blob: b07ac28e596590d0f3f67097b805fda4e3c0c499 [file] [log] [blame]
Joe Gregorioccc79542011-02-19 00:05:26 -05001#!/usr/bin/python2.4
2#
3# Copyright 2010 Google Inc.
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17
Joe Gregorio0bc70912011-05-24 15:30:49 -040018"""Oauth2client tests
Joe Gregorioccc79542011-02-19 00:05:26 -050019
Joe Gregorio0bc70912011-05-24 15:30:49 -040020Unit tests for oauth2client.
Joe Gregorioccc79542011-02-19 00:05:26 -050021"""
22
23__author__ = 'jcgregorio@google.com (Joe Gregorio)'
24
Joe Gregorio8b4c1732011-12-06 11:28:29 -050025import base64
Joe Gregorio562b7312011-09-15 09:06:38 -040026import datetime
Joe Gregorioe1de4162011-02-23 11:30:29 -050027import httplib2
Joe Gregorio32d852d2012-06-14 09:08:18 -040028import os
Joe Gregorioccc79542011-02-19 00:05:26 -050029import unittest
30import urlparse
Joe Gregorioe1de4162011-02-23 11:30:29 -050031
Joe Gregorio83f2ee62012-12-06 15:25:54 -050032from apiclient.http import HttpMock
Joe Gregorioccc79542011-02-19 00:05:26 -050033from apiclient.http import HttpMockSequence
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -080034from oauth2client import GOOGLE_REVOKE_URI
35from oauth2client import GOOGLE_TOKEN_URI
Joe Gregorio549230c2012-01-11 10:38:05 -050036from oauth2client.anyjson import simplejson
Joe Gregorioccc79542011-02-19 00:05:26 -050037from oauth2client.client import AccessTokenCredentials
38from oauth2client.client import AccessTokenCredentialsError
39from oauth2client.client import AccessTokenRefreshError
JacobMoshenko8e905102011-06-20 09:53:10 -040040from oauth2client.client import AssertionCredentials
Joe Gregorio08cdcb82012-03-14 00:09:33 -040041from oauth2client.client import Credentials
Joe Gregorioccc79542011-02-19 00:05:26 -050042from oauth2client.client import FlowExchangeError
Joe Gregorio08cdcb82012-03-14 00:09:33 -040043from oauth2client.client import MemoryCache
Joe Gregorio83f2ee62012-12-06 15:25:54 -050044from oauth2client.client import NonAsciiHeaderError
Joe Gregorioccc79542011-02-19 00:05:26 -050045from oauth2client.client import OAuth2Credentials
46from oauth2client.client import OAuth2WebServerFlow
Joe Gregoriof2326c02012-02-09 12:18:44 -050047from oauth2client.client import OOB_CALLBACK_URN
Joe Gregorio0bd8c412013-01-03 17:17:46 -050048from oauth2client.client import REFRESH_STATUS_CODES
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -080049from oauth2client.client import Storage
50from oauth2client.client import TokenRevokeError
Joe Gregorio8b4c1732011-12-06 11:28:29 -050051from oauth2client.client import VerifyJwtTokenError
52from oauth2client.client import _extract_id_token
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -080053from oauth2client.client import _update_query_params
Joe Gregorio32d852d2012-06-14 09:08:18 -040054from oauth2client.client import credentials_from_clientsecrets_and_code
Joe Gregorio83f2ee62012-12-06 15:25:54 -050055from oauth2client.client import credentials_from_code
Joe Gregorioc29aaa92012-07-16 16:16:31 -040056from oauth2client.client import flow_from_clientsecrets
Joe Gregorio0bd8c412013-01-03 17:17:46 -050057from oauth2client.clientsecrets import _loadfile
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -080058from test_discovery import assertUrisEqual
59
Joe Gregorio32d852d2012-06-14 09:08:18 -040060
61DATA_DIR = os.path.join(os.path.dirname(__file__), 'data')
62
Joe Gregorio68a8cfe2012-08-03 16:17:40 -040063
Joe Gregorio32d852d2012-06-14 09:08:18 -040064def datafile(filename):
65 return os.path.join(DATA_DIR, filename)
Joe Gregorioccc79542011-02-19 00:05:26 -050066
