openkylin
/
python-oauthlib
mirror of https://gitee.com/openkylin/python-oauthlib.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
python-oauthlib/tests/oauth2/rfc6749/test_server.py

393 lines
16 KiB
Python
Raw Blame History

# -*- coding: utf-8 -*-
from __future__ import absolute_import, unicode_literals
import json
import mock
from oauthlib import common
from oauthlib.oauth2.rfc6749 import errors, tokens
from oauthlib.oauth2.rfc6749.endpoints import Server
from oauthlib.oauth2.rfc6749.endpoints.authorization import AuthorizationEndpoint
from oauthlib.oauth2.rfc6749.endpoints.resource import ResourceEndpoint
from oauthlib.oauth2.rfc6749.endpoints.token import TokenEndpoint
from oauthlib.oauth2.rfc6749.grant_types import (AuthorizationCodeGrant,
ClientCredentialsGrant,
ImplicitGrant,
ResourceOwnerPasswordCredentialsGrant)
from ...unittest import TestCase
class AuthorizationEndpointTest(TestCase):
def setUp(self):
self.mock_validator = mock.MagicMock()
self.mock_validator.get_code_challenge.return_value = None
self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock())
auth_code = AuthorizationCodeGrant(
request_validator=self.mock_validator)
auth_code.save_authorization_code = mock.MagicMock()
implicit = ImplicitGrant(
request_validator=self.mock_validator)
implicit.save_token = mock.MagicMock()
response_types = {
'code': auth_code,
'token': implicit,
'none': auth_code
}
self.expires_in = 1800
token = tokens.BearerToken(
self.mock_validator,
expires_in=self.expires_in
)
self.endpoint = AuthorizationEndpoint(
default_response_type='code',
default_token_type=token,
response_types=response_types
)
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_authorization_grant(self):
uri = 'http://i.b/l?response_type=code&client_id=me&scope=all+of+them&state=xyz'
uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme'
headers, body, status_code = self.endpoint.create_authorization_response(
uri, scopes=['all', 'of', 'them'])
self.assertIn('Location', headers)
self.assertURLEqual(headers['Location'], 'http://back.to/me?code=abc&state=xyz')
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_implicit_grant(self):
uri = 'http://i.b/l?response_type=token&client_id=me&scope=all+of+them&state=xyz'
uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme'
headers, body, status_code = self.endpoint.create_authorization_response(
uri, scopes=['all', 'of', 'them'])
self.assertIn('Location', headers)
self.assertURLEqual(headers['Location'], 'http://back.to/me#access_token=abc&expires_in=' + str(self.expires_in) + '&token_type=Bearer&state=xyz&scope=all+of+them', parse_fragment=True)
def test_none_grant(self):
uri = 'http://i.b/l?response_type=none&client_id=me&scope=all+of+them&state=xyz'
uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme'
headers, body, status_code = self.endpoint.create_authorization_response(
uri, scopes=['all', 'of', 'them'])
self.assertIn('Location', headers)
self.assertURLEqual(headers['Location'], 'http://back.to/me?state=xyz', parse_fragment=True)
self.assertEqual(body, None)
self.assertEqual(status_code, 302)
# and without the state parameter
uri = 'http://i.b/l?response_type=none&client_id=me&scope=all+of+them'
uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme'
headers, body, status_code = self.endpoint.create_authorization_response(
uri, scopes=['all', 'of', 'them'])
self.assertIn('Location', headers)
self.assertURLEqual(headers['Location'], 'http://back.to/me', parse_fragment=True)
self.assertEqual(body, None)
self.assertEqual(status_code, 302)
def test_missing_type(self):
uri = 'http://i.b/l?client_id=me&scope=all+of+them'
uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme'
self.mock_validator.validate_request = mock.MagicMock(
side_effect=errors.InvalidRequestError())
headers, body, status_code = self.endpoint.create_authorization_response(
uri, scopes=['all', 'of', 'them'])
self.assertIn('Location', headers)
self.assertURLEqual(headers['Location'], 'http://back.to/me?error=invalid_request&error_description=Missing+response_type+parameter.')
