Revision c985de5c
| b/snf-astakos-app/astakos/oa2/tests/djangobackend.py | ||
|---|---|---|
| 44 | 44 |
from django.core.urlresolvers import reverse |
| 45 | 45 |
from django.utils import simplejson as json |
| 46 | 46 |
|
| 47 |
from astakos.oa2 import settings |
|
| 47 | 48 |
from astakos.oa2.models import Client, AuthorizationCode, Token |
| 48 | 49 |
from astakos.im.tests import common |
| 49 | 50 |
|
| ... | ... | |
| 384 | 385 |
self.assertEqual(r.status_code, 400) |
| 385 | 386 |
|
| 386 | 387 |
# redirect uri descendant |
| 387 |
redirect_uri = '%s/more' % self.client3_redirect_uri |
|
| 388 |
redirect_uri = '%s/' % self.client3_redirect_uri |
|
| 389 |
rest = settings.MAXIMUM_ALLOWED_REDIRECT_URI_LENGTH - len(redirect_uri) |
|
| 390 |
redirect_uri = '%s%s' % (redirect_uri, 'a'*rest) |
|
| 388 | 391 |
params['redirect_uri'] = redirect_uri |
| 389 | 392 |
self.client.set_credentials('client3', 'secret')
|
| 390 | 393 |
r = self.client.authorize_code('client3', urlparams=params)
|
| ... | ... | |
| 401 | 404 |
|
| 402 | 405 |
code = AuthorizationCode.objects.get(code=redirect.params['code'][0]) |
| 403 | 406 |
self.assertEqual(code.state, 'csrfstate') |
| 404 |
self.assertEqual(code.redirect_uri, |
|
| 405 |
'%s/more' % self.client3_redirect_uri) |
|
| 407 |
self.assertEqual(code.redirect_uri, redirect_uri) |
|
| 406 | 408 |
|
| 407 | 409 |
# too long redirect uri |
| 408 |
redirect_uri = '%s?foo=%s' % (self.client3_redirect_uri, 'a'*10000) |
|
| 409 |
params['redirect_uri'] = redirect_uri |
|
| 410 |
params['redirect_uri'] = '%sa' % redirect_uri |
|
| 410 | 411 |
self.client.set_credentials('client3', 'secret')
|
| 411 | 412 |
r = self.client.authorize_code('client3', urlparams=params)
|
| 412 | 413 |
self.assertEqual(r.status_code, 400) |
| ... | ... | |
| 500 | 501 |
self.assert_access_token_response(r, expected) |
| 501 | 502 |
|
| 502 | 503 |
# generate authorization code with too long redirect_uri |
| 503 |
redirect_uri = '%s/%s' % (self.client3_redirect_uri, 'a'*2000) |
|
| 504 |
redirect_uri = '%s/' % self.client3_redirect_uri |
|
| 505 |
rest = settings.MAXIMUM_ALLOWED_REDIRECT_URI_LENGTH - len(redirect_uri) |
|
| 506 |
redirect_uri = '%s%s' % (redirect_uri, 'a'*rest) |
|
| 504 | 507 |
params = {'redirect_uri': redirect_uri}
|
| 505 | 508 |
r = self.client.authorize_code('client3', urlparams=params)
|
| 506 | 509 |
self.assertCount(AuthorizationCode, 1) |
| ... | ... | |
| 511 | 514 |
# valid request |
| 512 | 515 |
self.client.set_credentials('client3', 'secret')
|
| 513 | 516 |
r = self.client.access_token(code_instance.code, |
| 517 |
redirect_uri='%sa' % redirect_uri) |
|
| 518 |
self.assertEqual(r.status_code, 400) |
|
| 519 |
|
|
| 520 |
r = self.client.access_token(code_instance.code, |
|
| 514 | 521 |
redirect_uri=redirect_uri) |
| 515 | 522 |
self.assertCount(AuthorizationCode, 0) # assert code is consumed |
| 516 | 523 |
self.assertCount(Token, 2) |
Also available in: Unified diff