Joe Gregorio68a8cfe2012-08-03 16:17:40 -040067
Joe Gregorioc29aaa92012-07-16 16:16:31 -040068def load_and_cache(existing_file, fakename, cache_mock):
69 client_type, client_info = _loadfile(datafile(existing_file))
70 cache_mock.cache[fakename] = {client_type: client_info}
71
Joe Gregorio68a8cfe2012-08-03 16:17:40 -040072
Joe Gregorioc29aaa92012-07-16 16:16:31 -040073class CacheMock(object):
74 def __init__(self):
75 self.cache = {}
76
77 def get(self, key, namespace=''):
78 # ignoring namespace for easier testing
79 return self.cache.get(key, None)
80
81 def set(self, key, value, namespace=''):
82 # ignoring namespace for easier testing
83 self.cache[key] = value
84
Joe Gregorioccc79542011-02-19 00:05:26 -050085
Joe Gregorio08cdcb82012-03-14 00:09:33 -040086class CredentialsTests(unittest.TestCase):
87
88 def test_to_from_json(self):
89 credentials = Credentials()
90 json = credentials.to_json()
91 restored = Credentials.new_from_json(json)
92
93
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -080094class DummyDeleteStorage(Storage):
95 delete_called = False
96
97 def locked_delete(self):
98 self.delete_called = True
99
100
101def _token_revoke_test_helper(testcase, status, revoke_raise,
102 valid_bool_value, token_attr):
103 current_store = getattr(testcase.credentials, 'store', None)
104
105 dummy_store = DummyDeleteStorage()
106 testcase.credentials.set_store(dummy_store)
107
108 actual_do_revoke = testcase.credentials._do_revoke
109 testcase.token_from_revoke = None
110 def do_revoke_stub(http_request, token):
111 testcase.token_from_revoke = token
112 return actual_do_revoke(http_request, token)
113 testcase.credentials._do_revoke = do_revoke_stub
114
115 http = HttpMock(headers={'status': status})
116 if revoke_raise:
117 testcase.assertRaises(TokenRevokeError, testcase.credentials.revoke, http)
118 else:
119 testcase.credentials.revoke(http)
120
121 testcase.assertEqual(getattr(testcase.credentials, token_attr),
122 testcase.token_from_revoke)
123 testcase.assertEqual(valid_bool_value, testcase.credentials.invalid)
124 testcase.assertEqual(valid_bool_value, dummy_store.delete_called)
125
126 testcase.credentials.set_store(current_store)
127
128
Joe Gregorio83f2ee62012-12-06 15:25:54 -0500129class BasicCredentialsTests(unittest.TestCase):
Joe Gregorioccc79542011-02-19 00:05:26 -0500130
131 def setUp(self):
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800132 access_token = 'foo'
133 client_id = 'some_client_id'
134 client_secret = 'cOuDdkfjxxnv+'
135 refresh_token = '1/0/a.df219fjls0'
Joe Gregorio562b7312011-09-15 09:06:38 -0400136 token_expiry = datetime.datetime.utcnow()
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800137 user_agent = 'refresh_checker/1.0'
Joe Gregorioccc79542011-02-19 00:05:26 -0500138 self.credentials = OAuth2Credentials(
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800139 access_token, client_id, client_secret,
140 refresh_token, token_expiry, GOOGLE_TOKEN_URI,
141 user_agent, revoke_uri=GOOGLE_REVOKE_URI)
Joe Gregorioccc79542011-02-19 00:05:26 -0500142
143 def test_token_refresh_success(self):
Joe Gregorio0bd8c412013-01-03 17:17:46 -0500144 for status_code in REFRESH_STATUS_CODES:
Joe Gregorio7c7c6b12012-07-16 16:31:01 -0400145 http = HttpMockSequence([
146 ({'status': status_code}, ''),
147 ({'status': '200'}, '{"access_token":"1/3w","expires_in":3600}'),
148 ({'status': '200'}, 'echo_request_headers'),
149 ])
150 http = self.credentials.authorize(http)
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800151 resp, content = http.request('http://example.com')
