Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / 4b4002fc28101c8c906bad8ddf88e1503c154b29 / . / tests / test_oauth2client.py
blob: eb2d7db7a97236f683e05fa5372acf3374956684 [file] [log] [blame]
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]1#!/usr/bin/python2.4
2#
3# Copyright 2010 Google Inc.
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17
Joe Gregorio0bc70912011-05-24 15:30:49 -0400[diff] [blame]18"""Oauth2client tests
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]19
Joe Gregorio0bc70912011-05-24 15:30:49 -0400[diff] [blame]20Unit tests for oauth2client.
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]21"""
22
23__author__ = 'jcgregorio@google.com (Joe Gregorio)'
24
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500[diff] [blame]25import base64
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]26import datetime
Joe Gregorioe1de4162011-02-23 11:30:29 -0500[diff] [blame]27import httplib2
Joe Gregorio32d852d2012-06-14 09:08:18 -0400[diff] [blame]28import os
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]29import unittest
30import urlparse
Joe Gregorioe1de4162011-02-23 11:30:29 -0500[diff] [blame]31
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]32try:
33 from urlparse import parse_qs
34except ImportError:
35 from cgi import parse_qs
36
37from apiclient.http import HttpMockSequence
Joe Gregorio549230c2012-01-11 10:38:05 -0500[diff] [blame]38from oauth2client.anyjson import simplejson
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]39from oauth2client.client import AccessTokenCredentials
40from oauth2client.client import AccessTokenCredentialsError
41from oauth2client.client import AccessTokenRefreshError
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]42from oauth2client.client import AssertionCredentials
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]43from oauth2client.client import Credentials
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]44from oauth2client.client import FlowExchangeError
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]45from oauth2client.client import MemoryCache
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]46from oauth2client.client import OAuth2Credentials
47from oauth2client.client import OAuth2WebServerFlow
Joe Gregoriof2326c02012-02-09 12:18:44 -0500[diff] [blame]48from oauth2client.client import OOB_CALLBACK_URN
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500[diff] [blame]49from oauth2client.client import VerifyJwtTokenError
50from oauth2client.client import _extract_id_token
Joe Gregorio32d852d2012-06-14 09:08:18 -0400[diff] [blame]51from oauth2client.client import credentials_from_code
52from oauth2client.client import credentials_from_clientsecrets_and_code
53
54DATA_DIR = os.path.join(os.path.dirname(__file__), 'data')
55
56def datafile(filename):
57 return os.path.join(DATA_DIR, filename)
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]58
59
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]60class CredentialsTests(unittest.TestCase):
61
62 def test_to_from_json(self):
63 credentials = Credentials()
64 json = credentials.to_json()
65 restored = Credentials.new_from_json(json)
66
67
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]68class OAuth2CredentialsTests(unittest.TestCase):
69
70 def setUp(self):
71 access_token = "foo"
72 client_id = "some_client_id"
73 client_secret = "cOuDdkfjxxnv+"
74 refresh_token = "1/0/a.df219fjls0"
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]75 token_expiry = datetime.datetime.utcnow()
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]76 token_uri = "https://www.google.com/accounts/o8/oauth2/token"
77 user_agent = "refresh_checker/1.0"
78 self.credentials = OAuth2Credentials(
79 access_token, client_id, client_secret,
80 refresh_token, token_expiry, token_uri,
81 user_agent)
82
83 def test_token_refresh_success(self):
84 http = HttpMockSequence([
85 ({'status': '401'}, ''),
86 ({'status': '200'}, '{"access_token":"1/3w","expires_in":3600}'),
87 ({'status': '200'}, 'echo_request_headers'),
88 ])
89 http = self.credentials.authorize(http)
90 resp, content = http.request("http://example.com")
Joe Gregorio654f4a22012-02-09 14:15:44 -0500[diff] [blame]91 self.assertEqual('Bearer 1/3w', content['Authorization'])
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]92 self.assertFalse(self.credentials.access_token_expired)
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]93
