* added support for empty strings of `client_secret`

* added LegacyApplicationClient tests to ensure the grant supports a variety of allowed methods
author: jonathan vanasco <jonathan@2xlp.com> 2018-09-17 13:18:36 -0400
committer: jonathan vanasco <jonathan@2xlp.com> 2018-09-17 13:20:15 -0400
commit: e7bd936434f7268b0453fd25c637034f7efd8168 (patch)
tree: 898a4a48cec0e216f84de759e8a8429924735095 /tests/oauth2
parent: c8fcbf87ca38faa4dfbe56d0609a4ce15c2d7aca (diff)
download: oauthlib-e7bd936434f7268b0453fd25c637034f7efd8168.tar.gz
2 files changed, 48 insertions, 10 deletions
diff --git a/tests/oauth2/rfc6749/clients/test_legacy_application.py b/tests/oauth2/rfc6749/clients/test_legacy_application.py
index 1e11112..4e518e8 100644
--- a/tests/oauth2/rfc6749/clients/test_legacy_application.py
+++ b/tests/oauth2/rfc6749/clients/test_legacy_application.py
@@ -15,6 +15,7 @@ from ....unittest import TestCase
 class LegacyApplicationClientTest(TestCase):
 
     client_id = "someclientid"
+    client_secret = 'someclientsecret'
     scope = ["/profile"]
     kwargs = {
         "some": "providers",
@@ -88,3 +89,30 @@ class LegacyApplicationClientTest(TestCase):
         finally:
             signals.scope_changed.disconnect(record_scope_change)
         del os.environ['OAUTHLIB_RELAX_TOKEN_SCOPE']
+
+    def test_prepare_request_body(self):
+        """
+        see issue #585
+            https://github.com/oauthlib/oauthlib/issues/585
+        """
+        client = LegacyApplicationClient(self.client_id)
+
+        # scenario 1, default behavior to not include `client_id`
+        r1 = client.prepare_request_body(username=self.username, password=self.password)
+        self.assertEqual(r1, 'grant_type=password&username=user_username&password=user_password')
+
+        # scenario 2, include `client_id` in the body
+        r2 = client.prepare_request_body(username=self.username, password=self.password, client_id=self.client_id)
+        self.assertEqual(r2, 'grant_type=password&username=user_username&password=user_password&client_id=%s' % self.client_id)
+
+        # scenario 3, include `client_id` + `client_secret` in the body
+        r3 = client.prepare_request_body(username=self.username, password=self.password, client_id=self.client_id, client_secret=self.client_secret)
+        self.assertEqual(r3, 'grant_type=password&username=user_username&password=user_password&client_id=%s&client_secret=%s' % (self.client_id, self.client_secret))
+
+        # scenario 4, `client_secret` is an empty string
+        r4 = client.prepare_request_body(username=self.username, password=self.password, client_id=self.client_id, client_secret='')
+        self.assertEqual(r4, 'grant_type=password&username=user_username&password=user_password&client_id=%s&client_secret=%s' % (self.client_id, ''))
+
+        # scenario 4b`,` client_secret is `None`
+        r4b = client.prepare_request_body(username=self.username, password=self.password, client_id=self.client_id, client_secret=None)
+        self.assertEqual(r4b, 'grant_type=password&username=user_username&password=user_password&client_id=%s' % (self.client_id, ))
diff --git a/tests/oauth2/rfc6749/clients/test_web_application.py b/tests/oauth2/rfc6749/clients/test_web_application.py
index 9144659..fb800f7 100644
--- a/tests/oauth2/rfc6749/clients/test_web_application.py
+++ b/tests/oauth2/rfc6749/clients/test_web_application.py
@@ -21,6 +21,7 @@ from ....unittest import TestCase
 class WebApplicationClientTest(TestCase):
 
     client_id = "someclientid"
+    client_secret = 'someclientsecret'
     uri = "https://example.com/path?query=world"
     uri_id = uri + "&response_type=code&client_id=" + client_id
     uri_redirect = uri_id + "&redirect_uri=http%3A%2F%2Fmy.page.com%2Fcallback"
@@ -188,15 +189,16 @@ class WebApplicationClientTest(TestCase):
             1. Include client_id alone in the body (default)
             2. Include client_id and client_secret in auth and not include them in the body (RFC preferred solution)
             3. Include client_id and client_secret in the body (RFC alternative solution)
+            4. Include client_id in the body and an empty string for client_secret.
         """
         client = WebApplicationClient(self.client_id)
 
