def test_authenticate_client(self): request = testing.FakeRequest(headers={}) # The authorization header is required self.assertRaises(HTTPUnauthorized, authenticate_client, request) request = testing.FakeRequest( headers={'Authorization': 'Advanced foobar'}) # Only the basic method is allowed self.assertRaises(HTTPUnauthorized, authenticate_client, request) request = testing.FakeRequest(headers={ 'Authorization': auth_basic_encode('foo', 'bar'), }, db=self.db) # Invalid user:password self.assertRaises(HTTPUnauthorized, authenticate_client, request) self.db.applications.insert({ 'client_id': '123456', 'client_secret': 'secret', }) request = testing.FakeRequest(headers={ 'Authorization': auth_basic_encode('123456', 'secret'), }, db=self.db) res = authenticate_client(request) self.assertEqual(res['client_id'], '123456') self.assertEqual(res['client_secret'], 'secret')
def token_endpoint(request): app = authenticate_client(request) grant_type = request.POST.get('grant_type') if grant_type is None: return HTTPBadRequest('Missing required grant_type') if grant_type != 'authorization_code': return HTTPNotImplemented('Only authorization_code is supported') code = request.POST.get('code') if code is None: return HTTPBadRequest('Missing required code') authorizator = Authorizator(request.db, app) grant = authorizator.auth_codes.find(code) if grant is None: return HTTPUnauthorized() # TODO: check if the grant is rotten if app['client_id'] != grant['client_id']: return HTTPUnauthorized() authorizator.auth_codes.remove(grant) request.response.headers['Cache-Control'] = 'no-store' request.response.headers['Pragma'] = 'no-cache' access_code = authorizator.access_codes.create(grant['user'], grant) return { 'access_code': access_code, 'token_type': 'bearer', 'expires_in': 3600, 'scope': grant['scope'], }