' % missing_parameter } assert 400 == resp.status_code assert expected_body == body
def assert_unauthorized(response): expected_response = { 'error': 'invalid_client', 'error_description': 'Invalid client_id or code on Authorization header', } assert 401 == response.status_code assert expected_response == parse_json_response(response) assert 'Basic realm="OAuth 2.0 Secure Area"' == response.headers.get( 'WWW-Authenticate') assert_has_no_cache_headers(response)
def test_should_return_400_with_invalid_request_error_if_base64_header_could_not_be_decoded(): url = build_access_token_url({"grant_type": "authorization_code", "code": "ccc", "redirect_uri": "http://callback"}) valid_headers = { "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8", "Authorization": "Basic this-is-not-base-64", } expected_response = { "error": "invalid_request", "error_description": "Base 64 from Authorization header could not be decoded", } resp = requests.post(url, headers=valid_headers) assert 400 == resp.status_code assert expected_response == parse_json_response(resp)
def test_should_allow_json_response_customization_via_plugin(): client_id = "client-id-from-access-token-tests" code = request_authorization_code(client_id) url = build_access_token_url({"grant_type": "authorization_code", "code": code, "redirect_uri": "http://callback"}) valid_headers = { "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8", "Authorization": build_basic_authorization_header(client_id, code), } resp = requests.post(url, headers=valid_headers) body = parse_json_response(resp) assert 200 == resp.status_code assert "Igor Sobreira" == body.get("user_name", "")
def check_multiple_users_with_client_ids(bob_client_id, ted_client_id): bob_code = request_authorization_code(bob_client_id) ted_code = request_authorization_code(ted_client_id) bob_url = build_access_token_url( {"grant_type": "authorization_code", "code": bob_code, "redirect_uri": "http://callback"} ) ted_url = build_access_token_url( {"grant_type": "authorization_code", "code": ted_code, "redirect_uri": "http://callback"} ) bob_response = requests.post( bob_url, headers={ "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8", "Authorization": build_basic_authorization_header(bob_client_id, bob_code), }, ) ted_response = requests.post( ted_url, headers={ "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8", "Authorization": build_basic_authorization_header(ted_client_id, ted_code), }, ) assert 200 == bob_response.status_code assert 200 == ted_response.status_code bob_json = parse_json_response(bob_response) ted_json = parse_json_response(ted_response) assert ["access_token", "token_type", "expires_in"] == bob_json.keys() assert ["access_token", "token_type", "expires_in"] == ted_json.keys() assert bob_json["access_token"] != ted_json["access_token"]
def test_should_return_401_with_unregistered_client_id(): url = build_authorize_url({ 'client_id': 'unregistered-client-id', 'redirect_uri': 'http://callback/return' }) resp = requests.get(url, allow_redirects=False) body = parse_json_response(resp) expected_body = { 'error': 'invalid_client', 'error_description': 'Invalid client_id or code on Authorization header' } assert 401 == resp.status_code assert expected_body == body
def test_should_return_401_with_invalid_client_error_if_invalid_code_on_Authorization_header(): code = request_authorization_code("client-id") url = build_access_token_url({"grant_type": "authorization_code", "code": code, "redirect_uri": "http://callback"}) valid_headers = { "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8", "Authorization": build_basic_authorization_header("client-id", "INVALIDCODE"), } resp = requests.post(url, headers=valid_headers) expected_response = { "error": "invalid_client", "error_description": "Invalid client_id or code on Authorization header", } assert expected_response == parse_json_response(resp) assert 401 == resp.status_code assert 'Basic realm="OAuth 2.0 Secure Area"' == resp.headers.get("WWW-Authenticate")
def test_happy_path_should_return_access_token_if_valid_authorization_code(): # tokens generation is stubbed in tests/helpers.py client_id = "client1" code = request_authorization_code(client_id) url = build_access_token_url({"grant_type": "authorization_code", "code": code, "redirect_uri": "http://callback"}) valid_headers = { "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8", "Authorization": build_basic_authorization_header(client_id, code), } resp = requests.post(url, headers=valid_headers) body = parse_json_response(resp) assert 200 == resp.status_code assert ["access_token", "token_type", "expires_in"] == body.keys() assert body["access_token"].startswith("access-token-") assert "bearer" == body["token_type"]