Joe Gregorio7c7c6b12012-07-16 16:31:01 -0400152 self.assertEqual('Bearer 1/3w', content['Authorization'])
153 self.assertFalse(self.credentials.access_token_expired)
Joe Gregorioccc79542011-02-19 00:05:26 -0500154
155 def test_token_refresh_failure(self):
Joe Gregorio0bd8c412013-01-03 17:17:46 -0500156 for status_code in REFRESH_STATUS_CODES:
Joe Gregorio7c7c6b12012-07-16 16:31:01 -0400157 http = HttpMockSequence([
158 ({'status': status_code}, ''),
159 ({'status': '400'}, '{"error":"access_denied"}'),
160 ])
161 http = self.credentials.authorize(http)
162 try:
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800163 http.request('http://example.com')
164 self.fail('should raise AccessTokenRefreshError exception')
Joe Gregorio7c7c6b12012-07-16 16:31:01 -0400165 except AccessTokenRefreshError:
166 pass
167 self.assertTrue(self.credentials.access_token_expired)
Joe Gregorioccc79542011-02-19 00:05:26 -0500168
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800169 def test_token_revoke_success(self):
170 _token_revoke_test_helper(
171 self, '200', revoke_raise=False,
172 valid_bool_value=True, token_attr='refresh_token')
173
174 def test_token_revoke_failure(self):
175 _token_revoke_test_helper(
176 self, '400', revoke_raise=True,
177 valid_bool_value=False, token_attr='refresh_token')
178
Joe Gregorioccc79542011-02-19 00:05:26 -0500179 def test_non_401_error_response(self):
180 http = HttpMockSequence([
181 ({'status': '400'}, ''),
182 ])
183 http = self.credentials.authorize(http)
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800184 resp, content = http.request('http://example.com')
Joe Gregorioccc79542011-02-19 00:05:26 -0500185 self.assertEqual(400, resp.status)
186
Joe Gregorio562b7312011-09-15 09:06:38 -0400187 def test_to_from_json(self):
188 json = self.credentials.to_json()
189 instance = OAuth2Credentials.from_json(json)
Joe Gregorio654f4a22012-02-09 14:15:44 -0500190 self.assertEqual(OAuth2Credentials, type(instance))
Joe Gregorio1daa71b2011-09-15 18:12:14 -0400191 instance.token_expiry = None
192 self.credentials.token_expiry = None
193
Joe Gregorio654f4a22012-02-09 14:15:44 -0500194 self.assertEqual(instance.__dict__, self.credentials.__dict__)
Joe Gregorio562b7312011-09-15 09:06:38 -0400195
Joe Gregorio83f2ee62012-12-06 15:25:54 -0500196 def test_no_unicode_in_request_params(self):
197 access_token = u'foo'
198 client_id = u'some_client_id'
199 client_secret = u'cOuDdkfjxxnv+'
200 refresh_token = u'1/0/a.df219fjls0'
201 token_expiry = unicode(datetime.datetime.utcnow())
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800202 token_uri = unicode(GOOGLE_TOKEN_URI)
203 revoke_uri = unicode(GOOGLE_REVOKE_URI)
Joe Gregorio83f2ee62012-12-06 15:25:54 -0500204 user_agent = u'refresh_checker/1.0'
205 credentials = OAuth2Credentials(access_token, client_id, client_secret,
206 refresh_token, token_expiry, token_uri,
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800207 user_agent, revoke_uri=revoke_uri)
Joe Gregorio83f2ee62012-12-06 15:25:54 -0500208
209 http = HttpMock(headers={'status': '200'})
210 http = credentials.authorize(http)
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800211 http.request(u'http://example.com', method=u'GET', headers={u'foo': u'bar'})
Joe Gregorio83f2ee62012-12-06 15:25:54 -0500212 for k, v in http.headers.iteritems():
213 self.assertEqual(str, type(k))
214 self.assertEqual(str, type(v))
215
216 # Test again with unicode strings that can't simple be converted to ASCII.
217 try:
218 http.request(
219 u'http://example.com', method=u'GET', headers={u'foo': u'\N{COMET}'})
220 self.fail('Expected exception to be raised.')
