Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / cda875206a451aa379261c6eaa642763f24a6cce / . / tests / test_oauth2client_appengine.py
blob: b8e2588e7f5bed536cad11bdc44d7bbb07f5912f [file] [log] [blame]
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]1#!/usr/bin/python2.4
2#
3# Copyright 2010 Google Inc.
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17
18"""Discovery document tests
19
20Unit tests for objects created from discovery documents.
21"""
22
23__author__ = 'jcgregorio@google.com (Joe Gregorio)'
24
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]25import base64
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]26import datetime
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]27import httplib2
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]28import mox
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]29import os
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]30import time
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]31import unittest
Joe Gregoriocda87522013-02-22 16:22:48 -0500[diff] [blame^]32import urllib
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]33
34try:
35 from urlparse import parse_qs
36except ImportError:
37 from cgi import parse_qs
38
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500[diff] [blame]39import dev_appserver
40dev_appserver.fix_sys_path()
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]41import webapp2
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500[diff] [blame]42
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]43from apiclient.http import HttpMockSequence
44from google.appengine.api import apiproxy_stub
45from google.appengine.api import apiproxy_stub_map
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]46from google.appengine.api import app_identity
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]47from google.appengine.api import memcache
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]48from google.appengine.api import users
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]49from google.appengine.api.memcache import memcache_stub
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]50from google.appengine.ext import db
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]51from google.appengine.ext import ndb
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]52from google.appengine.ext import testbed
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]53from google.appengine.runtime import apiproxy_errors
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]54from oauth2client import appengine
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]55from oauth2client import GOOGLE_TOKEN_URI
Joe Gregorio549230c2012-01-11 10:38:05 -0500[diff] [blame]56from oauth2client.anyjson import simplejson
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400[diff] [blame]57from oauth2client.clientsecrets import _loadfile
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]58from oauth2client.clientsecrets import InvalidClientSecretsError
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]59from oauth2client.appengine import AppAssertionCredentials
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]60from oauth2client.appengine import CredentialsModel
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]61from oauth2client.appengine import CredentialsNDBModel
62from oauth2client.appengine import FlowNDBProperty
Joe Gregorio4fbde1c2012-07-11 14:47:39 -0400[diff] [blame]63from oauth2client.appengine import FlowProperty
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]64from oauth2client.appengine import OAuth2Decorator
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]65from oauth2client.appengine import StorageByKeyName
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]66from oauth2client.appengine import oauth2decorator_from_clientsecrets
Joe Gregorio549230c2012-01-11 10:38:05 -0500[diff] [blame]67from oauth2client.client import AccessTokenRefreshError
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]68from oauth2client.client import Credentials
Joe Gregorio549230c2012-01-11 10:38:05 -0500[diff] [blame]69from oauth2client.client import FlowExchangeError
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]70from oauth2client.client import OAuth2Credentials
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]71from oauth2client.client import flow_from_clientsecrets
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]72from webtest import TestApp
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]73
Joe Gregorio4fbde1c2012-07-11 14:47:39 -0400[diff] [blame]74
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]75DATA_DIR = os.path.join(os.path.dirname(__file__), 'data')
76
77
78def datafile(filename):
79 return os.path.join(DATA_DIR, filename)
80
81
