added test involving client_authentication_required method

3 files changed, 123 insertions, 1 deletions

diff --git a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
index a9c3e51..3302231 100644
--- a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
+++ b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
@@ -11,6 +11,7 @@ from oauthlib.oauth2.rfc6749.errors import InvalidClientError
 from oauthlib.oauth2.rfc6749.errors import InvalidGrantError
 from oauthlib.oauth2.rfc6749.grant_types import AuthorizationCodeGrant
 from oauthlib.oauth2.rfc6749.tokens import BearerToken
+from oauthlib.oauth2.rfc6749.request_validator import RequestValidator
 
 
 class AuthorizationCodeGrantTest(TestCase):
@@ -55,7 +56,7 @@ class AuthorizationCodeGrantTest(TestCase):
         self.assertIn('scope', token)
 
     def test_validate_token_request(self):
-        mock_validator = mock.MagicMock()
+        mock_validator = mock.MagicMock(spec=RequestValidator)
         auth = AuthorizationCodeGrant(request_validator=mock_validator)
         request = Request('http://a.b/path')
         self.assertRaises(UnsupportedGrantTypeError,
@@ -70,6 +71,8 @@ class AuthorizationCodeGrantTest(TestCase):
         request.code = 'waffles'
         self.assertRaises(InvalidClientError,
                 auth.validate_token_request, request)
+        args, _ = mock_validator.client_authentication_required.call_args_list[0]
+        self.assertEqual(args, (request,))
 
         request.client = 'batman'
         mock_validator.authenticate_client = self.set_client
diff --git a/tests/oauth2/rfc6749/grant_types/test_refresh_token.py b/tests/oauth2/rfc6749/grant_types/test_refresh_token.py
index 25c261c..6a89c54 100644
--- a/tests/oauth2/rfc6749/grant_types/test_refresh_token.py
+++ b/tests/oauth2/rfc6749/grant_types/test_refresh_token.py
@@ -7,6 +7,11 @@ import mock
 from oauthlib.common import Request
 from oauthlib.oauth2.rfc6749.grant_types import RefreshTokenGrant
 from oauthlib.oauth2.rfc6749.tokens import BearerToken
+from oauthlib.oauth2.rfc6749.errors import (UnsupportedGrantTypeError,
+                                            InvalidClientError,
+                                            InvalidRequestError,
+                                            InvalidGrantError,
+                                            InvalidScopeError)
 
 
 class RefreshTokenGrantTest(TestCase):
@@ -72,3 +77,47 @@ class RefreshTokenGrantTest(TestCase):
         token = json.loads(body)
         self.assertEqual(token['error'], 'invalid_client')
         self.assertEqual(status_code, 401)
+
+    def test_validate_token_request(self):
+        # ensure client_authentication_required() is properly called
+        self.mock_validator.authenticate_client.return_value = False
+        self.mock_validator.authenticate_client_id.return_value = False
+        self.request.code = 'waffles'
+        self.assertRaises(InvalidClientError, self.auth.validate_token_request,
+                          self.request)
+        args, _ = self.mock_validator.client_authentication_required.call_args_list[0]
+        self.assertEqual(args, (self.request,))
+        # fail with wrong grant type
+        self.request.grant_type = 'wrong_type'
+        self.assertRaises(UnsupportedGrantTypeError,
+                          self.auth.validate_token_request, self.request)
+        # fail for not providing a refresh token
+        self.request.grant_type = 'refresh_token'
+        del self.request.refresh_token
+        self.assertRaises(InvalidRequestError,
+                          self.auth.validate_token_request, self.request)
+        # fail client_id authentication
+        self.mock_validator.client_authentication_required.return_value = False
+        self.request.refresh_token = mock.MagicMock()
+        self.mock_validator.authenticate_client_id.return_value = False
+        self.assertRaises(InvalidClientError,
+                          self.auth.validate_token_request, self.request)
+        # invalid refresh token
+        self.mock_validator.authenticate_client_id.return_value = True
+        self.mock_validator.validate_refresh_token.return_value = False
+        self.assertRaises(InvalidGrantError,
+                          self.auth.validate_token_request, self.request)
+        # fail scope error
+        self.mock_validator.validate_refresh_token.return_value = True
+        self.assertRaises(InvalidScopeError,
+                          self.auth.validate_token_request, self.request)
+        # all ok
+        self.request.scope = 'foo bar'
+        self.mock_validator.get_original_scopes = mock.Mock()
+        self.mock_validator.get_original_scopes.return_value = 'foo bar baz'
+        self.auth.validate_token_request(self.request)
+        self.assertEqual(self.request.scopes, self.request.scope.split())
+        # all ok but without request.scope
+        del self.request.scope
+        self.auth.validate_token_request(self.request)
+        self.assertEqual(self.request.scopes, 'foo bar baz'.split())
diff --git a/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py b/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py
index aaea440..36cacd0 100644
--- a/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py
+++ b/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py
@@ -7,6 +7,11 @@ import mock
 from oauthlib.common import Request
 from oauthlib.oauth2.rfc6749.grant_types import ResourceOwnerPasswordCredentialsGrant
 from oauthlib.oauth2.rfc6749.tokens import BearerToken
+from oauthlib.oauth2.rfc6749.request_validator import RequestValidator
+from oauthlib.oauth2.rfc6749.errors import (InvalidRequestError,
+                                            UnsupportedGrantTypeError,
+                                            InvalidGrantError,
+                                            InvalidClientError)
 
