Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / b8b6feab371bbda34db50273a6edebd0fc597f5f / . / tests / test_oauth2client_appengine.py
blob: b99bd8cf35a500ad59f3b18a6c782b7309c78406 [file] [log] [blame]
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]1#!/usr/bin/python2.4
2#
3# Copyright 2010 Google Inc.
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17
18"""Discovery document tests
19
20Unit tests for objects created from discovery documents.
21"""
22
23__author__ = 'jcgregorio@google.com (Joe Gregorio)'
24
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]25import base64
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]26import datetime
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]27import httplib2
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]28import mox
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]29import os
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]30import time
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]31import unittest
Joe Gregoriocda87522013-02-22 16:22:48 -0500[diff] [blame]32import urllib
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]33
34try:
Daniel Hermesb7c5a402013-04-05 09:32:45 -0700[diff] [blame]35 from urlparse import parse_qs
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]36except ImportError:
Daniel Hermesb7c5a402013-04-05 09:32:45 -0700[diff] [blame]37 from cgi import parse_qs
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]38
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500[diff] [blame]39import dev_appserver
40dev_appserver.fix_sys_path()
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]41import webapp2
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500[diff] [blame]42
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]43from apiclient.http import HttpMockSequence
44from google.appengine.api import apiproxy_stub
45from google.appengine.api import apiproxy_stub_map
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]46from google.appengine.api import app_identity
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]47from google.appengine.api import memcache
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]48from google.appengine.api import users
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]49from google.appengine.api.memcache import memcache_stub
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]50from google.appengine.ext import db
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]51from google.appengine.ext import ndb
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]52from google.appengine.ext import testbed
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]53from google.appengine.runtime import apiproxy_errors
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]54from oauth2client import appengine
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]55from oauth2client import GOOGLE_TOKEN_URI
Joe Gregorio549230c2012-01-11 10:38:05 -0500[diff] [blame]56from oauth2client.anyjson import simplejson
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400[diff] [blame]57from oauth2client.clientsecrets import _loadfile
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]58from oauth2client.clientsecrets import InvalidClientSecretsError
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]59from oauth2client.appengine import AppAssertionCredentials
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]60from oauth2client.appengine import CredentialsModel
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]61from oauth2client.appengine import CredentialsNDBModel
62from oauth2client.appengine import FlowNDBProperty
Joe Gregorio4fbde1c2012-07-11 14:47:39 -0400[diff] [blame]63from oauth2client.appengine import FlowProperty
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]64from oauth2client.appengine import OAuth2Decorator
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]65from oauth2client.appengine import StorageByKeyName
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]66from oauth2client.appengine import oauth2decorator_from_clientsecrets
Joe Gregorio549230c2012-01-11 10:38:05 -0500[diff] [blame]67from oauth2client.client import AccessTokenRefreshError
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]68from oauth2client.client import Credentials
Joe Gregorio549230c2012-01-11 10:38:05 -0500[diff] [blame]69from oauth2client.client import FlowExchangeError
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]70from oauth2client.client import OAuth2Credentials
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]71from oauth2client.client import flow_from_clientsecrets
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]72from webtest import TestApp
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]73
Joe Gregorio4fbde1c2012-07-11 14:47:39 -0400[diff] [blame]74
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]75DATA_DIR = os.path.join(os.path.dirname(__file__), 'data')
76
77
78def datafile(filename):
79 return os.path.join(DATA_DIR, filename)