94 def test_token_refresh_failure(self):
95 http = HttpMockSequence([
96 ({'status': '401'}, ''),
97 ({'status': '400'}, '{"error":"access_denied"}'),
98 ])
99 http = self.credentials.authorize(http)
100 try:
101 http.request("http://example.com")
102 self.fail("should raise AccessTokenRefreshError exception")
103 except AccessTokenRefreshError:
104 pass
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]105 self.assertTrue(self.credentials.access_token_expired)
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]106
107 def test_non_401_error_response(self):
108 http = HttpMockSequence([
109 ({'status': '400'}, ''),
110 ])
111 http = self.credentials.authorize(http)
112 resp, content = http.request("http://example.com")
113 self.assertEqual(400, resp.status)
114
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]115 def test_to_from_json(self):
116 json = self.credentials.to_json()
117 instance = OAuth2Credentials.from_json(json)
Joe Gregorio654f4a22012-02-09 14:15:44 -0500[diff] [blame]118 self.assertEqual(OAuth2Credentials, type(instance))
Joe Gregorio1daa71b2011-09-15 18:12:14 -0400[diff] [blame]119 instance.token_expiry = None
120 self.credentials.token_expiry = None
121
Joe Gregorio654f4a22012-02-09 14:15:44 -0500[diff] [blame]122 self.assertEqual(instance.__dict__, self.credentials.__dict__)
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]123
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]124
125class AccessTokenCredentialsTests(unittest.TestCase):
126
127 def setUp(self):
128 access_token = "foo"
129 user_agent = "refresh_checker/1.0"
130 self.credentials = AccessTokenCredentials(access_token, user_agent)
131
132 def test_token_refresh_success(self):
133 http = HttpMockSequence([
134 ({'status': '401'}, ''),
135 ])
136 http = self.credentials.authorize(http)
137 try:
138 resp, content = http.request("http://example.com")
139 self.fail("should throw exception if token expires")
140 except AccessTokenCredentialsError:
141 pass
142 except Exception:
143 self.fail("should only throw AccessTokenCredentialsError")
144
145 def test_non_401_error_response(self):
146 http = HttpMockSequence([
147 ({'status': '400'}, ''),
148 ])
149 http = self.credentials.authorize(http)
Joe Gregorio83cd4392011-06-20 10:11:35 -0400[diff] [blame]150 resp, content = http.request('http://example.com')
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]151 self.assertEqual(400, resp.status)
152
Joe Gregorio83cd4392011-06-20 10:11:35 -0400[diff] [blame]153 def test_auth_header_sent(self):
154 http = HttpMockSequence([
155 ({'status': '200'}, 'echo_request_headers'),
156 ])
157 http = self.credentials.authorize(http)
158 resp, content = http.request('http://example.com')
Joe Gregorio654f4a22012-02-09 14:15:44 -0500[diff] [blame]159 self.assertEqual('Bearer foo', content['Authorization'])
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]160
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500[diff] [blame]161
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]162class TestAssertionCredentials(unittest.TestCase):
163 assertion_text = "This is the assertion"
164 assertion_type = "http://www.google.com/assertionType"
165
166 class AssertionCredentialsTestImpl(AssertionCredentials):
167
168 def _generate_assertion(self):
169 return TestAssertionCredentials.assertion_text
170
171 def setUp(self):
172 user_agent = "fun/2.0"
173 self.credentials = self.AssertionCredentialsTestImpl(self.assertion_type,
174 user_agent)
175
176 def test_assertion_body(self):
177 body = urlparse.parse_qs(self.credentials._generate_refresh_request_body())
Joe Gregorio654f4a22012-02-09 14:15:44 -0500[diff] [blame]178 self.assertEqual(self.assertion_text, body['assertion'][0])
179 self.assertEqual(self.assertion_type, body['assertion_type'][0])
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]180
181 def test_assertion_refresh(self):
182 http = HttpMockSequence([
183 ({'status': '200'}, '{"access_token":"1/3w"}'),
184 ({'status': '200'}, 'echo_request_headers'),
185 ])
186 http = self.credentials.authorize(http)
187 resp, content = http.request("http://example.com")
Joe Gregorio654f4a22012-02-09 14:15:44 -0500[diff] [blame]188 self.assertEqual('Bearer 1/3w', content['Authorization'])
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]189
190
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500[diff] [blame]191class ExtractIdTokenText(unittest.TestCase):
192 """Tests _extract_id_token()."""
