Revision 0a3ff8a6 snf-astakos-app/astakos/oa2/tests/djangobackend.py
| b/snf-astakos-app/astakos/oa2/tests/djangobackend.py | ||
|---|---|---|
| 38 | 38 |
import datetime |
| 39 | 39 |
|
| 40 | 40 |
from collections import namedtuple |
| 41 |
from urltools import normalize |
|
| 41 | 42 |
|
| 42 | 43 |
from django.test import TransactionTestCase as TestCase |
| 43 | 44 |
from django.test import Client as TestClient |
| ... | ... | |
| 49 | 50 |
from astakos.oa2.models import Client, AuthorizationCode, Token |
| 50 | 51 |
from astakos.im.tests import common |
| 51 | 52 |
|
| 53 |
from synnefo.util.text import uenc |
|
| 54 |
|
|
| 52 | 55 |
|
| 53 | 56 |
ParsedURL = namedtuple('ParsedURL', ['host', 'scheme', 'path', 'params',
|
| 54 | 57 |
'url']) |
| ... | ... | |
| 216 | 219 |
self.assertEqual(token.token_type, token_type) |
| 217 | 220 |
self.assertEqual(token.grant_type, 'authorization_code') |
| 218 | 221 |
#self.assertEqual(token.user, expected.get('user'))
|
| 219 |
self.assertEqual(token.redirect_uri, expected.get('redirect_uri'))
|
|
| 220 |
self.assertEqual(token.scope, expected.get('scope'))
|
|
| 222 |
self.assertEqual(normalize(uenc(token.redirect_uri)), |
|
| 223 |
normalize(uenc(expected.get('redirect_uri'))))
|
|
| 224 |
self.assertEqual(normalize(uenc(token.scope)), |
|
| 225 |
normalize(uenc(expected.get('scope'))))
|
|
| 221 | 226 |
self.assertEqual(token.state, expected.get('state'))
|
| 222 | 227 |
except Token.DoesNotExist: |
| 223 | 228 |
self.fail("Invalid access_token")
|
| ... | ... | |
| 271 | 276 |
|
| 272 | 277 |
# mixed up credentials/client_id's |
| 273 | 278 |
self.client.set_credentials('client1', 'secret')
|
| 274 |
r = self.client.authorize_code('client2')
|
|
| 279 |
r = self.client.authorize_code('client3')
|
|
| 275 | 280 |
self.assertEqual(r.status_code, 400) |
| 276 | 281 |
self.assertCount(AuthorizationCode, 0) |
| 277 | 282 |
|
| ... | ... | |
| 342 | 347 |
# valid request: trusted client |
| 343 | 348 |
params = {'redirect_uri': self.client3_redirect_uri,
|
| 344 | 349 |
'scope': self.client3_redirect_uri, |
| 345 |
'extra_param': '123'}
|
|
| 350 |
'extra_param': 'γιουνικοντ'}
|
|
| 346 | 351 |
self.client.set_credentials('client3', 'secret')
|
| 347 | 352 |
r = self.client.authorize_code('client3', urlparams=params)
|
| 348 | 353 |
self.assertEqual(r.status_code, 302) |
| ... | ... | |
| 413 | 418 |
r = self.client.authorize_code('client3', urlparams=params)
|
| 414 | 419 |
self.assertEqual(r.status_code, 400) |
| 415 | 420 |
|
| 421 |
# redirect uri descendant |
|
| 422 |
redirect_uri = '%s/more?α=γιουνικοντ' % self.client3_redirect_uri |
|
| 423 |
params['redirect_uri'] = redirect_uri |
|
| 424 |
self.client.set_credentials('client3', 'secret')
|
|
| 425 |
r = self.client.authorize_code('client3', urlparams=params)
|
|
| 426 |
self.assertEqual(r.status_code, 302) |
|
| 427 |
self.assertCount(AuthorizationCode, 6) |
|
| 428 |
|
|
| 429 |
# redirect is valid |
|
| 430 |
redirect = self.get_redirect_url(r) |
|
| 431 |
self.assertParam(redirect, "code") |
|
| 432 |
self.assertParamEqual(redirect, "state", 'csrfstate') |
|
| 433 |
self.assertNoParam(redirect, "extra_param") |
|
| 434 |
self.assertHost(redirect, "server3.com") |
|
| 435 |
self.assertPath(redirect, urlparse.urlparse(redirect_uri).path) |
|
| 436 |
|
|
| 437 |
code = AuthorizationCode.objects.get(code=redirect.params['code'][0]) |
|
| 438 |
self.assertEqual(code.state, 'csrfstate') |
|
| 439 |
self.assertEqual(normalize(uenc(code.redirect_uri)), |
|
| 440 |
normalize(uenc(redirect_uri))) |
|
| 441 |
|
|
| 416 | 442 |
def test_get_token(self): |
| 417 | 443 |
# invalid method |
| 418 | 444 |
r = self.client.get(self.client.token_url) |
| ... | ... | |
| 526 | 552 |
'scope': redirect_uri, |
| 527 | 553 |
'state': None} |
| 528 | 554 |
self.assert_access_token_response(r, expected) |
| 555 |
|
|
| 556 |
redirect_uri = '%s/more?α=γιουνικοντ' % self.client3_redirect_uri |
|
| 557 |
params = {'redirect_uri': redirect_uri}
|
|
| 558 |
r = self.client.authorize_code('client3', urlparams=params)
|
|
| 559 |
self.assertCount(AuthorizationCode, 1) |
|
| 560 |
redirect = self.get_redirect_url(r) |
|
| 561 |
code_instance = AuthorizationCode.objects.get( |
|
| 562 |
code=redirect.params['code'][0]) |
|
| 563 |
|
|
| 564 |
# valid request |
|
| 565 |
self.client.set_credentials('client3', 'secret')
|
|
| 566 |
r = self.client.access_token(code_instance.code, |
|
| 567 |
redirect_uri='%sa' % redirect_uri) |
|
| 568 |
self.assertEqual(r.status_code, 400) |
|
| 569 |
|
|
| 570 |
r = self.client.access_token(code_instance.code, |
|
| 571 |
redirect_uri=redirect_uri) |
|
| 572 |
self.assertCount(AuthorizationCode, 0) # assert code is consumed |
|
| 573 |
self.assertCount(Token, 3) |
|
| 574 |
expected = {'redirect_uri': redirect_uri,
|
|
| 575 |
'scope': redirect_uri, |
|
| 576 |
'state': None} |
|
| 577 |
self.assert_access_token_response(r, expected) |
|
Also available in: Unified diff