80
81
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400[diff] [blame]82def load_and_cache(existing_file, fakename, cache_mock):
83 client_type, client_info = _loadfile(datafile(existing_file))
84 cache_mock.cache[fakename] = {client_type: client_info}
85
86
87class CacheMock(object):
Daniel Hermesb7c5a402013-04-05 09:32:45 -0700[diff] [blame]88 def __init__(self):
89 self.cache = {}
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400[diff] [blame]90
Daniel Hermesb7c5a402013-04-05 09:32:45 -0700[diff] [blame]91 def get(self, key, namespace=''):
92 # ignoring namespace for easier testing
93 return self.cache.get(key, None)
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400[diff] [blame]94
Daniel Hermesb7c5a402013-04-05 09:32:45 -0700[diff] [blame]95 def set(self, key, value, namespace=''):
96 # ignoring namespace for easier testing
97 self.cache[key] = value
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400[diff] [blame]98
99
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]100class UserMock(object):
101 """Mock the app engine user service"""
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]102
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]103 def __call__(self):
104 return self
105
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]106 def user_id(self):
107 return 'foo_user'
108
109
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]110class UserNotLoggedInMock(object):
111 """Mock the app engine user service"""
112
113 def __call__(self):
114 return None
115
116
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]117class Http2Mock(object):
118 """Mock httplib2.Http"""
119 status = 200
120 content = {
121 'access_token': 'foo_access_token',
122 'refresh_token': 'foo_refresh_token',
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]123 'expires_in': 3600,
Joe Gregoriocda87522013-02-22 16:22:48 -0500[diff] [blame]124 'extra': 'value',
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]125 }
126
127 def request(self, token_uri, method, body, headers, *args, **kwargs):
128 self.body = body
129 self.headers = headers
130 return (self, simplejson.dumps(self.content))
131
132
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]133class TestAppAssertionCredentials(unittest.TestCase):
134 account_name = "service_account_name@appspot.com"
135 signature = "signature"
136
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]137
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]138 class AppIdentityStubImpl(apiproxy_stub.APIProxyStub):
139
140 def __init__(self):
141 super(TestAppAssertionCredentials.AppIdentityStubImpl, self).__init__(
142 'app_identity_service')
143
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]144 def _Dynamic_GetAccessToken(self, request, response):
145 response.set_access_token('a_token_123')
146 response.set_expiration_time(time.time() + 1800)
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]147
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]148
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]149 class ErroringAppIdentityStubImpl(apiproxy_stub.APIProxyStub):
150
151 def __init__(self):
152 super(TestAppAssertionCredentials.ErroringAppIdentityStubImpl, self).__init__(
153 'app_identity_service')
154
155 def _Dynamic_GetAccessToken(self, request, response):
156 raise app_identity.BackendDeadlineExceeded()
157
158 def test_raise_correct_type_of_exception(self):
159 app_identity_stub = self.ErroringAppIdentityStubImpl()
160 apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]161 apiproxy_stub_map.apiproxy.RegisterStub('app_identity_service',
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]162 app_identity_stub)
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]163 apiproxy_stub_map.apiproxy.RegisterStub(
164 'memcache', memcache_stub.MemcacheServiceStub())
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]165
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]166 scope = 'http://www.googleapis.com/scope'
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]167 try:
168 credentials = AppAssertionCredentials(scope)
169 http = httplib2.Http()
170 credentials.refresh(http)
171 self.fail('Should have raised an AccessTokenRefreshError')
172 except AccessTokenRefreshError:
173 pass
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]174
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]175 def test_get_access_token_on_refresh(self):
176 app_identity_stub = self.AppIdentityStubImpl()
177 apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
178 apiproxy_stub_map.apiproxy.RegisterStub("app_identity_service",
179 app_identity_stub)
180 apiproxy_stub_map.apiproxy.RegisterStub(
181 'memcache', memcache_stub.MemcacheServiceStub())
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]182
Joe Gregorio5cf5d122012-11-16 16:36:12 -0500[diff] [blame]183 scope = [
184 "http://www.googleapis.com/scope",
185 "http://www.googleapis.com/scope2"]
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]186 credentials = AppAssertionCredentials(scope)
