| Jon Wayne Parrott | 71ce2a0 | 2016-10-14 14:08:10 -0700 | [diff] [blame] | 1 | # Copyright 2016 Google Inc. |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | |
| 15 | import datetime |
| 16 | |
| Jon Wayne Parrott | e60c124 | 2017-03-23 16:00:24 -0700 | [diff] [blame] | 17 | from google.auth import _helpers |
| Jon Wayne Parrott | 71ce2a0 | 2016-10-14 14:08:10 -0700 | [diff] [blame] | 18 | from google.auth import credentials |
| 19 | |
| 20 | |
| 21 | class CredentialsImpl(credentials.Credentials): |
| 22 | def refresh(self, request): |
| 23 | self.token = request |
| 24 | |
| 25 | |
| 26 | def test_credentials_constructor(): |
| 27 | credentials = CredentialsImpl() |
| 28 | assert not credentials.token |
| 29 | assert not credentials.expiry |
| 30 | assert not credentials.expired |
| 31 | assert not credentials.valid |
| 32 | |
| 33 | |
| 34 | def test_expired_and_valid(): |
| 35 | credentials = CredentialsImpl() |
| 36 | credentials.token = 'token' |
| 37 | |
| 38 | assert credentials.valid |
| 39 | assert not credentials.expired |
| 40 | |
| Jon Wayne Parrott | 7af9f66 | 2017-05-08 09:40:56 -0700 | [diff] [blame] | 41 | # Set the expiration to one second more than now plus the clock skew |
| 42 | # accomodation. These credentials should be valid. |
| Jon Wayne Parrott | 71ce2a0 | 2016-10-14 14:08:10 -0700 | [diff] [blame] | 43 | credentials.expiry = ( |
| Jon Wayne Parrott | 7af9f66 | 2017-05-08 09:40:56 -0700 | [diff] [blame] | 44 | datetime.datetime.utcnow() + |
| 45 | _helpers.CLOCK_SKEW + |
| Jon Wayne Parrott | e60c124 | 2017-03-23 16:00:24 -0700 | [diff] [blame] | 46 | datetime.timedelta(seconds=1)) |
| 47 | |
| 48 | assert credentials.valid |
| 49 | assert not credentials.expired |
| 50 | |
| Jon Wayne Parrott | 7af9f66 | 2017-05-08 09:40:56 -0700 | [diff] [blame] | 51 | # Set the credentials expiration to now. Because of the clock skew |
| 52 | # accomodation, these credentials should report as expired. |
| 53 | credentials.expiry = datetime.datetime.utcnow() |
| Jon Wayne Parrott | 71ce2a0 | 2016-10-14 14:08:10 -0700 | [diff] [blame] | 54 | |
| 55 | assert not credentials.valid |
| 56 | assert credentials.expired |
| 57 | |
| 58 | |
| 59 | def test_before_request(): |
| 60 | credentials = CredentialsImpl() |
| 61 | request = 'token' |
| 62 | headers = {} |
| 63 | |
| 64 | # First call should call refresh, setting the token. |
| 65 | credentials.before_request(request, 'http://example.com', 'GET', headers) |
| 66 | assert credentials.valid |
| 67 | assert credentials.token == 'token' |
| 68 | assert headers['authorization'] == 'Bearer token' |
| 69 | |
| 70 | request = 'token2' |
| 71 | headers = {} |
| 72 | |
| 73 | # Second call shouldn't call refresh. |
| 74 | credentials.before_request(request, 'http://example.com', 'GET', headers) |
| 75 | assert credentials.valid |
| 76 | assert credentials.token == 'token' |
| 77 | assert headers['authorization'] == 'Bearer token' |
| 78 | |
| 79 | |
| 80 | class ScopedCredentialsImpl(credentials.Scoped, CredentialsImpl): |
| 81 | @property |
| 82 | def requires_scopes(self): |
| 83 | return super(ScopedCredentialsImpl, self).requires_scopes |
| 84 | |
| 85 | def with_scopes(self, scopes): |
| 86 | raise NotImplementedError |
| 87 | |
| 88 | |
| 89 | def test_scoped_credentials_constructor(): |
| 90 | credentials = ScopedCredentialsImpl() |
| 91 | assert credentials._scopes is None |
| 92 | |
| 93 | |
| 94 | def test_scoped_credentials_scopes(): |
| 95 | credentials = ScopedCredentialsImpl() |
| 96 | credentials._scopes = ['one', 'two'] |
| 97 | assert credentials.scopes == ['one', 'two'] |
| 98 | assert credentials.has_scopes(['one']) |
| 99 | assert credentials.has_scopes(['two']) |
| 100 | assert credentials.has_scopes(['one', 'two']) |
| 101 | assert not credentials.has_scopes(['three']) |
| 102 | |
| 103 | |
| 104 | def test_scoped_credentials_requires_scopes(): |
| 105 | credentials = ScopedCredentialsImpl() |
| 106 | assert not credentials.requires_scopes |
| Jon Wayne Parrott | f89a3cf | 2016-10-31 10:52:57 -0700 | [diff] [blame] | 107 | |
| 108 | |
| 109 | class RequiresScopedCredentialsImpl(credentials.Scoped, CredentialsImpl): |
| 110 | def __init__(self, scopes=None): |
| 111 | super(RequiresScopedCredentialsImpl, self).__init__() |
| 112 | self._scopes = scopes |
| 113 | |
| 114 | @property |
| 115 | def requires_scopes(self): |
| 116 | return not self.scopes |
| 117 | |
| 118 | def with_scopes(self, scopes): |
| 119 | return RequiresScopedCredentialsImpl(scopes=scopes) |
| 120 | |
| 121 | |
| 122 | def test_create_scoped_if_required_scoped(): |
| 123 | unscoped_credentials = RequiresScopedCredentialsImpl() |
| 124 | scoped_credentials = credentials.with_scopes_if_required( |
| 125 | unscoped_credentials, ['one', 'two']) |
| 126 | |
| 127 | assert scoped_credentials is not unscoped_credentials |
| 128 | assert not scoped_credentials.requires_scopes |
| 129 | assert scoped_credentials.has_scopes(['one', 'two']) |
| 130 | |
| 131 | |
| 132 | def test_create_scoped_if_required_not_scopes(): |
| 133 | unscoped_credentials = CredentialsImpl() |
| 134 | scoped_credentials = credentials.with_scopes_if_required( |
| 135 | unscoped_credentials, ['one', 'two']) |
| 136 | |
| 137 | assert scoped_credentials is unscoped_credentials |