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400[diff] [blame]82def load_and_cache(existing_file, fakename, cache_mock):
83 client_type, client_info = _loadfile(datafile(existing_file))
84 cache_mock.cache[fakename] = {client_type: client_info}
85
86
87class CacheMock(object):
88 def __init__(self):
89 self.cache = {}
90
91 def get(self, key, namespace=''):
92 # ignoring namespace for easier testing
93 return self.cache.get(key, None)
94
95 def set(self, key, value, namespace=''):
96 # ignoring namespace for easier testing
97 self.cache[key] = value
98
99
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]100class UserMock(object):
101 """Mock the app engine user service"""
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]102
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]103 def __call__(self):
104 return self
105
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]106 def user_id(self):
107 return 'foo_user'
108
109
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]110class UserNotLoggedInMock(object):
111 """Mock the app engine user service"""
112
113 def __call__(self):
114 return None
115
116
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]117class Http2Mock(object):
118 """Mock httplib2.Http"""
119 status = 200
120 content = {
121 'access_token': 'foo_access_token',
122 'refresh_token': 'foo_refresh_token',
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]123 'expires_in': 3600,
Joe Gregoriocda87522013-02-22 16:22:48 -0500[diff] [blame^]124 'extra': 'value',
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]125 }
126
127 def request(self, token_uri, method, body, headers, *args, **kwargs):
128 self.body = body
129 self.headers = headers
130 return (self, simplejson.dumps(self.content))
131
132
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]133class TestAppAssertionCredentials(unittest.TestCase):
134 account_name = "service_account_name@appspot.com"
135 signature = "signature"
136
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]137
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]138 class AppIdentityStubImpl(apiproxy_stub.APIProxyStub):
139
140 def __init__(self):
141 super(TestAppAssertionCredentials.AppIdentityStubImpl, self).__init__(
142 'app_identity_service')
143
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]144 def _Dynamic_GetAccessToken(self, request, response):
145 response.set_access_token('a_token_123')
146 response.set_expiration_time(time.time() + 1800)
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]147
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]148
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]149 class ErroringAppIdentityStubImpl(apiproxy_stub.APIProxyStub):
150
151 def __init__(self):
152 super(TestAppAssertionCredentials.ErroringAppIdentityStubImpl, self).__init__(
153 'app_identity_service')
154
155 def _Dynamic_GetAccessToken(self, request, response):
156 raise app_identity.BackendDeadlineExceeded()
157
158 def test_raise_correct_type_of_exception(self):
159 app_identity_stub = self.ErroringAppIdentityStubImpl()
160 apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]161 apiproxy_stub_map.apiproxy.RegisterStub('app_identity_service',
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]162 app_identity_stub)
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]163 apiproxy_stub_map.apiproxy.RegisterStub(
164 'memcache', memcache_stub.MemcacheServiceStub())
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]165
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]166 scope = 'http://www.googleapis.com/scope'
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]167 try:
168 credentials = AppAssertionCredentials(scope)
169 http = httplib2.Http()
170 credentials.refresh(http)
171 self.fail('Should have raised an AccessTokenRefreshError')
172 except AccessTokenRefreshError:
173 pass
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]174
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]175 def test_get_access_token_on_refresh(self):
176 app_identity_stub = self.AppIdentityStubImpl()
177 apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
178 apiproxy_stub_map.apiproxy.RegisterStub("app_identity_service",
179 app_identity_stub)
180 apiproxy_stub_map.apiproxy.RegisterStub(
181 'memcache', memcache_stub.MemcacheServiceStub())
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]182
Joe Gregorio5cf5d122012-11-16 16:36:12 -0500[diff] [blame]183 scope = [
184 "http://www.googleapis.com/scope",
185 "http://www.googleapis.com/scope2"]
Joe Gregoriod84d6b82012-02-28 14:53:00 -0500[diff] [blame]186 credentials = AppAssertionCredentials(scope)
187 http = httplib2.Http()
188 credentials.refresh(http)
189 self.assertEqual('a_token_123', credentials.access_token)
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]190
