diff options
author | Jonathan Huot <JonathanHuot@users.noreply.github.com> | 2019-07-04 09:34:36 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-07-04 09:34:36 +0200 |
commit | 4112c2acb4b55b4dff679e83dc645e072e65ca65 (patch) | |
tree | 409c39dd1b0edb7e7e8de7cd487da754aa25a2bc /tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py | |
parent | 588abb50010d434c0de5ad9c479d666b7b6ab0bd (diff) | |
parent | d7b90fc841694f126ec63500ea8f74330c4672eb (diff) | |
download | oauthlib-4112c2acb4b55b4dff679e83dc645e072e65ca65.tar.gz |
Merge branch 'master' into oidc-userinfo
Diffstat (limited to 'tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py')
-rw-r--r-- | tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py b/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py index 2a24177..17be3a5 100644 --- a/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py +++ b/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py @@ -120,3 +120,32 @@ class RevocationEndpointTest(TestCase): self.assertEqual(h, self.resp_h) self.assertEqual(loads(b)['error'], 'invalid_request') self.assertEqual(s, 400) + + def test_revoke_invalid_request_method(self): + endpoint = RevocationEndpoint(self.validator, + supported_token_types=['access_token']) + test_methods = ['GET', 'pUt', 'dEleTe', 'paTcH'] + test_methods = test_methods + [x.lower() for x in test_methods] + [x.upper() for x in test_methods] + for method in test_methods: + body = urlencode([('token', 'foo'), + ('token_type_hint', 'refresh_token')]) + h, b, s = endpoint.create_revocation_response(self.uri, + http_method = method, headers=self.headers, body=body) + self.assertEqual(h, self.resp_h) + self.assertEqual(loads(b)['error'], 'invalid_request') + self.assertIn('Unsupported request method', loads(b)['error_description']) + self.assertEqual(s, 400) + + def test_revoke_bad_post_request(self): + endpoint = RevocationEndpoint(self.validator, + supported_token_types=['access_token']) + for param in ['token', 'secret', 'code', 'foo']: + uri = 'http://some.endpoint?' + urlencode([(param, 'secret')]) + body = urlencode([('token', 'foo'), + ('token_type_hint', 'access_token')]) + h, b, s = endpoint.create_revocation_response(uri, + headers=self.headers, body=body) + self.assertEqual(h, self.resp_h) + self.assertEqual(loads(b)['error'], 'invalid_request') + self.assertIn('query parameters are not allowed', loads(b)['error_description']) + self.assertEqual(s, 400) |