221 except NonAsciiHeaderError:
222 pass
223
Joe Gregorioccc79542011-02-19 00:05:26 -0500224
225class AccessTokenCredentialsTests(unittest.TestCase):
226
227 def setUp(self):
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800228 access_token = 'foo'
229 user_agent = 'refresh_checker/1.0'
230 self.credentials = AccessTokenCredentials(access_token, user_agent,
231 revoke_uri=GOOGLE_REVOKE_URI)
Joe Gregorioccc79542011-02-19 00:05:26 -0500232
233 def test_token_refresh_success(self):
Joe Gregorio0bd8c412013-01-03 17:17:46 -0500234 for status_code in REFRESH_STATUS_CODES:
Joe Gregorio7c7c6b12012-07-16 16:31:01 -0400235 http = HttpMockSequence([
236 ({'status': status_code}, ''),
237 ])
238 http = self.credentials.authorize(http)
239 try:
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800240 resp, content = http.request('http://example.com')
241 self.fail('should throw exception if token expires')
Joe Gregorio7c7c6b12012-07-16 16:31:01 -0400242 except AccessTokenCredentialsError:
243 pass
244 except Exception:
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800245 self.fail('should only throw AccessTokenCredentialsError')
246
247 def test_token_revoke_success(self):
248 _token_revoke_test_helper(
249 self, '200', revoke_raise=False,
250 valid_bool_value=True, token_attr='access_token')
251
252 def test_token_revoke_failure(self):
253 _token_revoke_test_helper(
254 self, '400', revoke_raise=True,
255 valid_bool_value=False, token_attr='access_token')
Joe Gregorioccc79542011-02-19 00:05:26 -0500256
257 def test_non_401_error_response(self):
258 http = HttpMockSequence([
259 ({'status': '400'}, ''),
260 ])
261 http = self.credentials.authorize(http)
Joe Gregorio83cd4392011-06-20 10:11:35 -0400262 resp, content = http.request('http://example.com')
Joe Gregorioccc79542011-02-19 00:05:26 -0500263 self.assertEqual(400, resp.status)
264
Joe Gregorio83cd4392011-06-20 10:11:35 -0400265 def test_auth_header_sent(self):
266 http = HttpMockSequence([
267 ({'status': '200'}, 'echo_request_headers'),
268 ])
269 http = self.credentials.authorize(http)
270 resp, content = http.request('http://example.com')
Joe Gregorio654f4a22012-02-09 14:15:44 -0500271 self.assertEqual('Bearer foo', content['Authorization'])
Joe Gregorioccc79542011-02-19 00:05:26 -0500272
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500273
JacobMoshenko8e905102011-06-20 09:53:10 -0400274class TestAssertionCredentials(unittest.TestCase):
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800275 assertion_text = 'This is the assertion'
276 assertion_type = 'http://www.google.com/assertionType'
JacobMoshenko8e905102011-06-20 09:53:10 -0400277
278 class AssertionCredentialsTestImpl(AssertionCredentials):
279
280 def _generate_assertion(self):
281 return TestAssertionCredentials.assertion_text
282
283 def setUp(self):
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800284 user_agent = 'fun/2.0'
JacobMoshenko8e905102011-06-20 09:53:10 -0400285 self.credentials = self.AssertionCredentialsTestImpl(self.assertion_type,
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400286 user_agent=user_agent)
JacobMoshenko8e905102011-06-20 09:53:10 -0400287
288 def test_assertion_body(self):
289 body = urlparse.parse_qs(self.credentials._generate_refresh_request_body())
Joe Gregorio654f4a22012-02-09 14:15:44 -0500290 self.assertEqual(self.assertion_text, body['assertion'][0])
Joe Gregoriocdc350f2013-02-07 10:52:26 -0500291 self.assertEqual('urn:ietf:params:oauth:grant-type:jwt-bearer',
292 body['grant_type'][0])
JacobMoshenko8e905102011-06-20 09:53:10 -0400293
294 def test_assertion_refresh(self):
295 http = HttpMockSequence([
296 ({'status': '200'}, '{"access_token":"1/3w"}'),
297 ({'status': '200'}, 'echo_request_headers'),
298 ])
299 http = self.credentials.authorize(http)
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800300 resp, content = http.request('http://example.com')
Joe Gregorio654f4a22012-02-09 14:15:44 -0500301 self.assertEqual('Bearer 1/3w', content['Authorization'])
JacobMoshenko8e905102011-06-20 09:53:10 -0400302
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800303 def test_token_revoke_success(self):
304 _token_revoke_test_helper(
305 self, '200', revoke_raise=False,
306 valid_bool_value=True, token_attr='access_token')
JacobMoshenko8e905102011-06-20 09:53:10 -0400307
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800308 def test_token_revoke_failure(self):
309 _token_revoke_test_helper(
310 self, '400', revoke_raise=True,
311 valid_bool_value=False, token_attr='access_token')
312
313
314class UpdateQueryParamsTest(unittest.TestCase):
315 def test_update_query_params_no_params(self):
316 uri = 'http://www.google.com'
317 updated = _update_query_params(uri, {'a': 'b'})
318 self.assertEqual(updated, uri + '?a=b')
319
320 def test_update_query_params_existing_params(self):
321 uri = 'http://www.google.com?x=y'
322 updated = _update_query_params(uri, {'a': 'b', 'c': 'd&'})
323 hardcoded_update = uri + '&a=b&c=d%26'
324 assertUrisEqual(self, updated, hardcoded_update)
325
326
327class ExtractIdTokenTest(unittest.TestCase):
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500328 """Tests _extract_id_token()."""