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]191 json = credentials.to_json()
192 credentials = Credentials.new_from_json(json)
Joe Gregorio5cf5d122012-11-16 16:36:12 -0500[diff] [blame]193 self.assertEqual(
194 'http://www.googleapis.com/scope http://www.googleapis.com/scope2',
195 credentials.scope)
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]196
Joe Gregorio5cf5d122012-11-16 16:36:12 -0500[diff] [blame]197 scope = "http://www.googleapis.com/scope http://www.googleapis.com/scope2"
198 credentials = AppAssertionCredentials(scope)
199 http = httplib2.Http()
200 credentials.refresh(http)
201 self.assertEqual('a_token_123', credentials.access_token)
202 self.assertEqual(
203 'http://www.googleapis.com/scope http://www.googleapis.com/scope2',
204 credentials.scope)
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]205
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]206
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]207class TestFlowModel(db.Model):
208 flow = FlowProperty()
209
210
211class FlowPropertyTest(unittest.TestCase):
212
213 def setUp(self):
214 self.testbed = testbed.Testbed()
215 self.testbed.activate()
216 self.testbed.init_datastore_v3_stub()
217
218 def tearDown(self):
219 self.testbed.deactivate()
220
221 def test_flow_get_put(self):
222 instance = TestFlowModel(
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400[diff] [blame]223 flow=flow_from_clientsecrets(datafile('client_secrets.json'), 'foo',
224 redirect_uri='oob'),
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]225 key_name='foo'
226 )
227 instance.put()
228 retrieved = TestFlowModel.get_by_key_name('foo')
229
230 self.assertEqual('foo_client_id', retrieved.flow.client_id)
231
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]232
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]233class TestFlowNDBModel(ndb.Model):
234 flow = FlowNDBProperty()
235
236
237class FlowNDBPropertyTest(unittest.TestCase):
238
239 def setUp(self):
240 self.testbed = testbed.Testbed()
241 self.testbed.activate()
242 self.testbed.init_datastore_v3_stub()
243 self.testbed.init_memcache_stub()
244
245 def tearDown(self):
246 self.testbed.deactivate()
247
248 def test_flow_get_put(self):
249 instance = TestFlowNDBModel(
250 flow=flow_from_clientsecrets(datafile('client_secrets.json'), 'foo',
251 redirect_uri='oob'),
252 id='foo'
253 )
254 instance.put()
255 retrieved = TestFlowNDBModel.get_by_id('foo')
256
257 self.assertEqual('foo_client_id', retrieved.flow.client_id)
258
259
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]260def _http_request(*args, **kwargs):
261 resp = httplib2.Response({'status': '200'})
262 content = simplejson.dumps({'access_token': 'bar'})
263
264 return resp, content
265
266
267class StorageByKeyNameTest(unittest.TestCase):
268
269 def setUp(self):
270 self.testbed = testbed.Testbed()
271 self.testbed.activate()
272 self.testbed.init_datastore_v3_stub()
273 self.testbed.init_memcache_stub()
274 self.testbed.init_user_stub()
275
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]276 access_token = 'foo'
277 client_id = 'some_client_id'
278 client_secret = 'cOuDdkfjxxnv+'
279 refresh_token = '1/0/a.df219fjls0'
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]280 token_expiry = datetime.datetime.utcnow()
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]281 user_agent = 'refresh_checker/1.0'
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]282 self.credentials = OAuth2Credentials(
283 access_token, client_id, client_secret,
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]284 refresh_token, token_expiry, GOOGLE_TOKEN_URI,
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]285 user_agent)
286
287 def tearDown(self):
288 self.testbed.deactivate()
289
290 def test_get_and_put_simple(self):
291 storage = StorageByKeyName(
292 CredentialsModel, 'foo', 'credentials')
293
294 self.assertEqual(None, storage.get())
295 self.credentials.set_store(storage)
296
297 self.credentials._refresh(_http_request)
298 credmodel = CredentialsModel.get_by_key_name('foo')
299 self.assertEqual('bar', credmodel.credentials.access_token)
300
301 def test_get_and_put_cached(self):
302 storage = StorageByKeyName(
303 CredentialsModel, 'foo', 'credentials', cache=memcache)
304
305 self.assertEqual(None, storage.get())
306 self.credentials.set_store(storage)
307
308 self.credentials._refresh(_http_request)
309 credmodel = CredentialsModel.get_by_key_name('foo')
310 self.assertEqual('bar', credmodel.credentials.access_token)
311
312 # Now remove the item from the cache.
313 memcache.delete('foo')
314
315 # Check that getting refreshes the cache.
316 credentials = storage.get()
317 self.assertEqual('bar', credentials.access_token)
318 self.assertNotEqual(None, memcache.get('foo'))
319
320 # Deleting should clear the cache.
