Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / e912d185eef03392f095881d407c0c78f7633d5e / . / tests / test_oauth2client_appengine.py
blob: 79657e0aac5d98653d5e909a01ec715a43d02766 [file] [log] [blame]
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]1#!/usr/bin/python2.4
2#
3# Copyright 2010 Google Inc.
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17
18"""Discovery document tests
19
20Unit tests for objects created from discovery documents.
21"""
22
23__author__ = 'jcgregorio@google.com (Joe Gregorio)'
24
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]25import base64
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]26import datetime
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]27import httplib2
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]28import mox
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]29import os
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]30import time
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]31import unittest
Joe Gregoriocda87522013-02-22 16:22:48 -0500[diff] [blame]32import urllib
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]33
34try:
Daniel Hermesb7c5a402013-04-05 09:32:45 -0700[diff] [blame]35 from urlparse import parse_qs
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]36except ImportError:
Daniel Hermesb7c5a402013-04-05 09:32:45 -0700[diff] [blame]37 from cgi import parse_qs
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]38
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500[diff] [blame]39import dev_appserver
40dev_appserver.fix_sys_path()
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]41import webapp2
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500[diff] [blame]42
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]43from apiclient.http import HttpMockSequence
44from google.appengine.api import apiproxy_stub
45from google.appengine.api import apiproxy_stub_map
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]46from google.appengine.api import app_identity
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]47from google.appengine.api import memcache
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]48from google.appengine.api import users
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]49from google.appengine.api.memcache import memcache_stub
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]50from google.appengine.ext import db
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]51from google.appengine.ext import ndb
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]52from google.appengine.ext import testbed
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]53from google.appengine.runtime import apiproxy_errors
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]54from oauth2client import appengine
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]55from oauth2client import GOOGLE_TOKEN_URI
Joe Gregorio549230c2012-01-11 10:38:05 -0500[diff] [blame]56from oauth2client.anyjson import simplejson
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400[diff] [blame]57from oauth2client.clientsecrets import _loadfile
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]58from oauth2client.clientsecrets import InvalidClientSecretsError
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]59from oauth2client.appengine import AppAssertionCredentials
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]60from oauth2client.appengine import CredentialsModel
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]61from oauth2client.appengine import CredentialsNDBModel
62from oauth2client.appengine import FlowNDBProperty
Joe Gregorio4fbde1c2012-07-11 14:47:39 -0400[diff] [blame]63from oauth2client.appengine import FlowProperty
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]64from oauth2client.appengine import OAuth2Decorator
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]65from oauth2client.appengine import StorageByKeyName
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]66from oauth2client.appengine import oauth2decorator_from_clientsecrets
Joe Gregorio549230c2012-01-11 10:38:05 -0500[diff] [blame]67from oauth2client.client import AccessTokenRefreshError
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]68from oauth2client.client import Credentials
Joe Gregorio549230c2012-01-11 10:38:05 -0500[diff] [blame]69from oauth2client.client import FlowExchangeError
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]70from oauth2client.client import OAuth2Credentials
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]71from oauth2client.client import flow_from_clientsecrets
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]72from webtest import TestApp
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]73
Joe Gregorio4fbde1c2012-07-11 14:47:39 -0400[diff] [blame]74
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]75DATA_DIR = os.path.join(os.path.dirname(__file__), 'data')
76
77
78def datafile(filename):
79 return os.path.join(DATA_DIR, filename)
80
81
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400[diff] [blame]82def load_and_cache(existing_file, fakename, cache_mock):
83 client_type, client_info = _loadfile(datafile(existing_file))
