diff options
author | Jonathan Huot <jonathan.huot@thomsonreuters.com> | 2019-01-09 17:26:57 +0100 |
---|---|---|
committer | Jonathan Huot <jonathan.huot@thomsonreuters.com> | 2019-01-09 17:26:57 +0100 |
commit | e297041f9d75e79fa6692a0ff5063af8fc752c2d (patch) | |
tree | 165979136d965e21b59ff8920387847543f68606 | |
parent | 20d116c0db616285ca48ef1591a8a79796a76f5d (diff) | |
download | oauthlib-644-intro-revocation-basicauth.tar.gz |
Fix 644, Add tests for BasicAuth credentials for all endpoints644-intro-revocation-basicauth
Test Introspect, Revoke, Token (web, legacy, backend) endpoints with authenticate_client and HTTP Basic Auth.
4 files changed, 65 insertions, 10 deletions
diff --git a/oauthlib/oauth2/rfc6749/endpoints/introspect.py b/oauthlib/oauth2/rfc6749/endpoints/introspect.py index ff7a32d..47022fd 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/introspect.py +++ b/oauthlib/oauth2/rfc6749/endpoints/introspect.py @@ -56,7 +56,7 @@ class IntrospectEndpoint(BaseEndpoint): an introspection response indicating the token is not active as described in Section 2.2. """ - headers = { + resp_headers = { 'Content-Type': 'application/json', 'Cache-Control': 'no-store', 'Pragma': 'no-cache', @@ -67,8 +67,8 @@ class IntrospectEndpoint(BaseEndpoint): log.debug('Token introspect valid for %r.', request) except OAuth2Error as e: log.debug('Client error during validation of %r. %r.', request, e) - headers.update(e.headers) - return headers, e.json, e.status_code + resp_headers.update(e.headers) + return resp_headers, e.json, e.status_code claims = self.request_validator.introspect_token( request.token, @@ -76,10 +76,10 @@ class IntrospectEndpoint(BaseEndpoint): request ) if claims is None: - return headers, json.dumps(dict(active=False)), 200 + return resp_headers, json.dumps(dict(active=False)), 200 if "active" in claims: claims.pop("active") - return headers, json.dumps(dict(active=True, **claims)), 200 + return resp_headers, json.dumps(dict(active=True, **claims)), 200 def validate_introspect_request(self, request): """Ensure the request is valid. diff --git a/oauthlib/oauth2/rfc6749/endpoints/revocation.py b/oauthlib/oauth2/rfc6749/endpoints/revocation.py index 4cd96a7..fda3f30 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/revocation.py +++ b/oauthlib/oauth2/rfc6749/endpoints/revocation.py @@ -58,7 +58,7 @@ class RevocationEndpoint(BaseEndpoint): An invalid token type hint value is ignored by the authorization server and does not influence the revocation response. """ - headers = { + resp_headers = { 'Content-Type': 'application/json', 'Cache-Control': 'no-store', 'Pragma': 'no-cache', @@ -73,8 +73,8 @@ class RevocationEndpoint(BaseEndpoint): response_body = e.json if self.enable_jsonp and request.callback: response_body = '%s(%s);' % (request.callback, response_body) - headers.update(e.headers) - return headers, response_body, e.status_code + resp_headers.update(e.headers) + return resp_headers, response_body, e.status_code self.request_validator.revoke_token(request.token, request.token_type_hint, request) diff --git a/tests/oauth2/rfc6749/endpoints/test_client_authentication.py b/tests/oauth2/rfc6749/endpoints/test_client_authentication.py index 48c5f5a..133da59 100644 --- a/tests/oauth2/rfc6749/endpoints/test_client_authentication.py +++ b/tests/oauth2/rfc6749/endpoints/test_client_authentication.py @@ -43,6 +43,11 @@ class ClientAuthenticationTest(TestCase): token_generator=self.inspect_client) self.backend = BackendApplicationServer(self.validator, token_generator=self.inspect_client) + self.token_uri = 'http://example.com/path' + self.auth_uri = 'http://example.com/path?client_id=abc&response_type=token' + # should be base64 but no added value in this unittest + self.basicauth_client_creds = {"Authorization": "john:doe"} + self.basicauth_client_id = {"Authorization": "john:"} def set_client(self, request): request.client = mock.MagicMock() @@ -54,7 +59,9 @@ class ClientAuthenticationTest(TestCase): request.client.client_id = 'mocked' return True - def set_username(self, username, password, client, request): + def basicauth_authenticate_client(self, request): + assert "Authorization" in request.headers + assert "john:doe" in request.headers["Authorization"] request.client = mock.MagicMock() request.client.client_id = 'mocked' return True @@ -86,6 +93,55 @@ class ClientAuthenticationTest(TestCase): self.assertIn('Location', h) self.assertIn('access_token', get_fragment_credentials(h['Location'])) + def test_basicauth_web(self): + self.validator.authenticate_client.side_effect = self.basicauth_authenticate_client + _, body, _ = self.web.create_token_response( + self.token_uri, + body='grant_type=authorization_code&code=mock', + headers=self.basicauth_client_creds + ) + self.assertIn('access_token', json.loads(body)) + + def test_basicauth_legacy(self): + self.validator.authenticate_client.side_effect = self.basicauth_authenticate_client + _, body, _ = self.legacy.create_token_response( + self.token_uri, + body='grant_type=password&username=abc&password=secret', + headers=self.basicauth_client_creds + ) + self.assertIn('access_token', json.loads(body)) + + def test_basicauth_backend(self): + self.validator.authenticate_client.side_effect = self.basicauth_authenticate_client + _, body, _ = self.backend.create_token_response( + self.token_uri, + body='grant_type=client_credentials', + headers=self.basicauth_client_creds + ) + self.assertIn('access_token', json.loads(body)) + + def test_basicauth_revoke(self): + self.validator.authenticate_client.side_effect = self.basicauth_authenticate_client + + # legacy or any other uses the same RevocationEndpoint + _, body, status = self.legacy.create_revocation_response( + self.token_uri, + body='token=foobar', + headers=self.basicauth_client_creds + ) + self.assertEqual(status, 200, body) + + def test_basicauth_introspect(self): + self.validator.authenticate_client.side_effect = self.basicauth_authenticate_client + + # legacy or any other uses the same IntrospectEndpoint + _, body, status = self.legacy.create_introspect_response( + self.token_uri, + body='token=foobar', + headers=self.basicauth_client_creds + ) + self.assertEqual(status, 200, body) + def test_custom_authentication(self): token_uri = 'http://example.com/path' diff --git a/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py b/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py index f92652b..b9bf76a 100644 --- a/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py +++ b/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py @@ -123,7 +123,6 @@ class IntrospectEndpointTest(TestCase): self.assertEqual(loads(b)['error'], 'invalid_client') self.assertEqual(s, 401) - def test_introspect_unsupported_token(self): endpoint = IntrospectEndpoint(self.validator, supported_token_types=['access_token']) |