321 storage.delete()
322 credentials = storage.get()
323 self.assertEqual(None, credentials)
324 self.assertEqual(None, memcache.get('foo'))
325
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]326 def test_get_and_put_ndb(self):
327 # Start empty
328 storage = StorageByKeyName(
329 CredentialsNDBModel, 'foo', 'credentials')
330 self.assertEqual(None, storage.get())
331
332 # Refresh storage and retrieve without using storage
333 self.credentials.set_store(storage)
334 self.credentials._refresh(_http_request)
335 credmodel = CredentialsNDBModel.get_by_id('foo')
336 self.assertEqual('bar', credmodel.credentials.access_token)
337 self.assertEqual(credmodel.credentials.to_json(),
338 self.credentials.to_json())
339
340 def test_delete_ndb(self):
341 # Start empty
342 storage = StorageByKeyName(
343 CredentialsNDBModel, 'foo', 'credentials')
344 self.assertEqual(None, storage.get())
345
346 # Add credentials to model with storage, and check equivalent w/o storage
347 storage.put(self.credentials)
348 credmodel = CredentialsNDBModel.get_by_id('foo')
349 self.assertEqual(credmodel.credentials.to_json(),
350 self.credentials.to_json())
351
352 # Delete and make sure empty
353 storage.delete()
354 self.assertEqual(None, storage.get())
355
356 def test_get_and_put_mixed_ndb_storage_db_get(self):
357 # Start empty
358 storage = StorageByKeyName(
359 CredentialsNDBModel, 'foo', 'credentials')
360 self.assertEqual(None, storage.get())
361
362 # Set NDB store and refresh to add to storage
363 self.credentials.set_store(storage)
364 self.credentials._refresh(_http_request)
365
366 # Retrieve same key from DB model to confirm mixing works
367 credmodel = CredentialsModel.get_by_key_name('foo')
368 self.assertEqual('bar', credmodel.credentials.access_token)
369 self.assertEqual(self.credentials.to_json(),
370 credmodel.credentials.to_json())
371
372 def test_get_and_put_mixed_db_storage_ndb_get(self):
373 # Start empty
374 storage = StorageByKeyName(
375 CredentialsModel, 'foo', 'credentials')
376 self.assertEqual(None, storage.get())
377
378 # Set DB store and refresh to add to storage
379 self.credentials.set_store(storage)
380 self.credentials._refresh(_http_request)
381
382 # Retrieve same key from NDB model to confirm mixing works
383 credmodel = CredentialsNDBModel.get_by_id('foo')
384 self.assertEqual('bar', credmodel.credentials.access_token)
385 self.assertEqual(self.credentials.to_json(),
386 credmodel.credentials.to_json())
387
388 def test_delete_db_ndb_mixed(self):
389 # Start empty
390 storage_ndb = StorageByKeyName(
391 CredentialsNDBModel, 'foo', 'credentials')
392 storage = StorageByKeyName(
393 CredentialsModel, 'foo', 'credentials')
394
395 # First DB, then NDB
396 self.assertEqual(None, storage.get())
397 storage.put(self.credentials)
398 self.assertNotEqual(None, storage.get())
399
400 storage_ndb.delete()
401 self.assertEqual(None, storage.get())
402
403 # First NDB, then DB
404 self.assertEqual(None, storage_ndb.get())
405 storage_ndb.put(self.credentials)
406
407 storage.delete()
408 self.assertNotEqual(None, storage_ndb.get())
409 # NDB uses memcache and an instance cache (Context)
410 ndb.get_context().clear_cache()
411 memcache.flush_all()
412 self.assertEqual(None, storage_ndb.get())
413
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]414
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400[diff] [blame]415class MockRequest(object):
416 url = 'https://example.org'
417
418 def relative_url(self, rel):
419 return self.url + rel
420
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]421
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400[diff] [blame]422class MockRequestHandler(object):
423 request = MockRequest()
Joe Gregorioe84c9442012-03-12 08:45:57 -0400[diff] [blame]424
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]425
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]426class DecoratorTests(unittest.TestCase):
427
428 def setUp(self):
429 self.testbed = testbed.Testbed()
430 self.testbed.activate()
431 self.testbed.init_datastore_v3_stub()
432 self.testbed.init_memcache_stub()
433 self.testbed.init_user_stub()
434
435 decorator = OAuth2Decorator(client_id='foo_client_id',
436 client_secret='foo_client_secret',
Johan Euphrosineacf517f2012-02-13 21:08:33 +0100[diff] [blame]437 scope=['foo_scope', 'bar_scope'],
438 user_agent='foo')
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]439
440 self._finish_setup(decorator, user_mock=UserMock)
441
442 def _finish_setup(self, decorator, user_mock):
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]443 self.decorator = decorator
444
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]445 class TestRequiredHandler(webapp2.RequestHandler):
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]446
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]447 @decorator.oauth_required
448 def get(self):
449 pass
450
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]451 class TestAwareHandler(webapp2.RequestHandler):
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]452
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]453 @decorator.oauth_aware
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]454 def get(self, *args, **kwargs):
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]455 self.response.out.write('Hello World!')
