Blame - tests/test_credentials.py - platform/external/python/google-auth-library-python

blob: 0633b38c07cad24fec4bd837416f9e69863212e0 [file] [log] [blame]

C.J. Collier	37141e4	2020-02-13 13:49:49 -0800	[diff] [blame]	1	# Copyright 2016 Google LLC
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	2	#
				3	# Licensed under the Apache License, Version 2.0 (the "License");
				4	# you may not use this file except in compliance with the License.
				5	# You may obtain a copy of the License at
				6	#
				7	# http://www.apache.org/licenses/LICENSE-2.0
				8	#
				9	# Unless required by applicable law or agreed to in writing, software
				10	# distributed under the License is distributed on an "AS IS" BASIS,
				11	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				12	# See the License for the specific language governing permissions and
				13	# limitations under the License.
				14
				15	import datetime
				16
Tres Seaver	b096a3d	2017-10-30 16:12:37 -0400	[diff] [blame]	17	import pytest
				18
Jon Wayne Parrott	e60c124	2017-03-23 16:00:24 -0700	[diff] [blame]	19	from google.auth import _helpers
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	20	from google.auth import credentials
				21
				22
				23	class CredentialsImpl(credentials.Credentials):
				24	def refresh(self, request):
				25	self.token = request
				26
Bu Sun Kim	3dda7b2	2020-07-09 10:39:39 -0700	[diff] [blame]	27	def with_quota_project(self, quota_project_id):
				28	raise NotImplementedError()
				29
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	30
				31	def test_credentials_constructor():
				32	credentials = CredentialsImpl()
				33	assert not credentials.token
				34	assert not credentials.expiry
				35	assert not credentials.expired
				36	assert not credentials.valid
				37
				38
				39	def test_expired_and_valid():
				40	credentials = CredentialsImpl()
Bu Sun Kim	9eec091	2019-10-21 17:04:21 -0700	[diff] [blame]	41	credentials.token = "token"
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	42
				43	assert credentials.valid
				44	assert not credentials.expired
				45
Jon Wayne Parrott	7af9f66	2017-05-08 09:40:56 -0700	[diff] [blame]	46	# Set the expiration to one second more than now plus the clock skew
				47	# accomodation. These credentials should be valid.
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	48	credentials.expiry = (
Bu Sun Kim	9eec091	2019-10-21 17:04:21 -0700	[diff] [blame]	49	datetime.datetime.utcnow() + _helpers.CLOCK_SKEW + datetime.timedelta(seconds=1)
				50	)
Jon Wayne Parrott	e60c124	2017-03-23 16:00:24 -0700	[diff] [blame]	51
				52	assert credentials.valid
				53	assert not credentials.expired
				54
Jon Wayne Parrott	7af9f66	2017-05-08 09:40:56 -0700	[diff] [blame]	55	# Set the credentials expiration to now. Because of the clock skew
				56	# accomodation, these credentials should report as expired.
				57	credentials.expiry = datetime.datetime.utcnow()
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	58
				59	assert not credentials.valid
				60	assert credentials.expired
				61
				62
				63	def test_before_request():
				64	credentials = CredentialsImpl()
Bu Sun Kim	9eec091	2019-10-21 17:04:21 -0700	[diff] [blame]	65	request = "token"
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	66	headers = {}
				67
				68	# First call should call refresh, setting the token.
Bu Sun Kim	9eec091	2019-10-21 17:04:21 -0700	[diff] [blame]	69	credentials.before_request(request, "http://example.com", "GET", headers)
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	70	assert credentials.valid
Bu Sun Kim	9eec091	2019-10-21 17:04:21 -0700	[diff] [blame]	71	assert credentials.token == "token"
				72	assert headers["authorization"] == "Bearer token"
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	73
Bu Sun Kim	9eec091	2019-10-21 17:04:21 -0700	[diff] [blame]	74	request = "token2"
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	75	headers = {}
				76
				77	# Second call shouldn't call refresh.
