-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathtest_quickstart.py
140 lines (116 loc) · 5.83 KB
/
test_quickstart.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
from bottle import tob
from .bottle_tools import ServerTestBase
from tests.examples import quickstart
import unittest
from urllib.parse import unquote
from urllib.parse import parse_qs
class test_quickstart(ServerTestBase):
def setUp(self):
import importlib
importlib.reload(quickstart)
super().setUp(quickstart.app)
def assertError(self, resp, status, error, content_type="application/x-www-form-urlencoded;charset=UTF-8"):
self.assertEqual(status, resp['code'], resp['body'])
errorline = f"error={error}"
self.assertEqual(tob(errorline), resp['body'][:len(tob(errorline))], resp['body'])
self.assertEqual(content_type, resp['header']['Content-Type'])
def test_noclient(self):
resp = self.urlopen("/token", method="POST", post="&".join([
]), env={'CONTENT_TYPE': "application/x-www-form-urlencoded"})
self.assertError(resp, 401, "invalid_client")
def test_nogrant(self):
resp = self.urlopen("/token", method="POST", post="&".join([
"client_id=clientA",
]), env={'CONTENT_TYPE': "application/x-www-form-urlencoded"})
self.assertError(resp, 400, "invalid_request")
def test_nousername(self):
resp = self.urlopen("/token", method="POST", post="&".join([
"client_id=clientA",
"grant_type=foobar",
]), env={'CONTENT_TYPE': "application/x-www-form-urlencoded"})
self.assertError(resp, 400, "invalid_request")
def test_nopassword(self):
resp = self.urlopen("/token", method="POST", post="&".join([
"client_id=clientA",
"grant_type=foobar",
"username=john",
]), env={'CONTENT_TYPE': "application/x-www-form-urlencoded"})
self.assertError(resp, 400, "invalid_request")
def test_invalidgrant(self):
resp = self.urlopen("/token", method="POST", post="&".join([
"client_id=clientA",
"grant_type=FOOBAR",
"username=john",
"password=doe",
"scope=calendar",
]), env={'CONTENT_TYPE': "application/x-www-form-urlencoded"})
self.assertError(resp, 400, "unsupported_grant_type")
def test_invalidscope(self):
resp = self.urlopen("/token", method="POST", post="&".join([
"client_id=clientB",
"grant_type=password",
"username=john",
"password=doe",
"scope=mail",
]), env={'CONTENT_TYPE': "application/x-www-form-urlencoded"})
self.assertError(resp, 400, "invalid_scope")
def test_invaliduser(self):
resp = self.urlopen("/token", method="POST", post="&".join([
"client_id=clientB",
"grant_type=password",
"username=eve",
"password=doe",
"scope=mail",
]), env={'CONTENT_TYPE': "application/x-www-form-urlencoded"})
self.assertError(resp, 400, "invalid_grant&error_description=Invalid%20credentials")
def test_invalidpassword(self):
resp = self.urlopen("/token", method="POST", post="&".join([
"client_id=clientB",
"grant_type=password",
"username=john",
"password=his_birthday",
"scope=mail",
]), env={'CONTENT_TYPE': "application/x-www-form-urlencoded"})
self.assertError(resp, 400, "invalid_grant&error_description=Invalid%20credentials")
def fetchToken(self, client, username, password, scope):
resp = self.urlopen("/token", method="POST", post="&".join([
f"client_id={client}",
"grant_type=password",
f"username={username}",
f"password={password}",
f"scope={scope}",
]), env={'CONTENT_TYPE': "application/x-www-form-urlencoded"})
self.assertEqual(200, resp['code'], resp['body'])
self.assertEqual("application/x-www-form-urlencoded;charset=UTF-8", resp['header']['Content-Type'])
body_response = parse_qs(resp['body'].decode('utf-8'))
for k, v in body_response.items():
assert len(v) == 1, "multiple values in form-urlencoded is not normal here."
token_response = dict([(x, unquote(y[0])) for x, y in body_response.items()])
for k in ["access_token", "expires_in", "token_type", "scope", "refresh_token"]:
self.assertIn(k, token_response)
return token_response
def test_valid(self):
self.fetchToken("clientA", "john", "doe", "calendar")
def test_no_token(self):
resp = self.urlopen("/mail")
self.assertEqual(403, resp['code'], resp['body'])
def test_invalid_token(self):
resp = self.urlopen("/mail", env={'HTTP_AUTHORIZATION': f"Bearer foobar_is_a_random_string"})
self.assertEqual(403, resp['code'], resp['body'])
def test_access_mail(self):
token = self.fetchToken("clientA", "john", "doe", "mail")
access_token = token["access_token"]
resp = self.urlopen("/mail", env={'HTTP_AUTHORIZATION': f"Bearer {access_token}"})
self.assertEqual(200, resp['code'], resp['body'])
self.assertEqual(tob("Welcome john, you have permissioned clientA to use your mail"), resp['body'])
def test_access_mail_not_granted(self):
token = self.fetchToken("clientB", "john", "doe", "calendar")
access_token = token["access_token"]
resp = self.urlopen("/mail", env={'HTTP_AUTHORIZATION': f"Bearer {access_token}"})
self.assertEqual(403, resp['code'], resp['body'])
def test_access_calendar(self):
token = self.fetchToken("clientA", "john", "doe", "calendar")
access_token = token["access_token"]
resp = self.urlopen("/calendar", env={'HTTP_AUTHORIZATION': f"Bearer {access_token}"})
self.assertEqual(200, resp['code'], resp['body'])
self.assertEqual(tob("Welcome john, you have permissioned clientA to use your calendar"), resp['body'])