Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-auth-library-python / 23c88f755653df352bcff3d49cd077e9944accc6 / . / tests / oauth2 / test_credentials.py
blob: 906436353e6425744e46648a28aa81d3e52ffa22 [file] [log] [blame]
Jon Wayne Parrott10ec7e92016-10-17 10:46:38 -0700[diff] [blame]1# Copyright 2016 Google Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15import datetime
Hiranya Jayathilaka23c88f72017-12-05 09:29:59 -0800[diff] [blame^]16import json
17import os
Jon Wayne Parrott10ec7e92016-10-17 10:46:38 -0700[diff] [blame]18
19import mock
Jon Wayne Parrott10ec7e92016-10-17 10:46:38 -0700[diff] [blame]20
21from google.auth import _helpers
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700[diff] [blame]22from google.auth import transport
Jon Wayne Parrott10ec7e92016-10-17 10:46:38 -0700[diff] [blame]23from google.oauth2 import credentials
24
25
Hiranya Jayathilaka23c88f72017-12-05 09:29:59 -0800[diff] [blame^]26DATA_DIR = os.path.join(os.path.dirname(__file__), '..', 'data')
27
28AUTH_USER_JSON_FILE = os.path.join(DATA_DIR, 'authorized_user.json')
29
30with open(AUTH_USER_JSON_FILE, 'r') as fh:
31 AUTH_USER_INFO = json.load(fh)
32
33
Jon Wayne Parrott10ec7e92016-10-17 10:46:38 -0700[diff] [blame]34class TestCredentials(object):
35 TOKEN_URI = 'https://example.com/oauth2/token'
36 REFRESH_TOKEN = 'refresh_token'
37 CLIENT_ID = 'client_id'
38 CLIENT_SECRET = 'client_secret'
39
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700[diff] [blame]40 @classmethod
41 def make_credentials(cls):
42 return credentials.Credentials(
43 token=None, refresh_token=cls.REFRESH_TOKEN,
44 token_uri=cls.TOKEN_URI, client_id=cls.CLIENT_ID,
45 client_secret=cls.CLIENT_SECRET)
Jon Wayne Parrott10ec7e92016-10-17 10:46:38 -0700[diff] [blame]46
47 def test_default_state(self):
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700[diff] [blame]48 credentials = self.make_credentials()
49 assert not credentials.valid
Jon Wayne Parrott10ec7e92016-10-17 10:46:38 -0700[diff] [blame]50 # Expiration hasn't been set yet
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700[diff] [blame]51 assert not credentials.expired
Jon Wayne Parrott10ec7e92016-10-17 10:46:38 -0700[diff] [blame]52 # Scopes aren't required for these credentials
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700[diff] [blame]53 assert not credentials.requires_scopes
Jon Wayne Parrott2d0549a2017-03-01 09:27:16 -0800[diff] [blame]54 # Test properties
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700[diff] [blame]55 assert credentials.refresh_token == self.REFRESH_TOKEN
56 assert credentials.token_uri == self.TOKEN_URI
57 assert credentials.client_id == self.CLIENT_ID
58 assert credentials.client_secret == self.CLIENT_SECRET
Jon Wayne Parrott10ec7e92016-10-17 10:46:38 -0700[diff] [blame]59
Jon Wayne Parrott8784b232016-11-10 12:53:55 -0800[diff] [blame]60 @mock.patch('google.oauth2._client.refresh_grant', autospec=True)
Jon Wayne Parrott10ec7e92016-10-17 10:46:38 -0700[diff] [blame]61 @mock.patch(
Jon Wayne Parrotte60c1242017-03-23 16:00:24 -0700[diff] [blame]62 'google.auth._helpers.utcnow',
63 return_value=datetime.datetime.min + _helpers.CLOCK_SKEW)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700[diff] [blame]64 def test_refresh_success(self, unused_utcnow, refresh_grant):
Jon Wayne Parrott10ec7e92016-10-17 10:46:38 -0700[diff] [blame]65 token = 'token'