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]456 assert(kwargs['year'] == '2012')
457 assert(kwargs['month'] == '01')
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]458
459
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]460 application = webapp2.WSGIApplication([
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400[diff] [blame]461 ('/oauth2callback', self.decorator.callback_handler()),
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]462 ('/foo_path', TestRequiredHandler),
463 webapp2.Route(r'/bar_path/<year:\d{4}>/<month:\d{2}>',
464 handler=TestAwareHandler, name='bar')],
465 debug=True)
Joe Gregorio77254c12012-08-27 14:13:22 -0400[diff] [blame]466 self.app = TestApp(application, extra_environ={
467 'wsgi.url_scheme': 'http',
468 'HTTP_HOST': 'localhost',
469 })
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]470 users.get_current_user = user_mock()
Joe Gregorio922b78c2011-05-26 21:36:34 -0400[diff] [blame]471 self.httplib2_orig = httplib2.Http
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]472 httplib2.Http = Http2Mock
473
474 def tearDown(self):
475 self.testbed.deactivate()
Joe Gregorio922b78c2011-05-26 21:36:34 -0400[diff] [blame]476 httplib2.Http = self.httplib2_orig
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]477
478 def test_required(self):
479 # An initial request to an oauth_required decorated path should be a
480 # redirect to start the OAuth dance.
Joe Gregorio77254c12012-08-27 14:13:22 -0400[diff] [blame]481 response = self.app.get('http://localhost/foo_path')
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]482 self.assertTrue(response.status.startswith('302'))
483 q = parse_qs(response.headers['Location'].split('?', 1)[1])
484 self.assertEqual('http://localhost/oauth2callback', q['redirect_uri'][0])
485 self.assertEqual('foo_client_id', q['client_id'][0])
Joe Gregoriof2f8a5a2011-10-14 15:11:29 -0400[diff] [blame]486 self.assertEqual('foo_scope bar_scope', q['scope'][0])
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]487 self.assertEqual('http://localhost/foo_path',
488 q['state'][0].rsplit(':', 1)[0])
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]489 self.assertEqual('code', q['response_type'][0])
490 self.assertEqual(False, self.decorator.has_credentials())
491
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]492 m = mox.Mox()
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]493 m.StubOutWithMock(appengine, '_parse_state_value')
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]494 appengine._parse_state_value('foo_path:xsrfkey123',
495 mox.IgnoreArg()).AndReturn('foo_path')
496 m.ReplayAll()
497
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]498 # Now simulate the callback to /oauth2callback.
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]499 response = self.app.get('/oauth2callback', {
500 'code': 'foo_access_code',
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]501 'state': 'foo_path:xsrfkey123',
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]502 })
Joe Gregoriocda87522013-02-22 16:22:48 -0500[diff] [blame^]503 parts = response.headers['Location'].split('?', 1)
504 self.assertEqual('http://localhost/foo_path', parts[0])
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]505 self.assertEqual(None, self.decorator.credentials)
Joe Gregoriocda87522013-02-22 16:22:48 -0500[diff] [blame^]506 if self.decorator._token_response_param:
507 response = parse_qs(parts[1])[self.decorator._token_response_param][0]
508 self.assertEqual(Http2Mock.content,
509 simplejson.loads(urllib.unquote(response)))
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]510
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]511 m.UnsetStubs()
512 m.VerifyAll()
513
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]514 # Now requesting the decorated path should work.
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]515 response = self.app.get('/foo_path')
516 self.assertEqual('200 OK', response.status)
517 self.assertEqual(True, self.decorator.has_credentials())
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]518 self.assertEqual('foo_refresh_token',
519 self.decorator.credentials.refresh_token)
520 self.assertEqual('foo_access_token',
521 self.decorator.credentials.access_token)
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]522
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]523 # Invalidate the stored Credentials.
Joe Gregorio9da2ad82011-09-11 14:04:44 -0400[diff] [blame]524 self.decorator.credentials.invalid = True
525 self.decorator.credentials.store.put(self.decorator.credentials)
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]526
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]527 # Invalid Credentials should start the OAuth dance again.
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]528 response = self.app.get('/foo_path')
529 self.assertTrue(response.status.startswith('302'))
530 q = parse_qs(response.headers['Location'].split('?', 1)[1])
531 self.assertEqual('http://localhost/oauth2callback', q['redirect_uri'][0])
532
Joe Gregorioec75dc12012-02-06 13:40:42 -0500[diff] [blame]533 def test_storage_delete(self):
534 # An initial request to an oauth_required decorated path should be a
535 # redirect to start the OAuth dance.