329
330 def test_extract_success(self):
331 body = {'foo': 'bar'}
332 payload = base64.urlsafe_b64encode(simplejson.dumps(body)).strip('=')
333 jwt = 'stuff.' + payload + '.signature'
334
335 extracted = _extract_id_token(jwt)
Joe Gregorio654f4a22012-02-09 14:15:44 -0500336 self.assertEqual(extracted, body)
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500337
338 def test_extract_failure(self):
339 body = {'foo': 'bar'}
340 payload = base64.urlsafe_b64encode(simplejson.dumps(body)).strip('=')
341 jwt = 'stuff.' + payload
342
343 self.assertRaises(VerifyJwtTokenError, _extract_id_token, jwt)
344
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400345
Joe Gregorioccc79542011-02-19 00:05:26 -0500346class OAuth2WebServerFlowTest(unittest.TestCase):
347
348 def setUp(self):
349 self.flow = OAuth2WebServerFlow(
350 client_id='client_id+1',
351 client_secret='secret+1',
352 scope='foo',
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400353 redirect_uri=OOB_CALLBACK_URN,
Joe Gregorioccc79542011-02-19 00:05:26 -0500354 user_agent='unittest-sample/1.0',
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800355 revoke_uri='dummy_revoke_uri',
Joe Gregorioccc79542011-02-19 00:05:26 -0500356 )
357
358 def test_construct_authorize_url(self):
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400359 authorize_url = self.flow.step1_get_authorize_url()
Joe Gregorioccc79542011-02-19 00:05:26 -0500360
361 parsed = urlparse.urlparse(authorize_url)
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800362 q = urlparse.parse_qs(parsed[4])
Joe Gregorio654f4a22012-02-09 14:15:44 -0500363 self.assertEqual('client_id+1', q['client_id'][0])
364 self.assertEqual('code', q['response_type'][0])
365 self.assertEqual('foo', q['scope'][0])
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400366 self.assertEqual(OOB_CALLBACK_URN, q['redirect_uri'][0])
Joe Gregorio654f4a22012-02-09 14:15:44 -0500367 self.assertEqual('offline', q['access_type'][0])
Joe Gregorio69a0aca2011-11-03 10:47:32 -0400368
Joe Gregorio32f73192012-10-23 16:13:44 -0400369 def test_override_flow_via_kwargs(self):
370 """Passing kwargs to override defaults."""