84 cache_mock.cache[fakename] = {client_type: client_info}
85
86
87class CacheMock(object):
Daniel Hermesb7c5a402013-04-05 09:32:45 -0700[diff] [blame]88 def __init__(self):
89 self.cache = {}
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400[diff] [blame]90
Daniel Hermesb7c5a402013-04-05 09:32:45 -0700[diff] [blame]91 def get(self, key, namespace=''):
92 # ignoring namespace for easier testing
93 return self.cache.get(key, None)
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400[diff] [blame]94
Daniel Hermesb7c5a402013-04-05 09:32:45 -0700[diff] [blame]95 def set(self, key, value, namespace=''):
96 # ignoring namespace for easier testing
97 self.cache[key] = value
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400[diff] [blame]98
99
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]100class UserMock(object):
101 """Mock the app engine user service"""
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]102
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]103 def __call__(self):
104 return self
105
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]106 def user_id(self):
107 return 'foo_user'
108
109
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]110class UserNotLoggedInMock(object):
111 """Mock the app engine user service"""
112
113 def __call__(self):
114 return None
115
116
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]117class Http2Mock(object):
118 """Mock httplib2.Http"""
119 status = 200
120 content = {
121 'access_token': 'foo_access_token',
122 'refresh_token': 'foo_refresh_token',
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]123 'expires_in': 3600,
Joe Gregoriocda87522013-02-22 16:22:48 -0500[diff] [blame]124 'extra': 'value',
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]125 }
126
127 def request(self, token_uri, method, body, headers, *args, **kwargs):
128 self.body = body
129 self.headers = headers
130 return (self, simplejson.dumps(self.content))
131
132
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]133class TestAppAssertionCredentials(unittest.TestCase):
134 account_name = "service_account_name@appspot.com"
135 signature = "signature"
136
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]137
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]138 class AppIdentityStubImpl(apiproxy_stub.APIProxyStub):
139
140 def __init__(self):
141 super(TestAppAssertionCredentials.AppIdentityStubImpl, self).__init__(
142 'app_identity_service')
143
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]144 def _Dynamic_GetAccessToken(self, request, response):
145 response.set_access_token('a_token_123')
146 response.set_expiration_time(time.time() + 1800)
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]147
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]148
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]149 class ErroringAppIdentityStubImpl(apiproxy_stub.APIProxyStub):
150
151 def __init__(self):
152 super(TestAppAssertionCredentials.ErroringAppIdentityStubImpl, self).__init__(
153 'app_identity_service')
154
155 def _Dynamic_GetAccessToken(self, request, response):
156 raise app_identity.BackendDeadlineExceeded()
157
158 def test_raise_correct_type_of_exception(self):
159 app_identity_stub = self.ErroringAppIdentityStubImpl()
160 apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]161 apiproxy_stub_map.apiproxy.RegisterStub('app_identity_service',
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]162 app_identity_stub)
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]163 apiproxy_stub_map.apiproxy.RegisterStub(
164 'memcache', memcache_stub.MemcacheServiceStub())
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]165
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]166 scope = 'http://www.googleapis.com/scope'
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]167 try:
168 credentials = AppAssertionCredentials(scope)
169 http = httplib2.Http()
170 credentials.refresh(http)
171 self.fail('Should have raised an AccessTokenRefreshError')
172 except AccessTokenRefreshError:
173 pass
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]174
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]175 def test_get_access_token_on_refresh(self):
176 app_identity_stub = self.AppIdentityStubImpl()
177 apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
178 apiproxy_stub_map.apiproxy.RegisterStub("app_identity_service",
179 app_identity_stub)
180 apiproxy_stub_map.apiproxy.RegisterStub(
181 'memcache', memcache_stub.MemcacheServiceStub())
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]182
Joe Gregorio5cf5d122012-11-16 16:36:12 -0500[diff] [blame]183 scope = [
184 "http://www.googleapis.com/scope",
185 "http://www.googleapis.com/scope2"]
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]186 credentials = AppAssertionCredentials(scope)
187 http = httplib2.Http()
188 credentials.refresh(http)
189 self.assertEqual('a_token_123', credentials.access_token)
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]190
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]191 json = credentials.to_json()
192 credentials = Credentials.new_from_json(json)
Joe Gregorio5cf5d122012-11-16 16:36:12 -0500[diff] [blame]193 self.assertEqual(
