Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-auth-library-python / 4460a969485b8ad62a6e44bacbf8649387e2394a / . / tests / test_credentials.py
blob: 128ae1a6e0aafdf77de9209444d1ac1a40e50220 [file] [log] [blame]
Jon Wayne Parrott71ce2a02016-10-14 14:08:10 -0700[diff] [blame]1# Copyright 2016 Google Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15import datetime
16
Jon Wayne Parrotte60c1242017-03-23 16:00:24 -0700[diff] [blame]17from google.auth import _helpers
Jon Wayne Parrott71ce2a02016-10-14 14:08:10 -0700[diff] [blame]18from google.auth import credentials
19
20
21class CredentialsImpl(credentials.Credentials):
22 def refresh(self, request):
23 self.token = request
24
25
26def test_credentials_constructor():
27 credentials = CredentialsImpl()
28 assert not credentials.token
29 assert not credentials.expiry
30 assert not credentials.expired
31 assert not credentials.valid
32
33
34def test_expired_and_valid():
35 credentials = CredentialsImpl()
36 credentials.token = 'token'
37
38 assert credentials.valid
39 assert not credentials.expired
40
Jon Wayne Parrott7af9f662017-05-08 09:40:56 -0700[diff] [blame]41 # Set the expiration to one second more than now plus the clock skew
42 # accomodation. These credentials should be valid.
Jon Wayne Parrott71ce2a02016-10-14 14:08:10 -0700[diff] [blame]43 credentials.expiry = (
Jon Wayne Parrott7af9f662017-05-08 09:40:56 -0700[diff] [blame]44 datetime.datetime.utcnow() +
45 _helpers.CLOCK_SKEW +
Jon Wayne Parrotte60c1242017-03-23 16:00:24 -0700[diff] [blame]46 datetime.timedelta(seconds=1))
47
48 assert credentials.valid
49 assert not credentials.expired
50
Jon Wayne Parrott7af9f662017-05-08 09:40:56 -0700[diff] [blame]51 # Set the credentials expiration to now. Because of the clock skew
52 # accomodation, these credentials should report as expired.
53 credentials.expiry = datetime.datetime.utcnow()
Jon Wayne Parrott71ce2a02016-10-14 14:08:10 -0700[diff] [blame]54
55 assert not credentials.valid
56 assert credentials.expired
57
58
59def test_before_request():
60 credentials = CredentialsImpl()
61 request = 'token'
62 headers = {}
63
64 # First call should call refresh, setting the token.
65 credentials.before_request(request, 'http://example.com', 'GET', headers)
66 assert credentials.valid
67 assert credentials.token == 'token'
68 assert headers['authorization'] == 'Bearer token'
69
70 request = 'token2'
71 headers = {}
72
73 # Second call shouldn't call refresh.
74 credentials.before_request(request, 'http://example.com', 'GET', headers)
75 assert credentials.valid
76 assert credentials.token == 'token'
77 assert headers['authorization'] == 'Bearer token'
78
79
Jon Wayne Parrott4460a962017-09-12 10:01:23 -0700[diff] [blame^]80class ReadOnlyScopedCredentialsImpl(
81 credentials.ReadOnlyScoped, CredentialsImpl):
Jon Wayne Parrott71ce2a02016-10-14 14:08:10 -0700[diff] [blame]82 @property
83 def requires_scopes(self):
Jon Wayne Parrott4460a962017-09-12 10:01:23 -0700[diff] [blame^]84 return super(ReadOnlyScopedCredentialsImpl, self).requires_scopes
Jon Wayne Parrott71ce2a02016-10-14 14:08:10 -0700[diff] [blame]85
86
Tres Seaver42468322017-09-11 15:36:53 -0400[diff] [blame]87def test_readonly_scoped_credentials_constructor():
Jon Wayne Parrott4460a962017-09-12 10:01:23 -0700[diff] [blame^]88 credentials = ReadOnlyScopedCredentialsImpl()
Jon Wayne Parrott71ce2a02016-10-14 14:08:10 -0700[diff] [blame]89 assert credentials._scopes is None
90
91
Tres Seaver42468322017-09-11 15:36:53 -0400[diff] [blame]92def test_readonly_scoped_credentials_scopes():
Jon Wayne Parrott4460a962017-09-12 10:01:23 -0700[diff] [blame^]93 credentials = ReadOnlyScopedCredentialsImpl()
Jon Wayne Parrott71ce2a02016-10-14 14:08:10 -0700[diff] [blame]94 credentials._scopes = ['one', 'two']
95 assert credentials.scopes == ['one', 'two']
96 assert credentials.has_scopes(['one'])
97 assert credentials.has_scopes(['two'])
98 assert credentials.has_scopes(['one', 'two'])
99 assert not credentials.has_scopes(['three'])
100
101
Tres Seaver42468322017-09-11 15:36:53 -0400[diff] [blame]102def test_readonly_scoped_credentials_requires_scopes():
Jon Wayne Parrott4460a962017-09-12 10:01:23 -0700[diff] [blame^]103 credentials = ReadOnlyScopedCredentialsImpl()
Jon Wayne Parrott71ce2a02016-10-14 14:08:10 -0700[diff] [blame]104 assert not credentials.requires_scopes
Jon Wayne Parrottf89a3cf2016-10-31 10:52:57 -0700[diff] [blame]105
106
107class RequiresScopedCredentialsImpl(credentials.Scoped, CredentialsImpl):
108 def __init__(self, scopes=None):
109 super(RequiresScopedCredentialsImpl, self).__init__()
110 self._scopes = scopes
111
112 @property
113 def requires_scopes(self):
114 return not self.scopes
115
116 def with_scopes(self, scopes):
117 return RequiresScopedCredentialsImpl(scopes=scopes)
118
119
120def test_create_scoped_if_required_scoped():
121 unscoped_credentials = RequiresScopedCredentialsImpl()
122 scoped_credentials = credentials.with_scopes_if_required(
123 unscoped_credentials, ['one', 'two'])
124
125 assert scoped_credentials is not unscoped_credentials
126 assert not scoped_credentials.requires_scopes
127 assert scoped_credentials.has_scopes(['one', 'two'])
128
129
130def test_create_scoped_if_required_not_scopes():
131 unscoped_credentials = CredentialsImpl()
132 scoped_credentials = credentials.with_scopes_if_required(
133 unscoped_credentials, ['one', 'two'])
134
135 assert scoped_credentials is unscoped_credentials