Joe Gregorio69a0aca2011-11-03 10:47:32 -0400371 flow = OAuth2WebServerFlow(
372 client_id='client_id+1',
373 client_secret='secret+1',
374 scope='foo',
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400375 redirect_uri=OOB_CALLBACK_URN,
Joe Gregorio69a0aca2011-11-03 10:47:32 -0400376 user_agent='unittest-sample/1.0',
Joe Gregorio32f73192012-10-23 16:13:44 -0400377 access_type='online',
378 response_type='token'
Joe Gregorio69a0aca2011-11-03 10:47:32 -0400379 )
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400380 authorize_url = flow.step1_get_authorize_url()
Joe Gregorio69a0aca2011-11-03 10:47:32 -0400381
382 parsed = urlparse.urlparse(authorize_url)
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800383 q = urlparse.parse_qs(parsed[4])
Joe Gregorio654f4a22012-02-09 14:15:44 -0500384 self.assertEqual('client_id+1', q['client_id'][0])
Joe Gregorio32f73192012-10-23 16:13:44 -0400385 self.assertEqual('token', q['response_type'][0])
Joe Gregorio654f4a22012-02-09 14:15:44 -0500386 self.assertEqual('foo', q['scope'][0])
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400387 self.assertEqual(OOB_CALLBACK_URN, q['redirect_uri'][0])
Joe Gregorio654f4a22012-02-09 14:15:44 -0500388 self.assertEqual('online', q['access_type'][0])
Joe Gregorioccc79542011-02-19 00:05:26 -0500389
390 def test_exchange_failure(self):
391 http = HttpMockSequence([
JacobMoshenko8e905102011-06-20 09:53:10 -0400392 ({'status': '400'}, '{"error":"invalid_request"}'),
Joe Gregorioccc79542011-02-19 00:05:26 -0500393 ])
394
395 try:
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400396 credentials = self.flow.step2_exchange('some random code', http=http)
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800397 self.fail('should raise exception if exchange doesn\'t get 200')
Joe Gregorioccc79542011-02-19 00:05:26 -0500398 except FlowExchangeError:
399 pass
400
Joe Gregorioddb969a2012-07-11 11:04:12 -0400401 def test_urlencoded_exchange_failure(self):
402 http = HttpMockSequence([
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800403 ({'status': '400'}, 'error=invalid_request'),
Joe Gregorioddb969a2012-07-11 11:04:12 -0400404 ])
405
406 try:
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400407 credentials = self.flow.step2_exchange('some random code', http=http)
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800408 self.fail('should raise exception if exchange doesn\'t get 200')
Joe Gregorioddb969a2012-07-11 11:04:12 -0400409 except FlowExchangeError, e:
410 self.assertEquals('invalid_request', str(e))
411
412 def test_exchange_failure_with_json_error(self):
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800413 # Some providers have 'error' attribute as a JSON object
Joe Gregorioddb969a2012-07-11 11:04:12 -0400414 # in place of regular string.
415 # This test makes sure no strange object-to-string coversion
416 # exceptions are being raised instead of FlowExchangeError.
417 http = HttpMockSequence([
418 ({'status': '400'},
419 """ {"error": {
420 "type": "OAuthException",
421 "message": "Error validating verification code."} }"""),
422 ])
423
424 try:
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400425 credentials = self.flow.step2_exchange('some random code', http=http)
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800426 self.fail('should raise exception if exchange doesn\'t get 200')
Joe Gregorioddb969a2012-07-11 11:04:12 -0400427 except FlowExchangeError, e:
428 pass
429
Joe Gregorioccc79542011-02-19 00:05:26 -0500430 def test_exchange_success(self):
431 http = HttpMockSequence([
432 ({'status': '200'},
433 """{ "access_token":"SlAV32hkKG",
434 "expires_in":3600,
435 "refresh_token":"8xLOxBtZp8" }"""),
436 ])
437
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400438 credentials = self.flow.step2_exchange('some random code', http=http)
Joe Gregorio654f4a22012-02-09 14:15:44 -0500439 self.assertEqual('SlAV32hkKG', credentials.access_token)
440 self.assertNotEqual(None, credentials.token_expiry)
441 self.assertEqual('8xLOxBtZp8', credentials.refresh_token)
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800442 self.assertEqual('dummy_revoke_uri', credentials.revoke_uri)
Joe Gregorioccc79542011-02-19 00:05:26 -0500443
Joe Gregorioddb969a2012-07-11 11:04:12 -0400444 def test_urlencoded_exchange_success(self):
