wip

2020-08-20 16:02:14 +02:00 · 2020-08-20 16:02:14 +02:00 · 4a22f19b44
commit 4a22f19b44
parent d845498832
2 changed files with 99 additions and 0 deletions
--- a/tests/test_hybrid_flow.py
+++ b/tests/test_hybrid_flow.py
@ -0,0 +1,53 @@
+from . import client_credentials
+from urllib.parse import urlsplit, parse_qs
+from web.models import AuthorizationCode, Token
+
+
+def test_success(testclient, slapd_connection, user, client):
+    res = testclient.get(
+        "/oauth/authorize",
+        params=dict(
+            response_type=["code", "token"],
+            client_id=client.oauthClientID,
+            scope="openid profile",
+            nonce="somenonce",
+        ),
+    )
+    assert (200, "text/html") == (res.status_code, res.content_type), res.json
+
+    res.form["login"] = user.name
+    res.form["password"] = "correct horse battery staple"
+    res = res.form.submit()
+    assert 302 == res.status_code
+
+    res = res.follow()
+    assert (200, "text/html") == (res.status_code, res.content_type), res.json
+
+    res = res.forms["accept"].submit()
+    assert 302 == res.status_code
+
+    assert res.location.startswith(client.oauthRedirectURIs[0])
+    params = parse_qs(urlsplit(res.location).query)
+    code = params["code"][0]
+    authcode = AuthorizationCode.get(code, conn=slapd_connection)
+    assert authcode is not None
+
+    res = testclient.post(
+        "/oauth/token",
+        params=dict(
+            grant_type="authorization_code",
+            code=code,
+            scope="profile",
+            redirect_uri=client.oauthRedirectURIs[0],
+        ),
+        headers={"Authorization": f"Basic {client_credentials(client)}"},
+    )
+    assert 200 == res.status_code
+    access_token = res.json["access_token"]
+
+    token = Token.get(access_token, conn=slapd_connection)
+    assert token is not None
+
+    res = testclient.get("/api/me", headers={"Authorization": f"Bearer {access_token}"})
+    assert 200 == res.status_code
+    assert {"foo": "bar"} == res.json
--- a/tests/test_implicit_flow.py
+++ b/tests/test_implicit_flow.py
@ -0,0 +1,46 @@
+from urllib.parse import urlsplit, parse_qs
+from web.models import Token
+
+
+def test_success(testclient, slapd_connection, user, client):
+    client.oauthGrantType = ["token"]
+    client.oauthTokenEndpointAuthMethod = "none"
+
+    client.save(slapd_connection)
+
+    res = testclient.get(
+        "/oauth/authorize",
+        params=dict(
+            response_type="token",
+            client_id=client.oauthClientID,
+            scope="profile",
+            nonce="somenonce",
+        ),
+    )
+    assert (200, "text/html") == (res.status_code, res.content_type)
+
+    res.form["login"] = user.name
+    res.form["password"] = "correct horse battery staple"
+    res = res.form.submit()
+    assert 302 == res.status_code
+
+    res = res.follow()
+    assert (200, "text/html") == (res.status_code, res.content_type), res.json
+
+    res = res.forms["accept"].submit()
+    assert 302 == res.status_code
+
+    assert res.location.startswith(client.oauthRedirectURIs[0])
+    params = parse_qs(urlsplit(res.location).fragment)
+    access_token = params["access_token"][0]
+
+    token = Token.get(access_token, conn=slapd_connection)
+    assert token is not None
+
+    res = testclient.get("/api/me", headers={"Authorization": f"Bearer {access_token}"})
+    assert (200, "application/json") == (res.status_code, res.content_type)
+    assert {"foo": "bar"} == res.json
+
+    client.oauthGrantType = ["code"]
+    client.oauthTokenEndpointAuthMethod = "client_secret_basic"
+    client.save(slapd_connection)