193
194 def test_extract_success(self):
195 body = {'foo': 'bar'}
196 payload = base64.urlsafe_b64encode(simplejson.dumps(body)).strip('=')
197 jwt = 'stuff.' + payload + '.signature'
198
199 extracted = _extract_id_token(jwt)
Joe Gregorio654f4a22012-02-09 14:15:44 -0500[diff] [blame]200 self.assertEqual(extracted, body)
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500[diff] [blame]201
202 def test_extract_failure(self):
203 body = {'foo': 'bar'}
204 payload = base64.urlsafe_b64encode(simplejson.dumps(body)).strip('=')
205 jwt = 'stuff.' + payload
206
207 self.assertRaises(VerifyJwtTokenError, _extract_id_token, jwt)
208
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]209class OAuth2WebServerFlowTest(unittest.TestCase):
210
211 def setUp(self):
212 self.flow = OAuth2WebServerFlow(
213 client_id='client_id+1',
214 client_secret='secret+1',
215 scope='foo',
216 user_agent='unittest-sample/1.0',
217 )
218
219 def test_construct_authorize_url(self):
Joe Gregoriof2326c02012-02-09 12:18:44 -0500[diff] [blame]220 authorize_url = self.flow.step1_get_authorize_url('OOB_CALLBACK_URN')
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]221
222 parsed = urlparse.urlparse(authorize_url)
223 q = parse_qs(parsed[4])
Joe Gregorio654f4a22012-02-09 14:15:44 -0500[diff] [blame]224 self.assertEqual('client_id+1', q['client_id'][0])
225 self.assertEqual('code', q['response_type'][0])
226 self.assertEqual('foo', q['scope'][0])
227 self.assertEqual('OOB_CALLBACK_URN', q['redirect_uri'][0])
228 self.assertEqual('offline', q['access_type'][0])
Joe Gregorio69a0aca2011-11-03 10:47:32 -0400[diff] [blame]229
230 def test_override_flow_access_type(self):
231 """Passing access_type overrides the default."""
232 flow = OAuth2WebServerFlow(
233 client_id='client_id+1',
234 client_secret='secret+1',
235 scope='foo',
236 user_agent='unittest-sample/1.0',
237 access_type='online'
238 )
Joe Gregoriof2326c02012-02-09 12:18:44 -0500[diff] [blame]239 authorize_url = flow.step1_get_authorize_url('OOB_CALLBACK_URN')
Joe Gregorio69a0aca2011-11-03 10:47:32 -0400[diff] [blame]240
241 parsed = urlparse.urlparse(authorize_url)
242 q = parse_qs(parsed[4])
Joe Gregorio654f4a22012-02-09 14:15:44 -0500[diff] [blame]243 self.assertEqual('client_id+1', q['client_id'][0])
244 self.assertEqual('code', q['response_type'][0])
245 self.assertEqual('foo', q['scope'][0])
246 self.assertEqual('OOB_CALLBACK_URN', q['redirect_uri'][0])
247 self.assertEqual('online', q['access_type'][0])
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]248
249 def test_exchange_failure(self):
250 http = HttpMockSequence([
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]251 ({'status': '400'}, '{"error":"invalid_request"}'),
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]252 ])
253
254 try:
255 credentials = self.flow.step2_exchange('some random code', http)
256 self.fail("should raise exception if exchange doesn't get 200")
257 except FlowExchangeError:
258 pass
259
260 def test_exchange_success(self):
261 http = HttpMockSequence([
262 ({'status': '200'},
263 """{ "access_token":"SlAV32hkKG",
264 "expires_in":3600,
265 "refresh_token":"8xLOxBtZp8" }"""),
266 ])
267
268 credentials = self.flow.step2_exchange('some random code', http)
Joe Gregorio654f4a22012-02-09 14:15:44 -0500[diff] [blame]269 self.assertEqual('SlAV32hkKG', credentials.access_token)
270 self.assertNotEqual(None, credentials.token_expiry)
271 self.assertEqual('8xLOxBtZp8', credentials.refresh_token)
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]272
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]273 def test_exchange_no_expires_in(self):
274 http = HttpMockSequence([
275 ({'status': '200'}, """{ "access_token":"SlAV32hkKG",
276 "refresh_token":"8xLOxBtZp8" }"""),
277 ])
278
279 credentials = self.flow.step2_exchange('some random code', http)
Joe Gregorio654f4a22012-02-09 14:15:44 -0500[diff] [blame]280 self.assertEqual(None, credentials.token_expiry)
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]281
Joe Gregorio4b4002f2012-06-14 15:41:01 -0400[diff] [blame^]282 def test_exchange_fails_if_no_code(self):
283 http = HttpMockSequence([
284 ({'status': '200'}, """{ "access_token":"SlAV32hkKG",
285 "refresh_token":"8xLOxBtZp8" }"""),
286 ])
287
288 code = {'error': 'thou shall not pass'}
289 try:
290 credentials = self.flow.step2_exchange(code, http)
291 self.fail('should raise exception if no code in dictionary.')