187 http = httplib2.Http()
188 credentials.refresh(http)
189 self.assertEqual('a_token_123', credentials.access_token)
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]190
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]191 json = credentials.to_json()
192 credentials = Credentials.new_from_json(json)
Joe Gregorio5cf5d122012-11-16 16:36:12 -0500[diff] [blame]193 self.assertEqual(
194 'http://www.googleapis.com/scope http://www.googleapis.com/scope2',
195 credentials.scope)
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]196
Joe Gregorio5cf5d122012-11-16 16:36:12 -0500[diff] [blame]197 scope = "http://www.googleapis.com/scope http://www.googleapis.com/scope2"
198 credentials = AppAssertionCredentials(scope)
199 http = httplib2.Http()
200 credentials.refresh(http)
201 self.assertEqual('a_token_123', credentials.access_token)
202 self.assertEqual(
203 'http://www.googleapis.com/scope http://www.googleapis.com/scope2',
204 credentials.scope)
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]205
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]206
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]207class TestFlowModel(db.Model):
208 flow = FlowProperty()
209
210
211class FlowPropertyTest(unittest.TestCase):
212
213 def setUp(self):
214 self.testbed = testbed.Testbed()
215 self.testbed.activate()
216 self.testbed.init_datastore_v3_stub()
217
218 def tearDown(self):
219 self.testbed.deactivate()
220
221 def test_flow_get_put(self):
222 instance = TestFlowModel(
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400[diff] [blame]223 flow=flow_from_clientsecrets(datafile('client_secrets.json'), 'foo',
224 redirect_uri='oob'),
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]225 key_name='foo'
226 )
227 instance.put()
228 retrieved = TestFlowModel.get_by_key_name('foo')
229
230 self.assertEqual('foo_client_id', retrieved.flow.client_id)
231
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]232
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]233class TestFlowNDBModel(ndb.Model):
234 flow = FlowNDBProperty()
235
236
237class FlowNDBPropertyTest(unittest.TestCase):
238
239 def setUp(self):
240 self.testbed = testbed.Testbed()
241 self.testbed.activate()
242 self.testbed.init_datastore_v3_stub()
243 self.testbed.init_memcache_stub()
244
245 def tearDown(self):
246 self.testbed.deactivate()
247
248 def test_flow_get_put(self):
249 instance = TestFlowNDBModel(
250 flow=flow_from_clientsecrets(datafile('client_secrets.json'), 'foo',
251 redirect_uri='oob'),
252 id='foo'
253 )
254 instance.put()
255 retrieved = TestFlowNDBModel.get_by_id('foo')
256
257 self.assertEqual('foo_client_id', retrieved.flow.client_id)
258
259
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]260def _http_request(*args, **kwargs):
261 resp = httplib2.Response({'status': '200'})
262 content = simplejson.dumps({'access_token': 'bar'})
263
264 return resp, content
265
266
267class StorageByKeyNameTest(unittest.TestCase):
268
269 def setUp(self):
270 self.testbed = testbed.Testbed()
271 self.testbed.activate()
272 self.testbed.init_datastore_v3_stub()
273 self.testbed.init_memcache_stub()
274 self.testbed.init_user_stub()
275
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]276 access_token = 'foo'
277 client_id = 'some_client_id'
278 client_secret = 'cOuDdkfjxxnv+'
279 refresh_token = '1/0/a.df219fjls0'
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]280 token_expiry = datetime.datetime.utcnow()
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]281 user_agent = 'refresh_checker/1.0'
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]282 self.credentials = OAuth2Credentials(
283 access_token, client_id, client_secret,
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]284 refresh_token, token_expiry, GOOGLE_TOKEN_URI,
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]285 user_agent)
286
287 def tearDown(self):
288 self.testbed.deactivate()
289
290 def test_get_and_put_simple(self):
291 storage = StorageByKeyName(
292 CredentialsModel, 'foo', 'credentials')
293
294 self.assertEqual(None, storage.get())
295 self.credentials.set_store(storage)
296
297 self.credentials._refresh(_http_request)
298 credmodel = CredentialsModel.get_by_key_name('foo')
299 self.assertEqual('bar', credmodel.credentials.access_token)
300
301 def test_get_and_put_cached(self):
302 storage = StorageByKeyName(
303 CredentialsModel, 'foo', 'credentials', cache=memcache)
304
305 self.assertEqual(None, storage.get())
306 self.credentials.set_store(storage)
307
308 self.credentials._refresh(_http_request)
309 credmodel = CredentialsModel.get_by_key_name('foo')
310 self.assertEqual('bar', credmodel.credentials.access_token)
311
312 # Now remove the item from the cache.
313 memcache.delete('foo')
314
315 # Check that getting refreshes the cache.
316 credentials = storage.get()
317 self.assertEqual('bar', credentials.access_token)
318 self.assertNotEqual(None, memcache.get('foo'))
319
320 # Deleting should clear the cache.