445 http = HttpMockSequence([
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800446 ({'status': '200'}, 'access_token=SlAV32hkKG&expires_in=3600'),
Joe Gregorioddb969a2012-07-11 11:04:12 -0400447 ])
448
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400449 credentials = self.flow.step2_exchange('some random code', http=http)
Joe Gregorioddb969a2012-07-11 11:04:12 -0400450 self.assertEqual('SlAV32hkKG', credentials.access_token)
451 self.assertNotEqual(None, credentials.token_expiry)
452
453 def test_urlencoded_expires_param(self):
454 http = HttpMockSequence([
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800455 # Note the 'expires=3600' where you'd normally
456 # have if named 'expires_in'
457 ({'status': '200'}, 'access_token=SlAV32hkKG&expires=3600'),
Joe Gregorioddb969a2012-07-11 11:04:12 -0400458 ])
459
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400460 credentials = self.flow.step2_exchange('some random code', http=http)
Joe Gregorioddb969a2012-07-11 11:04:12 -0400461 self.assertNotEqual(None, credentials.token_expiry)
462
Joe Gregorioccc79542011-02-19 00:05:26 -0500463 def test_exchange_no_expires_in(self):
464 http = HttpMockSequence([
465 ({'status': '200'}, """{ "access_token":"SlAV32hkKG",
466 "refresh_token":"8xLOxBtZp8" }"""),
467 ])
468
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400469 credentials = self.flow.step2_exchange('some random code', http=http)
Joe Gregorio654f4a22012-02-09 14:15:44 -0500470 self.assertEqual(None, credentials.token_expiry)
Joe Gregorioccc79542011-02-19 00:05:26 -0500471
Joe Gregorioddb969a2012-07-11 11:04:12 -0400472 def test_urlencoded_exchange_no_expires_in(self):
473 http = HttpMockSequence([
474 # This might be redundant but just to make sure
475 # urlencoded access_token gets parsed correctly
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800476 ({'status': '200'}, 'access_token=SlAV32hkKG'),
Joe Gregorioddb969a2012-07-11 11:04:12 -0400477 ])
478
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400479 credentials = self.flow.step2_exchange('some random code', http=http)
Joe Gregorioddb969a2012-07-11 11:04:12 -0400480 self.assertEqual(None, credentials.token_expiry)
481
Joe Gregorio4b4002f2012-06-14 15:41:01 -0400482 def test_exchange_fails_if_no_code(self):
483 http = HttpMockSequence([
484 ({'status': '200'}, """{ "access_token":"SlAV32hkKG",
485 "refresh_token":"8xLOxBtZp8" }"""),
486 ])
487
488 code = {'error': 'thou shall not pass'}
489 try:
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400490 credentials = self.flow.step2_exchange(code, http=http)
Joe Gregorio4b4002f2012-06-14 15:41:01 -0400491 self.fail('should raise exception if no code in dictionary.')
492 except FlowExchangeError, e:
493 self.assertTrue('shall not pass' in str(e))
494
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500495 def test_exchange_id_token_fail(self):
496 http = HttpMockSequence([
497 ({'status': '200'}, """{ "access_token":"SlAV32hkKG",
498 "refresh_token":"8xLOxBtZp8",
499 "id_token": "stuff.payload"}"""),
500 ])
501
502 self.assertRaises(VerifyJwtTokenError, self.flow.step2_exchange,
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400503 'some random code', http=http)
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500504
505 def test_exchange_id_token_fail(self):
506 body = {'foo': 'bar'}
507 payload = base64.urlsafe_b64encode(simplejson.dumps(body)).strip('=')
Joe Gregoriobd512b52011-12-06 15:39:26 -0500508 jwt = (base64.urlsafe_b64encode('stuff')+ '.' + payload + '.' +
509 base64.urlsafe_b64encode('signature'))
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500510
511 http = HttpMockSequence([
512 ({'status': '200'}, """{ "access_token":"SlAV32hkKG",
513 "refresh_token":"8xLOxBtZp8",
514 "id_token": "%s"}""" % jwt),
515 ])
516
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400517 credentials = self.flow.step2_exchange('some random code', http=http)
Joe Gregorio654f4a22012-02-09 14:15:44 -0500518 self.assertEqual(credentials.id_token, body)
Joe Gregorio8b4c1732011-12-06 11:28:29 -0500519
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400520
521class FlowFromCachedClientsecrets(unittest.TestCase):
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400522