194 'http://www.googleapis.com/scope http://www.googleapis.com/scope2',
195 credentials.scope)
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]196
Joe Gregorio5cf5d122012-11-16 16:36:12 -0500[diff] [blame]197 scope = "http://www.googleapis.com/scope http://www.googleapis.com/scope2"
198 credentials = AppAssertionCredentials(scope)
199 http = httplib2.Http()
200 credentials.refresh(http)
201 self.assertEqual('a_token_123', credentials.access_token)
202 self.assertEqual(
203 'http://www.googleapis.com/scope http://www.googleapis.com/scope2',
204 credentials.scope)
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]205
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]206
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]207class TestFlowModel(db.Model):
208 flow = FlowProperty()
209
210
211class FlowPropertyTest(unittest.TestCase):
212
213 def setUp(self):
214 self.testbed = testbed.Testbed()
215 self.testbed.activate()
216 self.testbed.init_datastore_v3_stub()
217
218 def tearDown(self):
219 self.testbed.deactivate()
220
221 def test_flow_get_put(self):
222 instance = TestFlowModel(
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400[diff] [blame]223 flow=flow_from_clientsecrets(datafile('client_secrets.json'), 'foo',
224 redirect_uri='oob'),
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]225 key_name='foo'
226 )
227 instance.put()
228 retrieved = TestFlowModel.get_by_key_name('foo')
229
230 self.assertEqual('foo_client_id', retrieved.flow.client_id)
231
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]232
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]233class TestFlowNDBModel(ndb.Model):
234 flow = FlowNDBProperty()
235
236
237class FlowNDBPropertyTest(unittest.TestCase):
238
239 def setUp(self):
240 self.testbed = testbed.Testbed()
241 self.testbed.activate()
242 self.testbed.init_datastore_v3_stub()
243 self.testbed.init_memcache_stub()
244
245 def tearDown(self):
246 self.testbed.deactivate()
247
248 def test_flow_get_put(self):
249 instance = TestFlowNDBModel(
250 flow=flow_from_clientsecrets(datafile('client_secrets.json'), 'foo',
251 redirect_uri='oob'),
252 id='foo'
253 )
254 instance.put()
255 retrieved = TestFlowNDBModel.get_by_id('foo')
256
257 self.assertEqual('foo_client_id', retrieved.flow.client_id)
258
259
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]260def _http_request(*args, **kwargs):
261 resp = httplib2.Response({'status': '200'})
262 content = simplejson.dumps({'access_token': 'bar'})
263
264 return resp, content
265
266
267class StorageByKeyNameTest(unittest.TestCase):
268
269 def setUp(self):
270 self.testbed = testbed.Testbed()
271 self.testbed.activate()
272 self.testbed.init_datastore_v3_stub()
273 self.testbed.init_memcache_stub()
274 self.testbed.init_user_stub()
275
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]276 access_token = 'foo'
277 client_id = 'some_client_id'
278 client_secret = 'cOuDdkfjxxnv+'
279 refresh_token = '1/0/a.df219fjls0'
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]280 token_expiry = datetime.datetime.utcnow()
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]281 user_agent = 'refresh_checker/1.0'
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]282 self.credentials = OAuth2Credentials(
283 access_token, client_id, client_secret,
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]284 refresh_token, token_expiry, GOOGLE_TOKEN_URI,
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]285 user_agent)
286
287 def tearDown(self):
288 self.testbed.deactivate()
289
290 def test_get_and_put_simple(self):
291 storage = StorageByKeyName(
292 CredentialsModel, 'foo', 'credentials')
293
294 self.assertEqual(None, storage.get())
295 self.credentials.set_store(storage)
296
297 self.credentials._refresh(_http_request)
298 credmodel = CredentialsModel.get_by_key_name('foo')
299 self.assertEqual('bar', credmodel.credentials.access_token)
300
301 def test_get_and_put_cached(self):
302 storage = StorageByKeyName(
303 CredentialsModel, 'foo', 'credentials', cache=memcache)
304
305 self.assertEqual(None, storage.get())
306 self.credentials.set_store(storage)
307
308 self.credentials._refresh(_http_request)
309 credmodel = CredentialsModel.get_by_key_name('foo')
310 self.assertEqual('bar', credmodel.credentials.access_token)
311
312 # Now remove the item from the cache.
313 memcache.delete('foo')
314
315 # Check that getting refreshes the cache.
316 credentials = storage.get()
317 self.assertEqual('bar', credentials.access_token)
318 self.assertNotEqual(None, memcache.get('foo'))
319
320 # Deleting should clear the cache.
321 storage.delete()
322 credentials = storage.get()
323 self.assertEqual(None, credentials)
324 self.assertEqual(None, memcache.get('foo'))
325
Joe Gregorioe912d182013-08-06 11:30:44 -0400[diff] [blame^]326 def test_get_and_put_set_store_on_cache_retrieval(self):
327 storage = StorageByKeyName(
328 CredentialsModel, 'foo', 'credentials', cache=memcache)
329
330 self.assertEqual(None, storage.get())
331 self.credentials.set_store(storage)
332 storage.put(self.credentials)
333 # Pre-bug 292 old_creds wouldn't have storage, and the _refresh wouldn't
334 # be able to store the updated cred back into the storage.
