Merge branch 'master' into invalid-grant-should-respond-with-400

5 files changed, 44 insertions, 1 deletions

diff --git a/tests/oauth2/rfc6749/endpoints/test_base_endpoint.py b/tests/oauth2/rfc6749/endpoints/test_base_endpoint.py
index 4ad0ed9..4f78d9b 100644
--- a/tests/oauth2/rfc6749/endpoints/test_base_endpoint.py
+++ b/tests/oauth2/rfc6749/endpoints/test_base_endpoint.py
@@ -24,7 +24,9 @@ class BaseEndpointTest(TestCase):
         validator = RequestValidator()
         server = Server(validator)
         server.catch_errors = True
-        h, b, s = server.create_authorization_response('https://example.com')
+        h, b, s = server.create_token_response(
+            'https://example.com?grant_type=authorization_code&code=abc'
+        )
         self.assertIn("server_error", b)
         self.assertEqual(s, 500)
 
diff --git a/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py b/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py
index 0eb719f..50c2956 100644
--- a/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py
+++ b/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py
@@ -116,3 +116,24 @@ class PreservationTest(TestCase):
         self.assertRaises(errors.MissingRedirectURIError,
                 self.mobile.create_authorization_response,
                 auth_uri + '&response_type=token', scopes=['random'])
+
+    def test_default_uri_in_token(self):
+        auth_uri = 'http://example.com/path?state=xyz&client_id=abc'
+        token_uri = 'http://example.com/path'
+
+        # authorization grant
+        h, _, s = self.web.create_authorization_response(
+                auth_uri + '&response_type=code', scopes=['random'])
+        self.assertEqual(s, 302)
+        self.assertIn('Location', h)
+        self.assertTrue(h['Location'].startswith(self.DEFAULT_REDIRECT_URI))
+
+        # confirm_redirect_uri should return true if the redirect uri
+        # was not given in the authorization AND not in the token request.
+        self.validator.confirm_redirect_uri.return_value = True
+        code = get_query_credentials(h['Location'])['code'][0]
+        self.validator.validate_code.side_effect = self.set_state('xyz')
+        _, body, s = self.web.create_token_response(token_uri,
+                body='grant_type=authorization_code&code=%s' % code)
+        self.assertEqual(s, 200)
+        self.assertEqual(self.validator.confirm_redirect_uri.call_args[0][2], self.DEFAULT_REDIRECT_URI)
diff --git a/tests/oauth2/rfc6749/endpoints/test_error_responses.py b/tests/oauth2/rfc6749/endpoints/test_error_responses.py
index de0d834..ef05c4d 100644
--- a/tests/oauth2/rfc6749/endpoints/test_error_responses.py
+++ b/tests/oauth2/rfc6749/endpoints/test_error_responses.py
@@ -253,6 +253,7 @@ class ErrorResponseTest(TestCase):
 
     def test_access_denied(self):
         self.validator.authenticate_client.side_effect = self.set_client
+        self.validator.get_default_redirect_uri.return_value = 'https://i.b/cb'
         self.validator.confirm_redirect_uri.return_value = False
         token_uri = 'https://i.b/token'
         # Authorization code grant
@@ -260,6 +261,15 @@ class ErrorResponseTest(TestCase):
                 body='grant_type=authorization_code&code=foo')
         self.assertEqual('invalid_request', json.loads(body)['error'])
 
+    def test_access_denied_no_default_redirecturi(self):
+        self.validator.authenticate_client.side_effect = self.set_client
+        self.validator.get_default_redirect_uri.return_value = None
+        token_uri = 'https://i.b/token'
+        # Authorization code grant
+        _, body, _ = self.web.create_token_response(token_uri,
+                body='grant_type=authorization_code&code=foo')
+        self.assertEqual('invalid_request', json.loads(body)['error'])
+
     def test_unsupported_response_type(self):
         self.validator.get_default_redirect_uri.return_value = 'https://i.b/cb'
 
diff --git a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
index 704a254..acb23ac 100644
--- a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
+++ b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
@@ -77,6 +77,12 @@ class AuthorizationCodeGrantTest(TestCase):
         self.assertTrue(self.mock_validator.validate_response_type.called)
         self.assertTrue(self.mock_validator.validate_scopes.called)
 
+    def test_create_authorization_grant_no_scopes(self):
+        bearer = BearerToken(self.mock_validator)
+        self.request.response_mode = 'query'
+        self.request.scopes = []
+        self.auth.create_authorization_response(self.request, bearer)
+
     def test_create_authorization_grant_state(self):
         self.request.state = 'abc'
         self.request.redirect_uri = None
diff --git a/tests/oauth2/rfc6749/test_parameters.py b/tests/oauth2/rfc6749/test_parameters.py
index b211d1e..c42f516 100644
--- a/tests/oauth2/rfc6749/test_parameters.py
+++ b/tests/oauth2/rfc6749/test_parameters.py
@@ -103,6 +103,7 @@ class ParameterTests(TestCase):
                      '  "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",'
                      '  "example_parameter": "example_value" }')
 
+    json_custom_error = '{ "error": "incorrect_client_credentials" }'
     json_error = '{ "error": "access_denied" }'
 
     json_notoken = ('{ "token_type": "example",'
@@ -197,6 +198,9 @@ class ParameterTests(TestCase):
         self.assertRaises(ValueError, parse_implicit_response,
                 self.implicit_wrongstate, state=self.state)
 
+    def test_custom_json_error(self):
+        self.assertRaises(CustomOAuth2Error, parse_token_response, self.json_custom_error)
+
     def test_json_token_response(self):
         """Verify correct parameter parsing and validation for token responses. """
         self.assertEqual(parse_token_response(self.json_response), self.json_dict)