1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
"""Test the OAuth2 authorisation"""
import pytest
from gn_auth.auth.db import sqlite3 as db
SUCCESS_RESULT = {
"status_code": 200,
"result": {
"access_token": "123456ABCDE",
"expires_in": 864000,
"scope": "profile",
"token_type": "Bearer"}}
USERNAME_PASSWORD_FAIL_RESULT = {
"status_code": 400,
"result": {
'error': 'invalid_request',
'error_description': 'Invalid "username" or "password" in request.'}}
def gen_token(client, grant_type, user, scope): # pylint: disable=[unused-argument]
"""Generate tokens for tests"""
return "123456ABCDE"
@pytest.mark.skip(
"Use of JWTs means the password grant is broken. We should probably drop "
"support for the password grant in the code, since it is actually a "
"deprecated type of grant anyway.")
@pytest.mark.unit_test
@pytest.mark.parametrize(
"test_data,expected",
((("group@lead.er", "password_for_user_001", 0), SUCCESS_RESULT),
(("group@mem.ber01", "password_for_user_002", 1), SUCCESS_RESULT),
(("group@mem.ber02", "password_for_user_003", 2), SUCCESS_RESULT),
(("unaff@iliated.user", "password_for_user_004", 3), SUCCESS_RESULT),
(("group@lead.er", "brrr", 0), USERNAME_PASSWORD_FAIL_RESULT),
(("group@mem.ber010", "password_for_user_002", 1), USERNAME_PASSWORD_FAIL_RESULT),
(("papa", "yada", 2), USERNAME_PASSWORD_FAIL_RESULT),
# (("unaff@iliated.user", "password_for_user_004", 1), USERNAME_PASSWORD_FAIL_RESULT)
))
def test_token(fxtr_app, fxtr_oauth2_clients, test_data, expected):
"""
GIVEN: a registered oauth2 client, a user
WHEN: a token is requested via the 'password' grant
THEN: check that:
a) when email and password are valid, we get a token back
b) when either email or password or both are invalid, we get error message
back
c) TODO: when user tries to use wrong client, we get error message back
"""
conn, oa2clients = fxtr_oauth2_clients
email, password, client_idx = test_data
data = {
"grant_type": "password", "scope": "profile nonexistent-scope",
"client_id": oa2clients[client_idx].client_id,
"client_secret": oa2clients[client_idx].client_secret,
"username": email, "password": password}
with fxtr_app.test_client() as client, db.cursor(conn) as cursor:
res = client.post("/auth/token", data=data)
# cleanup db
cursor.execute("DELETE FROM oauth2_tokens WHERE access_token=?",
(gen_token(None, None, None, None),))
assert res.status_code == expected["status_code"]
for key in expected["result"]:
assert res.json[key] == expected["result"][key]
|