321 storage.delete()
322 credentials = storage.get()
323 self.assertEqual(None, credentials)
324 self.assertEqual(None, memcache.get('foo'))
325
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]326 def test_get_and_put_ndb(self):
327 # Start empty
328 storage = StorageByKeyName(
329 CredentialsNDBModel, 'foo', 'credentials')
330 self.assertEqual(None, storage.get())
331
332 # Refresh storage and retrieve without using storage
333 self.credentials.set_store(storage)
334 self.credentials._refresh(_http_request)
335 credmodel = CredentialsNDBModel.get_by_id('foo')
336 self.assertEqual('bar', credmodel.credentials.access_token)
337 self.assertEqual(credmodel.credentials.to_json(),
338 self.credentials.to_json())
339
340 def test_delete_ndb(self):
341 # Start empty
342 storage = StorageByKeyName(
343 CredentialsNDBModel, 'foo', 'credentials')
344 self.assertEqual(None, storage.get())
345
346 # Add credentials to model with storage, and check equivalent w/o storage
347 storage.put(self.credentials)
348 credmodel = CredentialsNDBModel.get_by_id('foo')
349 self.assertEqual(credmodel.credentials.to_json(),
350 self.credentials.to_json())
351
352 # Delete and make sure empty
353 storage.delete()
354 self.assertEqual(None, storage.get())
355
356 def test_get_and_put_mixed_ndb_storage_db_get(self):
357 # Start empty
358 storage = StorageByKeyName(
359 CredentialsNDBModel, 'foo', 'credentials')
360 self.assertEqual(None, storage.get())
361
362 # Set NDB store and refresh to add to storage
363 self.credentials.set_store(storage)
364 self.credentials._refresh(_http_request)
365
366 # Retrieve same key from DB model to confirm mixing works
367 credmodel = CredentialsModel.get_by_key_name('foo')
368 self.assertEqual('bar', credmodel.credentials.access_token)
369 self.assertEqual(self.credentials.to_json(),
370 credmodel.credentials.to_json())
371
372 def test_get_and_put_mixed_db_storage_ndb_get(self):
373 # Start empty
374 storage = StorageByKeyName(
375 CredentialsModel, 'foo', 'credentials')
376 self.assertEqual(None, storage.get())
377
378 # Set DB store and refresh to add to storage
379 self.credentials.set_store(storage)
380 self.credentials._refresh(_http_request)
381
382 # Retrieve same key from NDB model to confirm mixing works
383 credmodel = CredentialsNDBModel.get_by_id('foo')
384 self.assertEqual('bar', credmodel.credentials.access_token)
385 self.assertEqual(self.credentials.to_json(),
386 credmodel.credentials.to_json())
387
388 def test_delete_db_ndb_mixed(self):
389 # Start empty
390 storage_ndb = StorageByKeyName(
391 CredentialsNDBModel, 'foo', 'credentials')
392 storage = StorageByKeyName(
393 CredentialsModel, 'foo', 'credentials')
394
395 # First DB, then NDB
396 self.assertEqual(None, storage.get())
397 storage.put(self.credentials)
398 self.assertNotEqual(None, storage.get())
399
400 storage_ndb.delete()
401 self.assertEqual(None, storage.get())
402
403 # First NDB, then DB
404 self.assertEqual(None, storage_ndb.get())
405 storage_ndb.put(self.credentials)
406
407 storage.delete()
408 self.assertNotEqual(None, storage_ndb.get())
409 # NDB uses memcache and an instance cache (Context)
410 ndb.get_context().clear_cache()
411 memcache.flush_all()
412 self.assertEqual(None, storage_ndb.get())
413
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]414
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400[diff] [blame]415class MockRequest(object):
416 url = 'https://example.org'
417
418 def relative_url(self, rel):
419 return self.url + rel
420
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]421
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400[diff] [blame]422class MockRequestHandler(object):
423 request = MockRequest()
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]424
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]425
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]426class DecoratorTests(unittest.TestCase):
427
428 def setUp(self):
429 self.testbed = testbed.Testbed()
430 self.testbed.activate()
431 self.testbed.init_datastore_v3_stub()
432 self.testbed.init_memcache_stub()
433 self.testbed.init_user_stub()
434
435 decorator = OAuth2Decorator(client_id='foo_client_id',
436 client_secret='foo_client_secret',
Johan Euphrosineacf517f2012-02-13 21:08:33 +0100[diff] [blame]437 scope=['foo_scope', 'bar_scope'],
438 user_agent='foo')
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]439
440 self._finish_setup(decorator, user_mock=UserMock)
441
442 def _finish_setup(self, decorator, user_mock):
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]443 self.decorator = decorator
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame^]444 self.had_credentials = False
445 self.found_credentials = None
446 self.should_raise = False
447 parent = self
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]448
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]449 class TestRequiredHandler(webapp2.RequestHandler):
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]450 @decorator.oauth_required
451 def get(self):
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame^]452 if decorator.has_credentials():
453 parent.had_credentials = True
454 parent.found_credentials = decorator.credentials
455 if parent.should_raise:
456 raise Exception('')
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]457
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]458 class TestAwareHandler(webapp2.RequestHandler):
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]459 @decorator.oauth_aware
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]460 def get(self, *args, **kwargs):
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]461 self.response.out.write('Hello World!')