523 def test_flow_from_clientsecrets_cached(self):
524 cache_mock = CacheMock()
525 load_and_cache('client_secrets.json', 'some_secrets', cache_mock)
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400526
527 flow = flow_from_clientsecrets(
528 'some_secrets', '', redirect_uri='oob', cache=cache_mock)
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400529 self.assertEquals('foo_client_secret', flow.client_secret)
530
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400531
Joe Gregorio32d852d2012-06-14 09:08:18 -0400532class CredentialsFromCodeTests(unittest.TestCase):
533 def setUp(self):
534 self.client_id = 'client_id_abc'
535 self.client_secret = 'secret_use_code'
536 self.scope = 'foo'
537 self.code = '12345abcde'
538 self.redirect_uri = 'postmessage'
539
540 def test_exchange_code_for_token(self):
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800541 token = 'asdfghjkl'
542 payload =simplejson.dumps({'access_token': token, 'expires_in': 3600})
Joe Gregorio32d852d2012-06-14 09:08:18 -0400543 http = HttpMockSequence([
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800544 ({'status': '200'}, payload),
Joe Gregorio32d852d2012-06-14 09:08:18 -0400545 ])
546 credentials = credentials_from_code(self.client_id, self.client_secret,
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400547 self.scope, self.code, redirect_uri=self.redirect_uri,
548 http=http)
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800549 self.assertEquals(credentials.access_token, token)
Joe Gregorio32d852d2012-06-14 09:08:18 -0400550 self.assertNotEqual(None, credentials.token_expiry)
551
552 def test_exchange_code_for_token_fail(self):
553 http = HttpMockSequence([
554 ({'status': '400'}, '{"error":"invalid_request"}'),
555 ])
556
557 try:
558 credentials = credentials_from_code(self.client_id, self.client_secret,
Joe Gregorio68a8cfe2012-08-03 16:17:40 -0400559 self.scope, self.code, redirect_uri=self.redirect_uri,
560 http=http)
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800561 self.fail('should raise exception if exchange doesn\'t get 200')
Joe Gregorio32d852d2012-06-14 09:08:18 -0400562 except FlowExchangeError:
563 pass
564
Joe Gregorio32d852d2012-06-14 09:08:18 -0400565 def test_exchange_code_and_file_for_token(self):
566 http = HttpMockSequence([
567 ({'status': '200'},
568 """{ "access_token":"asdfghjkl",
569 "expires_in":3600 }"""),
570 ])
571 credentials = credentials_from_clientsecrets_and_code(
572 datafile('client_secrets.json'), self.scope,
573 self.code, http=http)
574 self.assertEquals(credentials.access_token, 'asdfghjkl')
575 self.assertNotEqual(None, credentials.token_expiry)
576
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400577 def test_exchange_code_and_cached_file_for_token(self):
578 http = HttpMockSequence([
579 ({'status': '200'}, '{ "access_token":"asdfghjkl"}'),
580 ])
581 cache_mock = CacheMock()
582 load_and_cache('client_secrets.json', 'some_secrets', cache_mock)
583
584 credentials = credentials_from_clientsecrets_and_code(
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800585 'some_secrets', self.scope,
586 self.code, http=http, cache=cache_mock)
Joe Gregorioc29aaa92012-07-16 16:16:31 -0400587 self.assertEquals(credentials.access_token, 'asdfghjkl')
588
Joe Gregorio32d852d2012-06-14 09:08:18 -0400589 def test_exchange_code_and_file_for_token_fail(self):
590 http = HttpMockSequence([
591 ({'status': '400'}, '{"error":"invalid_request"}'),
592 ])
593
594 try:
595 credentials = credentials_from_clientsecrets_and_code(
596 datafile('client_secrets.json'), self.scope,
597 self.code, http=http)
dhermes@google.coma9eb0bb2013-02-06 09:19:01 -0800598 self.fail('should raise exception if exchange doesn\'t get 200')
Joe Gregorio32d852d2012-06-14 09:08:18 -0400599 except FlowExchangeError:
600 pass
601
602
Joe Gregorio08cdcb82012-03-14 00:09:33 -0400603class MemoryCacheTests(unittest.TestCase):
604
605 def test_get_set_delete(self):
606 m = MemoryCache()
607 self.assertEqual(None, m.get('foo'))
608 self.assertEqual(None, m.delete('foo'))
609 m.set('foo', 'bar')
610 self.assertEqual('bar', m.get('foo'))
611 m.delete('foo')
612 self.assertEqual(None, m.get('foo'))
613
614
Joe Gregorioccc79542011-02-19 00:05:26 -0500615if __name__ == '__main__':
616 unittest.main()