def test_invalid_type(self):
uri = 'http://i.b/l?response_type=invalid&client_id=me&scope=all+of+them'
uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme'
self.mock_validator.validate_request = mock.MagicMock(
side_effect=errors.UnsupportedResponseTypeError())
headers, body, status_code = self.endpoint.create_authorization_response(
uri, scopes=['all', 'of', 'them'])
self.assertIn('Location', headers)
self.assertURLEqual(headers['Location'], 'http://back.to/me?error=unsupported_response_type')
class TokenEndpointTest(TestCase):
def setUp(self):
def set_user(request):
request.user = mock.MagicMock()
request.client = mock.MagicMock()
request.client.client_id = 'mocked_client_id'
return True
self.mock_validator = mock.MagicMock()
self.mock_validator.authenticate_client.side_effect = set_user
self.mock_validator.get_code_challenge.return_value = None
self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock())
auth_code = AuthorizationCodeGrant(
request_validator=self.mock_validator)
password = ResourceOwnerPasswordCredentialsGrant(
request_validator=self.mock_validator)
client = ClientCredentialsGrant(
request_validator=self.mock_validator)
supported_types = {
'authorization_code': auth_code,
'password': password,
'client_credentials': client,
}
self.expires_in = 1800
token = tokens.BearerToken(
self.mock_validator,
expires_in=self.expires_in
)
self.endpoint = TokenEndpoint(
'authorization_code',
default_token_type=token,
grant_types=supported_types
)
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_authorization_grant(self):
body = 'grant_type=authorization_code&code=abc&scope=all+of+them'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
token = {
'token_type': 'Bearer',
'expires_in': self.expires_in,
'access_token': 'abc',
'refresh_token': 'abc',
'scope': 'all of them'
}
self.assertEqual(json.loads(body), token)
body = 'grant_type=authorization_code&code=abc'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
token = {
'token_type': 'Bearer',
'expires_in': self.expires_in,
'access_token': 'abc',
'refresh_token': 'abc'
}
self.assertEqual(json.loads(body), token)
# try with additional custom variables
body = 'grant_type=authorization_code&code=abc&state=foobar'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
self.assertEqual(json.loads(body), token)
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_password_grant(self):
body = 'grant_type=password&username=a&password=hello&scope=all+of+them'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
token = {
'token_type': 'Bearer',
'expires_in': self.expires_in,
'access_token': 'abc',
'refresh_token': 'abc',
'scope': 'all of them',
}
self.assertEqual(json.loads(body), token)
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_client_grant(self):
body = 'grant_type=client_credentials&scope=all+of+them'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
token = {
'token_type': 'Bearer',
'expires_in': self.expires_in,
'access_token': 'abc',
'scope': 'all of them',
}
self.assertEqual(json.loads(body), token)
def test_missing_type(self):
_, body, _ = self.endpoint.create_token_response('', body='')
token = {'error': 'unsupported_grant_type'}
self.assertEqual(json.loads(body), token)
def test_invalid_type(self):
body = 'grant_type=invalid'