Bu Sun Kim	9eec091	2019-10-21 17:04:21 -0700	[diff] [blame]	78	credentials.before_request(request, "http://example.com", "GET", headers)
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	79	assert credentials.valid
Bu Sun Kim	9eec091	2019-10-21 17:04:21 -0700	[diff] [blame]	80	assert credentials.token == "token"
				81	assert headers["authorization"] == "Bearer token"
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	82
				83
Tres Seaver	b096a3d	2017-10-30 16:12:37 -0400	[diff] [blame]	84	def test_anonymous_credentials_ctor():
				85	anon = credentials.AnonymousCredentials()
				86	assert anon.token is None
				87	assert anon.expiry is None
				88	assert not anon.expired
				89	assert anon.valid
				90
				91
				92	def test_anonymous_credentials_refresh():
				93	anon = credentials.AnonymousCredentials()
				94	request = object()
				95	with pytest.raises(ValueError):
				96	anon.refresh(request)
				97
				98
				99	def test_anonymous_credentials_apply_default():
				100	anon = credentials.AnonymousCredentials()
				101	headers = {}
				102	anon.apply(headers)
				103	assert headers == {}
				104	with pytest.raises(ValueError):
Bu Sun Kim	9eec091	2019-10-21 17:04:21 -0700	[diff] [blame]	105	anon.apply(headers, token="TOKEN")
Tres Seaver	b096a3d	2017-10-30 16:12:37 -0400	[diff] [blame]	106
				107
				108	def test_anonymous_credentials_before_request():
				109	anon = credentials.AnonymousCredentials()
				110	request = object()
Bu Sun Kim	9eec091	2019-10-21 17:04:21 -0700	[diff] [blame]	111	method = "GET"
				112	url = "https://example.com/api/endpoint"
Tres Seaver	b096a3d	2017-10-30 16:12:37 -0400	[diff] [blame]	113	headers = {}
				114	anon.before_request(request, method, url, headers)
				115	assert headers == {}
				116
				117
Bu Sun Kim	9eec091	2019-10-21 17:04:21 -0700	[diff] [blame]	118	class ReadOnlyScopedCredentialsImpl(credentials.ReadOnlyScoped, CredentialsImpl):
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	119	@property
				120	def requires_scopes(self):
Jon Wayne Parrott	4460a96	2017-09-12 10:01:23 -0700	[diff] [blame]	121	return super(ReadOnlyScopedCredentialsImpl, self).requires_scopes
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	122
				123
Tres Seaver	4246832	2017-09-11 15:36:53 -0400	[diff] [blame]	124	def test_readonly_scoped_credentials_constructor():
Jon Wayne Parrott	4460a96	2017-09-12 10:01:23 -0700	[diff] [blame]	125	credentials = ReadOnlyScopedCredentialsImpl()
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	126	assert credentials._scopes is None
				127
				128
Tres Seaver	4246832	2017-09-11 15:36:53 -0400	[diff] [blame]	129	def test_readonly_scoped_credentials_scopes():
Jon Wayne Parrott	4460a96	2017-09-12 10:01:23 -0700	[diff] [blame]	130	credentials = ReadOnlyScopedCredentialsImpl()
Bu Sun Kim	9eec091	2019-10-21 17:04:21 -0700	[diff] [blame]	131	credentials._scopes = ["one", "two"]
				132	assert credentials.scopes == ["one", "two"]
				133	assert credentials.has_scopes(["one"])
				134	assert credentials.has_scopes(["two"])
				135	assert credentials.has_scopes(["one", "two"])
				136	assert not credentials.has_scopes(["three"])
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	137
				138
Tres Seaver	4246832	2017-09-11 15:36:53 -0400	[diff] [blame]	139	def test_readonly_scoped_credentials_requires_scopes():
Jon Wayne Parrott	4460a96	2017-09-12 10:01:23 -0700	[diff] [blame]	140	credentials = ReadOnlyScopedCredentialsImpl()
Jon Wayne Parrott	71ce2a0	2016-10-14 14:08:10 -0700	[diff] [blame]	141	assert not credentials.requires_scopes
Jon Wayne Parrott	f89a3cf	2016-10-31 10:52:57 -0700	[diff] [blame]	142
				143
				144	class RequiresScopedCredentialsImpl(credentials.Scoped, CredentialsImpl):
Bu Sun Kim	bf5ce0c	2021-02-01 15:17:49 -0700	[diff] [blame^]	145	def __init__(self, scopes=None, default_scopes=None):
Jon Wayne Parrott	f89a3cf	2016-10-31 10:52:57 -0700	[diff] [blame]	146	super(RequiresScopedCredentialsImpl, self).__init__()
				147	self._scopes = scopes
Bu Sun Kim	bf5ce0c	2021-02-01 15:17:49 -0700	[diff] [blame^]	148	self._default_scopes = default_scopes
Jon Wayne Parrott	f89a3cf	2016-10-31 10:52:57 -0700	[diff] [blame]	149
				150	@property
				151	def requires_scopes(self):
				152	return not self.scopes
				153
Bu Sun Kim	bf5ce0c	2021-02-01 15:17:49 -0700	[diff] [blame^]	154	def with_scopes(self, scopes, default_scopes=None):
				155	return RequiresScopedCredentialsImpl(
				156	scopes=scopes, default_scopes=default_scopes
				157	)
Jon Wayne Parrott	f89a3cf	2016-10-31 10:52:57 -0700	[diff] [blame]	158
				159
				160	def test_create_scoped_if_required_scoped():
				161	unscoped_credentials = RequiresScopedCredentialsImpl()
				162	scoped_credentials = credentials.with_scopes_if_required(
Bu Sun Kim	9eec091	2019-10-21 17:04:21 -0700	[diff] [blame]	163	unscoped_credentials, ["one", "two"]
				164	)
Jon Wayne Parrott	f89a3cf	2016-10-31 10:52:57 -0700	[diff] [blame]	165
				166	assert scoped_credentials is not unscoped_credentials
				167	assert not scoped_credentials.requires_scopes
Bu Sun Kim	9eec091	2019-10-21 17:04:21 -0700	[diff] [blame]	168	assert scoped_credentials.has_scopes(["one", "two"])
Jon Wayne Parrott	f89a3cf	2016-10-31 10:52:57 -0700	[diff] [blame]	169
				170
				171	def test_create_scoped_if_required_not_scopes():
				172	unscoped_credentials = CredentialsImpl()
				173	scoped_credentials = credentials.with_scopes_if_required(
Bu Sun Kim	9eec091	2019-10-21 17:04:21 -0700	[diff] [blame]	174	unscoped_credentials, ["one", "two"]
				175	)
Jon Wayne Parrott	f89a3cf	2016-10-31 10:52:57 -0700	[diff] [blame]	176
				177	assert scoped_credentials is unscoped_credentials