536 response = self.app.get('/foo_path')
537 self.assertTrue(response.status.startswith('302'))
538
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]539 m = mox.Mox()
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]540 m.StubOutWithMock(appengine, '_parse_state_value')
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]541 appengine._parse_state_value('foo_path:xsrfkey123',
542 mox.IgnoreArg()).AndReturn('foo_path')
543 m.ReplayAll()
544
Joe Gregorioec75dc12012-02-06 13:40:42 -0500[diff] [blame]545 # Now simulate the callback to /oauth2callback.
546 response = self.app.get('/oauth2callback', {
547 'code': 'foo_access_code',
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]548 'state': 'foo_path:xsrfkey123',
Joe Gregorioec75dc12012-02-06 13:40:42 -0500[diff] [blame]549 })
550 self.assertEqual('http://localhost/foo_path', response.headers['Location'])
551 self.assertEqual(None, self.decorator.credentials)
552
553 # Now requesting the decorated path should work.
554 response = self.app.get('/foo_path')
555
556 # Invalidate the stored Credentials.
557 self.decorator.credentials.store.delete()
558
559 # Invalid Credentials should start the OAuth dance again.
560 response = self.app.get('/foo_path')
561 self.assertTrue(response.status.startswith('302'))
562
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]563 m.UnsetStubs()
564 m.VerifyAll()
565
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]566 def test_aware(self):
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]567 # An initial request to an oauth_aware decorated path should not redirect.
Joe Gregorio77254c12012-08-27 14:13:22 -0400[diff] [blame]568 response = self.app.get('http://localhost/bar_path/2012/01')
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]569 self.assertEqual('Hello World!', response.body)
570 self.assertEqual('200 OK', response.status)
571 self.assertEqual(False, self.decorator.has_credentials())
572 url = self.decorator.authorize_url()
573 q = parse_qs(url.split('?', 1)[1])
574 self.assertEqual('http://localhost/oauth2callback', q['redirect_uri'][0])
575 self.assertEqual('foo_client_id', q['client_id'][0])
Joe Gregoriof2f8a5a2011-10-14 15:11:29 -0400[diff] [blame]576 self.assertEqual('foo_scope bar_scope', q['scope'][0])
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]577 self.assertEqual('http://localhost/bar_path/2012/01',
578 q['state'][0].rsplit(':', 1)[0])
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]579 self.assertEqual('code', q['response_type'][0])
580
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]581 m = mox.Mox()
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]582 m.StubOutWithMock(appengine, '_parse_state_value')
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]583 appengine._parse_state_value('bar_path:xsrfkey456',
584 mox.IgnoreArg()).AndReturn('bar_path')
585 m.ReplayAll()
586
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]587 # Now simulate the callback to /oauth2callback.
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]588 url = self.decorator.authorize_url()
589 response = self.app.get('/oauth2callback', {
590 'code': 'foo_access_code',
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]591 'state': 'bar_path:xsrfkey456',
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]592 })
593 self.assertEqual('http://localhost/bar_path', response.headers['Location'])
594 self.assertEqual(False, self.decorator.has_credentials())
595
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]596 m.UnsetStubs()
597 m.VerifyAll()
598
Joe Gregorio562b7312011-09-15 09:06:38 -0400[diff] [blame]599 # Now requesting the decorated path will have credentials.
Joe Gregorio17774972012-03-01 11:11:59 -0500[diff] [blame]600 response = self.app.get('/bar_path/2012/01')
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]601 self.assertEqual('200 OK', response.status)
602 self.assertEqual('Hello World!', response.body)
603 self.assertEqual(True, self.decorator.has_credentials())
JacobMoshenko8e905102011-06-20 09:53:10 -0400[diff] [blame]604 self.assertEqual('foo_refresh_token',
605 self.decorator.credentials.refresh_token)
606 self.assertEqual('foo_access_token',
607 self.decorator.credentials.access_token)
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]608
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]609 def test_error_in_step2(self):
610 # An initial request to an oauth_aware decorated path should not redirect.
