add test for oauth password flow with client secrets and extra params

fkie-cad · Mar 25, 2024 · c386f19 · c386f19
1 parent 2616865
commit c386f19
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 7 deletions.
diff --git a/logprep/util/credentials.py b/logprep/util/credentials.py
@@ -128,10 +128,8 @@ def from_target(cls, target_url: str) -> "Credentials":
         raw_content: dict = cls._get_content(Path(credentials_file_path))
         domain = urlparse(target_url).netloc
         scheme = urlparse(target_url).scheme
-        raw_credentials = raw_content.get(f"{scheme}://{domain}")
-        if raw_credentials:
-            cls._get_secret_content(raw_credentials)
-        credentials = cls._get_credentials_from_mapping(raw_credentials)
+        credential_mapping = raw_content.get(f"{scheme}://{domain}")
+        credentials = cls.from_dict(credential_mapping)
         return credentials
 
     @staticmethod
@@ -171,7 +169,7 @@ def _get_content(file_path: Path) -> dict:
             ) from error
 
     @staticmethod
-    def _get_secret_content(credential_mapping: dict):
+    def _resolve_secret_content(credential_mapping: dict):
         """gets content from given secret_file in credentials file and updates
         credentials_mapping with this content.
 
@@ -194,8 +192,10 @@ def _get_secret_content(credential_mapping: dict):
         credential_mapping.update(secret_content)
 
     @classmethod
-    def _get_credentials_from_mapping(cls, credential_mapping: dict) -> "Credentials":
+    def from_dict(cls, credential_mapping: dict) -> "Credentials":
         """matches the given credentials of the credentials mapping with the expected credential object"""
+        if credential_mapping:
+            cls._resolve_secret_content(credential_mapping)
         try:
             return cls._match_credentials(credential_mapping)
         except TypeError as error:
@@ -235,7 +235,7 @@ def _match_credentials(cls, credential_mapping: dict) -> "Credentials":
             }:
                 if extra_params:
                     cls._logger.warning(
-                        "Other parameters were given: %s but OAuth client authorization was chosen",
+                        "Other parameters were given: %s but OAuth password authorization for confidential clients was chosen",
                         extra_params.keys(),
                     )
                 return OAuth2PasswordFlowCredentials(

diff --git a/tests/unit/util/test_credentials.py b/tests/unit/util/test_credentials.py
@@ -1,5 +1,6 @@
 # pylint: disable=missing-docstring
 # pylint: disable=protected-access
+import re
 from datetime import datetime, timedelta
 from unittest import mock
 
@@ -945,3 +946,20 @@ def test_credentials_reads_secret_file_content_from_every_given_file(self, tmp_p
         with mock.patch.dict("os.environ", mock_env):
             creds = CredentialsFactory.from_target("http://some.url/configuration")
             assert isinstance(creds, Credentials)
+
+    @mock.patch.object(CredentialsFactory, "_logger")
+    def test_warning_logged_when_extra_params_given(self, mock_logger):
+        credentials_file_content_with_extra_params = {
+            "endpoint": "https://endpoint.end",
+            "client_id": "test",
+            "client_secret": "test",
+            "username": "user1",
+            "password": "password",
+            "extra_param": "extra",
+        }
+        creds = CredentialsFactory.from_dict(credentials_file_content_with_extra_params)
+        mock_logger.warning.assert_called_once()
+        assert re.search(
+            r"OAuth password authorization for confidential clients",
+            mock_logger.mock_calls[0][1][0],
+        )