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]462 assert(kwargs['year'] == '2012')
463 assert(kwargs['month'] == '01')
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame^]464 if decorator.has_credentials():
465 parent.had_credentials = True
466 parent.found_credentials = decorator.credentials
467 if parent.should_raise:
468 raise Exception('')
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]469
470
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]471 application = webapp2.WSGIApplication([
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400[diff] [blame]472 ('/oauth2callback', self.decorator.callback_handler()),
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]473 ('/foo_path', TestRequiredHandler),
474 webapp2.Route(r'/bar_path/<year:\d{4}>/<month:\d{2}>',
475 handler=TestAwareHandler, name='bar')],
476 debug=True)
Joe Gregorio77254c12012-08-27 14:13:22 -0400[diff] [blame]477 self.app = TestApp(application, extra_environ={
478 'wsgi.url_scheme': 'http',
479 'HTTP_HOST': 'localhost',
480 })
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]481 users.get_current_user = user_mock()
Joe Gregorio922b78c2011-05-26 21:36:34 -0400[diff] [blame]482 self.httplib2_orig = httplib2.Http
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]483 httplib2.Http = Http2Mock
484
485 def tearDown(self):
486 self.testbed.deactivate()
Joe Gregorio922b78c2011-05-26 21:36:34 -0400[diff] [blame]487 httplib2.Http = self.httplib2_orig
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]488
489 def test_required(self):
490 # An initial request to an oauth_required decorated path should be a
491 # redirect to start the OAuth dance.
Joe Gregorio77254c12012-08-27 14:13:22 -0400[diff] [blame]492 response = self.app.get('http://localhost/foo_path')
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]493 self.assertTrue(response.status.startswith('302'))
494 q = parse_qs(response.headers['Location'].split('?', 1)[1])
495 self.assertEqual('http://localhost/oauth2callback', q['redirect_uri'][0])
496 self.assertEqual('foo_client_id', q['client_id'][0])
Joe Gregoriof2f8a5a2011-10-14 15:11:29 -0400[diff] [blame]497 self.assertEqual('foo_scope bar_scope', q['scope'][0])
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]498 self.assertEqual('http://localhost/foo_path',
499 q['state'][0].rsplit(':', 1)[0])
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]500 self.assertEqual('code', q['response_type'][0])
501 self.assertEqual(False, self.decorator.has_credentials())
502
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]503 m = mox.Mox()
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]504 m.StubOutWithMock(appengine, '_parse_state_value')
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]505 appengine._parse_state_value('foo_path:xsrfkey123',
506 mox.IgnoreArg()).AndReturn('foo_path')
507 m.ReplayAll()
508
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]509 # Now simulate the callback to /oauth2callback.
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]510 response = self.app.get('/oauth2callback', {
511 'code': 'foo_access_code',
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]512 'state': 'foo_path:xsrfkey123',
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]513 })
Joe Gregoriocda87522013-02-22 16:22:48 -0500[diff] [blame]514 parts = response.headers['Location'].split('?', 1)
515 self.assertEqual('http://localhost/foo_path', parts[0])
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]516 self.assertEqual(None, self.decorator.credentials)
Joe Gregoriocda87522013-02-22 16:22:48 -0500[diff] [blame]517 if self.decorator._token_response_param:
Daniel Hermesf7b648f2013-03-06 09:38:53 -0800[diff] [blame]518 response = parse_qs(parts[1])[self.decorator._token_response_param][0]
519 self.assertEqual(Http2Mock.content,
520 simplejson.loads(urllib.unquote(response)))
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame^]521 self.assertEqual(self.decorator.flow, self.decorator._tls.flow)
522 self.assertEqual(self.decorator.credentials,
523 self.decorator._tls.credentials)
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]524
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]525 m.UnsetStubs()
526 m.VerifyAll()
527
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]528 # Now requesting the decorated path should work.
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]529 response = self.app.get('/foo_path')
530 self.assertEqual('200 OK', response.status)
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame^]531 self.assertEqual(True, self.had_credentials)
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]532 self.assertEqual('foo_refresh_token',
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame^]533 self.found_credentials.refresh_token)
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]534 self.assertEqual('foo_access_token',
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame^]535 self.found_credentials.access_token)
536 self.assertEqual(None, self.decorator.credentials)
537
538 # Raising an exception still clears the Credentials.
539 self.should_raise = True
540 try:
541 response = self.app.get('/foo_path')
542 self.fail('Should have raised an exception.')
543 except Exception:
544 pass
545 self.assertEqual(None, self.decorator.credentials)
546 self.should_raise = False
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]547
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]548 # Invalidate the stored Credentials.
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame^]549 self.found_credentials.invalid = True
550 self.found_credentials.store.put(self.found_credentials)
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]551
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]552 # Invalid Credentials should start the OAuth dance again.