335 old_creds = storage.get()
336 self.assertEqual(old_creds.access_token, 'foo')
337 old_creds.invalid = True
338 old_creds._refresh(_http_request)
339 new_creds = storage.get()
340 self.assertEqual(new_creds.access_token, 'bar')
341
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]342 def test_get_and_put_ndb(self):
343 # Start empty
344 storage = StorageByKeyName(
345 CredentialsNDBModel, 'foo', 'credentials')
346 self.assertEqual(None, storage.get())
347
348 # Refresh storage and retrieve without using storage
349 self.credentials.set_store(storage)
350 self.credentials._refresh(_http_request)
351 credmodel = CredentialsNDBModel.get_by_id('foo')
352 self.assertEqual('bar', credmodel.credentials.access_token)
353 self.assertEqual(credmodel.credentials.to_json(),
354 self.credentials.to_json())
355
356 def test_delete_ndb(self):
357 # Start empty
358 storage = StorageByKeyName(
359 CredentialsNDBModel, 'foo', 'credentials')
360 self.assertEqual(None, storage.get())
361
362 # Add credentials to model with storage, and check equivalent w/o storage
363 storage.put(self.credentials)
364 credmodel = CredentialsNDBModel.get_by_id('foo')
365 self.assertEqual(credmodel.credentials.to_json(),
366 self.credentials.to_json())
367
368 # Delete and make sure empty
369 storage.delete()
370 self.assertEqual(None, storage.get())
371
372 def test_get_and_put_mixed_ndb_storage_db_get(self):
373 # Start empty
374 storage = StorageByKeyName(
375 CredentialsNDBModel, 'foo', 'credentials')
376 self.assertEqual(None, storage.get())
377
378 # Set NDB store and refresh to add to storage
379 self.credentials.set_store(storage)
380 self.credentials._refresh(_http_request)
381
382 # Retrieve same key from DB model to confirm mixing works
383 credmodel = CredentialsModel.get_by_key_name('foo')
384 self.assertEqual('bar', credmodel.credentials.access_token)
385 self.assertEqual(self.credentials.to_json(),
386 credmodel.credentials.to_json())
387
388 def test_get_and_put_mixed_db_storage_ndb_get(self):
389 # Start empty
390 storage = StorageByKeyName(
391 CredentialsModel, 'foo', 'credentials')
392 self.assertEqual(None, storage.get())
393
394 # Set DB store and refresh to add to storage
395 self.credentials.set_store(storage)
396 self.credentials._refresh(_http_request)
397
398 # Retrieve same key from NDB model to confirm mixing works
399 credmodel = CredentialsNDBModel.get_by_id('foo')
400 self.assertEqual('bar', credmodel.credentials.access_token)
401 self.assertEqual(self.credentials.to_json(),
402 credmodel.credentials.to_json())
403
404 def test_delete_db_ndb_mixed(self):
405 # Start empty
406 storage_ndb = StorageByKeyName(
407 CredentialsNDBModel, 'foo', 'credentials')
408 storage = StorageByKeyName(
409 CredentialsModel, 'foo', 'credentials')
410
411 # First DB, then NDB
412 self.assertEqual(None, storage.get())
413 storage.put(self.credentials)
414 self.assertNotEqual(None, storage.get())
415
416 storage_ndb.delete()
417 self.assertEqual(None, storage.get())
418
419 # First NDB, then DB
420 self.assertEqual(None, storage_ndb.get())
421 storage_ndb.put(self.credentials)
422
423 storage.delete()
424 self.assertNotEqual(None, storage_ndb.get())
425 # NDB uses memcache and an instance cache (Context)
426 ndb.get_context().clear_cache()
427 memcache.flush_all()
428 self.assertEqual(None, storage_ndb.get())
429
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]430
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400[diff] [blame]431class MockRequest(object):
432 url = 'https://example.org'
433
434 def relative_url(self, rel):
435 return self.url + rel
436
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]437
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400[diff] [blame]438class MockRequestHandler(object):
439 request = MockRequest()
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]440
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]441
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]442class DecoratorTests(unittest.TestCase):
443
444 def setUp(self):
445 self.testbed = testbed.Testbed()
446 self.testbed.activate()
447 self.testbed.init_datastore_v3_stub()
448 self.testbed.init_memcache_stub()
449 self.testbed.init_user_stub()
450
451 decorator = OAuth2Decorator(client_id='foo_client_id',
452 client_secret='foo_client_secret',
Johan Euphrosineacf517f2012-02-13 21:08:33 +0100[diff] [blame]453 scope=['foo_scope', 'bar_scope'],
454 user_agent='foo')
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]455
456 self._finish_setup(decorator, user_mock=UserMock)
457
458 def _finish_setup(self, decorator, user_mock):
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]459 self.decorator = decorator
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame]460 self.had_credentials = False
461 self.found_credentials = None
462 self.should_raise = False
463 parent = self
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]464
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]465 class TestRequiredHandler(webapp2.RequestHandler):
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]466 @decorator.oauth_required
467 def get(self):
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame]468 if decorator.has_credentials():
469 parent.had_credentials = True
470 parent.found_credentials = decorator.credentials
471 if parent.should_raise:
472 raise Exception('')
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]473
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]474 class TestAwareHandler(webapp2.RequestHandler):
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]475 @decorator.oauth_aware
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]476 def get(self, *args, **kwargs):
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]477 self.response.out.write('Hello World!')