611 response = self.app.get('/bar_path/2012/01')
612 url = self.decorator.authorize_url()
613 response = self.app.get('/oauth2callback', {
Joe Gregorio77254c12012-08-27 14:13:22 -0400[diff] [blame]614 'error': 'Bad<Stuff>Happened\''
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]615 })
616 self.assertEqual('200 OK', response.status)
Joe Gregorio77254c12012-08-27 14:13:22 -0400[diff] [blame]617 self.assertTrue('Bad&lt;Stuff&gt;Happened&#39;' in response.body)
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]618
Joe Gregorio1adde1a2012-01-06 12:30:35 -0500[diff] [blame]619 def test_kwargs_are_passed_to_underlying_flow(self):
620 decorator = OAuth2Decorator(client_id='foo_client_id',
621 client_secret='foo_client_secret',
Johan Euphrosineacf517f2012-02-13 21:08:33 +0100[diff] [blame]622 user_agent='foo_user_agent',
Joe Gregorio1adde1a2012-01-06 12:30:35 -0500[diff] [blame]623 scope=['foo_scope', 'bar_scope'],
624 access_type='offline',
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]625 approval_prompt='force',
626 revoke_uri='dummy_revoke_uri')
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400[diff] [blame]627 request_handler = MockRequestHandler()
628 decorator._create_flow(request_handler)
629
630 self.assertEqual('https://example.org/oauth2callback',
631 decorator.flow.redirect_uri)
Joe Gregorio1adde1a2012-01-06 12:30:35 -0500[diff] [blame]632 self.assertEqual('offline', decorator.flow.params['access_type'])
633 self.assertEqual('force', decorator.flow.params['approval_prompt'])
Johan Euphrosineacf517f2012-02-13 21:08:33 +0100[diff] [blame]634 self.assertEqual('foo_user_agent', decorator.flow.user_agent)
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]635 self.assertEqual('dummy_revoke_uri', decorator.flow.revoke_uri)
Johan Euphrosineacf517f2012-02-13 21:08:33 +0100[diff] [blame]636 self.assertEqual(None, decorator.flow.params.get('user_agent', None))
Joe Gregorio1adde1a2012-01-06 12:30:35 -0500[diff] [blame]637
Joe Gregoriocda87522013-02-22 16:22:48 -0500[diff] [blame^]638 def test_token_response_param(self):
639 self.decorator._token_response_param = 'foobar'
640 self.test_required()
641
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]642 def test_decorator_from_client_secrets(self):
643 decorator = oauth2decorator_from_clientsecrets(
644 datafile('client_secrets.json'),
645 scope=['foo_scope', 'bar_scope'])
646 self._finish_setup(decorator, user_mock=UserMock)
647
648 self.assertFalse(decorator._in_error)
649 self.decorator = decorator
650 self.test_required()
651 http = self.decorator.http()
652 self.assertEquals('foo_access_token', http.request.credentials.access_token)
653
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800[diff] [blame]654 # revoke_uri is not required
655 self.assertEqual(self.decorator._revoke_uri,
656 'https://accounts.google.com/o/oauth2/revoke')
657 self.assertEqual(self.decorator._revoke_uri,
658 self.decorator.credentials.revoke_uri)
659
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400[diff] [blame]660 def test_decorator_from_cached_client_secrets(self):
661 cache_mock = CacheMock()
662 load_and_cache('client_secrets.json', 'secret', cache_mock)
663 decorator = oauth2decorator_from_clientsecrets(
664 # filename, scope, message=None, cache=None
665 'secret', '', cache=cache_mock)
666 self.assertFalse(decorator._in_error)
667
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]668 def test_decorator_from_client_secrets_not_logged_in_required(self):
669 decorator = oauth2decorator_from_clientsecrets(
670 datafile('client_secrets.json'),
671 scope=['foo_scope', 'bar_scope'], message='NotLoggedInMessage')
672 self.decorator = decorator
673 self._finish_setup(decorator, user_mock=UserNotLoggedInMock)
674
675 self.assertFalse(decorator._in_error)
676
677 # An initial request to an oauth_required decorated path should be a
678 # redirect to login.
679 response = self.app.get('/foo_path')
680 self.assertTrue(response.status.startswith('302'))
681 self.assertTrue('Login' in str(response))
682
683 def test_decorator_from_client_secrets_not_logged_in_aware(self):
684 decorator = oauth2decorator_from_clientsecrets(
685 datafile('client_secrets.json'),
686 scope=['foo_scope', 'bar_scope'], message='NotLoggedInMessage')
687 self.decorator = decorator
688 self._finish_setup(decorator, user_mock=UserNotLoggedInMock)
689
690 # An initial request to an oauth_aware decorated path should be a
691 # redirect to login.