 
 class ResourceOwnerPasswordCredentialsGrantTest(TestCase):
@@ -24,6 +29,11 @@ class ResourceOwnerPasswordCredentialsGrantTest(TestCase):
         self.auth = ResourceOwnerPasswordCredentialsGrant(
                 request_validator=self.mock_validator)
 
+    def set_client(self, request, *args, **kwargs):
+        request.client = mock.MagicMock()
+        request.client.client_id = 'mocked'
+        return True
+
     def test_create_token_response(self):
         bearer = BearerToken(self.mock_validator)
         headers, body, status_code = self.auth.create_token_response(
@@ -33,9 +43,69 @@ class ResourceOwnerPasswordCredentialsGrantTest(TestCase):
         self.assertIn('token_type', token)
         self.assertIn('expires_in', token)
         self.assertIn('refresh_token', token)
+        # ensure client_authentication_required() is properly called
+        args, _ = self.mock_validator.client_authentication_required.call_args_list[0]
+        self.assertEqual(args, (self.request,))
+        # fail client authentication
+        self.mock_validator.validate_user = mock.Mock()
+        self.mock_validator.validate_user.return_value = True
+        self.mock_validator.authenticate_client = mock.Mock()
+        self.mock_validator.authenticate_client.return_value = False
+        status_code = self.auth.create_token_response(self.request, bearer)[2]
+        self.assertEqual(status_code, 400)
+        # mock client_authentication_required() returning False then fail
+        self.mock_validator.client_authentication_required = mock.Mock()
+        self.mock_validator.client_authentication_required.return_value = False
+        self.mock_validator.authenticate_client_id = mock.Mock()
+        self.mock_validator.authenticate_client_id.return_value = False
+        status_code = self.auth.create_token_response(self.request, bearer)[2]
+        self.assertEqual(status_code, 400)
 
     def test_error_response(self):
         pass
 
     def test_scopes(self):
         pass
+
+    def test_validate_token_request(self):
+        mock_validator = mock.MagicMock(spec=RequestValidator)
+        mock_validator.validate_user = self.set_client
+
+        auth = ResourceOwnerPasswordCredentialsGrant(
+            request_validator=mock_validator)
+        request = Request('http://a.b/path')
+        # no params
+        self.assertRaises(InvalidRequestError, auth.validate_token_request,
+                          request)
+        # right params but with duplicates
+        request = Request('http://a.b/path/?scope=one', body='scope=another')
+        request.client_id = 'client_id'
+        request.username = 'user'
+        request.password = 'pass'
+        request.grant_type = 'password'
+        self.assertRaises(InvalidRequestError, auth.validate_token_request,
+                          request)
+        # wrong grant type
+        request = Request('http://a.b/path')
+        request.client_id = 'client_id'
+        request.username = 'user'
+        request.password = 'pass'
+        request.grant_type = 'foo'
+        self.assertRaises(UnsupportedGrantTypeError,
+                          auth.validate_token_request, request)
+        # wrong user
+        request.grant_type = 'password'
+        mock_validator.validate_user = mock.Mock()
+        mock_validator.validate_user.return_value = False
+        self.assertRaises(InvalidGrantError, auth.validate_token_request,
+                          request)
+        # user ok but request.client.client_id missing
+        mock_validator.validate_user.return_value = True
+        request.client = mock.Mock()
+        del request.client.client_id
+        self.assertRaises(NotImplementedError, auth.validate_token_request,
+                          request)
+        # everything fine
+        request.client = mock.Mock()
+        mock_validator.validate_grant_type.return_value = True
+        auth.validate_token_request(request)