Revision c985de5c
b/snf-astakos-app/astakos/oa2/tests/djangobackend.py | ||
---|---|---|
44 | 44 |
from django.core.urlresolvers import reverse |
45 | 45 |
from django.utils import simplejson as json |
46 | 46 |
|
47 |
from astakos.oa2 import settings |
|
47 | 48 |
from astakos.oa2.models import Client, AuthorizationCode, Token |
48 | 49 |
from astakos.im.tests import common |
49 | 50 |
|
... | ... | |
384 | 385 |
self.assertEqual(r.status_code, 400) |
385 | 386 |
|
386 | 387 |
# redirect uri descendant |
387 |
redirect_uri = '%s/more' % self.client3_redirect_uri |
|
388 |
redirect_uri = '%s/' % self.client3_redirect_uri |
|
389 |
rest = settings.MAXIMUM_ALLOWED_REDIRECT_URI_LENGTH - len(redirect_uri) |
|
390 |
redirect_uri = '%s%s' % (redirect_uri, 'a'*rest) |
|
388 | 391 |
params['redirect_uri'] = redirect_uri |
389 | 392 |
self.client.set_credentials('client3', 'secret') |
390 | 393 |
r = self.client.authorize_code('client3', urlparams=params) |
... | ... | |
401 | 404 |
|
402 | 405 |
code = AuthorizationCode.objects.get(code=redirect.params['code'][0]) |
403 | 406 |
self.assertEqual(code.state, 'csrfstate') |
404 |
self.assertEqual(code.redirect_uri, |
|
405 |
'%s/more' % self.client3_redirect_uri) |
|
407 |
self.assertEqual(code.redirect_uri, redirect_uri) |
|
406 | 408 |
|
407 | 409 |
# too long redirect uri |
408 |
redirect_uri = '%s?foo=%s' % (self.client3_redirect_uri, 'a'*10000) |
|
409 |
params['redirect_uri'] = redirect_uri |
|
410 |
params['redirect_uri'] = '%sa' % redirect_uri |
|
410 | 411 |
self.client.set_credentials('client3', 'secret') |
411 | 412 |
r = self.client.authorize_code('client3', urlparams=params) |
412 | 413 |
self.assertEqual(r.status_code, 400) |
... | ... | |
500 | 501 |
self.assert_access_token_response(r, expected) |
501 | 502 |
|
502 | 503 |
# generate authorization code with too long redirect_uri |
503 |
redirect_uri = '%s/%s' % (self.client3_redirect_uri, 'a'*2000) |
|
504 |
redirect_uri = '%s/' % self.client3_redirect_uri |
|
505 |
rest = settings.MAXIMUM_ALLOWED_REDIRECT_URI_LENGTH - len(redirect_uri) |
|
506 |
redirect_uri = '%s%s' % (redirect_uri, 'a'*rest) |
|
504 | 507 |
params = {'redirect_uri': redirect_uri} |
505 | 508 |
r = self.client.authorize_code('client3', urlparams=params) |
506 | 509 |
self.assertCount(AuthorizationCode, 1) |
... | ... | |
511 | 514 |
# valid request |
512 | 515 |
self.client.set_credentials('client3', 'secret') |
513 | 516 |
r = self.client.access_token(code_instance.code, |
517 |
redirect_uri='%sa' % redirect_uri) |
|
518 |
self.assertEqual(r.status_code, 400) |
|
519 |
|
|
520 |
r = self.client.access_token(code_instance.code, |
|
514 | 521 |
redirect_uri=redirect_uri) |
515 | 522 |
self.assertCount(AuthorizationCode, 0) # assert code is consumed |
516 | 523 |
self.assertCount(Token, 2) |
Also available in: Unified diff