_, body, _ = self.endpoint.create_token_response('', body=body)
token = {'error': 'unsupported_grant_type'}
self.assertEqual(json.loads(body), token)
class SignedTokenEndpointTest(TestCase):
def setUp(self):
self.expires_in = 1800
def set_user(request):
request.user = mock.MagicMock()
request.client = mock.MagicMock()
request.client.client_id = 'mocked_client_id'
return True
self.mock_validator = mock.MagicMock()
self.mock_validator.get_code_challenge.return_value = None
self.mock_validator.authenticate_client.side_effect = set_user
self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock())
self.private_pem = """
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA6TtDhWGwzEOWZP6m/zHoZnAPLABfetvoMPmxPGjFjtDuMRPv
EvI1sbixZBjBtdnc5rTtHUUQ25Am3JzwPRGo5laMGbj1pPyCPxlVi9LK82HQNX0B
YK7tZtVfDHElQA7F4v3j9d3rad4O9/n+lyGIQ0tT7yQcBm2A8FEaP0bZYCLMjwMN
WfaVLE8eXHyv+MfpNNLI9wttLxygKYM48I3NwsFuJgOa/KuodXaAmf8pJnx8t1Wn
nxvaYXFiUn/TxmhM/qhemPa6+0nqq+aWV5eT7xn4K/ghLgNs09v6Yge0pmPl9Oz+
+bjJ+aKRnAmwCOY8/5U5EilAiUOeBoO9+8OXtwIDAQABAoIBAGFTTbXXMkPK4HN8
oItVdDlrAanG7hECuz3UtFUVE3upS/xG6TjqweVLwRqYCh2ssDXFwjy4mXRGDzF4
e/e/6s9Txlrlh/w1MtTJ6ZzTdcViR9RKOczysjZ7S5KRlI3KnGFAuWPcG2SuOWjZ
dZfzcj1Crd/ZHajBAVFHRsCo/ATVNKbTRprFfb27xKpQ2BwH/GG781sLE3ZVNIhs
aRRaED4622kI1E/WXws2qQMqbFKzo0m1tPbLb3Z89WgZJ/tRQwuDype1Vfm7k6oX
xfbp3948qSe/yWKRlMoPkleji/WxPkSIalzWSAi9ziN/0Uzhe65FURgrfHL3XR1A
B8UR+aECgYEA7NPQZV4cAikk02Hv65JgISofqV49P8MbLXk8sdnI1n7Mj10TgzU3
lyQGDEX4hqvT0bTXe4KAOxQZx9wumu05ejfzhdtSsEm6ptGHyCdmYDQeV0C/pxDX
JNCK8XgMku2370XG0AnyBCT7NGlgtDcNCQufcesF2gEuoKiXg6Zjo7sCgYEA/Bzs
9fWGZZnSsMSBSW2OYbFuhF3Fne0HcxXQHipl0Rujc/9g0nccwqKGizn4fGOE7a8F
usQgJoeGcinL7E9OEP/uQ9VX1C9RNVjIxP1O5/Guw1zjxQQYetOvbPhN2QhD1Ye7
0TRKrW1BapcjwLpFQlVg1ZeTPOi5lv24W/wX9jUCgYEAkrMSX/hPuTbrTNVZ3L6r
NV/2hN+PaTPeXei/pBuXwOaCqDurnpcUfFcgN/IP5LwDVd+Dq0pHTFFDNv45EFbq
R77o5n3ZVsIVEMiyJ1XgoK8oLDw7e61+15smtjT69Piz+09pu+ytMcwGn4y3Dmsb
dALzHYnL8iLRU0ubrz0ec4kCgYAJiVKRTzNBPptQom49h85d9ac3jJCAE8o3WTjh
Gzt0uHXrWlqgO280EY/DTnMOyXjqwLcXxHlu26uDP/99tdY/IF8z46sJ1KxetzgI
84f7kBHLRAU9m5UNeFpnZdEUB5MBTbwWAsNcYgiabpMkpCcghjg+fBhOsoLqqjhC
CnwhjQKBgQDkv0QTdyBU84TE8J0XY3eLQwXbrvG2yD5A2ntN3PyxGEneX5WTJGMZ
xJxwaFYQiDS3b9E7b8Q5dg8qa5Y1+epdhx3cuQAWPm+AoHKshDfbRve4txBDQAqh
c6MxSWgsa+2Ld5SWSNbGtpPcmEM3Fl5ttMCNCKtNc0UE16oHwaPAIw==
-----END RSA PRIVATE KEY-----
"""
self.public_pem = """
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6TtDhWGwzEOWZP6m/zHo
ZnAPLABfetvoMPmxPGjFjtDuMRPvEvI1sbixZBjBtdnc5rTtHUUQ25Am3JzwPRGo
5laMGbj1pPyCPxlVi9LK82HQNX0BYK7tZtVfDHElQA7F4v3j9d3rad4O9/n+lyGI
Q0tT7yQcBm2A8FEaP0bZYCLMjwMNWfaVLE8eXHyv+MfpNNLI9wttLxygKYM48I3N
wsFuJgOa/KuodXaAmf8pJnx8t1WnnxvaYXFiUn/TxmhM/qhemPa6+0nqq+aWV5eT
7xn4K/ghLgNs09v6Yge0pmPl9Oz++bjJ+aKRnAmwCOY8/5U5EilAiUOeBoO9+8OX
twIDAQAB
-----END PUBLIC KEY-----
"""
signed_token = tokens.signed_token_generator(self.private_pem,
user_id=123)
self.endpoint = Server(
self.mock_validator,
token_expires_in=self.expires_in,
token_generator=signed_token,
refresh_token_generator=tokens.random_token_generator
)
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_authorization_grant(self):
body = 'client_id=me&redirect_uri=http%3A%2F%2Fback.to%2Fme&grant_type=authorization_code&code=abc&scope=all+of+them'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