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]478 assert(kwargs['year'] == '2012')
479 assert(kwargs['month'] == '01')
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame]480 if decorator.has_credentials():
481 parent.had_credentials = True
482 parent.found_credentials = decorator.credentials
483 if parent.should_raise:
484 raise Exception('')
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]485
486
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]487 application = webapp2.WSGIApplication([
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400[diff] [blame]488 ('/oauth2callback', self.decorator.callback_handler()),
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]489 ('/foo_path', TestRequiredHandler),
490 webapp2.Route(r'/bar_path/<year:\d{4}>/<month:\d{2}>',
491 handler=TestAwareHandler, name='bar')],
492 debug=True)
Joe Gregorio77254c12012-08-27 14:13:22 -0400[diff] [blame]493 self.app = TestApp(application, extra_environ={
494 'wsgi.url_scheme': 'http',
495 'HTTP_HOST': 'localhost',
496 })
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]497 users.get_current_user = user_mock()
Joe Gregorio922b78c2011-05-26 21:36:34 -0400[diff] [blame]498 self.httplib2_orig = httplib2.Http
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]499 httplib2.Http = Http2Mock
500
501 def tearDown(self):
502 self.testbed.deactivate()
Joe Gregorio922b78c2011-05-26 21:36:34 -0400[diff] [blame]503 httplib2.Http = self.httplib2_orig
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]504
505 def test_required(self):
506 # An initial request to an oauth_required decorated path should be a
507 # redirect to start the OAuth dance.
Joe Gregorio77254c12012-08-27 14:13:22 -0400[diff] [blame]508 response = self.app.get('http://localhost/foo_path')
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]509 self.assertTrue(response.status.startswith('302'))
510 q = parse_qs(response.headers['Location'].split('?', 1)[1])
511 self.assertEqual('http://localhost/oauth2callback', q['redirect_uri'][0])
512 self.assertEqual('foo_client_id', q['client_id'][0])
Joe Gregoriof2f8a5a2011-10-14 15:11:29 -0400[diff] [blame]513 self.assertEqual('foo_scope bar_scope', q['scope'][0])
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]514 self.assertEqual('http://localhost/foo_path',
515 q['state'][0].rsplit(':', 1)[0])
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]516 self.assertEqual('code', q['response_type'][0])
517 self.assertEqual(False, self.decorator.has_credentials())
518
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]519 m = mox.Mox()
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]520 m.StubOutWithMock(appengine, '_parse_state_value')
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]521 appengine._parse_state_value('foo_path:xsrfkey123',
522 mox.IgnoreArg()).AndReturn('foo_path')
523 m.ReplayAll()
524
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]525 # Now simulate the callback to /oauth2callback.
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]526 response = self.app.get('/oauth2callback', {
527 'code': 'foo_access_code',
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]528 'state': 'foo_path:xsrfkey123',
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]529 })
Joe Gregoriocda87522013-02-22 16:22:48 -0500[diff] [blame]530 parts = response.headers['Location'].split('?', 1)
531 self.assertEqual('http://localhost/foo_path', parts[0])
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]532 self.assertEqual(None, self.decorator.credentials)
Joe Gregoriocda87522013-02-22 16:22:48 -0500[diff] [blame]533 if self.decorator._token_response_param:
Daniel Hermesf7b648f2013-03-06 09:38:53 -0800[diff] [blame]534 response = parse_qs(parts[1])[self.decorator._token_response_param][0]
535 self.assertEqual(Http2Mock.content,
536 simplejson.loads(urllib.unquote(response)))
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame]537 self.assertEqual(self.decorator.flow, self.decorator._tls.flow)
538 self.assertEqual(self.decorator.credentials,
539 self.decorator._tls.credentials)
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]540
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]541 m.UnsetStubs()
542 m.VerifyAll()
543
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]544 # Now requesting the decorated path should work.
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]545 response = self.app.get('/foo_path')
546 self.assertEqual('200 OK', response.status)
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame]547 self.assertEqual(True, self.had_credentials)
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]548 self.assertEqual('foo_refresh_token',
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame]549 self.found_credentials.refresh_token)
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]550 self.assertEqual('foo_access_token',
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame]551 self.found_credentials.access_token)
552 self.assertEqual(None, self.decorator.credentials)
553
554 # Raising an exception still clears the Credentials.
555 self.should_raise = True
556 try:
557 response = self.app.get('/foo_path')
558 self.fail('Should have raised an exception.')
559 except Exception:
560 pass
561 self.assertEqual(None, self.decorator.credentials)
562 self.should_raise = False
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]563
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]564 # Invalidate the stored Credentials.
