From 3b6be54ab967d9ac6174fae97b5368c1d9f6c6c3 Mon Sep 17 00:00:00 2001 From: Jonathan Huot Date: Mon, 30 Jul 2018 14:48:24 +0200 Subject: Call get_default_redirect_uri if no redirect_uri in token req --- .../endpoints/test_credentials_preservation.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'tests/oauth2') diff --git a/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py b/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py index 0eb719f..50c2956 100644 --- a/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py +++ b/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py @@ -116,3 +116,24 @@ class PreservationTest(TestCase): self.assertRaises(errors.MissingRedirectURIError, self.mobile.create_authorization_response, auth_uri + '&response_type=token', scopes=['random']) + + def test_default_uri_in_token(self): + auth_uri = 'http://example.com/path?state=xyz&client_id=abc' + token_uri = 'http://example.com/path' + + # authorization grant + h, _, s = self.web.create_authorization_response( + auth_uri + '&response_type=code', scopes=['random']) + self.assertEqual(s, 302) + self.assertIn('Location', h) + self.assertTrue(h['Location'].startswith(self.DEFAULT_REDIRECT_URI)) + + # confirm_redirect_uri should return true if the redirect uri + # was not given in the authorization AND not in the token request. + self.validator.confirm_redirect_uri.return_value = True + code = get_query_credentials(h['Location'])['code'][0] + self.validator.validate_code.side_effect = self.set_state('xyz') + _, body, s = self.web.create_token_response(token_uri, + body='grant_type=authorization_code&code=%s' % code) + self.assertEqual(s, 200) + self.assertEqual(self.validator.confirm_redirect_uri.call_args[0][2], self.DEFAULT_REDIRECT_URI) -- cgit v1.2.1 From 79962015ab8d020a390aa4872777efcc727f5440 Mon Sep 17 00:00:00 2001 From: Jonathan Huot Date: Mon, 30 Jul 2018 14:49:44 +0200 Subject: confirm_r. is called after auth_client --- tests/oauth2/rfc6749/endpoints/test_error_responses.py | 1 - 1 file changed, 1 deletion(-) (limited to 'tests/oauth2') diff --git a/tests/oauth2/rfc6749/endpoints/test_error_responses.py b/tests/oauth2/rfc6749/endpoints/test_error_responses.py index 875b3a5..9f46f34 100644 --- a/tests/oauth2/rfc6749/endpoints/test_error_responses.py +++ b/tests/oauth2/rfc6749/endpoints/test_error_responses.py @@ -237,7 +237,6 @@ class ErrorResponseTest(TestCase): def test_access_denied(self): self.validator.authenticate_client.side_effect = self.set_client - self.validator.confirm_redirect_uri.return_value = False token_uri = 'https://i.b/token' # Authorization code grant _, body, _ = self.web.create_token_response(token_uri, -- cgit v1.2.1 From 3faf434e8d670bf2763bbdc5135cbd7e747194f8 Mon Sep 17 00:00:00 2001 From: Jonathan Huot Date: Wed, 15 Aug 2018 00:12:20 +0200 Subject: Restore confirm = False test --- tests/oauth2/rfc6749/endpoints/test_error_responses.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'tests/oauth2') diff --git a/tests/oauth2/rfc6749/endpoints/test_error_responses.py b/tests/oauth2/rfc6749/endpoints/test_error_responses.py index 9f46f34..677b895 100644 --- a/tests/oauth2/rfc6749/endpoints/test_error_responses.py +++ b/tests/oauth2/rfc6749/endpoints/test_error_responses.py @@ -237,6 +237,8 @@ class ErrorResponseTest(TestCase): def test_access_denied(self): self.validator.authenticate_client.side_effect = self.set_client + self.validator.get_default_redirect_uri.return_value = 'https://i.b/cb' + self.validator.confirm_redirect_uri.return_value = False token_uri = 'https://i.b/token' # Authorization code grant _, body, _ = self.web.create_token_response(token_uri, -- cgit v1.2.1 From 058746b3d9bed4aafbd55a7f26491b5761c35fa8 Mon Sep 17 00:00:00 2001 From: Jonathan Huot Date: Wed, 15 Aug 2018 00:15:40 +0200 Subject: Add test when no redirecturi & no default --- tests/oauth2/rfc6749/endpoints/test_error_responses.py | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'tests/oauth2') diff --git a/tests/oauth2/rfc6749/endpoints/test_error_responses.py b/tests/oauth2/rfc6749/endpoints/test_error_responses.py index 677b895..00f7ba6 100644 --- a/tests/oauth2/rfc6749/endpoints/test_error_responses.py +++ b/tests/oauth2/rfc6749/endpoints/test_error_responses.py @@ -245,6 +245,15 @@ class ErrorResponseTest(TestCase): body='grant_type=authorization_code&code=foo') self.assertEqual('invalid_request', json.loads(body)['error']) + def test_access_denied_no_default_redirecturi(self): + self.validator.authenticate_client.side_effect = self.set_client + self.validator.get_default_redirect_uri.return_value = None + token_uri = 'https://i.b/token' + # Authorization code grant + _, body, _ = self.web.create_token_response(token_uri, + body='grant_type=authorization_code&code=foo') + self.assertEqual('invalid_request', json.loads(body)['error']) + def test_unsupported_response_type(self): self.validator.get_default_redirect_uri.return_value = 'https://i.b/cb' -- cgit v1.2.1 From f7df56a9286b3fd06d636ef43ab3d4a4c86c1918 Mon Sep 17 00:00:00 2001 From: Theron Luhn Date: Sun, 2 Sep 2018 10:52:18 -0700 Subject: Fix test_error_catching. --- tests/oauth2/rfc6749/endpoints/test_base_endpoint.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'tests/oauth2') diff --git a/tests/oauth2/rfc6749/endpoints/test_base_endpoint.py b/tests/oauth2/rfc6749/endpoints/test_base_endpoint.py index 4ad0ed9..4f78d9b 100644 --- a/tests/oauth2/rfc6749/endpoints/test_base_endpoint.py +++ b/tests/oauth2/rfc6749/endpoints/test_base_endpoint.py @@ -24,7 +24,9 @@ class BaseEndpointTest(TestCase): validator = RequestValidator() server = Server(validator) server.catch_errors = True - h, b, s = server.create_authorization_response('https://example.com') + h, b, s = server.create_token_response( + 'https://example.com?grant_type=authorization_code&code=abc' + ) self.assertIn("server_error", b) self.assertEqual(s, 500) -- cgit v1.2.1 From fd5c9790e8219fdc6a85b4837ba4f5a2eb265d09 Mon Sep 17 00:00:00 2001 From: Theron Luhn Date: Mon, 3 Sep 2018 22:19:30 -0700 Subject: Write a test for authorization grant w/ no scope. --- tests/oauth2/rfc6749/grant_types/test_authorization_code.py | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'tests/oauth2') diff --git a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py index 704a254..acb23ac 100644 --- a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py +++ b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py @@ -77,6 +77,12 @@ class AuthorizationCodeGrantTest(TestCase): self.assertTrue(self.mock_validator.validate_response_type.called) self.assertTrue(self.mock_validator.validate_scopes.called) + def test_create_authorization_grant_no_scopes(self): + bearer = BearerToken(self.mock_validator) + self.request.response_mode = 'query' + self.request.scopes = [] + self.auth.create_authorization_response(self.request, bearer) + def test_create_authorization_grant_state(self): self.request.state = 'abc' self.request.redirect_uri = None -- cgit v1.2.1 From e81ae772e4f260cc02ce07a7396470821ac63b1e Mon Sep 17 00:00:00 2001 From: Jonathan Huot Date: Thu, 2 Aug 2018 00:54:54 +0200 Subject: Add support of custom errors coming from providers Fix #431. The inherent function "raise_from_error" is called when "error=" is found in the payload. So it MUST raise something, and until now, only RFC errors were raised. --- tests/oauth2/rfc6749/test_parameters.py | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'tests/oauth2') diff --git a/tests/oauth2/rfc6749/test_parameters.py b/tests/oauth2/rfc6749/test_parameters.py index b211d1e..c42f516 100644 --- a/tests/oauth2/rfc6749/test_parameters.py +++ b/tests/oauth2/rfc6749/test_parameters.py @@ -103,6 +103,7 @@ class ParameterTests(TestCase): ' "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",' ' "example_parameter": "example_value" }') + json_custom_error = '{ "error": "incorrect_client_credentials" }' json_error = '{ "error": "access_denied" }' json_notoken = ('{ "token_type": "example",' @@ -197,6 +198,9 @@ class ParameterTests(TestCase): self.assertRaises(ValueError, parse_implicit_response, self.implicit_wrongstate, state=self.state) + def test_custom_json_error(self): + self.assertRaises(CustomOAuth2Error, parse_token_response, self.json_custom_error) + def test_json_token_response(self): """Verify correct parameter parsing and validation for token responses. """ self.assertEqual(parse_token_response(self.json_response), self.json_dict) -- cgit v1.2.1