692 response = self.app.get('/bar_path/2012/03')
693 self.assertTrue(response.status.startswith('302'))
694 self.assertTrue('Login' in str(response))
695
696 def test_decorator_from_unfilled_client_secrets_required(self):
697 MESSAGE = 'File is missing'
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]698 try:
699 decorator = oauth2decorator_from_clientsecrets(
700 datafile('unfilled_client_secrets.json'),
701 scope=['foo_scope', 'bar_scope'], message=MESSAGE)
702 except InvalidClientSecretsError:
703 pass
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]704
705 def test_decorator_from_unfilled_client_secrets_aware(self):
706 MESSAGE = 'File is missing'
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]707 try:
708 decorator = oauth2decorator_from_clientsecrets(
709 datafile('unfilled_client_secrets.json'),
710 scope=['foo_scope', 'bar_scope'], message=MESSAGE)
711 except InvalidClientSecretsError:
712 pass
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]713
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]714
715class DecoratorXsrfSecretTests(unittest.TestCase):
716 """Test xsrf_secret_key."""
717
718 def setUp(self):
719 self.testbed = testbed.Testbed()
720 self.testbed.activate()
721 self.testbed.init_datastore_v3_stub()
722 self.testbed.init_memcache_stub()
723
724 def tearDown(self):
725 self.testbed.deactivate()
726
727 def test_build_and_parse_state(self):
728 secret = appengine.xsrf_secret_key()
729
730 # Secret shouldn't change from call to call.
731 secret2 = appengine.xsrf_secret_key()
732 self.assertEqual(secret, secret2)
733
734 # Secret shouldn't change if memcache goes away.
735 memcache.delete(appengine.XSRF_MEMCACHE_ID,
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]736 namespace=appengine.OAUTH2CLIENT_NAMESPACE)
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]737 secret3 = appengine.xsrf_secret_key()
738 self.assertEqual(secret2, secret3)
739
740 # Secret should change if both memcache and the model goes away.
741 memcache.delete(appengine.XSRF_MEMCACHE_ID,
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]742 namespace=appengine.OAUTH2CLIENT_NAMESPACE)
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]743 model = appengine.SiteXsrfSecretKey.get_or_insert('site')
744 model.delete()
745
746 secret4 = appengine.xsrf_secret_key()
747 self.assertNotEqual(secret3, secret4)
748
dhermes@google.com47154822012-11-26 10:44:09 -0800[diff] [blame]749 def test_ndb_insert_db_get(self):
750 secret = appengine._generate_new_xsrf_secret_key()
751 appengine.SiteXsrfSecretKeyNDB(id='site', secret=secret).put()
752
753 site_key = appengine.SiteXsrfSecretKey.get_by_key_name('site')
754 self.assertEqual(site_key.secret, secret)
755
756 def test_db_insert_ndb_get(self):
757 secret = appengine._generate_new_xsrf_secret_key()
758 appengine.SiteXsrfSecretKey(key_name='site', secret=secret).put()
759
760 site_key = appengine.SiteXsrfSecretKeyNDB.get_by_id('site')
761 self.assertEqual(site_key.secret, secret)
762
Joe Gregorio6ceea2d2012-08-24 11:57:58 -0400[diff] [blame]763
764class DecoratorXsrfProtectionTests(unittest.TestCase):
765 """Test _build_state_value and _parse_state_value."""
766
767 def setUp(self):
768 self.testbed = testbed.Testbed()
769 self.testbed.activate()
770 self.testbed.init_datastore_v3_stub()
771 self.testbed.init_memcache_stub()
772
773 def tearDown(self):
774 self.testbed.deactivate()
775
776 def test_build_and_parse_state(self):
777 state = appengine._build_state_value(MockRequestHandler(), UserMock())
778 self.assertEqual(
779 'https://example.org',
780 appengine._parse_state_value(state, UserMock()))
781 self.assertRaises(appengine.InvalidXsrfTokenError,
782 appengine._parse_state_value, state[1:], UserMock())
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400[diff] [blame]783
Joe Gregorio1adde1a2012-01-06 12:30:35 -0500[diff] [blame]784
Joe Gregorio432f17e2011-05-22 23:18:00 -0400[diff] [blame]785if __name__ == '__main__':
786 unittest.main()