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame]565 self.found_credentials.invalid = True
566 self.found_credentials.store.put(self.found_credentials)
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]567
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]568 # Invalid Credentials should start the OAuth dance again.
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]569 response = self.app.get('/foo_path')
570 self.assertTrue(response.status.startswith('302'))
571 q = parse_qs(response.headers['Location'].split('?', 1)[1])
572 self.assertEqual('http://localhost/oauth2callback', q['redirect_uri'][0])
573
Joe Gregorioec75dc12012-02-06 13:40:42 -0500[diff] [blame]574 def test_storage_delete(self):
575 # An initial request to an oauth_required decorated path should be a
576 # redirect to start the OAuth dance.
577 response = self.app.get('/foo_path')
578 self.assertTrue(response.status.startswith('302'))
579
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]580 m = mox.Mox()
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]581 m.StubOutWithMock(appengine, '_parse_state_value')
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]582 appengine._parse_state_value('foo_path:xsrfkey123',
583 mox.IgnoreArg()).AndReturn('foo_path')
584 m.ReplayAll()
585
Joe Gregorioec75dc12012-02-06 13:40:42 -0500[diff] [blame]586 # Now simulate the callback to /oauth2callback.
587 response = self.app.get('/oauth2callback', {
588 'code': 'foo_access_code',
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]589 'state': 'foo_path:xsrfkey123',
Joe Gregorioec75dc12012-02-06 13:40:42 -0500[diff] [blame]590 })
591 self.assertEqual('http://localhost/foo_path', response.headers['Location'])
592 self.assertEqual(None, self.decorator.credentials)
593
594 # Now requesting the decorated path should work.
595 response = self.app.get('/foo_path')
596
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame]597 self.assertTrue(self.had_credentials)
598
599 # Credentials should be cleared after each call.
600 self.assertEqual(None, self.decorator.credentials)
601
Joe Gregorioec75dc12012-02-06 13:40:42 -0500[diff] [blame]602 # Invalidate the stored Credentials.
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame]603 self.found_credentials.store.delete()
Joe Gregorioec75dc12012-02-06 13:40:42 -0500[diff] [blame]604
605 # Invalid Credentials should start the OAuth dance again.
606 response = self.app.get('/foo_path')
607 self.assertTrue(response.status.startswith('302'))
608
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]609 m.UnsetStubs()
610 m.VerifyAll()
611
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]612 def test_aware(self):
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]613 # An initial request to an oauth_aware decorated path should not redirect.
Joe Gregorio77254c12012-08-27 14:13:22 -0400[diff] [blame]614 response = self.app.get('http://localhost/bar_path/2012/01')
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]615 self.assertEqual('Hello World!', response.body)
616 self.assertEqual('200 OK', response.status)
617 self.assertEqual(False, self.decorator.has_credentials())
618 url = self.decorator.authorize_url()
619 q = parse_qs(url.split('?', 1)[1])
620 self.assertEqual('http://localhost/oauth2callback', q['redirect_uri'][0])
621 self.assertEqual('foo_client_id', q['client_id'][0])
Joe Gregoriof2f8a5a2011-10-14 15:11:29 -0400[diff] [blame]622 self.assertEqual('foo_scope bar_scope', q['scope'][0])
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]623 self.assertEqual('http://localhost/bar_path/2012/01',
624 q['state'][0].rsplit(':', 1)[0])
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]625 self.assertEqual('code', q['response_type'][0])
626
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]627 m = mox.Mox()
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]628 m.StubOutWithMock(appengine, '_parse_state_value')
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]629 appengine._parse_state_value('bar_path:xsrfkey456',
630 mox.IgnoreArg()).AndReturn('bar_path')
631 m.ReplayAll()
632
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]633 # Now simulate the callback to /oauth2callback.
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]634 url = self.decorator.authorize_url()
635 response = self.app.get('/oauth2callback', {
636 'code': 'foo_access_code',
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]637 'state': 'bar_path:xsrfkey456',
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]638 })
639 self.assertEqual('http://localhost/bar_path', response.headers['Location'])
640 self.assertEqual(False, self.decorator.has_credentials())
641
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]642 m.UnsetStubs()
643 m.VerifyAll()
644
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]645 # Now requesting the decorated path will have credentials.
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]646 response = self.app.get('/bar_path/2012/01')
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]647 self.assertEqual('200 OK', response.status)
648 self.assertEqual('Hello World!', response.body)
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame]649 self.assertEqual(True, self.had_credentials)
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]650 self.assertEqual('foo_refresh_token',
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame]651 self.found_credentials.refresh_token)
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]652 self.assertEqual('foo_access_token',
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame]653 self.found_credentials.access_token)
654
655 # Credentials should be cleared after each call.