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]553 response = self.app.get('/foo_path')
554 self.assertTrue(response.status.startswith('302'))
555 q = parse_qs(response.headers['Location'].split('?', 1)[1])
556 self.assertEqual('http://localhost/oauth2callback', q['redirect_uri'][0])
557
Joe Gregorioec75dc12012-02-06 13:40:42 -0500[diff] [blame]558 def test_storage_delete(self):
559 # An initial request to an oauth_required decorated path should be a
560 # redirect to start the OAuth dance.
561 response = self.app.get('/foo_path')
562 self.assertTrue(response.status.startswith('302'))
563
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]564 m = mox.Mox()
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]565 m.StubOutWithMock(appengine, '_parse_state_value')
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]566 appengine._parse_state_value('foo_path:xsrfkey123',
567 mox.IgnoreArg()).AndReturn('foo_path')
568 m.ReplayAll()
569
Joe Gregorioec75dc12012-02-06 13:40:42 -0500[diff] [blame]570 # Now simulate the callback to /oauth2callback.
571 response = self.app.get('/oauth2callback', {
572 'code': 'foo_access_code',
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]573 'state': 'foo_path:xsrfkey123',
Joe Gregorioec75dc12012-02-06 13:40:42 -0500[diff] [blame]574 })
575 self.assertEqual('http://localhost/foo_path', response.headers['Location'])
576 self.assertEqual(None, self.decorator.credentials)
577
578 # Now requesting the decorated path should work.
579 response = self.app.get('/foo_path')
580
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame^]581 self.assertTrue(self.had_credentials)
582
583 # Credentials should be cleared after each call.
584 self.assertEqual(None, self.decorator.credentials)
585
Joe Gregorioec75dc12012-02-06 13:40:42 -0500[diff] [blame]586 # Invalidate the stored Credentials.
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame^]587 self.found_credentials.store.delete()
Joe Gregorioec75dc12012-02-06 13:40:42 -0500[diff] [blame]588
589 # Invalid Credentials should start the OAuth dance again.
590 response = self.app.get('/foo_path')
591 self.assertTrue(response.status.startswith('302'))
592
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]593 m.UnsetStubs()
594 m.VerifyAll()
595
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]596 def test_aware(self):
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]597 # An initial request to an oauth_aware decorated path should not redirect.
Joe Gregorio77254c12012-08-27 14:13:22 -0400[diff] [blame]598 response = self.app.get('http://localhost/bar_path/2012/01')
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]599 self.assertEqual('Hello World!', response.body)
600 self.assertEqual('200 OK', response.status)
601 self.assertEqual(False, self.decorator.has_credentials())
602 url = self.decorator.authorize_url()
603 q = parse_qs(url.split('?', 1)[1])
604 self.assertEqual('http://localhost/oauth2callback', q['redirect_uri'][0])
605 self.assertEqual('foo_client_id', q['client_id'][0])
Joe Gregoriof2f8a5a2011-10-14 15:11:29 -0400[diff] [blame]606 self.assertEqual('foo_scope bar_scope', q['scope'][0])
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]607 self.assertEqual('http://localhost/bar_path/2012/01',
608 q['state'][0].rsplit(':', 1)[0])
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]609 self.assertEqual('code', q['response_type'][0])
610
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]611 m = mox.Mox()
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]612 m.StubOutWithMock(appengine, '_parse_state_value')
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]613 appengine._parse_state_value('bar_path:xsrfkey456',
614 mox.IgnoreArg()).AndReturn('bar_path')
615 m.ReplayAll()
616
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]617 # Now simulate the callback to /oauth2callback.
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]618 url = self.decorator.authorize_url()
619 response = self.app.get('/oauth2callback', {
620 'code': 'foo_access_code',
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]621 'state': 'bar_path:xsrfkey456',
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]622 })
623 self.assertEqual('http://localhost/bar_path', response.headers['Location'])
624 self.assertEqual(False, self.decorator.has_credentials())
625
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]626 m.UnsetStubs()
627 m.VerifyAll()
628
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]629 # Now requesting the decorated path will have credentials.
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]630 response = self.app.get('/bar_path/2012/01')
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]631 self.assertEqual('200 OK', response.status)
632 self.assertEqual('Hello World!', response.body)
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame^]633 self.assertEqual(True, self.had_credentials)
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]634 self.assertEqual('foo_refresh_token',
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame^]635 self.found_credentials.refresh_token)
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]636 self.assertEqual('foo_access_token',
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame^]637 self.found_credentials.access_token)
638
639 # Credentials should be cleared after each call.
640 self.assertEqual(None, self.decorator.credentials)
641
642 # Raising an exception still clears the Credentials.
