summaryrefslogtreecommitdiff
path: root/tests/oauth2/rfc6749/clients/test_web_application.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/oauth2/rfc6749/clients/test_web_application.py')
-rw-r--r--tests/oauth2/rfc6749/clients/test_web_application.py19
1 files changed, 19 insertions, 0 deletions
diff --git a/tests/oauth2/rfc6749/clients/test_web_application.py b/tests/oauth2/rfc6749/clients/test_web_application.py
index 85b247d..fa6643e 100644
--- a/tests/oauth2/rfc6749/clients/test_web_application.py
+++ b/tests/oauth2/rfc6749/clients/test_web_application.py
@@ -117,6 +117,25 @@ class WebApplicationClientTest(TestCase):
self.response_uri,
state="invalid")
+ def test_populate_attributes(self):
+
+ client = WebApplicationClient(self.client_id)
+
+ response_uri = (self.response_uri +
+ "&access_token=EVIL-TOKEN"
+ "&refresh_token=EVIL-TOKEN"
+ "&mac_key=EVIL-KEY")
+
+ client.parse_request_uri_response(response_uri, self.state)
+
+ self.assertEqual(client.code, self.code)
+
+ # We must not accidentally pick up any further security
+ # credentials at this point.
+ self.assertIsNone(client.access_token)
+ self.assertIsNone(client.refresh_token)
+ self.assertIsNone(client.mac_key)
+
def test_parse_token_response(self):
client = WebApplicationClient(self.client_id)
View Lorry Controller Status