656 self.assertEqual(None, self.decorator.credentials)
657
658 # Raising an exception still clears the Credentials.
659 self.should_raise = True
660 try:
661 response = self.app.get('/bar_path/2012/01')
662 self.fail('Should have raised an exception.')
663 except Exception:
664 pass
665 self.assertEqual(None, self.decorator.credentials)
666 self.should_raise = False
667
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]668
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]669 def test_error_in_step2(self):
670 # An initial request to an oauth_aware decorated path should not redirect.
671 response = self.app.get('/bar_path/2012/01')
672 url = self.decorator.authorize_url()
673 response = self.app.get('/oauth2callback', {
Joe Gregorio77254c12012-08-27 14:13:22 -0400[diff] [blame]674 'error': 'Bad<Stuff>Happened\''
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]675 })
676 self.assertEqual('200 OK', response.status)
Joe Gregorio77254c12012-08-27 14:13:22 -0400[diff] [blame]677 self.assertTrue('Bad&lt;Stuff&gt;Happened&#39;' in response.body)
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]678
Joe Gregorio1adde1a2012-01-06 12:30:35 -0500[diff] [blame]679 def test_kwargs_are_passed_to_underlying_flow(self):
680 decorator = OAuth2Decorator(client_id='foo_client_id',
681 client_secret='foo_client_secret',
Johan Euphrosineacf517f2012-02-13 21:08:33 +0100[diff] [blame]682 user_agent='foo_user_agent',
Joe Gregorio1adde1a2012-01-06 12:30:35 -0500[diff] [blame]683 scope=['foo_scope', 'bar_scope'],
684 access_type='offline',
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]685 approval_prompt='force',
686 revoke_uri='dummy_revoke_uri')
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400[diff] [blame]687 request_handler = MockRequestHandler()
688 decorator._create_flow(request_handler)
689
690 self.assertEqual('https://example.org/oauth2callback',
691 decorator.flow.redirect_uri)
Joe Gregorio1adde1a2012-01-06 12:30:35 -0500[diff] [blame]692 self.assertEqual('offline', decorator.flow.params['access_type'])
693 self.assertEqual('force', decorator.flow.params['approval_prompt'])
Johan Euphrosineacf517f2012-02-13 21:08:33 +0100[diff] [blame]694 self.assertEqual('foo_user_agent', decorator.flow.user_agent)
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]695 self.assertEqual('dummy_revoke_uri', decorator.flow.revoke_uri)
Johan Euphrosineacf517f2012-02-13 21:08:33 +0100[diff] [blame]696 self.assertEqual(None, decorator.flow.params.get('user_agent', None))
Joe Gregoriob8b6fea2013-05-16 15:52:57 -0400[diff] [blame]697 self.assertEqual(decorator.flow, decorator._tls.flow)
Joe Gregorio1adde1a2012-01-06 12:30:35 -0500[diff] [blame]698
Joe Gregoriocda87522013-02-22 16:22:48 -0500[diff] [blame]699 def test_token_response_param(self):
700 self.decorator._token_response_param = 'foobar'
701 self.test_required()
702
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]703 def test_decorator_from_client_secrets(self):
704 decorator = oauth2decorator_from_clientsecrets(
705 datafile('client_secrets.json'),
706 scope=['foo_scope', 'bar_scope'])
707 self._finish_setup(decorator, user_mock=UserMock)
708
709 self.assertFalse(decorator._in_error)
710 self.decorator = decorator
711 self.test_required()
712 http = self.decorator.http()
713 self.assertEquals('foo_access_token', http.request.credentials.access_token)
714
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]715 # revoke_uri is not required
716 self.assertEqual(self.decorator._revoke_uri,
717 'https://accounts.google.com/o/oauth2/revoke')
718 self.assertEqual(self.decorator._revoke_uri,
719 self.decorator.credentials.revoke_uri)
720
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400[diff] [blame]721 def test_decorator_from_cached_client_secrets(self):
722 cache_mock = CacheMock()
723 load_and_cache('client_secrets.json', 'secret', cache_mock)
724 decorator = oauth2decorator_from_clientsecrets(
725 # filename, scope, message=None, cache=None
726 'secret', '', cache=cache_mock)
727 self.assertFalse(decorator._in_error)
728
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]729 def test_decorator_from_client_secrets_not_logged_in_required(self):
730 decorator = oauth2decorator_from_clientsecrets(
731 datafile('client_secrets.json'),
732 scope=['foo_scope', 'bar_scope'], message='NotLoggedInMessage')
733 self.decorator = decorator
734 self._finish_setup(decorator, user_mock=UserNotLoggedInMock)
735
736 self.assertFalse(decorator._in_error)
737
738 # An initial request to an oauth_required decorated path should be a
739 # redirect to login.