643 self.should_raise = True
644 try:
645 response = self.app.get('/bar_path/2012/01')
646 self.fail('Should have raised an exception.')
647 except Exception:
648 pass
649 self.assertEqual(None, self.decorator.credentials)
650 self.should_raise = False
651
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]652
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]653 def test_error_in_step2(self):
654 # An initial request to an oauth_aware decorated path should not redirect.
655 response = self.app.get('/bar_path/2012/01')
656 url = self.decorator.authorize_url()
657 response = self.app.get('/oauth2callback', {
Joe Gregorio77254c12012-08-27 14:13:22 -0400[diff] [blame]658 'error': 'Bad<Stuff>Happened\''
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]659 })
660 self.assertEqual('200 OK', response.status)
Joe Gregorio77254c12012-08-27 14:13:22 -0400[diff] [blame]661 self.assertTrue('Bad&lt;Stuff&gt;Happened&#39;' in response.body)
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]662
Joe Gregorio1adde1a2012-01-06 12:30:35 -0500[diff] [blame]663 def test_kwargs_are_passed_to_underlying_flow(self):
664 decorator = OAuth2Decorator(client_id='foo_client_id',
665 client_secret='foo_client_secret',
Johan Euphrosineacf517f2012-02-13 21:08:33 +0100[diff] [blame]666 user_agent='foo_user_agent',
Joe Gregorio1adde1a2012-01-06 12:30:35 -0500[diff] [blame]667 scope=['foo_scope', 'bar_scope'],
668 access_type='offline',
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]669 approval_prompt='force',
670 revoke_uri='dummy_revoke_uri')
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400[diff] [blame]671 request_handler = MockRequestHandler()
672 decorator._create_flow(request_handler)
673
674 self.assertEqual('https://example.org/oauth2callback',
675 decorator.flow.redirect_uri)
Joe Gregorio1adde1a2012-01-06 12:30:35 -0500[diff] [blame]676 self.assertEqual('offline', decorator.flow.params['access_type'])
677 self.assertEqual('force', decorator.flow.params['approval_prompt'])
Johan Euphrosineacf517f2012-02-13 21:08:33 +0100[diff] [blame]678 self.assertEqual('foo_user_agent', decorator.flow.user_agent)
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]679 self.assertEqual('dummy_revoke_uri', decorator.flow.revoke_uri)
Johan Euphrosineacf517f2012-02-13 21:08:33 +0100[diff] [blame]680 self.assertEqual(None, decorator.flow.params.get('user_agent', None))
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame^]681 self.assertEqual(decorator.flow, decorator._tls.flow)
Joe Gregorio1adde1a2012-01-06 12:30:35 -0500[diff] [blame]682
Joe Gregoriocda87522013-02-22 16:22:48 -0500[diff] [blame]683 def test_token_response_param(self):
684 self.decorator._token_response_param = 'foobar'
685 self.test_required()
686
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]687 def test_decorator_from_client_secrets(self):
688 decorator = oauth2decorator_from_clientsecrets(
689 datafile('client_secrets.json'),
690 scope=['foo_scope', 'bar_scope'])
691 self._finish_setup(decorator, user_mock=UserMock)
692
693 self.assertFalse(decorator._in_error)
694 self.decorator = decorator
695 self.test_required()
696 http = self.decorator.http()
697 self.assertEquals('foo_access_token', http.request.credentials.access_token)
698
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]699 # revoke_uri is not required
700 self.assertEqual(self.decorator._revoke_uri,
701 'https://accounts.google.com/o/oauth2/revoke')
702 self.assertEqual(self.decorator._revoke_uri,
703 self.decorator.credentials.revoke_uri)
704
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400[diff] [blame]705 def test_decorator_from_cached_client_secrets(self):
706 cache_mock = CacheMock()
707 load_and_cache('client_secrets.json', 'secret', cache_mock)
708 decorator = oauth2decorator_from_clientsecrets(
709 # filename, scope, message=None, cache=None
710 'secret', '', cache=cache_mock)
711 self.assertFalse(decorator._in_error)
712
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]713 def test_decorator_from_client_secrets_not_logged_in_required(self):
714 decorator = oauth2decorator_from_clientsecrets(
715 datafile('client_secrets.json'),
716 scope=['foo_scope', 'bar_scope'], message='NotLoggedInMessage')
717 self.decorator = decorator
718 self._finish_setup(decorator, user_mock=UserNotLoggedInMock)
719
720 self.assertFalse(decorator._in_error)
721
722 # An initial request to an oauth_required decorated path should be a
723 # redirect to login.