         # scenario 1, default behavior to include `client_id`
         r1 = client.prepare_request_body()
-        self.assertEqual(r1, 'grant_type=authorization_code&client_id=someclientid')
+        self.assertEqual(r1, 'grant_type=authorization_code&client_id=%s' % self.client_id)
 
         r1b = client.prepare_request_body(include_client_id=True)
-        self.assertEqual(r1b, 'grant_type=authorization_code&client_id=someclientid')
+        self.assertEqual(r1b, 'grant_type=authorization_code&client_id=%s' % self.client_id)
 
         # scenario 2, do not include `client_id` in the body, so it can be sent in auth.
         r2 = client.prepare_request_body(include_client_id=False)
@@ -204,14 +206,22 @@ class WebApplicationClientTest(TestCase):
 
         # scenario 3, Include client_id and client_secret in the body (RFC alternative solution)
         # the order of kwargs being appended is not guaranteed. for brevity, check the 2 permutations instead of sorting
-        r3 = client.prepare_request_body(client_secret='someclientsecret')
-        self.assertIn(r3, ('grant_type=authorization_code&client_secret=someclientsecret&client_id=someclientid',
-                           'grant_type=authorization_code&client_id=someclientid&client_secret=someclientsecret',)
-                           )
-        r3b = client.prepare_request_body(include_client_id=True, client_secret='someclientsecret')
-        self.assertIn(r3b, ('grant_type=authorization_code&client_secret=someclientsecret&client_id=someclientid',
-                            'grant_type=authorization_code&client_id=someclientid&client_secret=someclientsecret',)
-                            )
+        r3 = client.prepare_request_body(client_secret=self.client_secret)
+        self.assertIn(r3, ('grant_type=authorization_code&client_secret=%s&client_id=%s' % (self.client_secret, self.client_id, ),
+                           'grant_type=authorization_code&client_id=%s&client_secret=%s' % (self.client_id, self.client_secret, ),
+                           ))
+        r3b = client.prepare_request_body(include_client_id=True, client_secret=self.client_secret)
+        self.assertIn(r3b, ('grant_type=authorization_code&client_secret=%s&client_id=%s' % (self.client_secret, self.client_id, ),
+                            'grant_type=authorization_code&client_id=%s&client_secret=%s' % (self.client_id, self.client_secret, ),
+                           ))
+
+        # scenario 4, `client_secret` is an empty string
+        r4 = client.prepare_request_body(include_client_id=True, client_secret='')
+        self.assertEqual(r4, 'grant_type=authorization_code&client_id=%s&client_secret=' % self.client_id)
+
+        # scenario 4b, `client_secret` is `None`
+        r4b = client.prepare_request_body(include_client_id=True, client_secret=None)
+        self.assertEqual(r4b, 'grant_type=authorization_code&client_id=%s' % self.client_id)
 
         # scenario Warnings
         with warnings.catch_warnings(record=True) as w:
author	jonathan vanasco <jonathan@2xlp.com>	2018-09-17 13:18:36 -0400
committer	jonathan vanasco <jonathan@2xlp.com>	2018-09-17 13:20:15 -0400
commit	e7bd936434f7268b0453fd25c637034f7efd8168 (patch)
tree	898a4a48cec0e216f84de759e8a8429924735095 /tests/oauth2
parent	c8fcbf87ca38faa4dfbe56d0609a4ce15c2d7aca (diff)
download	oauthlib-e7bd936434f7268b0453fd25c637034f7efd8168.tar.gz