66 expiry = _helpers.utcnow() + datetime.timedelta(seconds=500)
Jon Wayne Parrott26a16372017-03-28 13:03:33 -0700[diff] [blame]67 grant_response = {'id_token': mock.sentinel.id_token}
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700[diff] [blame]68 refresh_grant.return_value = (
Jon Wayne Parrott10ec7e92016-10-17 10:46:38 -0700[diff] [blame]69 # Access token
70 token,
71 # New refresh token
72 None,
73 # Expiry,
74 expiry,
75 # Extra data
Jon Wayne Parrott26a16372017-03-28 13:03:33 -0700[diff] [blame]76 grant_response)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700[diff] [blame]77
78 request = mock.create_autospec(transport.Request)
79 credentials = self.make_credentials()
Jon Wayne Parrott10ec7e92016-10-17 10:46:38 -0700[diff] [blame]80
81 # Refresh credentials
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700[diff] [blame]82 credentials.refresh(request)
Jon Wayne Parrott10ec7e92016-10-17 10:46:38 -0700[diff] [blame]83
84 # Check jwt grant call.
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700[diff] [blame]85 refresh_grant.assert_called_with(
86 request, self.TOKEN_URI, self.REFRESH_TOKEN, self.CLIENT_ID,
Jon Wayne Parrott10ec7e92016-10-17 10:46:38 -0700[diff] [blame]87 self.CLIENT_SECRET)
88
89 # Check that the credentials have the token and expiry
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700[diff] [blame]90 assert credentials.token == token
91 assert credentials.expiry == expiry
92 assert credentials.id_token == mock.sentinel.id_token
Jon Wayne Parrott10ec7e92016-10-17 10:46:38 -0700[diff] [blame]93
94 # Check that the credentials are valid (have a token and are not
95 # expired)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700[diff] [blame]96 assert credentials.valid
Hiranya Jayathilaka23c88f72017-12-05 09:29:59 -0800[diff] [blame^]97
98 def test_from_authorized_user_info(self):
99 info = AUTH_USER_INFO.copy()
100
101 creds = credentials.Credentials.from_authorized_user_info(info)
102 assert creds.client_secret == info['client_secret']
103 assert creds.client_id == info['client_id']
104 assert creds.refresh_token == info['refresh_token']
105 assert creds.token_uri == credentials._GOOGLE_OAUTH2_TOKEN_ENDPOINT
106 assert creds.scopes is None
107
108 scopes = ['email', 'profile']
109 creds = credentials.Credentials.from_authorized_user_info(
110 info, scopes)
111 assert creds.client_secret == info['client_secret']
112 assert creds.client_id == info['client_id']
113 assert creds.refresh_token == info['refresh_token']
114 assert creds.token_uri == credentials._GOOGLE_OAUTH2_TOKEN_ENDPOINT
115 assert creds.scopes == scopes
116
117 def test_from_authorized_user_file(self):
118 info = AUTH_USER_INFO.copy()
119
120 creds = credentials.Credentials.from_authorized_user_file(
121 AUTH_USER_JSON_FILE)
122 assert creds.client_secret == info['client_secret']
123 assert creds.client_id == info['client_id']
124 assert creds.refresh_token == info['refresh_token']
125 assert creds.token_uri == credentials._GOOGLE_OAUTH2_TOKEN_ENDPOINT
126 assert creds.scopes is None
127
128 scopes = ['email', 'profile']
129 creds = credentials.Credentials.from_authorized_user_file(
130 AUTH_USER_JSON_FILE, scopes)
131 assert creds.client_secret == info['client_secret']
132 assert creds.client_id == info['client_id']
133 assert creds.refresh_token == info['refresh_token']
134 assert creds.token_uri == credentials._GOOGLE_OAUTH2_TOKEN_ENDPOINT
135 assert creds.scopes == scopes