292 except FlowExchangeError, e:
293 self.assertTrue('shall not pass' in str(e))
294
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500[diff] [blame]295 def test_exchange_id_token_fail(self):
296 http = HttpMockSequence([
297 ({'status': '200'}, """{ "access_token":"SlAV32hkKG",
298 "refresh_token":"8xLOxBtZp8",
299 "id_token": "stuff.payload"}"""),
300 ])
301
302 self.assertRaises(VerifyJwtTokenError, self.flow.step2_exchange,
303 'some random code', http)
304
305 def test_exchange_id_token_fail(self):
306 body = {'foo': 'bar'}
307 payload = base64.urlsafe_b64encode(simplejson.dumps(body)).strip('=')
Joe Gregoriobd512b52011-12-06 15:39:26 -0500[diff] [blame]308 jwt = (base64.urlsafe_b64encode('stuff')+ '.' + payload + '.' +
309 base64.urlsafe_b64encode('signature'))
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500[diff] [blame]310
311 http = HttpMockSequence([
312 ({'status': '200'}, """{ "access_token":"SlAV32hkKG",
313 "refresh_token":"8xLOxBtZp8",
314 "id_token": "%s"}""" % jwt),
315 ])
316
317 credentials = self.flow.step2_exchange('some random code', http)
Joe Gregorio654f4a22012-02-09 14:15:44 -0500[diff] [blame]318 self.assertEqual(credentials.id_token, body)
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500[diff] [blame]319
Joe Gregorio32d852d2012-06-14 09:08:18 -0400[diff] [blame]320class CredentialsFromCodeTests(unittest.TestCase):
321 def setUp(self):
322 self.client_id = 'client_id_abc'
323 self.client_secret = 'secret_use_code'
324 self.scope = 'foo'
325 self.code = '12345abcde'
326 self.redirect_uri = 'postmessage'
327
328 def test_exchange_code_for_token(self):
329 http = HttpMockSequence([
330 ({'status': '200'},
331 """{ "access_token":"asdfghjkl",
332 "expires_in":3600 }"""),
333 ])
334 credentials = credentials_from_code(self.client_id, self.client_secret,
335 self.scope, self.code, self.redirect_uri,
336 http)
337 self.assertEquals(credentials.access_token, 'asdfghjkl')
338 self.assertNotEqual(None, credentials.token_expiry)
339
340 def test_exchange_code_for_token_fail(self):
341 http = HttpMockSequence([
342 ({'status': '400'}, '{"error":"invalid_request"}'),
343 ])
344
345 try:
346 credentials = credentials_from_code(self.client_id, self.client_secret,
347 self.scope, self.code, self.redirect_uri,
348 http)
349 self.fail("should raise exception if exchange doesn't get 200")
350 except FlowExchangeError:
351 pass
352
353
354 def test_exchange_code_and_file_for_token(self):
355 http = HttpMockSequence([
356 ({'status': '200'},
357 """{ "access_token":"asdfghjkl",
358 "expires_in":3600 }"""),
359 ])
360 credentials = credentials_from_clientsecrets_and_code(
361 datafile('client_secrets.json'), self.scope,
362 self.code, http=http)
363 self.assertEquals(credentials.access_token, 'asdfghjkl')
364 self.assertNotEqual(None, credentials.token_expiry)
365
366 def test_exchange_code_and_file_for_token_fail(self):
367 http = HttpMockSequence([
368 ({'status': '400'}, '{"error":"invalid_request"}'),
369 ])
370
371 try:
372 credentials = credentials_from_clientsecrets_and_code(
373 datafile('client_secrets.json'), self.scope,
374 self.code, http=http)
375 self.fail("should raise exception if exchange doesn't get 200")
376 except FlowExchangeError:
377 pass
378
379
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]380
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]381class MemoryCacheTests(unittest.TestCase):
382
383 def test_get_set_delete(self):
384 m = MemoryCache()
385 self.assertEqual(None, m.get('foo'))
386 self.assertEqual(None, m.delete('foo'))
387 m.set('foo', 'bar')
388 self.assertEqual('bar', m.get('foo'))
389 m.delete('foo')
390 self.assertEqual(None, m.get('foo'))
391
392
Joe Gregorioccc79542011-02-19 00:05:26 -0500[diff] [blame]393if __name__ == '__main__':
394 unittest.main()