724 response = self.app.get('/foo_path')
725 self.assertTrue(response.status.startswith('302'))
726 self.assertTrue('Login' in str(response))
727
728 def test_decorator_from_client_secrets_not_logged_in_aware(self):
729 decorator = oauth2decorator_from_clientsecrets(
730 datafile('client_secrets.json'),
731 scope=['foo_scope', 'bar_scope'], message='NotLoggedInMessage')
732 self.decorator = decorator
733 self._finish_setup(decorator, user_mock=UserNotLoggedInMock)
734
735 # An initial request to an oauth_aware decorated path should be a
736 # redirect to login.
737 response = self.app.get('/bar_path/2012/03')
738 self.assertTrue(response.status.startswith('302'))
739 self.assertTrue('Login' in str(response))
740
741 def test_decorator_from_unfilled_client_secrets_required(self):
742 MESSAGE = 'File is missing'
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]743 try:
744 decorator = oauth2decorator_from_clientsecrets(
745 datafile('unfilled_client_secrets.json'),
746 scope=['foo_scope', 'bar_scope'], message=MESSAGE)
747 except InvalidClientSecretsError:
748 pass
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]749
750 def test_decorator_from_unfilled_client_secrets_aware(self):
751 MESSAGE = 'File is missing'
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]752 try:
753 decorator = oauth2decorator_from_clientsecrets(
754 datafile('unfilled_client_secrets.json'),
755 scope=['foo_scope', 'bar_scope'], message=MESSAGE)
756 except InvalidClientSecretsError:
757 pass
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]758
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]759
760class DecoratorXsrfSecretTests(unittest.TestCase):
761 """Test xsrf_secret_key."""
762
763 def setUp(self):
764 self.testbed = testbed.Testbed()
765 self.testbed.activate()
766 self.testbed.init_datastore_v3_stub()
767 self.testbed.init_memcache_stub()
768
769 def tearDown(self):
770 self.testbed.deactivate()
771
772 def test_build_and_parse_state(self):
773 secret = appengine.xsrf_secret_key()
774
775 # Secret shouldn't change from call to call.
776 secret2 = appengine.xsrf_secret_key()
777 self.assertEqual(secret, secret2)
778
779 # Secret shouldn't change if memcache goes away.
780 memcache.delete(appengine.XSRF_MEMCACHE_ID,
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]781 namespace=appengine.OAUTH2CLIENT_NAMESPACE)
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]782 secret3 = appengine.xsrf_secret_key()
783 self.assertEqual(secret2, secret3)
784
785 # Secret should change if both memcache and the model goes away.
786 memcache.delete(appengine.XSRF_MEMCACHE_ID,
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]787 namespace=appengine.OAUTH2CLIENT_NAMESPACE)
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]788 model = appengine.SiteXsrfSecretKey.get_or_insert('site')
789 model.delete()
790
791 secret4 = appengine.xsrf_secret_key()
792 self.assertNotEqual(secret3, secret4)
793
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]794 def test_ndb_insert_db_get(self):
795 secret = appengine._generate_new_xsrf_secret_key()
796 appengine.SiteXsrfSecretKeyNDB(id='site', secret=secret).put()
797
798 site_key = appengine.SiteXsrfSecretKey.get_by_key_name('site')
799 self.assertEqual(site_key.secret, secret)
800
801 def test_db_insert_ndb_get(self):
802 secret = appengine._generate_new_xsrf_secret_key()
803 appengine.SiteXsrfSecretKey(key_name='site', secret=secret).put()
804
805 site_key = appengine.SiteXsrfSecretKeyNDB.get_by_id('site')
806 self.assertEqual(site_key.secret, secret)
807
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]808
809class DecoratorXsrfProtectionTests(unittest.TestCase):
810 """Test _build_state_value and _parse_state_value."""
811
812 def setUp(self):
813 self.testbed = testbed.Testbed()
814 self.testbed.activate()
815 self.testbed.init_datastore_v3_stub()
816 self.testbed.init_memcache_stub()
817
818 def tearDown(self):
819 self.testbed.deactivate()
820
821 def test_build_and_parse_state(self):
822 state = appengine._build_state_value(MockRequestHandler(), UserMock())
823 self.assertEqual(
824 'https://example.org',
825 appengine._parse_state_value(state, UserMock()))
826 self.assertRaises(appengine.InvalidXsrfTokenError,
827 appengine._parse_state_value, state[1:], UserMock())
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]828
Joe Gregorio1adde1a2012-01-06 12:30:35 -0500[diff] [blame]829
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]830if __name__ == '__main__':
831 unittest.main()