1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
from __future__ import absolute_import, unicode_literals
from oauthlib.oauth2.rfc6749.tokens import (
prepare_mac_header,
prepare_bearer_headers,
prepare_bearer_body,
prepare_bearer_uri,
)
from ...unittest import TestCase
class TokenTest(TestCase):
# MAC without body/payload or extension
mac_plain = {
'token': 'h480djs93hd8',
'uri': 'http://example.com/resource/1?b=1&a=2',
'key': '489dks293j39',
'http_method': 'GET',
'nonce': '264095:dj83hs9s',
'hash_algorithm': 'hmac-sha-1'
}
auth_plain = {
'Authorization': 'MAC id="h480djs93hd8", nonce="264095:dj83hs9s",'
' mac="SLDJd4mg43cjQfElUs3Qub4L6xE="'
}
# MAC with body/payload, no extension
mac_body = {
'token': 'jd93dh9dh39D',
'uri': 'http://example.com/request',
'key': '8yfrufh348h',
'http_method': 'POST',
'nonce': '273156:di3hvdf8',
'hash_algorithm': 'hmac-sha-1',
'body': 'hello=world%21'
}
auth_body = {
'Authorization': 'MAC id="jd93dh9dh39D", nonce="273156:di3hvdf8",'
' bodyhash="k9kbtCIy0CkI3/FEfpS/oIDjk6k=", mac="W7bdMZbv9UWOTadASIQHagZyirA="'
}
# MAC with body/payload and extension
mac_both = {
'token': 'h480djs93hd8',
'uri': 'http://example.com/request?b5=%3D%253D&a3=a&c%40=&a2=r%20b&c2&a3=2+q',
'key': '489dks293j39',
'http_method': 'GET',
'nonce': '264095:7d8f3e4a',
'hash_algorithm': 'hmac-sha-1',
'body': 'Hello World!',
'ext': 'a,b,c'
}
auth_both = {
'Authorization': 'MAC id="h480djs93hd8", nonce="264095:7d8f3e4a",'
' bodyhash="Lve95gjOVATpfV8EL5X4nxwjKHE=", ext="a,b,c",'
' mac="Z3C2DojEopRDIC88/imW8Ez853g="'
}
# Bearer
token = 'vF9dft4qmT'
uri = 'http://server.example.com/resource'
bearer_headers = {
'Authorization': 'Bearer vF9dft4qmT'
}
fake_bearer_headers = [
{'Authorization': 'Beaver vF9dft4qmT'},
{'Authorization': 'BeavervF9dft4qmT'},
{'Authorization': 'Beaver vF9dft4qmT'},
{'Authorization': 'BearerF9dft4qmT'},
{'Authorization': 'Bearer vF9d ft4qmT'},
]
valid_header_with_multiple_spaces = {'Authorization': 'Bearer vF9dft4qmT'}
bearer_body = 'access_token=vF9dft4qmT'
bearer_uri = 'http://server.example.com/resource?access_token=vF9dft4qmT'
def _mocked_validate_bearer_token(self, token, scopes, request):
if not token:
return False
return True
def test_prepare_mac_header(self):
"""Verify mac signatures correctness
TODO: verify hmac-sha-256
"""
self.assertEqual(prepare_mac_header(**self.mac_plain), self.auth_plain)
self.assertEqual(prepare_mac_header(**self.mac_body), self.auth_body)
self.assertEqual(prepare_mac_header(**self.mac_both), self.auth_both)
def test_prepare_bearer_request(self):
"""Verify proper addition of bearer tokens to requests.
They may be represented as query components in body or URI or
in a Bearer authorization header.
"""
self.assertEqual(prepare_bearer_headers(self.token), self.bearer_headers)
self.assertEqual(prepare_bearer_body(self.token), self.bearer_body)
self.assertEqual(prepare_bearer_uri(self.token, uri=self.uri), self.bearer_uri)
|
