def testAuthorizationForPublicClient(self):
""" Test that a request for a public client gets accepted without authentication. """
client = PublicClient('publicClient', ['https://return.nonexistent'],
['refresh_token'])
refreshToken = 'publicClientRefreshToken'
request = self.generateValidTokenRequest(
arguments={
'grant_type': 'refresh_token',
'client_id': client.id,
'refresh_token': refreshToken
})
self._REFRESH_TOKEN_STORAGE.store(refreshToken, client,
self._VALID_SCOPE)
newAuthToken = 'tokenForPublicClient'
self._CLIENT_STORAGE.addClient(client)
self._TOKEN_FACTORY.expectTokenRequest(
newAuthToken, self._TOKEN_RESOURCE.authTokenLifeTime, client,
self._VALID_SCOPE)
result = self._TOKEN_RESOURCE.render_POST(request)
self._TOKEN_FACTORY.assertAllTokensRequested()
self.assertValidTokenResponse(request,
result,
newAuthToken,
self._TOKEN_RESOURCE.authTokenLifeTime,
expectedScope=self._VALID_SCOPE)
def testWithoutRedirectUriButClientHasOne(self):
"""
Test that a request without a redirect uri is accepted
if the client has ony one predefined redirect uri.
"""
client = PublicClient('clientWithOneRedirectUri',
self._VALID_CLIENT.redirectUris[:1], [
GrantTypes.AUTHORIZATION_CODE.value,
GrantTypes.IMPLICIT.value
])
parameter = {
'response_type': self._RESPONSE_TYPE,
'client_id': client.id,
'scope': 'All',
'state': b'state\xFF\xFF'
}
self._CLIENT_STORAGE.addClient(client)
request = self.createAuthRequest(arguments=parameter)
result = self._AUTH_RESOURCE.render_GET(request)
parameter['redirect_uri'] = client.redirectUris[0]
self.assertValidAuthRequest(
request,
result,
parameter,
msg='Expected the auth resource to accept a request '
'without a redirect uri if the client has one.')
def testWithoutRedirectUriButClientHasMultiple(self):
"""
Test the rejection of a request without a redirect uri
if the client has more than one predefined redirect uri.
"""
client = PublicClient('clientWithMultipleRedirectUris', ['https://return.nonexistent'] * 2,
['authorization_code'])
request = self.createAuthRequest(arguments={
'response_type': self._RESPONSE_TYPE,
'client_id': client.id,
'scope': 'All',
'state': b'state\xFF\xFF'
})
self._CLIENT_STORAGE.addClient(client)
result = self._AUTH_RESOURCE.render_GET(request)
self.assertFailedRequest(
request, result, MissingParameterError('redirect_uri'),
msg='Expected the auth resource to reject a request without a redirect uri.')
def testPublicClient(self):
""" Test the rejection of a request with a public client. """
client = PublicClient('unauthorizedClientCredentialsGrantClient',
['https://return.nonexistent'],
['client_credentials'])
request = self.generateValidTokenRequest(
arguments={
'grant_type': 'client_credentials',
'scope': ' '.join(self._VALID_SCOPE),
'client_id': client.id
})
self._CLIENT_STORAGE.addClient(client)
result = self._TOKEN_RESOURCE.render_POST(request)
self.assertFailedTokenRequest(
request,
result,
UnauthorizedClientError('client_credentials'),
msg='Expected the resource token to reject a '
'client_credentials request with a public client.')
def testAddClient(self):
""" Test if a client can be added to the client storage. """
client = PublicClient(
'newPublicClientId',
['https://return.nonexistent', 'https://return2.nonexistent'],
[GrantTypes.REFRESH_TOKEN])
self._CLIENT_STORAGE.addClient(client)
self.assertListEqual(
self._CLIENT_STORAGE.getClient(client.id).authorizedGrantTypes,
client.authorizedGrantTypes,
msg=
'Expected the client storage to contain a client after adding him.'
)
client = PasswordClient(
'newPasswordClientId',
['https://return.nonexistent', 'https://return2.nonexistent'],
['client_credentials'], 'newClientSecret')
self._CLIENT_STORAGE.addClient(client)
self.assertEqual(
client.secret,
self._CLIENT_STORAGE.getClient(client.id).secret,
msg=
'Expected the client storage to contain a client after adding him.'
)
class ClientStorageTest(TwistedTestCase):
"""
An abstract test case for ClientStorage implementations. A subclass must
call setupClientStorage with an instance of the client storage to test.
"""
_CLIENT_STORAGE = None
_VALID_CLIENTS = [
getTestPasswordClient(),
PublicClient('publicClient', ['https://return.nonexistent'], [])
]
@classmethod
def setupClientStorage(cls, clientStorage):
"""
Set the client storage implementation to use for the tests.
The client storage must contain all _VALID_CLIENTS.
:param clientStorage: The client storage implementation to test.
"""
cls._CLIENT_STORAGE = clientStorage
def testGetClient(self):
""" Test the retrieval of clients from the client storage. """
for validClient in self._VALID_CLIENTS:
client = self._CLIENT_STORAGE.getClient(validClient.id)
self.assertIsInstance(
client,
Client,
message=
'Expected the client storage to return a client object.')
self.assertIsInstance(
client,
validClient.__class__,
message='Expected the client storage to return a client '
'object of the same subclass as the original client.')
self.assertIsInstance(
client.id,
str,
message='Expected the client id of the client returned '
'by the client storage to be a string.')
self.assertIsInstance(
client.redirectUris,
list,
message='Expected the redirect uris of the client returned '
'by the client storage to be a list.')
for uri in client.redirectUris:
self.assertIsInstance(
uri,
str,
message='Expected all redirect uris of the client '
'returned by the client storage to be a string.')
self.assertIsInstance(
client.authorizedGrantTypes,
list,
message='Expected the authorized grant types of the client '
'returned by the client storage to be a list.')
for grantType in client.authorizedGrantTypes:
self.assertIsInstance(
grantType,
str,
message=
'Expected all grant types of the client returned '
'by the client storage to be a string.')
assertClientEquals(
self,
client,
validClient,
message=
'Expected the attributes of the client returned by the client storage '
'to have the same values as the attributes of the original client.'
)
def testGetNonExistentClient(self):
""" Test handling of requests for clients that do net exist in the client storage. """
self.assertRaises(KeyError, self._CLIENT_STORAGE.getClient,
'nonExistentClientId')