body = json.loads(body)
token = {
'token_type': 'Bearer',
'expires_in': self.expires_in,
'access_token': body['access_token'],
'refresh_token': 'abc',
'scope': 'all of them'
}
self.assertEqual(body, token)
body = 'client_id=me&redirect_uri=http%3A%2F%2Fback.to%2Fme&grant_type=authorization_code&code=abc'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
body = json.loads(body)
token = {
'token_type': 'Bearer',
'expires_in': self.expires_in,
'access_token': body['access_token'],
'refresh_token': 'abc'
}
self.assertEqual(body, token)
# try with additional custom variables
body = 'client_id=me&redirect_uri=http%3A%2F%2Fback.to%2Fme&grant_type=authorization_code&code=abc&state=foobar'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
body = json.loads(body)
token = {
'token_type': 'Bearer',
'expires_in': self.expires_in,
'access_token': body['access_token'],
'refresh_token': 'abc'
}
self.assertEqual(body, token)
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_password_grant(self):
body = 'grant_type=password&username=a&password=hello&scope=all+of+them'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
body = json.loads(body)
token = {
'token_type': 'Bearer',
'expires_in': self.expires_in,
'access_token': body['access_token'],
'refresh_token': 'abc',
'scope': 'all of them',
}
self.assertEqual(body, token)
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_scopes_and_user_id_stored_in_access_token(self):
body = 'grant_type=password&username=a&password=hello&scope=all+of+them'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
access_token = json.loads(body)['access_token']
claims = common.verify_signed_token(self.public_pem, access_token)
self.assertEqual(claims['scope'], 'all of them')
self.assertEqual(claims['user_id'], 123)
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_client_grant(self):
body = 'grant_type=client_credentials&scope=all+of+them'
headers, body, status_code = self.endpoint.create_token_response(
'', body=body)
body = json.loads(body)
token = {
'token_type': 'Bearer',
'expires_in': self.expires_in,
'access_token': body['access_token'],
'scope': 'all of them',
}
self.assertEqual(body, token)
def test_missing_type(self):
_, body, _ = self.endpoint.create_token_response('', body='client_id=me&redirect_uri=http%3A%2F%2Fback.to%2Fme&code=abc')
token = {'error': 'unsupported_grant_type'}
self.assertEqual(json.loads(body), token)
def test_invalid_type(self):
body = 'client_id=me&redirect_uri=http%3A%2F%2Fback.to%2Fme&grant_type=invalid&code=abc'
_, body, _ = self.endpoint.create_token_response('', body=body)
token = {'error': 'unsupported_grant_type'}
self.assertEqual(json.loads(body), token)
class ResourceEndpointTest(TestCase):
def setUp(self):
self.mock_validator = mock.MagicMock()
self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock())
token = tokens.BearerToken(request_validator=self.mock_validator)
self.endpoint = ResourceEndpoint(
default_token='Bearer',
token_types={'Bearer': token}
)
def test_defaults(self):
uri = 'http://a.b/path?some=query'
self.mock_validator.validate_bearer_token.return_value = False
valid, request = self.endpoint.verify_request(uri)
self.assertFalse(valid)
self.assertEqual(request.token_type, 'Bearer')
Reference in New Issue View Git Blame Copy Permalink