740 response = self.app.get('/foo_path')
741 self.assertTrue(response.status.startswith('302'))
742 self.assertTrue('Login' in str(response))
743
744 def test_decorator_from_client_secrets_not_logged_in_aware(self):
745 decorator = oauth2decorator_from_clientsecrets(
746 datafile('client_secrets.json'),
747 scope=['foo_scope', 'bar_scope'], message='NotLoggedInMessage')
748 self.decorator = decorator
749 self._finish_setup(decorator, user_mock=UserNotLoggedInMock)
750
751 # An initial request to an oauth_aware decorated path should be a
752 # redirect to login.
753 response = self.app.get('/bar_path/2012/03')
754 self.assertTrue(response.status.startswith('302'))
755 self.assertTrue('Login' in str(response))
756
757 def test_decorator_from_unfilled_client_secrets_required(self):
758 MESSAGE = 'File is missing'
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]759 try:
760 decorator = oauth2decorator_from_clientsecrets(
761 datafile('unfilled_client_secrets.json'),
762 scope=['foo_scope', 'bar_scope'], message=MESSAGE)
763 except InvalidClientSecretsError:
764 pass
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]765
766 def test_decorator_from_unfilled_client_secrets_aware(self):
767 MESSAGE = 'File is missing'
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]768 try:
769 decorator = oauth2decorator_from_clientsecrets(
770 datafile('unfilled_client_secrets.json'),
771 scope=['foo_scope', 'bar_scope'], message=MESSAGE)
772 except InvalidClientSecretsError:
773 pass
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]774
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]775
776class DecoratorXsrfSecretTests(unittest.TestCase):
777 """Test xsrf_secret_key."""
778
779 def setUp(self):
780 self.testbed = testbed.Testbed()
781 self.testbed.activate()
782 self.testbed.init_datastore_v3_stub()
783 self.testbed.init_memcache_stub()
784
785 def tearDown(self):
786 self.testbed.deactivate()
787
788 def test_build_and_parse_state(self):
789 secret = appengine.xsrf_secret_key()
790
791 # Secret shouldn't change from call to call.
792 secret2 = appengine.xsrf_secret_key()
793 self.assertEqual(secret, secret2)
794
795 # Secret shouldn't change if memcache goes away.
796 memcache.delete(appengine.XSRF_MEMCACHE_ID,
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]797 namespace=appengine.OAUTH2CLIENT_NAMESPACE)
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]798 secret3 = appengine.xsrf_secret_key()
799 self.assertEqual(secret2, secret3)
800
801 # Secret should change if both memcache and the model goes away.
802 memcache.delete(appengine.XSRF_MEMCACHE_ID,
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]803 namespace=appengine.OAUTH2CLIENT_NAMESPACE)
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]804 model = appengine.SiteXsrfSecretKey.get_or_insert('site')
805 model.delete()
806
807 secret4 = appengine.xsrf_secret_key()
808 self.assertNotEqual(secret3, secret4)
809
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]810 def test_ndb_insert_db_get(self):
811 secret = appengine._generate_new_xsrf_secret_key()
812 appengine.SiteXsrfSecretKeyNDB(id='site', secret=secret).put()
813
814 site_key = appengine.SiteXsrfSecretKey.get_by_key_name('site')
815 self.assertEqual(site_key.secret, secret)
816
817 def test_db_insert_ndb_get(self):
818 secret = appengine._generate_new_xsrf_secret_key()
819 appengine.SiteXsrfSecretKey(key_name='site', secret=secret).put()
820
821 site_key = appengine.SiteXsrfSecretKeyNDB.get_by_id('site')
822 self.assertEqual(site_key.secret, secret)
823
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]824
825class DecoratorXsrfProtectionTests(unittest.TestCase):
826 """Test _build_state_value and _parse_state_value."""
827
828 def setUp(self):
829 self.testbed = testbed.Testbed()
830 self.testbed.activate()
831 self.testbed.init_datastore_v3_stub()
832 self.testbed.init_memcache_stub()
833
834 def tearDown(self):
835 self.testbed.deactivate()
836
837 def test_build_and_parse_state(self):
838 state = appengine._build_state_value(MockRequestHandler(), UserMock())
839 self.assertEqual(
840 'https://example.org',
841 appengine._parse_state_value(state, UserMock()))
842 self.assertRaises(appengine.InvalidXsrfTokenError,
843 appengine._parse_state_value, state[1:], UserMock())
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]844
Joe Gregorio1adde1a2012-01-06 12:30:35 -0500[diff] [blame]845
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]846if __name__ == '__main__':
847 unittest.main()